Membership privacy notice

What is a privacy notice?

This notice is aimed at foundation trust members of Rotherham, Doncaster and South Humber NHS Foundation Trust (RDaSH) and provides details about what information we hold, why we hold it and
how we use it.

Your membership is important to us and we really appreciate our members’ continuing support. As a foundation trust (FT) we have a duty to maintain a representative membership. Our membership data is secured on a membership database which is hosted by the trust. The information is taken from the date you originally become a member of the trust.

By issuing this privacy notice, we demonstrate our commitment to openness and accountability.

What types of personal data do we hold?

Members of the public constituency

We collect and process the information you provide. This personal identifiable data is limited to your name, address, contact details, date of birth, confirmation you are aged 16 or over. This information
enables us to communicate with you, to confirm that you are eligible to become a member and to ensure we place you in the correct constituency.

If you choose to provide it we will also process other information about you such as:

your date of birth sex
ethnicity
religion or belief
sexual orientation
gender reassignment
race
if you consider yourself to have a disability

Collecting this information will help us to meet our legal obligation of ensuring our public members are representative of the population we serve. Anonymised socio demographic data is required by the trust for the annual report.

The information we hold about you as an FT member or governor is held completely separately to any information we may hold about you as a service user or carer. This is because the information is collected and held for completely different purposes.

We will collect information in addition to that noted above if you choose to stand for election as a public or staff FT governor for example, details of your political interests and why you want to become a governor. Some of the information you provide will be sent to members as part of the election process to enable them to vote for you.

Members of the staff constituency

We do not collect any information from staff specifically for FT membership purposes and none of your details are kept on our FT membership database.

Wherever possible we will communicate with staff for FT membership purposes using internal post and trust email.

We will collect information in addition to that noted above if you choose to stand for election as a public or staff FT governor e.g. details of your political interests and why you want to become a governor. Some of the information you provide will be sent to members as part of the election process to enable them to vote for you.

Changes to information

We ask our members to let us know of any changes to their information as and when they arise. Members can resign at any time, and if they do, we will remove and permanently delete their membership record. This is entirely separate from any patient or employment record we might hold.

Why do we hold and process your data?

The postcode allocates our members to the appropriate local constituency (Rotherham, Doncaster, North Lincolnshire, North East Lincolnshire and rest of England and Wales) or to the appropriate
service area constituency (for service user and carer members).

We use the information for:

We use the information we hold to:

processing your personal data where the processing can be legally justified under UK law or where we have obtained your consent
enabling the foundation trust to discharge its statutory duties to keep members informed about service developments, proposed changes and the trust’s performance by providing newsletters,
other written end electronic communication, send invitations to meetings, etc.
enabling the foundation trust to administer elections to the council of governors
sending you election papers as part of an election process
enabling the foundation trust to assess its compliance against the requirement to ensure that the membership is reflective of the population served by the trust
you may also have indicated to us that you would like to receive information from the membership office about special events and meetings, volunteering opportunities, joining one of our involvement groups or receiving our membership magazine

We aim to deliver as many of our membership communications by email to save on cost, but recognise that many of our members appreciate receiving a printed communication from us so we continue to mail out a copy of Trust Matters 3 to 4 times a year.

How we will use your information?

The information you supply will only be used to contact you about the trust, membership or other related issues and will be stored in accordance with the general data protection regulations (GDPR)
and UK data protection legislation.

As a member, you may cancel your membership at any time. If you no longer want to be a member, or if you want to update your details, please contact:

Contact the membership office

Email: rdash.ftmembershipoffice@nhs.net

What is our legal basis for processing your information?

Article 6(1)(a), the data subject has given consent to the processing of his or her personal data for one or more specific purposes
Article 9(2)(a), the data subject has given explicit consent to the processing of personal data for one or more specified purposes.

Who do we share your information with?

Your demographic information, typically your name and address, will only ever be shared with an approved supplier. This will only be for the purpose of sending any information you have chosen to receive, via a postal service, or for the purpose of enabling members to participate in governor elections, which are run by an independent company.

We will not sell your information for any purpose and will not provide third parties with your information for the purpose of marketing or sales.

By law we must have a public register of our members. Our constitution requires: “a register of members showing in respect of each member the constituency to which he belongs and, where there are classes within it, the class to which he belongs;” with additional ‘rules’ as below:

Registers (inspection and copies)

the trust shall make the registers specified in paragraph 29 available for inspection by members of the public, except in the circumstances set out below or as otherwise prescribed by regulations
subject to paragraph 30.3, the trust shall not make any part of its registers available for inspection by members of the public which shows details of either:
- any member of the service users and carers constituency
- any other member of the trust, if he so requests

You can ask not to be included in the register and it is not published as standard but will be supplied upon request. To remove your name please contact the foundation trust office:

Contact the foundation trust office

from the register contact the foundation trust office on

Email: rdash.ftmembershipoffice@nhs.net

Do we use data processors?

Yes, our membership data is held and managed by MES (an external data processor). We also use third party companies to manage mailings and for the governor election process. These third parties
are under strict legal and contractual obligations to only use your information for the purpose instructed by the trust.

Do you have any rights?

Yes, data protection laws give individuals rights in respect of the personal information that we hold about you. These are:

to be informed why, where and how we use your information
to ask for access to your information, more information on how to access your data can be found on our your information, your rights page
to ask for your information to be corrected if it is inaccurate or incomplete
to ask for your information to be deleted or removed where there is no need for us to continue processing it
to ask us to restrict the use of your information
to ask us to copy or transfer your information from one IT system to another in a safe and secure way, without impacting the quality of the information
to object to how your information is used
to challenge any decisions made without human intervention (automated decision making)

How can you access your information?

If you have any questions about foundation trust membership or the Council of Governors please contact the foundation trust office on

Contact the foundation trust office

Telephone: 0800 015 0370
Email: rdash.ftmembershipoffice@nhs.net

You can find out more about accessing your information by visiting our your information, your rights page.

How do we keep your information safe and maintain confidentiality?

We want you to feel your information is secure and that we are committed to maintaining your privacy. The membership database and online registration form are protected against the loss, theft, misuse, or alteration of information through physical security and also different layers of security implemented throughout the database platform, for example hardware and application firewalls; intrusion detection systems; and SSL encryption.

How long do we retain your records?

Your membership information will only be held for as long as you are a member of the trust. You may request that your information is removed, which would mean you would no longer be a member.

How do you make a complaint?

If you are not happy about how your data or request has been handled, please:

speak to your health professional such as a key worker, support worker, consultant, etc.
should you have any further queries about the uses of your information, please email the trust’s data protection officer at rdash.dpo@nhs.net
contact our Complaints team or patient advice and liaison service
to get further advice or report a concern directly to the information commissioners office (ICO), the UK’s independent authority, you can visit the ICO website (opens in a new window) or telephone them on 0303 123 1113

What about information about the trust itself?

The Freedom of Information Act (2000) provides any person with the right to obtain information held by this trust, subject to a number of exemptions. If you would like to request information from us, please contact the Information Governance team:

Contact the Information Governance team

Information Governance
Woodfield House
Tickhill Road Site
Tickhill Road
Balby
Doncaster
DN4 8QN

Telephone 03000 211189
Email rdash.foirdash@nhs.net

Where can you find more information?

Further information can be found by visiting our your information, your rights page.

More information about or policies and procedures can be found by visiting our policies section.

Records of processing activities

Data protection law introduced a new obligation to do a data protection impact assessment (DPIA) before carrying out types of processing likely to result in high risk to individuals’ interests. A DPIA is a process to help identify and minimize the data protection risks which requires the processing of personal data. It is also good practice to do a DPIA for any other major project which requires the processing of personal data.

We publish a summary log of completed DPIAs here. Any requests for the full DPIA can be sent to rdash.ig@nhs.net.

The protection legislation supports your right to have your privacy respected and your data protected. It gives you easier access to the personal information the trust holds about you, if you wish to check or change it. It is designed to give you confidence that this information is accurate, up to date and well managed.

Definition of terms

Below are some useful definitions:

Data controller

The organisation which determines the processing of personal data. The data controller is the legally responsible organisation.

Data processor

An organisation which the data controller appoints to provide a service on its behalf. The data processor must follow the legal instruction of the controller.

Data subject

The individual who personal data is about. The individual must be identifiable from the data.

Data protection officer

The person appointed by the data controller as the single point of contact for data protection enquiries. The data protection officer acts independently and monitors compliance with data
protection obligations.

Data processing

The activities which relate to personal data. Data processing includes:

obtaining, recording or holding the information
organisation, adaption or alteration
retrieval, consultation or use
disclosure by transmission, dissemination or otherwise making available
alignment, combination, blocking, erasure or destruction of the information or data

Information commissioners office (ICO)

The regulator of information rights in the United Kingdom. More information can be found on the ICO website (opens in a new window).

Personal data

Data which relates to an individual and enables them to be identified.

Special category data

This personal data is more sensitive, and so needs more protection, such as race:

ethnic origin
politics
religion
trade union membership
genetics
biometrics (where used for ID purposes)
health
sex life
sexual orientation

Page last reviewed: April 10, 2024
Next review due: April 10, 2025

Feedback

Report a problem