Potential Delays due to COVID-19
Your request for information may be delayed due to urgent operational responses to dealing with Public Health priorities. We apologise for any inconvenience this may cause, we do remain committed to responding to your request and will respond as soon as we are able. Should our response to your request breach the statutory timeframe and you remain unhappy with our response you have the right to complain to the Information Commissioners Office.
Further information and independent advice regarding the Data Protection Act 2018, incorporating the General Data protection Regulation 2016 is available from the Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, www.ico.org.uk ,Tel: 0303 123 1113 (local rate) or 01625 545 745 if you prefer to use a national rate number.
You have rights to do with information that is recorded and held about you. These rights are protected by the Data Protection Act 2018 (DPA) and General Data Protection Regulation 2016 (GDPR).
As a healthcare provider we may collect information regarding your contact with our services. This information about your physical and/or mental health is part of your health record.
Data Protection Act 2018 (DPA) and General Data Protection Regulation 2016 (GDPR)
Under the GDPR, we have a legal duty to protect any information we collect from you. We use leading technologies and encryption software to safeguard your data and keep strict security standards to prevent any unauthorised access to it. More detail about how we collect, process, transfer and store your data can be found in our privacy notices below.
Our Information Governance team have created this page to provide you with information as to why Rotherham Doncaster and South Humber NHS Foundation Trust collects information about you and how we will use this information; as well as how you are able to access your personal health record under a Subject Access Request.
What are my rights in relation to my data?
Under the Data Protection Act 2018 and General Data Protection Regulation, you have specific rights in relation to your data; you can make these requests at any time. Your rights are as follows:
Right to be informed
Rotherham Doncaster & South Humber NHS Foundation Trust (RDaSH) has a duty to provide you with information in relation to how your personal and special category data (more sensitive personal data) is collected, stored and processed. This is provided within our privacy notice on this page.
Right of Access to Information/Subject Access
You can request a copy of the information RDaSH holds about you by following this link – Subject Access Request Application Form
This information is ordinarily available to you free of charge once you provide appropriate ID. However, there are certain circumstances whereby we can make a charge for this service. But only if the request is deemed ‘manifestly unfounded or excessively repetitive.’ We have 30 calendar days to respond to your request. In certain circumstances a response may not be able to be provided in such a time scale; however we will write to you and inform you of this as soon as possible. Please contact the Information Governance Team for further information by e-mailing firstname.lastname@example.org
Right to rectification and erasure
You have the right to request the rectification of inaccurate personal data and the right to request the erasure of your personal data. However, the rights to rectification and erasure are not an absolute right and it may be necessary for RDaSH to continue to process your personal data for lawful and legitimate reasons. If you wish to make such a request, please contact email@example.com
Right to object to, or restrict processing
You have the right in certain circumstances to ask RDaSH to stop processing your personal data. You can also request not to receive information from the Trust. However, the right to object to, or restrict processing is not an absolute right and it may be necessary in certain circumstances for RDaSH to continue to process your personal data for lawful and legitimate reasons.
If you wish to object to your information being processed, to receiving information from the Trust, or wish to have information rectified or erased, please send your request in writing via email to firstname.lastname@example.org
Rights in relation to automated decision making and profiling
RDaSH does not use your information to make automated decisions about you, nor to undertake profiling.
Right to Data Portability
You have the right to get your personal data from an organisation in a way that is accessible and machine-readable, for example as a secure file to be exchanged via e-mail, or an encrypted CD-Rom.
You also have the right to ask an organisation to transfer your data to another organisation. They must do this if the transfer is, as the regulation says, “technically feasible”. Within RDASH, as well as probably other NHS organisations this known as a continuation of care.
Who do I contact if I have any concerns about my data?
To safeguard your information and to support your rights, RDaSH has appointed a Data Protection Officer (DPO). The role of the DPO is to monitor internal compliance with data protection legislation and inform and advise staff, patients, carers and the public in relation to data protection. The DPO can be contacted at email@example.com
If you have a concern about any aspect of your care or treatment at this hospital or about the way your records have been managed, you can also contact in the first instance –
For concerns related to mental or physical health services:
PALS – Patient Advice and Liaison Service
Rotherham Doncaster and South Humber NHS Foundation Trust
Tickhill Road Site
Phone: 0800 015 4334
Alternatively, you can also contact the Information Commissioner if you have a complaint about our processing of your personal data:
The Office of the Information Commissioner
Phone: 0303 123 1113 or 01625 545 745
Below are some useful definitions:
The organisation which determines the processing of Personal Data. The Data Controller is the legally
An organisation which the Data Controller appoints to provide a service on its behalf. The Data Processor must follow the legal instruction of the Controller.
The individual who personal data is about. The individual must be identifiable from the data
Data Protection Officer
The person appointed by the Data Controller as the single point of contact for data protection
enquiries. The Data Protection Officer acts independently and monitors compliance with data
The activities which relate to Personal Data. Data Processing includes: Obtaining, recording or holding
the information ; organisation, adaption or alteration; retrieval, consultation or use; disclosure by transmission, dissemination or otherwise making available; alignment, combination, blocking, erasure or destruction of the information or data.
Information Commissioners Office (ICO)
The regulator of information rights in the United Kingdom. The ICO website is – https://ico.org.uk/
Data which relates to an individual and enables them to be identified.
Special Category Data
This personal data is more sensitive, and so needs more protection, ie race; ethnic origin; politics;
religion; trade union membership; genetics; biometrics (where used for ID purposes); health; sex
life; or sexual orientation
Below are a list of privacy notices in use by the Trust
Trust Privacy Notices
- Children and Young People Privacy Notice
- General Privacy Notice
- Staff Privacy Notice
- Covid19 Privacy Notice – General
- Covid19 Privacy Notice – Children and Young People
- Covid19 Privacy Notice – Staff
- Integrated Doncaster Care Record
You can also choose whether your confidential patient information is used for research and planning purposes – click here for more information.
Individual Clinical Services – Specific Use of Information
- Adult Mental Health*
- Children’s & Young Persons Mental Health (CAMHS)*
- Older People’s Mental Health*
- Children, Young People and Families (CYP&F)*
- Drug & Alcohol (Adults)*
- Drug & Alcohol plus Sexual Health (Young People)*
- Doncaster Care Integrated Services (DCIS)*
- Introducing Access to Psychological Therapies (IAPT)*
- Memory Services*
- St Johns Hospice*
*Currently under development
Who is responsible for your data?
Senior Information Risk Officer (SIRO)
The SIRO has responsibility to ensure organisational information risk is properly identified and managed, and that appropriate assurance mechanisms exist. The SIRO will put the needs of the organisation at the forefront of their mind and take a risk based approach.
The current RDaSH SIRO is:
Director of Health Informatics
Phone: 01302 796189
The Caldicott Guardian is the senior person responsible for protecting the confidentiality of people’s health and care information and making sure it is used properly. They act as the conscience of the organisation and will put the needs of the public first.
The current RDaSH Caldicott Guardian is:
Dr Nav Ahluwalia
Executive Medical Director
Phone: 01302 796189
Data Protection Officer (DPO)
Under the General Data Protection Regulations (GDPR) public authorities must appoint a DPO. Their primary role is to ensure that the organisation processes the personal data of its staff, customers, providers or any other individuals in compliance with the Data Protection Act 2018. The DPO will advise on what is or is not possible within the boundaries of the legislation.
The current RDaSH DPO is:
Caroline J Britten
Head of Information Governance
Phone: 01302 796189
Tickhill Road Site,
Phone: 01302 796189