Lawful Basis for the Processing of your information

We are committed to protecting your privacy and will only process personal confidential data in accordance with Data Protection Laws, General Data Protection Regulations, the Common Law Duty of Confidentiality and the Human Rights Act 1998

 ‘Personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;

Special Categories of ‘Personal Data’ - Special categories of personal data’ means personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person's sex life or sexual orientation.

The examples below show some of the Lawful basis’s for processing your information.

The General Data Protection Regulation states that the processing of ‘personal data’ shall be lawful for direct health care: 

The term ‘direct care’ is defined as a clinical, social or public health activity concerned with the prevention, investigation and treatment of illness and the alleviation of suffering of individuals (all activities that directly contribute to the diagnosis, care and treatment of an individual). It includes:

  • supporting individuals’ ability to function and improve their participation in life and society
  • the local audit/assurance of the quality of care provided
  • the management of untoward or adverse incidents
  • the measurement of outcomes undertaken by one or more registered and regulated health or social care professionals and their team with whom the individual has a legitimate relationship for their care.

Lawful Basis – TheHealth and Social Care Act 2012 states that need to collect, record, store and use your personal data in order to provide our healthcare services to you.

(GDPR)

Article 6(1)(e) - Necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

For processing special categories of personal data:

Article 9(2) (h) - Necessary for the purposes of preventative or occupational medicine, for assessing the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or management of health or social care systems and services, carried out by or under the supervision of health professional or social work professional or by another person who in the circumstances owes a duty of confidentiality under an enactment or rule of law.

For other organisations to provide support services for us - The Trust will use the services of the additional data processors, which will provide additional expertise to assist in the delivery of services. We share the minimum information necessary to allow the data processors to act on our behalf. Each contract will have a specific list of information to be shared and the legal basis allowing us to legitimately share the information.

Lawful Basis - We have entered into contracts with other companies/organisations to provide some services for us or on our behalf. These organisations are known as “data processors"

These organisations are subject to the same legal rules and conditions for keeping personal confidential data and secure and are underpinned by a contract with us.

Before awarding any contract, we ensure that organisations will look after your information to the same high standards that we do. Those organisations can only use your information for the service we have contracted them for and cannot use it for any other purpose.

(GDPR)

Article 6(1)(e) - Necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

For processing special categories of personal data:

Article 9(2) (h) - Necessary for the purposes of preventative or occupational medicine, for assessing the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or management of health or social care systems and services, carried out by or under the supervision of health professional or social work professional or by another person who in the circumstances owes a duty of confidentiality under an enactment or rule of law.

The lawful basis may differ dependent on the nature of the service being provided.

Patient and Public Involvement- If you have asked us to keep you regularly informed and up to date about the work of the Trust or if you are actively involved in our engagement and consultation activities or patient participation groups, we will collect and process personal confidential data which you share with us.

Lawful Basis - We will obtain your consent for this purpose, when you initially contact us to get involved in our engagement and consultation activities.

Where you submit your details to us for involvement purposes, we will only use your information for this purpose. You can opt out at any time by contacting us using our contact details at the end of this document.

(GDPR)

Article 6(1) (a) - the data subject has given consent to the processing of his or her personal data for one or more specific purposes.

For processing special categories of personal data:

Article 9(2) (a) - the data subject has given consent to the processing of his or her personal data for one or more specific purposes.

The lawful basis may differ dependent on type of involvement. 

CCTV - We have installed CCTV cameras on our Trust sites in areas that are used by members of the public and staff.

Lawful Basis - This is for the purposes of public safety and crime prevention/detection. In all locations, signs are displayed notifying of the fact the CCTV is in operation and providing details of whom to contact for further information about the scheme.

 

GDPR

Article 6(1)(e) - Necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller

The Walton Centre NHS Foundation Trust is a Data Controller as defined in current Data Protection Laws and the General Data Protection Regulations. This means a person who (either alone or jointly or in common with other persons) determines the purposes for which and the manner in which any personal data are, or are to be processed.

All data controllers must notify the Information Commissioner’s Office (ICO) of all personal information processing activities. Our ICO Data Protection Register number is Z6052598 and our entry can be found in the Data Protection Register on ICO

For more information please contact the DPO – See contact details