How we use your information
This privacy notice tells you what to expect when Northumbria Healthcare NHS Foundation Trust or any of its subsidiaries collects personal information. It applies to information we collect about:
- Visitors to our websites
- All patients
- Staff members and prospective employees (including volunteers)
- Individuals engaging with any of our services, including but not limited to:
- Patient and Liaison Service PALS
- Complaints
- Individuals who subscribe to our newsletter or request a publication from us (e.g. Foundation Member)
- Individuals exercising rights under the Freedom of Information Act
There may be occasion when we need to share your information with other organisations in order to carry out our public functions, in such circumstances we make every effort to establish a written form of agreement/ contract in such cases to ensure that all information is kept secure and is not disclosed to any unauthorised individuals. This may include organisations sending correspondence on our behalf such as ballot papers to our foundation members during elections.
Your information in relation to healthcare
For our privacy notice in relation to healthcare, please see your health and social care record.
For our children's privacy notice please see here.
Staff information
For information on how we use information in relation to staff, employment or volunteering, please see use of staff information.
For our privacy statement on fraud investigations (Cabinet Office National Fraud Initiative), please see here.
Visitors to our websites
While visiting our website there may be instances where we may collect personally identifiable information through our website. We will make this clear when we collect personal information and will explain what we intend to do with it at the point that it is submitted.
Appointment booking
Some services we provide offer online booking for appointments via our website. If you use these facilities, your information will be handled securely and only for the intended purpose for the appointment you are booking. We collect only the minimum information necessary in order to refer to/ book an appointment with that service. The information you submit will then be transferred into an electronic system to enable us to arrange the appointment. All such systems are secure and appropriate safeguards are in place. For further information in regards to how your healthcare information is used, please see our health and social care privacy notice.
Security
This site has security measures in place to protect the loss and alteration of information under our control.
People using our guest Wi-Fi
All individuals using guest Wi-Fi provided by Northumbria Healthcare NHS Foundation Trust must agree to the terms and conditions of its use. Information collected and how it is used is stipulated within those terms and conditions upon sign in. A specific privacy notice is also available from within the Wi-Fi page/ sign up.
People who contact us via social media
If you send us a private or direct message via social media the message will be accessible by the communications team. It will not be shared with any other organisation unless there is a legal requirement to. Feedback received via social media may be used internally in reports, all personal identifiable information is however removed.
People who call our helpline or contact us via phone
When you call any telephone number belonging to Northumbria Healthcare NHS Foundation Trust, we collect calling line identification (CLI) information. We use this information for audit and security purposes.
Some of our services may require you to provide us with personal information over the phone. All information provided to us via this method is treated processed in line with Data protection legislation (GDPR) and trust policies.
When you call some of our services, for example contact centre/ adult social care, we may record these calls. You will be notified however that you are being recorded before this takes place. All recorded calls are securely stored in line with Data Protection requirements and are retained for six months.
People who email us
We use Transport Layer Security (TLS) to encrypt and protect email traffic in line with government. If your email service does not support TLS, you should be aware that any emails we send or receive may not be protected in transit.
We will also monitor any emails sent to us, including file attachments, for viruses or malicious software. Please be aware that you have a responsibility to ensure that any email you send is within the bounds of the law.
People who make a complaint to us
When we receive a complaint from an individual, we create a file containing the details of the complaint. This usually contains the identity of the complainant and any other individuals involved in the complaint.
We will only use the personal information we collect to process the complaint and to check on the level of service we provide, information may also be used to improve the services we provide. We compile and publish statistics & report showing information like the number of complaints we receive. This does not contain any identifiable information.
We may have to disclose the complainant’s identity to whoever the complaint is about (e.g. informing the relevant service). This may be necessary in order to investigate complaints, for example if a service need to investigate medical treatment, this will be needed in order to check patient records. If a complainant doesn’t want information identifying them to be disclosed, we will try to respect that. However it may not be possible to handle a complaint on an anonymous basis.
We will keep personal information contained in complaint files in line in line with our complaint policy. It will be retained in a secure environment and access to it will be restricted accordingly to those who need access to it for the purposes of complaint investigation.
Visitors to our sites
Visitors: During visits to our sites, visitors may be asked to sign in on a register. The information provided in relation to this may include your name & purpose of your visit. This is so that Northumbria Healthcare is aware of who is visiting the site at all times for audit purposes. This information would also be vital in the event that any premises need to be evacuated e.g. in the event of a fire. The information in these registers is only retained for as long as necessary before being securely destroyed.
CCTV: The Trust has CCTV deployed around our sites, in addition some security personnel may also have body-worn cameras, which record both sound and images. Both of these are in order to manage and investigate the following circumstances:
- alleged security incidents, theft, assault or any other crime on Trust premises
- staff, visitor and patient safety
- investigation of traffic incidents or congestion on the Trust site
- supporting the management of a fire or major incident alert
- the security of Trust premises
- investigation of persons acting suspiciously on Trust premises
CCTV images are retained for 90 days.
Images and sound recording from body-worn cameras are retained for 90 days.
Images are only viewed by Trust personnel, but images may be shared with the police where necessary to aid the investigation or prosecution of criminal activities within Trust grounds and premises.
Patient and Liaison Service (PALS)
Similarly, where enquires are submitted to us we will only use the information supplied to us to deal with the enquiry and any subsequent issues and to check on the service we provide.
Foundation Membership
As part of our public functions as a NHS Foundation Trust all staff employed by the trust are signed up as Foundation Members when employed. The information about you that is used includes: name, address, contact information such as phone number/email. This information is used for purposes such as: voting in elections for governors, taking part is surveys and consultations, receiving the Northumbria Foundation newsletter.
It is also important to Northumbria Healthcare NHS Foundation Trust that our membership is representative of the local communities, as a result we also collect the following information for monitoring purposes: gender, age, ethnicity, if you have any disability/ long term condition (optional and we do not collect details on any specific condition). You are able to opt out of this at any point by contacting the Foundation team. Further information can be found on the dedicated foundation section here.
Suppliers
As a supplier/ prospective supplier to the trust we collect the following information:
- Name;
- Company details & contact information (address, email, telephone number etc.);
- If you are a sole trader, your unique tax reference (UTR) number;
Your information is collected under a contractual legal basis under the Data Protection Act 2018/ General Data Protection Regulations and may be used for the following purposes:
- Contacting you in relation to a procurement exercise;
- Contacting you in respect of establishing or managing a contract;
- If applicable your UTR number will be used to confirm that you are registered with HMRC for self-assessment tax purposes.
Information is only held for as long as is necessary for the purposes it has been collected for and in line with the appropriate retention periods stipulated by the records management code of practice for health and social care 2016.
Links to other websites
This privacy notice does not cover any links within this website that direct individuals to external websites that are not part of the Northumbria Group. We encourage you to read the privacy statements on the external websites you visit.
Cookies
When we provide services, we want to make them easy, useful and reliable. Where services are delivered on the internet, this sometimes involves placing small amounts of information on your device, for example, computer or mobile phone. These include small files known as cookies. They cannot be used to identify you personally.
These pieces of information are used to improve services for you through, for example:
- Rembering if you have clicked "hide" or "show" on the accessiblity toolbar
- Enabling a service to recognise your device so you don’t have to give the same information several times during one task
- Recognising that you may already have given a username and password so you don’t need to do it for every web page requested
- Measuring how many people are using services, so they can be made easier to use and there’s enough capacity to ensure they are fast.
You can manage these small files yourself and learn more about them at Directgov. You can also reject cookies by clicking "Cookie options", however, certain functions on the website won't work as expected.
| Cookie Name | Description |
|---|---|
|
civicAllowCookies civicShowCookieIcon |
Cookie Control: When you click “I’m happy with this…” on the Cookie Control user interface, a cookie is set in order to remember your preference. These cookies are set only after the user has given consent to us to use cookies. |
|
__utma __utmb __utmc ___utmvc __utmz _ga_{ID} |
Google Analytics: We use Google Analytics to monitor traffic levels, search queries and visits to this website.
Google Analytics stores IP address anonamously on its servers in the US, and neither Northumbria NHS Trust or Google associate your IP address with any personally identifiable information. These cookies enable Google to determine whether you are a return visitor to the site, and to track the pages that you visit during your session. These cookies are set only after the user has given consent to us to use cookies. |
|
incap_ses_{ID} visid_incap_{ID} |
These cookies are used by our Web Application Firewall (WAF) which defends against malicious attacks. They identify the browser session and device of the visitor. These cookies are necessary and always in use. |
Captcha cookies
We use Google reCAPTCHA in order to verify whether or not you are a human when submitting data to the website. Most of the time, this will only be present on pages containing forms.
| Cookie | Source | Path | Purpose | Expiry |
|---|---|---|---|---|
| _GRECAPTCHA _grecaptcha |
Google (www. |
/recaptcha | Provides risk analysis to Google spam protection. | 6 months |
Your rights
Under Data Protection Laws (General Data Protection Regulations) you are able to find out what information is held about you, on computer and in certain manual records. This is known as "right of subject access".
If you want to see or receive a copy of your information, a copy of the application form can be found here, you can also contact please contact us on the details provided below. In certain circumstances access to your information/records may be limited, if such an instance occurred, we would provide reasons for this.
Under Data Protection Laws (General Data protection Regulations), you may also have additional rights in relation to your information. For example:
- You also have the right to request any decisions taken by automated decision making with regards to your information;
- You may have the right to erasure of your personal information held by us, in certain circumstances.
You have the right to withdraw consent at any time, where consent has been given.
Changes to our policy
If our privacy policy changes in any way, we will place an updated version on this page. Regularly reviewing the page ensures you are always aware of what information we collect, how we use it and under what circumstances, if any, we will share it with other parties.
Further information
If you would like to know more about how we use your information or if, for any reason you do not wish to have your information used in any of the ways described above, please contact us using the information below. Further guidance about data protection can be obtained at www.
Contact information
|
Information Governance team Information Governance Digital Services Northumbria Healthcare Manufacturing and Innovation Hub, Avenue Road Seaton Delaval Whitley Bay NE25 0QJ |
Data Protection Officer Tracey Best Digital Services Northumbria Healthcare Manufacturing and Innovation Hub, Avenue Road Seaton Delaval Whitley Bay NE25 0QJ |