Skip to main content

Children and young people privacy notice

What is a privacy notice?

Children have the same rights as adults over their personal data which they can exercise as long as they are competent to do so. Where a child is not considered to be competent, an adult with parental responsibility may usually exercise the child’s data protection rights on their behalf.

We want to make sure that you understand how and why we need your personal information and that you know what your rights are. This is part of that commitment to ensure that we process your personal information fairly and lawfully. The notice tells you what information we collect, how we use it and how you can access it.

Who are we?

We operate services in and across Rotherham, Doncaster and South Humber. We deliver services which include mental health, learning disability, and community services (eg district nursing and health visitors, etc). Our consultants, doctors, nurses, healthcare professionals and registered support staff are also regulated and governed by professional bodies including numerous royal colleges, etc.

Our information commissioner’s office (ICO) registration number is Z586397.

What information do we have about you?

We may ask you for, or already hold, personal confidential information about you that will be used to support you in the delivery of appropriate care and treatment and these records may include:

  • name, address, date of birth, next of kin, etc.
  • contacts such as appointments and home visits
  • details of your treatment and care including notes and reports about your health
  • information about any allergies and health conditions
  • results of any accident and emergency visits, clinic appointments
  • results of any medical imaging, x-rays, blood tests, etc.
  • Information from people who care for you and know you well, such as your doctor (GP), school, etc.

By providing us with your contact details, you are agreeing for us to use these ways to communicate with you about your care, i.e. by letter (address), by voice-mail or voice-message (telephone or mobile number), by text message (mobile number) or by email (email address).

Cookies

Our website utilises a standard technology called ’cookies’ to collect information about how our website is used and to record your preferences in order to give you the information you need during your visit. Information gathered through cookies allows us to monitor website traffic and to personalise the content of the site for you. Click here to find out more.

Web server log files

IP addresses are used by your computer or mobile device, ie smartphone, every time you are connected to the internet. Your IP address is a number that is used by computers on the network to identify your computer or mobile device. IP addresses are automatically collected by our web servers so that data (such as the web pages you request) can be sent to you. Web server log files are used to record information about our site, such as system errors. Log files do not contain any personal information or information about which other sites you have visited.

How long do we keep your information?

We make sure all records are kept to the minimum retention periods stated in the NHS records management code of practice for health and social care, ie all hospitals treating children must keep their information until the child’s 26th birthday. After this we will destroy it unless we feel it needs to be kept for your ongoing care or another reason.

How do we collect your information?

We collect your information in a number of ways, for example either:

  • via your healthcare professional,  doctor, social worker, nurse, etc.
  • referral details from other health and social care providers, doctor, councils, other hospitals, etc.
  • directly given by you (or your parent or guardian)

Why do we collect your information?

Your information can help us to make decisions about your care and to ensure that your treatment is safe and effective. It will also help us work better with other organisations who may be involved in your care. Having your information can also help us improve individual care and to understand more about disease risks or causes and to develop new treatments and prevent disease.

We keep information about you to help make sure that you get the right care at the right time in the right place, and we will let you know how this information is shared and how we keep your information safe. We may also use details to ask you to complete a satisfaction survey.

Please remember that you have the right to access personal information about you held by us, either to view the information in person, or to be provided with a copy.

How do you know the information we have about you is safe?

All members of staff working in the NHS and other healthcare organisations have a legal duty of confidentiality to keep your information safe (unless in extreme circumstances where your safety or that of others is compromised). Everyone working for this Trust is subject to the Common Law Duty of Confidence.

All information held by this Trust is kept secure, whether they are electronic and or paper records and their access is restricted to only those who need to know. It is important that information is kept safe and secure to protect your confidentiality.

Who do we share your information with?

Everyone working within the NHS has a legal duty to keep information about you confidential. Similarly, anyone who receives information from us has a legal duty to keep it confidential.

Legal reasons to share information

A person’s right to confidentiality is not absolute and there may be other circumstances when we must share information from your patient record with other agencies. In these rare circumstances we are not required to have your consent. Examples of this are:

  • if there is a concern that you are putting yourself at risk of serious harm
  • if there is concern that you are putting another person at risk of serious harm
  • if there is concern that you are putting a child at risk of harm
  • if we have been instructed to do so by a court
  • if the information is essential for the investigation of a serious crime
  • if you are subject to the Mental Health Act (1983), there are circumstances in which your ‘nearest relative’ must receive information even if you object
  • if your information falls within a category that needs to be notified for public health or other legal reasons, such as certain infectious diseases

Health and social care professionals

You may receive care from other organisations, eg social care services; other NHS trusts, etc, and therefore this Trust may need to share information to ensure consistent and appropriate care and support is provided. This is only shared if there is a genuine need to share or we have patient consent to do so.

We share information with the following partner organisations:

  • other NHS Trusts and hospitals involved in your care
  • local Authorities
  • clinical commissioning groups (CCGs) responsible for planning the health needs of their patients, and for paying to keep their local hospitals running. Information in computerised form is sent to CCGs, with your name and address removed, but including NHS numbers and postcodes. Exactly the same information is sent to the Office of National Statistics which produces information about the performance of hospitals. Other organisations such as specialist disease registries receive information about particular areas of healthcare. This is important to ensure that the NHS provides the best possible treatments both now and in the future
  • Doncaster integrated care record, an electronic record which allows health and care professionals in Doncaster to quickly and securely access medical information about you while they are caring for you. When you come into contact with health and social care services in Doncaster, staff will ask you for permission to view your Integrated Doncaster care record
  • NHS Digital (opens in a new window); on behalf of NHS England assess the effectiveness of the care provided by publicly-funded services. We share information such as referrals, assessments, diagnoses, activities (e.g. taking a blood pressure test) and in some cases, your answers to questionnaires on a regular basis to meet our NHS contract obligations. You have the right to object to us sharing your information to NHS Digital – this will not affect your care in any way. For information about how you can opt-out of sharing your data for research and development purposes only. Visit the NHS website (opens in a new window) for more information
  • NHS England (opens in a new window)
  • care quality commission (CQC) (opens in a new window)
  • general practitioners (GP’s)
  • ambulance services

You may be receiving care from other people as well as the NHS, for example social care services. We may need to share some information about you with them so we can all work together for your benefit if they have a genuine need for it.

Therefore, we may also share your information, subject to strict agreement about how it will be used, with:

  • social care services
  • education services
  • local authorities
  • voluntary and private sector providers working with the NHS

We will not disclose your information to any other third parties unless:

  • we have your permission
  • we have an appropriate legal basis to do so
  • we have good reason to believe that failing to share the information will put you or someone else at risk of serious harm or abuse
  • we hold information that is essential to prevent, detect, investigate or punish a serious crime

We would never share your personal information for marketing or insurance purposes.

Do you have any rights?

Yes, under data protection law you have a number of rights. These are:

  • that your rights are communicated to you in an open, honest and easy to read and understand way
  • you will be informed which parts of your information we hold has been collected from you and which has been collected from others
  • you have a right of access to information we hold on you
  • you have the right to have factual errors in your information corrected
  • you have the right of erasure also known as the ‘right to be forgotten’, although this does not apply to health records
  • you have the right to stop us from using your information, in some circumstances
  • you have the right of data portability
  • you have the right to object
  • you have the right to prevent automatic decision making and profiling. This is when a computer makes a decision about you
  • you have a right to complain and details are provided at the end of this document

Can you look at your information, or even have a copy?

Yes, if you are in our care you may be able to see the records while you are with us. You or your family will need to ask your doctor or nurse first as there may be things that we would need to explain to you such as abbreviations or medical words.

You have a right to see the information we hold about you, both on paper or electronic, except for information that:

  • has been provided about you by someone else if they haven’t given permission for you to see it
  • relates to criminal offences
  • is being used to detect or prevent crime
  • could cause physical or mental harm to you or someone else

You can find out more about your rights by visiting our your information, your rights web page. If you would like to request a copy of your records, please contact the Information Governance team.

Contact the Information Governance team

Information Governance
Tickhill Road Site
Tickhill Road
Balby
Doncaster
DN4 8QN

Telephone: 03000 211189
Email: rdash.ig@nhs.net

What if you are not happy or want to complain?

If you are not happy how your data or request has been handled, please:

Where can you find more information?

Visit our your information, your rights web page.

Data protection impact assessments

Data protection law introduced a new obligation to do a data protection impact assessment (DPIA) before carrying out types of processing likely to result in high risk to individuals’ interests. A DPIA is a process to help identify and minimize the data protection risks which requires the processing of personal data. It is also good practice to do a DPIA for any other major project which requires the processing of personal data.

We publish a summary log of completed DPIAs here. Any requests for the full DPIA can be sent to rdash.ig@nhs.net.

The Protection Legislation supports your right to have your privacy respected and your data protected. It gives you easier access to the personal information the Trust holds about you, if you wish to check or change it. It is designed to give you confidence that this information is accurate, up to date and well managed.

Definitions

Below are some useful definitions:

Data controller

The organisation which determines the processing of personal data. The data controller is the legally responsible organisation.

Data processor

An organisation which the data controller appoints to provide a service on its behalf. The data processor must follow the legal instruction of the controller.

Data subject

The individual who personal data is about. The individual must be identifiable from the data

Data protection officer

The person appointed by the data controller as the single point of contact for data protection enquiries. The data protection officer acts independently and monitors compliance with data protection obligations.

Data processing

The activities which relate to personal data. Data processing includes:

  • obtaining, recording or holding the information
  • organisation, adaption or alteration
  • retrieval, consultation or use
  • disclosure by transmission, dissemination or otherwise making available
  • alignment, combination, blocking, erasure or destruction of the information or data

Information commissioners office (ICO)

The regulator of information rights in the United Kingdom. More information can be found on the ICO website (opens in a new window).

Personal data

Data which relates to an individual and enables them to be identified.

Special category data

This personal data is more sensitive, and so needs more protection, such as:

  • race
  • ethnic origin
  • politics
  • religion
  • trade union membership
  • genetics
  • biometrics (where used for ID purposes)
  • health
  • sex life
  • sexual orientation

Page last reviewed: December 21, 2023
Next review due: December 21, 2024

Feedback

Report a problem