You have a right to privacy and to expect the NHS to keep your information confidential and secure.
Under the Data Protection Act 2018 it becomes a legal right to ensure that your data is processed on a fair and lawful basis and in a transparent manner.
You have the right to be informed about the collection and use of your personal information
We must provide you with information including: our purposes for processing your personal information, our retention periods for that personal information, and who it will be shared with. We call this ‘privacy information’.
Our privacy notices can be viewed here.
Subject access requests
You can find out if we hold any personal information by making a subject access request under the Data Protection Act 2018. If we do hold information about you we will:
We will not charge a fee for providing your information, however, we may charge a reasonable fee when a request is manifestly unfounded or excessive, particularly if it is repetitive.
We may also charge a reasonable fee to comply with requests for further copies of the same information. The fee will be based on the administrative cost of providing the information.
The trust will try to deal with your request within a 21 day time limit (NHS best practice). However, by law we have 30 days to respond If this is likely to take longer the applicant will be warned and an explanation of the delay provided.
You can request access to your information by following this link.
When should personal data be rectified?
You are entitled to have personal data rectified if it is inaccurate or incomplete.
If we have disclosed the personal data in question to others, we must contact each recipient and inform them of the rectification - unless this proves impossible or involves disproportionate effort. If asked to, we must also inform you about these recipients.
How long do we have to comply with a request for rectification?
We must respond within one month.
This can be extended by two months where the request for rectification is complex. If we decide not to take action in response to a request for rectification, we will explain to you the reasons why and explain your right to complain to the supervisory authority.
For further information please contact the Information Governance team.
The right to erasure does not provide an absolute right to be forgotten. You have a right to have personal data erased and to prevent processing in specific circumstances:
This right is not limited to processing that causes unwarranted and substantial damage or distress. However, if the processing does cause damage or distress, this is likely to make the case for erasure stronger.
We can refuse to comply with a request for erasure where the personal data is processed for the following reasons:
Please note that the right to be forgotten does not apply to special category data. i.e. your medical record.
For further information please contact the Information Governance team.
When does the right to restrict processing apply?
We will be required to restrict the processing of personal data in the following circumstances:
For further information or to apply for a restriction please contact the Information Governance team.
The right to data portability allows you to obtain and reuse your personal data for your own purposes across different services.
It allows you to move, copy or transfer personal data easily from one IT environment to another in a safe and secure way, without hindrance to usability.
When does the right to data portability apply?
The right to data portability only applies:
For further information please contact the Information Governance team
You have the right to object to the following:
You must have an objection on grounds relating to your particular situation.
We will stop processing the personal data unless:
You must have grounds relating to your particular situation in order to exercise your right to object to processing for research purposes.
If we are conducting research where the processing of personal data is necessary for the performance of a public interest task, we are not required to comply with an objection to the processing.
For further information please contact the Information Governance team
We do not carry out profiling and/or automated decision-making and document this in our data protection policy.
For further information please contact the Information Governance team
Information Governance team
St Michaels House
St Michaels Road
Sittingbourne
Kent ME10 3DW