The Clatterbridge Cancer Centre NHS Foundation Trust is one of the UK’s leading cancer centres providing highly specialist cancer care to a population of 2.3m people across Merseyside, Cheshire and the surrounding areas including the Isle of Man.
We are based in Wirral, Merseyside supported by
a £17m radiotherapy treatment centre in Aintree, Liverpool. We also operate
specialist chemotherapy clinics in eight of Merseyside’s district hospitals and
deliver a pioneering Treatment at Home service.
The Clatterbridge Cancer Centre NHS Foundation Trust treats the confidentiality of the data we hold about people very seriously. This privacy notice provides an overview of the information we hold, why we hold it and how we store it securely.
This privacy notice is part of our programme to make the
data processing activities we carry out transparent.
This privacy notice tells you about information we collect and hold about you, what we do with it, how we will look after it and who we might share it with.
It covers information we collect directly from you or
receive from other individuals or organisations.
This privacy notice will be reviewed on a regular basis
to ensure it is in line with national guidance and legislation. This privacy
notice was last reviewed in September 2019.
We are committed to protecting your privacy and will only
process personal confidential data in accordance with current Data Protection Laws, General Data Protection Regulations, the Common Law Duty of Confidentiality and the Human Rights Act 1998.
Personal confidential data describes personal information about identified or identifiable individuals, which should be kept private or secret and includes deceased as well as living people.
Examples of identifiable data are:
Personal data mean data which relates to a living individual who can be identified:
(a) from that data, or;
(b) from that data and other information which is in the possession of, or is likely to come into the possession of, the data controller, and includes any expression of opinion about the individual and any indication of the intentions of the data controller or any other person in respect of the individual.
Sensitive personal data is different from Personal Data. Sensitive personal data means personal data consisting of information as to:
The Clatterbridge Cancer Centre NHS Foundation Trust is a Data Controller as defined in current Data Protection Laws and the General Data Protection Regulations . This means a person who (either alone or jointly or in common with other persons) determines the purposes for which and the manner in which any personal data are, or are to be processed.
All data controllers must notify the Information Commissioner’s Office (ICO) of all personal information processing activities. Our ICO Data Protection Register number is Z7367711 and our entry can be found in the Data Protection Register on the ICO website.
Everyone working for the NHS has a legal duty to keep
information about you confidential. The NHS Care Record Guarantee and NHS
Constitution provide a commitment that all NHS organisations and those
providing care on behalf of the NHS will use records about you in ways that
respect your rights and promote your health and well-being.
All information that we hold about you will be held securely and confidentially. We use administrative and technical controls to do this. We use strict controls to ensure that only authorised staff are able to see information that identifies you.
All our staff receive
appropriate and ongoing training to ensure they are aware of their personal
responsibilities and have contractual obligations to uphold confidentiality,
enforceable through disciplinary procedures.
Below are key examples of the purposes and rationale for why we collect and process information:
When we receive a complaint from a person we make up a file containing the details of the complaint. This normally contains the identity of the complainant and any other individuals involved in the complaint.
We will only use the personal information we collect to process the complaint and to check on the level of service being provided.
We usually have to disclose the complainant’s identity to whoever the complaint is about. This is inevitable where, for example, the accuracy of a person’s record is in dispute.
If a complainant doesn’t want information identifying him or her to be disclosed, we will try to respect that. However, it may not be possible to handle a complaint on an anonymous basis.
We will keep personal information contained in complaint files in line with NHS retention policy. It will be retained in a secure environment and access to it will be restricted according to the ‘need to know’ principle.
For processing personal data:
For processing special categories of personal data:
We have entered into contracts with other companies/organisations to provide some services for us or on our behalf. These organisations are known as “data processors"
These organisations are subject to the same legal rules and conditions for keeping personal confidential data and secure and are underpinned by a contract with us.
Before awarding any contract, we ensure that organisations will look after your information to the same high standards that we do. Those organisations can only use your information for the service we have contracted them for and cannot use it for any other purpose.
General Data Protection Regulation
We will obtain your consent for this purpose, when you initially contact us to get involved in our engagement and consultation activities.
Where you submit your details to us for involvement purposes, we will only use your information for this purpose. You can opt out at any time by contacting us using our contact details at the end of this document
In addition to the purposes listed above The Clatterbridge Cancer Centre NHS Foundation Trust may process information for specific purposes which are listed below:
The Clatterbridge Cancer Centre NHS Foundation Trust works closely with other organisations to support patient care. This means that information will be shared between the hospital and other organisations who may be caring for you or involved in your care. These may include:
In instances where the legal basis for sharing of confidential personal information relies on the patient's explicit or implied consent, you have the right at any time to refuse consent to the information sharing, or to withdraw your consent previously given.
In instances where the legal basis for sharing information without consent relies on HRA CAG authorisation under Section 251 of the NHS Act 2006, then you have the right to register your objection to the disclosure, and the Trust is obliged to respect that objection.
In instances where the legal basis for sharing information relies on a statutory duty/power, patients cannot refuse or withdraw consent for the disclosure
Where information is to be shared across organisational boundaries on a regular basis information sharing agreements should be in place between all of the sharing parties involved. For a list of current Information Sharing Agreements please click here
You have certain legal rights, including a right to have your information processed fairly and lawfully. You have the right to privacy and to expect the NHS to keep your information confidential and secure.
Data Protection laws gives individuals rights in respect of the personal information that we hold about you. These are:
Your information will not be sent outside of the United Kingdom where the laws do not protect your privacy to the same extent as the law in the UK.
The Trust will never sell any information about you to other organisations for profit.
All our records are destroyed or retained in accordance with the NHS Code of Practice: Records Management, which sets out the appropriate length of time each type of NHS records is held for. We do not keep your records for longer than necessary.
All records are destroyed confidentially once their retention period has been met, and the Trust has made the decision that the records are no longer required.
The national data opt-out is a new service, introduced on 25th May 2018 by NHS Digital, that allows people to opt out of their confidential patient information being used for research and planning purposes. Individual preferences will begin to be collected from 25th May 2018 and by 2020 all health and care organisations are required to have applied these preferences in all research and planning situations in which confidential patient information is used. NHS Digital will apply these preferences with immediate effect.
You can find out more about the wider use of confidential personal information and to register your choice to opt out by visiting www.nhs.uk/your-nhs-data-matters.
If you have any questions or concerns regarding how we use your information, please contact the Trust's Data Protection Officer:
The Information Governance ManagerThe Clatterbridge Cancer Centre NHS Foundation TrustClatterbridge Cancer Centre - WirrralClatterbridge RoadWirralCH63 4JY
Tel: (0151) 556 5844E-mail: firstname.lastname@example.org
The Information Commissioner’s Office (ICO) is the regulator for current data Protections Laws and offer independent advice and guidance on the law and personal data, including your rights and how to access your personal information.
Additionally, you have the right to complain to the Information Commissioner if you should ever be dissatisfied with the way the Trust has handled or shared your personal information:
The Information Commissioner's Office (ICO)Wycliffe HouseWater LaneWilmslowCheshireSK9 5AF
Tel: 0303 123 1113 or 01625 545745Information Commissioner's Office website - www.ico.org.uk
A child friendly copy of this privacy notice is available to download from here