Privacy Policy
Staff Privacy Notice
This Privacy Notice explains what personal information we collect from you, how we store this personal information, how long we retain it and with whom and for which legal purpose we may share it.
Stockbridge Village health Centre also publishes a number of specific notices which are available at the bottom of this page.
To find out more about our Privacy Notice please see the questions and answers below:
Who we are?
Why we collect personal information about you?
What is our legal basis for processing your personal information?
What personal information do we need to collect about you and how do we obtain it?
What do we do with your personal information and what we may do with your personal information?
Who do we share your personal information with and why?
How we maintain your records?
How long we keep your records for?
What are your rights?
Who is the Data Protection Officer?
How to contact the Information Commissioners Office
Who we are |
Stockbridge Village Health Centre employs more than 17 staff and operates from Stockbridge Village health Centre (i.e between two sites in Whiston and St Helens) Our Practice is registered with the Information Commissioner’s Office (ICO) to process personal and special categories of information under the Data Protection Act 2018 and our registration number is Z5927926 For further information please refer to the ‘About US’ page on our website |
Why we collect personal information about you? |
The Practice collects stores and processes personal information about prospective, current and former staff to ensure compliance with legal and/or industry requirements. |
What is our legal basis for processing your personal information? |
Processing of personal information and special category personal data in relation to those employed by the Practice is for the purpose of carrying out the obligations and exercising specific rights of the Data Controller (Practice) or of the data subject (staff member). (c) Processing in necessary for compliance with a legal obligation to which the controller is subject.
Article 9.1 – Processing of special categories of personal data For further information on this legislation please visit: http://www.legislation.gov.uk/ or https://eur-lex.europa.eu/ |
What personal information do we need to collect about you and how do we obtain it? |
Personal information about you will largely be collected directly from you during your recruitment and employment. Personal information may also be collected from healthcare professionals in certain circumstances, through national checks such as DBS etc. In order to carry out our activities and obligations as an employer we handle data in relation to:
|
What we may do with your personal information? |
Your personal information is processed for the purposes of:
|
Who do we share your personal information with and why? |
We will not routinely disclose any information about you without your express permission. However, in order to enable effective staff administration and comply with our obligations as your employer, we will share the information which you provide during the course of your employment (including the recruitment process) with the NHS Business Services Authority for maintaining your employment records, held on systems including Windows and Clarity.
Any disclosures of personal data are always made on a case-by-case basis, using the minimum personal data necessary for the specific purpose and circumstances, with the appropriate security controls in place. Personal Information is only shared with those agencies and bodies who have a "need to know" or where you have consented to the disclosure of your personal data to such persons.
Where possible, we will always look to anonymise/pseudonymise your personal information so as to protect confidentiality, unless there is a legal basis that permits us to use it, and will only ever use/share the minimum information necessary. However, there are occasions where the Practice is required by law to share information provided to us with other bodies responsible for auditing or administering public funds, in order to prevent and detect fraud.
For any request to transfer your data internationally outside the UK/EU we will make sure that an adequate level of protection can be satisfied before the transfer.
There are a number of circumstances where we must or can share information about you to comply or manage with:
|
How we maintain your records |
Your personal information is held in both paper and electronic forms for specified periods of time as set out in the NHS Records Management Code of Practice for Health and Social Care and National Archives Requirements. We hold and process your information in accordance with GDPR & the Data Protection Act 2018. In addition, everyone working for the NHS must comply with the Common Law Duty of Confidentiality and various national and professional standards and requirements. We have a duty to:
|
How long do we keep your information? |
All records held by the Practice will be kept for the duration specified by national guidance from the Department of Health. The Records Management Code of Practice for Health and Social Care 2016. Records Management Code of Practice for Health and Social Care 2016 Confidential information is securely destroyed in accordance with this code of practice.
|
What are your rights? |
If we need to use your information for any reasons beyond those stated above, we will discuss this with you and ask for your explicit consent. The General Data Protection Regulations give you certain rights, including the right to:
|
Practice Information Governance Lead
OR Data Protection Officer |
Please Contact the Practice Information Governance Lead: Alison Fitzpatrick 0151 489 9924
Information Governance Team Mid-Mersey Digital Alliance Alexandra Business Park Court Building Prescot Road St Helens WA10 3TP
Or via IG@midmerseyda.nhs.uk |
Information Commissioners Office |
The Information Commissioner’s Office (ICO) is the body that regulates the Trust under Data Protection and Freedom of Information legislation. https://ico.org.uk/. If you are not satisfied with our response or believe we are processing your personal data not in accordance with the law you can complain to the. ICO at: Information Commissioner's Office Wycliffe House Water Lane Wilmslow Cheshire SK9 5AF Tel: 0303 123 1113 (local rate) or 01625 545 745 if you prefer to use a national rate number Fax: 01625 524 510 Email: casework@ico.org.uk |