You have rights to do with information that is recorded and held about you. These rights are protected by the Data Protection Act 2018 and General Data Protection Regulation (GDPR).
As a healthcare provider we may collect information regarding your contact with our services. This information about your physical and/or mental health is part of your healthcare record.
General Data Protection Regulation (GDPR)
Under the GDPR, we have a legal duty to protect any information we collect from you. We use leading technologies and encryption software to safeguard your data and keep strict security standards to prevent any unauthorised access to it. More detail about how we collect, process, transfer and store your data can be found in our privacy notices below.
- Nottinghamshire Healthcare privacy notice general.docx[docx] 221KB
- Nottinghamshire Healthcare privacy notice children and young adults.docx[docx] 214KB
What are my rights in relation to my data?
Under the General Data Protection Regulation and Data Protection Act 2018 you have specific rights in relation to your data; you can make these requests at any time. Your rights are as follows:
Right to be informed
Nottinghamshire Healthcare has a duty to provide you with information in relation to how your personal and special category data (more sensitive personal data) is collected, stored and processed. This is provided within our privacy notice on this page.
Right of Access to Information/Subject Access
You can request a copy of the information Nottinghamshire Healthcare holds about you by emailing email@example.com. You can also telephone us to make this request. This information is generally available to you free of charge once you provide appropriate ID. We have 30 calendar days to respond to your request. In certain circumstances a response may not be able to be provided in such a time scale; however we will write to you and inform you of this as soon as possible. Please contact the Information Governance Team for further information by contacting firstname.lastname@example.org.
COVID-19 Pandemic - Access to Information Requests
The Trust endeavours to complete all Access to Information Requests (sometimes known as Subject Access Requests) in a timely manner. However, due to the effect on resources caused by the COVID-19 pandemic, there may be a delay in the processing of these requests. We will keep you updated on the progress of your request.
Please see the link below to the ICO website for more information regarding this, as well as other useful advice in relation to COVID-19.
Right to rectification and erasure
You have the right to request the rectification of inaccurate personal data and the right to request the erasure of your personal data. However, the rights to rectification and erasure are not an absolute right and it may be necessary for Nottinghamshire Healthcare to continue to process your personal data for lawful and legitimate reasons. If you wish to make such a request, please contact email@example.com.
Right to object to, or restrict processing
You have the right in certain circumstances to ask Nottinghamshire Healthcare to stop processing your personal data in relation to any Trust service. You can also request not to receive information from the Trust. However, the right to object to, or restrict processing is not an absolute right and it may be necessary in certain circumstances for Nottinghamshire Healthcare to continue to process your personal data for a number of lawful and legitimate reasons.
If you wish to object to your information being processed, to receiving information from the Trust, or wish to have information rectified or erased, please send your request in writing via email to firstname.lastname@example.org.
Rights in relation to automated decision making and profiling
Nottinghamshire Healthcare does not use your information to make automated decisions about you, nor to undertake profiling.
Right to Data Portability
The right to data portability allows you to obtain and reuse your personal data for your own purposes across different services.
It allows you to move, copy or transfer personal data easily from one IT environment to another in a safe and secure way, without affecting its usability. If you wish to make such a request please email email@example.com.
Who do I contact if I have any concerns about my data?
To safeguard your information and to support your rights, Nottinghamshire Healthcare has appointed a Data Protection Officer (DPO). The role of the DPO is to monitor internal compliance with data protection legislation and inform and advise staff, patients, carers and the public in relation to data protection. The DPO can be contacted by emailing DPOEnquiries@nottshc.nhs.uk.
If you have a concern about any aspect of your care or treatment at this hospital or about the way your records have been managed, you can also contact in the first instance -
For concerns related to mental or physical health services:
The Patient Experience Team
Patient Advice and Liaison Service
For concerns related to Forensic Services:
Patient Advice and Liaison Service
Alternatively, you can also contact the Information Commissioner if you have a complaint about our processing of your personal data:
The Office of the Information Commissioner
Nottinghamshire Healthcare's privacy notice
Please read our privacy notice to find out more about how we deal with your information.