Your information, your rights
Your information
You have rights to do with information that is recorded and held about you. These rights are protected by the Data Protection Act (2018) (DPA) and General Data Protection Regulation (2016) (GDPR).
As a healthcare provider we may collect information regarding your contact with our services. This information about your physical and or mental health is part of your health record.
Data Protection Act (2018) (DPA) and General Data Protection Regulation (2016) (GDPR)
Under the GDPR, we have a legal duty to protect any information we collect from you. We use leading technologies and encryption software to safeguard your data and keep strict security standards to prevent any unauthorised access to it. More detail about how we collect, process, transfer and store your data can be found in our privacy notices below.
Our Information Governance team have created this page to provide you with information as to why Rotherham, Doncaster and South Humber NHS Foundation Trust collects information about you and how we will use this information; as well as how you are able to access your personal health record under a subject access request.
What are my rights in relation to my data?
Under the Data Protection Act (2018) and general data protection regulation, you have specific rights in relation to your data; you can make these requests at any time. Your rights are as follows:
Right to be informed
Rotherham, Doncaster and South Humber NHS Foundation trust (RDaSH) has a duty to provide you with information in relation to how your personal and special category data (more sensitive personal data) is collected, stored and processed. This is provided within our privacy notice on this page.
Right of access to information or subject access
You can request a copy of the information RDaSH holds about you by emailing the IG team at rdash.ig@nhs.net.
This information is ordinarily available to you free of charge once you provide appropriate ID. However, there are certain circumstances whereby we can make a charge for this service. But only if the request is deemed ‘manifestly unfounded or excessively repetitive.’
We have 30 calendar days to respond to your request. In certain circumstances a response may not be able to be provided in such a time scale; however we will write to you and inform you of this as soon as possible.
Right to rectification and erasure
You have the right to request the rectification of inaccurate personal data and the right to request the erasure of your personal data. However, the rights to rectification and erasure are not an absolute right and it may be necessary for RDaSH to continue to process your personal data for lawful and legitimate reasons. If you wish to make such a request, please contact rdash.ig@nhs.net.
Right to object to, or restrict processing
You have the right in certain circumstances to ask RDaSH to stop processing your personal data. You can also request not to receive information from the trust. However, the right to object to, or restrict processing is not an absolute right and it may be necessary in certain circumstances for RDaSH to continue to process your personal data for lawful and legitimate reasons.
If you wish to object to your information being processed, to receiving information from the trust, or wish to have information rectified or erased, please send your request in writing via email to rdash.ig@nhs.net.
Rights in relation to automated decision making and profiling
RDaSH does not use your information to make automated decisions about you, nor to undertake profiling.
Right to data portability
You have the right to get your personal data from an organisation in a way that is accessible and machine-readable, for example as a secure file to be exchanged via e-mail, or an encrypted CD-Rom.
You also have the right to ask an organisation to transfer your data to another organisation. They must do this if the transfer is, as the regulation says, “technically feasible”. Within RDASH, as well as probably other NHS organisations this known as a continuation of care.
Who do I contact if I have any concerns about my data?
To safeguard your information and to support your rights, RDaSH has appointed a data protection officer (DPO). The role of the DPO is to monitor internal compliance with data protection legislation and inform and advise staff, patients, carers and the public in relation to data protection.
The DPO can be contacted at rdash.dpo@nhs.net.
If you have a concern about any aspect of your care or treatment at this hospital or about the way your records have been managed, you can also contact the following:
For concerns related to mental or physical health services:
Alternatively, if you have a complaint about our processing of your personal data:
Definitions
Below are some useful definitions:
Data controller
The organisation which determines the processing of personal data. The data controller is the legally responsible organisation.
Data processor
An organisation which the data controller appoints to provide a service on its behalf. The data processor must follow the legal instruction of the controller.
Data subject
The individual who personal data is about. The individual must be identifiable from the data
Data protection officer
The person appointed by the data controller as the single point of contact for data protection enquiries. The data protection officer acts independently and monitors compliance with data protection obligations.
Data processing
The activities which relate to personal data. Data processing includes:
- obtaining, recording or holding the information
- organisation, adaption or alteration
- retrieval, consultation or use
- disclosure by transmission, dissemination or otherwise making available
- alignment, combination, blocking, erasure or destruction of the information or data
Information commissioners office (ICO)
The regulator of information rights in the United Kingdom. More information can be found on the ICO website (opens in a new window).
Personal data
Data which relates to an individual and enables them to be identified.
Special category data
This personal data is more sensitive, and so needs more protection, for example:
- race
- ethnic origin
- politics
- religion
- trade union membership
- genetics
- biometrics (where used for ID purposes)
- health
- sex life
- sexual orientation
Privacy notices
Below are a list of privacy notices in use by the trust.
A privacy notice tells you what to expect us to do with your personal information when you make contact with us or use one of our services. It is a statement that describes how the organisation collects, uses, retains and discloses personal information and is sometimes referred to as a privacy statement, a fair processing statement or sometimes a privacy policy.
- children and young people privacy notice
- privacy notice
- staff privacy notice
- general Covid-19 privacy notice
- children and young people Covid-19 privacy notice
- staff Covid-19 privacy notice
- membership privacy notice
- cookies
- RDaSH staff app privacy notice
National data opt-out
Information about your health and care helps us to improve your individual care, speed up your diagnosis, plan your local services and research new treatments.
The national data opt-out was introduced in May 2018, enabling patients to opt out from the use of their data for research or planning purposes, in line with the recommendations of the National Data Guardian in her review of data security, consent and opt-outs (opens in new window).
Patients can view or change their national data opt-out choice at any time by using the online service at NHS your NHS data matters website (opens in new window) or by calling 0300 3035678.
To find out more about how this trust uses your information please see trust privacy notice.
Individual clinical services, specific use of information
- adult mental health*
- children’s and young persons mental health (CAMHS)*
- older people’s mental health*
- children, young people and families (CYP and F)*
- drug and alcohol (adults)*
- drug and alcohol plus sexual health (young people)*
- Doncaster care integrated services (DCIS)*
- forensics*
- NHS talking therapies*
- memory services*
- St Johns hospice*
*currently under development
Who is responsible for your data?
Policies
Contact the Information Governance team
Information Governance
Tickhill Road Site
Tickhill Road
Balby
Doncaster
DN4 8QN
- Telephone: 03000 211189
- Email: rdash.ig@nhs.net
Page last reviewed: April 05, 2024
Next review due: April 05, 2025