Privacy statement

In order to provide a healthcare service, we need to collect and use personal information for a range of purposes.  Primarily, we collect data for healthcare and administration purposes.  For example, a health professional will record treatment details as this is essential information in order to provide a healthcare service.  Patient consent is sought wherever appropriate. 

There are some cases where it is necessary and a legal requirement to process personal information even without the consent of the individual whom the information relates to. If we do not have accurate, up to date information, this may impact on the services (such as effective treatment) that we provide.  

Where we have not collected your information directly ourselves (such as GP or social workers), this will be clearly documented and/or stated to the individual, in line with the requirements under the General Data Protection Regulations.

CLCH respects patient choice and will respect an individual’s request to withhold information from someone or an agency unless there is a legal requirement to disclose the information.

Other purposes for data collection and usage may include:

• Staff Administration, i.e. pay, discipline, work management
• Improving services, i.e. patient satisfaction survey
• Training purposes to ensure staff are adequately trained to carry out their role
• To conduct an investigation in response to a complaint or police enquiry
• Accounts and records, i.e. keeping accounts related to business activity, customers, financial management, responding to freedom of information requests
• Research purposes, i.e. health or scientific research (any published data will always be anonymous)
• Performance monitoring and analysis to help us assess the quality and standard of our healthcare services

We exercise our official authority by collecting, using and where applicable sharing your information in order to provide you with care. The lawful basis for processing the data are for the Trust’s compliance with a legal obligation, public health interest and for the provision of health care.

This table shows the legal basis for the different purposes for using your data.

We collect information pertaining to your identity, contact information, health status information, diagnoses, and other information which allows us to support and administer healthcare. To minimise additional collation of information, the Trust will utilise information that is already held about you.

If you are a substantive member of staff, the Trust as your employer holds some personal information about you for employment purposes. Similarly, if you are an agency or contract staff, the Trust holds some information about you for the purposes of your provision of services to the Trust. It is important to note that there is no linkage of your Electronic Staff Records to the submissions made to Public Health England.

As the data subject, you have the following rights in relation to your data:

1. The right to be informed,
2. The right of access,
3. The right to rectification,
4. The right to erasure,
5. The right to restrict processing,
6. The right to data portability, and
7. The right to object.

All personal data held by CLCH is held for a time period in accordance to the NHS Records Management Code of Practice.

The NHS Records Management Code of Practice sets out what people working with or in NHS organisations in England need to do to manage records correctly. The data will also be retained in line with the Data Protection and the Control of Patient Information (COPI) Regulations.

You have a choice about how you want your confidential patient information to be used. If you're happy for us to use your information, you do not need to do anything.

If you choose to opt out, your confidential patient information will still be used to support your individual care. To find out more or to register your choice to opt out, visit nhs.uk/your-nhs-data-matters. Here you can:

• find out what is meant by confidential patient information
• find examples of when confidential patient information is used for individual care and examples of when it is used for purposes beyond individual care
• find out more about the benefits of sharing data
• understand more about who uses your data
• find out how your data is protected
• access the system to view, set or change your opt-out setting
• find a contact telephone number to find out more or opt-out by phone
• find out in which situations the opt-out does not apply

You can find out more about how patient information is used at:

• Health Resource Authority - Information about patients
• Understanding Patient Data - What you need to know

Data being used or shared for purposes beyond individual care does not include your data being shared with insurance companies, or used for marketing purposes. Data would only be used in this way with your specific agreement.      

Health and care organisations had until 2020 to put systems and processes in place so they can be compliant with the national data opt-out, and apply your choice to any confidential patient information they use or share, for purposes beyond your individual care. Our Trust is currently compliant with the national data opt-out policy.

By law you are entitled to request a copy of the information we hold about you. This is known as a Subject Access Request. To submit such a request, we ask that you contact the Information Governance Team via:

• Email: clchig@nhs.net
• Phone: 020 8102 5005
• Post: Information Governance Department, Parsons Green Health Centre, 5-7 Parsons Green, SW6 4UL

If you have any queries in relation to the processing of your personal data, please contact the Information Governance team via the contact details provided above.

If you have any issues or concerns, you can contact the Patient and Liaison Service (PALS) via e-mail clchpals@nhs.net.

The Trust’s Data Protection Officer is Caroline Law and can be contacted as follows:-

• E-mail: caroline.law3@nhs.net
• Phone: 020 8102 5297
• Mobile: 07506937257

The Trust is registered as a Data Controller with the Information Commissioners Office under registration number Z2416880.

A cookie is a piece of data stored on the user's hard drive while they are visiting a particular website. The benefit of using cookies is that it allows us to monitor website traffic and record user's preferences.

CLCH will ensure that the use of cookies is managed in accordance with national and legal guidelines, such as those that require the consent of website visitors for their use.

For more information on cookies, and how our website uses them, please see our cookie statement.

Central London Community Healthcare NHS Trust is required to provide you with details on the type of personal information which we collect and process. In addition to any other privacy notice which we may have provided to you, this notice relates to the information collected and processed in relation to the FPPT.

The FPPT in ESR is commissioned by NHS England.

Contact: Jenny Greenshields, Director of Finance and Corporate Services (Senior Information Risk Owner)

Address: Central London Community Healthcare NHS Ground Floor 15 Marylebone Road London NW1 5JD

Phone Number: 020 7798 1300

E-mail: jenny.greenshields1@nhs.net

 The type of personal information we collect is in relation to the FPPT for board members and is described below, much of which is already collected and processed for other purposes than the FPPT:

1. Name, position title (unless this changes).

2. Employment history – This would include detaisl of all job titles, organisations, departments, dates, and role descriptions.

3. References.

4. Job description and person specification in their previous role.

5. Date of medical clearance.

6. Qualifications.

7. Record of training and development in application/CV.

8. Training and development in the last year. 2

9.  Appraisal incorporating the leadership competency framework has been completed.

10.   Record of any upheld, ongoing or discontinued disciplinary, complaint, grievance, adverse employee behaviour or whistle-blow findings.

11. DBS status.

12. Registration/revalidation status where required.

13. Insolvency check.

14. Declaration of any settlement agreements.

15. A search of the Companies House register to ensure that no board member is disqualified as a director.

16. A search of the Charity Commission’s register of removed trustees.

17. A check with the CQC, NHS England and relevant professional bodies where appropriate.

18. Social media check.

19. Employment tribunal judgement check.

20. Board member reference completed (where applicable).

21. Annual self-attestation signed, including confirmation (as appropriate) that there have been no changes.

Processing of this data is necessary on the lawful basis set out in Article 6(1)(e) UK GDPR as the foundation for the database. This is because it relates to the processing of personal data which is necessary for the performance of the fit and proper person test which is carried out in the public interest and/or in the exercise of official authority vested in the controller.

For CQC-registered providers, ensuring directors are fit and proper is a legal requirement for the purposes of the Health and Social Care Act 2008 (Regulated 3 Activities) Regulations 2014, and organisations are required to make information available connected with compliance to the CQC.

How we get the personal information and why we have it

Most of the personal information we process is provided to us directly by you as part of your application form and recruitment to satisfy recruitment checks and the FPPT requirements.

[If applicable] We may also receive personal information indirectly, from the following sources in the following scenarios:

• References when we have made a conditional offer to you.
• Publicly accessible registers and websites for our FPPT.
• Professional bodies for FPPT to test registration and or any other ‘fitness’ matters shared between organisations.
• Regulatory bodies, eg CQC and NHS England.

We use the information that you have given us to:

• conclude whether or not you are fit and proper to carry out the role of board director
• inform the regulators of our assessment outcome.

We may share this information with NHS England, CQC, future employers (particularly where they themselves are subject to the FPP requirements), and professional bodies.

Under the UK General Data Protection Regulation (UK GDPR), the lawful bases we rely on for processing this information are:

• We need it to perform a public task.

How we store your personal information Your information is securely stored. We keep the ESR FPPT information including the board member reference, for a career long period. We will then dispose of your information in accordance with our policies and procedures [insert].

Your data protection rights Under data protection law, you have rights including:

• Your right of access – You have the right to ask us for copies of your personal information.
• Your right to rectification – You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
• Your right to erasure – You have the right to ask us to erase your personal information in certain circumstances.
• Your right to restriction of processing – You have the right to ask us to restrict the processing of your personal information in certain circumstances.
• Your right to object to processing – You have the right to object to the processing of your personal information in certain circumstances.
• Your right to data portability – You have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances.

You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you.

Please contact us via e-mail clchig@nhs.net if you wish to make a request.

How to complain

If you have any concerns about our use of your personal information, you can make a complaint to us at [Insert your organisation’s contact details for data protection queries]. You can also complain to the ICO if you are unhappy with how we have used your data.

The ICO’s address:

Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

Helpline number: 0303 123 1113 ICO website: https://www.ico.org.uk

Our website may contain links to other websites that may be of interest. However, once you click on these links and exit our site, please be aware that we do not have any control over the content or management of that website.

As a result, we cannot be held responsible for the protection and privacy of any information which you provide whilst visiting such sites as these are not subject to this privacy notice.

We recommend that you review the websites privacy policy as a precautionary measure.