This Privacy Notice is applicable to all services managed by the Newcastle upon Tyne Hospitals NHS Foundation Trust and explains:
- what we do with personal information we collect about you
- how we store this information
- how long we retain it
- who we may share it with
- for which legal purpose we may share it
Under data protection law we are legally required to explain how we use your information in a way that is:
- concise and easy to understand
- easily accessible – written in clear, plain language, particularly if addressed to a child
- free of charge
Data protection law says the personal information we hold about you must be:
- used lawfully, fairly and in a transparent way
- collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes
- relevant to the purposes we have told you about and limited only to those purposes
- accurate and kept up to date
- kept securely and only as long as necessary for the purposes we have told you about
General Data Protection Regulations Statement
The Newcastle upon Tyne Hospitals NHS Foundation Trust is a ‘Data Controller’ under the European General Data Protection Regulations (GDPR) and the UK Data Protection Act 2018.
This means that we are legally responsible for ensuring that all personal data we hold and use is done so in a manner that meets the current and future data protection principles.
We must notify the Information Commissioner about all our data processing activities.
Our Data Processing registration number is Z6173332 and details of our registration can be found here:Information Commissioner’s website
Information we may collect about you on our website
We are committed to safeguarding the privacy of our website visitors.
As with the majority of websites there are some types of information which will be automatically tracked. This includes information about your computer, and about your visits to and use of this website such as:
- your IP address
- the website you have come from
- the type of browser you are using
- the searches you carry out
- the length of your visit on our site
- the number of pages you viewed.
We use this data internally to understand the kind of information our visitors are looking for so that we can continually improve the content we provide on our website. This information does not contain any personal details and so our users cannot be identified in any way.
How we do this
Secure submission forms
We have some secure forms on our website where we ask for your name and other details where appropriate. These forms have been set up to help us respond to the most common requests for information:
All personal information is treated in the strictest confidence and is not stored on the website. Information submitted via our secure forms goes directly to a manned NHS mailbox via secure NHS Mail and is not shared with any third parties.
How we store and process your personal information
To see how we store and process data about you, please choose an option below:Privacy notice for adult patients Privacy notice for children and young people Privacy notice for staff
Changes to this privacy notice
We reserve the right to update this privacy notice at any time. We will notify you with a new privacy notice when we make any substantial updates. We may also notify you in other ways from time to time about the processing of your personal information.
“GDPR” means the General Data Protection Regulation (2016/679).
“Personal data” means information relating to a natural (living) person or “data subject”, which can be used to identify the person. This provides for a wide range of information to constitute personal data, for example:
- Identification number
- Social media posts
- Location data
- Online identifier
Special category of personal data
“Special category of personal data” means information which is thought to be “extra sensitive”, such as ethnicity, data concerning health, biometric data, sexual orientation and religious or philosophical belief.
“Data controller” means the organisation that determines or decides the purposes, conditions and means of the processing of personal data.
“Processing” means anything that is done to the personal data we hold.
“Pseudonymisation” is the processing of personal data in such a way that the data can no longer be attributed to a specific person without the use of additional information (key).
Information Commissioner’s Office
The Information Commissioner’s Office (ICO) is the body that regulates the Trust under data protection and freedom of information legislation. If you are not satisfied with our response or believe we are not processing your personal data in accordance with the law you can complain to the ICO.
Information Commissioner’s Office
Cheshire, SK9 5AF