Privacy statement

Central London Community Healthcare NHS Trust (“CLCH” or “we” or “us”) recognises the importance of respecting the privacy rights of all individuals.  This Privacy Notice has been written to tell you what to expect when the Trust collects personal and confidential information.  It mainly applies to:

  • all patient/service users of CLCH services
  • all employees, including but not limited to permanent staff, agency and temporary staff, volunteers, students
  • visitors to any of our geographical sites and internet website
  • individuals taking part in any surveys conducted by CLCH
  • job applicants and former employees
  • complainants
  • individuals exercising the right of subject access or freedom of information.

Downloadable materials for keeping your information safe:

In order to provide a healthcare service, we need to collect and use personal information for a range of purposes.  Primarily, we collect data for healthcare and administration purposes.  For example, a health professional will record treatment details as this is essential information in order to provide a healthcare service.  Patient consent is sought wherever appropriate. 

There are some cases where it is necessary and a legal requirement to process personal information even without the consent of the individual whom the information relates to. If we do not have accurate, up to date information, this may impact on the services (such as effective treatment) that we provide.  

Where we have not collected your information directly ourselves (such as GP or social workers), this will be clearly documented and/or stated to the individual, in line with the requirements under the General Data Protection Regulations.

CLCH respects patient choice and will respect an individual’s request to withhold information from someone or an agency unless there is a legal requirement to disclose the information.

Other purposes for data collection and usage may include:

  • Staff Administration, i.e. pay, discipline, work management
  • Improving services, i.e. patient satisfaction survey
  • Training purposes to ensure staff are adequately trained to carry out their role
  • To conduct an investigation in response to a complaint or police enquiry
  • Accounts and records, i.e. keeping accounts related to business activity, customers, financial management, responding to freedom of information requests
  • Research purposes, i.e. health or scientific research (any published data will always be anonymous)
  • Performance monitoring and analysis to help us assess the quality and standard of our healthcare services

As noted above, there are a number of reasons why we collect and use data.  In all cases, the processing of personal and confidential information will comply with provisions and exemptions of the General Data Protection Regulations.

We may also provide information to other organisations, for example another NHS Trust for healthcare purposes.  CLCH makes every effort to establish a written form of agreement / contract in such cases where we share with other organisations to ensure that all personal information is kept secure and is not disclosed to any unauthorised individuals.  Any processing of personal information for purposes other than those specified or legally justified will require the consent of the data subjects (individual who the data refers to); a principle which CLCH strictly adheres to.  Examples of when we may process information without consent would be for legal reasons, when instructed to do so by HM Courts.  

CLCH has entered into strategic partnerships with Capita PLC and Litmus Workforce Solutions to provide a number of administrative functions. In these contractual agreements both parties process data for which CLCH is the Data Controller for either patients or staff, CLCH determines for what purposes the information is used. Any information that CLCH holds on patients is as a consequence of direct care. The contracts with Capita PLC and Litmus Workforce Solutions include confidentiality, information security, staff responsibilities and training requirements to ensure data is kept secure and confidential.

All personal data held by CLCH is held for a time period in accordance to the NHS Records Management Code of Practice 2021.

Our website may contain links to other websites that may be of interest. However, once you click on these links and exit our site, please be aware that we do not have any control over the content or management of that website. As a result, we cannot be held responsible for the protection and privacy of any information which you provide whilst visiting such sites as these are not subject to this privacy notice. We recommend that you review the websites privacy policy as a precautionary measure.

A cookie is a piece of data stored on the user's hard drive while they are visiting a particular website. The benefit of using cookies is that it allows us to monitor website traffic and record user's preferences. CLCH will ensure that the use of cookies is managed in accordance with national and legal guidelines, such as those that require the consent of website visitors for their use. For more information on cookies, and how our website uses them, please see our cookie statement.

We appreciate that not everyone wants their information to be used in the ways that have been identified. You may choose to restrict the collection or use of your personal information in the following ways:

  • Whenever you are asked to fill in a form on the website or manually, look for the option to indicate that you do not want the information to be shared for the specified purposes
  • If you have previously agreed for us to use your personal information for a particular purpose, you may change your mind at any time by writing to or emailing us. Please note that this only applies in cases that do not conflict with our legal obligations.

We will not sell, distribute or lease your personal information to third parties without your consent.

CLCH may also share your electronic medical record with other Health & Social care organisations, if you give your consent to this.  This is done when the other organisation uses the same Electronic Patient Administration System and has a relationship with you such as your GP.  If consent is given then that specific organisation is able to view the relevant information we hold on you.  This will not be done if consent is not given. 

If you believe that any information we are holding on you is incorrect or incomplete, please write to the Information Governance team using the contact details below.  This information may then be amended.

You may request details of personal information we hold about you under the General Data Protection Regulations, this is known as a subject access request.  All subject access requests should be made to the Information governance team.

Under the General Data Protection Regulations you also have the right to erasure of your personal data held by us. If you wish to express this right, please write to the Information Governance team clearly stating which information you refer to.

If you are unhappy with the way that we are handling your information, we ask that you contact the Information Governance team in writing at first instance.  You also have the right to lodge a complaint with the Information Commissioners Office.

You have a choice about how you want your confidential patient information to be used. If you're happy for us to use your information, you do not need to do anything.

If you choose to opt out, your confidential patient information will still be used to support your individual care. To find out more or to register your choice to opt out, visit Here you can:

  • find out what is meant by confidential patient information
  • find examples of when confidential patient information is used for individual care and examples of when it is used for purposes beyond individual care
  • find out more about the benefits of sharing data
  • understand more about who uses your data
  • find out how your data is protected
  • access the system to view, set or change your opt-out setting
  • find a contact telephone number to find out more or opt-out by phone
  • find out in which situations the opt-out does not apply

You can find out more about how patient information is used at:

Data being used or shared for purposes beyond individual care does not include your data being shared with insurance companies, or used for marketing purposes. Data would only be used in this way with your specific agreement.      

Health and care organisations have until 2020 to put systems and processes in place so they can be compliant with the national data opt-out, and apply your choice to any confidential patient information they use or share, for purposes beyond your individual care. Our Trust is currently compliant with the national data opt-out policy. 

Central London Community Healthcare NHS Trust (the Trust) recognises the importance of protecting and respecting your privacy when you work with the organisation. This privacy notice explains your rights as a Trust employee/locum, how we collect and use information about you, and how we protect your privacy. This notice applies to all substantive, agency and contract staff.
This Privacy Notice is specific to Asymptomatic Testing Programme and supplements our main Privacy Notice published on the Trust website. 

What this notice will tell you:

  • How data may be processed in response to COVID-19;
  • Our purpose for processing your data
  • Our legal basis for processing your data;
  • The categories of personal data obtained
  • Whether you have to provide it to us (source of the personal data);
  • Whether there are other recipients of your personal data;
  • How long we store it for;
  • Whether we intend to transfer it to another country;
  • Your rights and freedoms (right to withdraw consent if applicable); and,
  • How to lodge a complaint against the Trust to our regulatory body.

Data Processing in response to COVID-19

Following the outbreak of Covid-19, the health and social care system has and is still facing significant pressures. In response to Covid-19, the Secretary of State has required NHS Digital; NHS England and Improvement; Arm’s-Length Bodies (such as Public Health England); to share confidential medical status information relating to staff. Any information used or shared during the Covid-19 outbreak will be limited to the period of the outbreak unless there is another legal basis to use the data. Further information is available on here and some FAQs on this law are available here .

During this period of emergency, opt-outs will not generally apply to the data used to support the COVID-19 outbreak, due to the public interest in sharing information. This includes National Data Opt-outs.

Where data is used and shared under these laws your right to have personal data erased will also not apply.

Given the fast-changing, unpredictable nature of the climate in which we are operating, we may be required to amend this privacy notice at any time. We would therefore kindly advise you to review this notice frequently.

Our purpose for processing your data

The purposes for processing your data are as follows:-

  • To support the Trust and wider NHS in its infection control risk reduction strategy
  •  Evaluation of efficacy of lateral flow testing
  • Public interest in the area of public health

Our legal basis for processing your data

We exercise our official authority by collecting, using and where applicable sharing your information in order to provide you with care. The lawful bases for processing the data are for the Trust’s compliance with a legal obligation, public health interest and for the provision of health care.

This table shows the legal basis for the different purposes for using your data.


Legal Grounds

Legal obligation

General Data Protection Regulation

Article 6(1)(c) Processing is necessary for compliance with a legal obligation to which the controller is subject,

Public interest

General Data Protection Regulation

Article 6(1)(e) Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller

Provision of health treatment

General Data Protection Regulation

Article 9(2)(h) Processing is necessary for the purposes of the provision of health or social care or treatment.

Medical research

General Data Protection Regulation Article 5

(1) (b) and (e), Article 6 (1) (e), (f) and Article 9 (2) (g) (i) & (j) taking account of Article 89 safeguards and derogations.


What information we collect from you and and/or whether you will need to provide it to us

We collect information pertaining to your identity, contact information, health status information, diagnoses, and other information which allows us to support and administer healthcare. To minimise additional collation of information, the Trust will utilise information that is already held about you.

For agency and contract staff, the Trust will require some personal information that it does not under normal circumstances process about you. This will be specifically for the purposes outlined above. By accepting the test kit and submitting your personal data, you will be consenting to the Trust processing your personal data for those purposes.   


Will the Trust share your data with anyone else?

The Trust always has a legal framework in place to ensure that your data is shared appropriately. We share your data with Public Health England for the purposes stated above. We will not provide researchers with data that identifies you personally, unless you have provided explicit, informed consented to this or there is legal justification to provide this information.


What data about me stored elsewhere is shared with the Trust?

If you are a substantive member of staff, the Trust as your employer holds some personal information about you for employment purposes. Similarly, if you are an agency or contract staff, the Trust holds some information about you for the purposes of your provision of services to the Trust. It is important to note that there is no linkage of your Electronic Staff Records to the submissions made to Public Health England.


How long will the Trust keep the data?

The Records Management Code of Practice for Health and Social Care 2016 sets out what people working with or in NHS organisations in England need to do to manage records correctly. The data will also be retained in line with the Data Protection and the Control of Patient Information (COPI) Regulations.


Your rights and freedoms as the data subject

As the data subject, you have the following rights in relation to your data:

  1. The right to be informed
  2. The right of access
  3. The right to rectification
  4. The right to erasure
  5. The right to restrict processing
  6. The right to data portability
  7. The right to object
  8. Rights in relation to automated decision making and profiling.


How can I access the information the Trust holds about me?

By law you are entitled to request a copy of the information we hold about you. This is known as a Subject Access Request. To submit such a request, we ask that you contact the Information Governance Team via:

  • Email:
  • Phone: 02081025005
  • Post: Information Governance Department, Parsons Green Health Centre, 5-7 Parsons Green, SW6 4UL

Making a complaint and important contact details

If you have any queries in relation to the processing of your personal data, please contact the Information Governance team via the contact details provided above.

If you have any issues or concerns you can contact the Patient and Liaison Service (PALS) via e-mail


The Trust’s Data Protection Officer is Caroline Law and can be contacted as follows:-

The Trust is registered as a Data Controller with the Information Commissioners Office under registration number Z2416880.


Who can I complain to?

The Information Commissioner’s Office (ICO) is the body that regulates the Trust under Data Protection and Freedom of Information legislation.


You can complain to the ICO at:

Wycliffe House Water Lane Wilmslow Cheshire


Website: Telephone: 0303 123 1113.

Accessibility tools