Your Information

The information we hold, how we use it, and keep it confidential and secure

This privacy notice tells you about information we collect and hold about you, what we do with it, how we will look after it and who we might share it with. It covers information we collect directly from you or receive from other individuals or organisations.

This notice does not provide exhaustive detail. However, we are happy to provide any additional information or explanation needed. Any requests for this should be sent to the address in the “Further Information and Complaints” section, below.

We keep our privacy notice under regular review: it was last reviewed in June 2017.

Who we are

Digital Notts is a partnership between the NHS and social care organisations that are responsible for planning, delivering and funding services for the people of Nottingham and Nottinghamshire, Digital Notts is not a legal entity and is hosted on behalf of health and care organisations by NHS Rushcliffe CCG. We were formed in 2013 to ensure that the development of digital technology and the management of health information and data supports the needs of patients, families, carers and health and social care professionals. We plan, deliver and invest in technology that will improve health. Our role is to coordinate the delivery of the Digital Notts programme, providing a clear decision making structure and framework for the organisations involved. Our plans, targets and priorities are agreed by the two Health and Wellbeing Boards for Nottingham and Nottinghamshire.

Personal information we hold about you

We do not routinely hold or have access to personal information. However, from time to time we may need to hold some information about you, for example:

If you have made a complaint to us
If you have made a ‘subject access’ request for personal information held about you
If you ask us to keep you regularly informed and up-to-date about the work of Digital Notts, or if you are actively involved in our engagement and consultation activities or service user participation groups
If you have made enquiries through our website.

How we use your information

We may use the following types of information/data:

Identifiable – containing details that identify individuals.
Anonymised – about individuals, but with identifying details removed.
Aggregated – anonymised information, grouped together so that it doesn’t identify individuals.

Digital Notts uses the data it receives for a number of purposes such as:

To respond to any queries and complaints raise through the website
To provide you with further information requested through our website
To prepare statistics on performance to understand digital needs and support re-design, modernisation and improvement of technology across Nottinghamshire
To help us plan future services to ensure they continue to meet the needs of our local population.

Complaints made to us

When we receive a complaint from a person, we try to resolve your complaint or query relating to the remit of Digital Notts, if the complaint is outside the remit of Digital Notts we will refer your complaint onto the relevant organisation with your permission.

We will keep personal information contained in complaint files in line with our retention policy. It will be retained in a secure environment and access to it will be restricted according to the ‘need to know’ principle.

How long we hold information for and our destruction arrangements

All records held by the Digital Notts will be kept for the duration specified by national guidance from the Department of Health, found in the Records Management Code of Practice for Health and Social Care 2016.

Once data is no longer required it will be destroyed securely:

For paper records or information this will be destroyed in line with international standards, incinerated, pulped or shredded, using a cross cutter. Where external confidential waste suppliers are used these will be under contract and assurance that destruction meets the necessary legal requirements and standards.

For digital media permanent destruction will be achieved by overwriting the media a sufficient number of times or physical destruction of media by breaking it up into small pieces.

Sharing your information with other organisations or individuals (third parties)

We do not share information that identifies you unless;

You have given us permission
This is anonymised and therefore non personal data
We are lawfully required to report certain information to the appropriate authorities e.g. to prevent fraud or a serious crime
It is necessary to protect children and vulnerable adults from harm;
A formal court order has been served upon us; and/or
For the health and safety of others, for example to report an infectious disease like meningitis or measles.

Protecting your privacy

We are committed to protecting your privacy and will only process personal information in accordance with the Data Protection Act 1998, the Human Rights Act 1998 and the common law duty of confidentiality.

As Digital Notts is not a legal entity it does not act as a data controller and as such has not been registered as a data controller. As host to Digital Notts NHS Rushcliffe CCG is a Data Controller under the terms of the Data Protection Act 1998 and are legally responsible for ensuring that all personal information that we process i.e. hold, obtain, record, use or share about you is done in compliance with the eight Data Protection Principles. All data controllers must notify the Information Commissioner’s Office of all personal information processing activities. The CCGs registration number is Z3610590 and the entry can be found in the Data Protection Register on the Information Commissioner’s Office website

All information that we hold about you will be held securely and confidentially. We use administrative and technical controls to do this. All of our staff, contractors and board members receive appropriate and on-going training to ensure they are aware of their personal responsibilities and have contractual obligations to uphold confidentiality, enforceable through disciplinary procedures. We will only use the minimum amount of information necessary about you. Where possible we will use information that does not directly identify you, but when it becomes necessary for us to know or use personal information about you, we will only do this when we have either a legal basis or have your consent. We use strict controls to ensure that only authorised staff are able to see information that identifies you. Only a limited number of authorised staff have access to information that identifies you, where it is appropriate to their role, and is strictly on a need-to-know basis

If you do not wish us to process or share your information

If you do not agree to certain information being processed or shared with us or by us, or have any concerns then please let us know. We may need to explain the possible impact this could have on our ability to help you, and discuss the alternative arrangements that are available to you.

Your rights

You have certain legal rights, including:

To have your information processed fairly and lawfully.
To request access to any personal information we hold about you.
The right to privacy, and to expect the NHS to keep your information confidential and secure.
To request that your confidential information is not used beyond your own care and treatment and to have your objections considered.
To request that any inaccurate data that we hold about you is corrected.

These are commitments set out in the NHS Constitution, for further information please visit: https://www.gov.uk/government/publications/the-nhs-constitution-for-england

Subject Access Requests and Requests to Correct Errors

Individuals can find out if we hold any personal information about them by making a ‘subject access request’ under the Data Protection Act 1998. If we do hold information about you we will:

Give you a description of it
Tell you why we are holding it
Tell you who it could be disclosed to; and
Let you view or have a copy of your personal information in an intelligible form.

To make a request for any personal information we may hold you need to put the request in writing to the address provided below (see “Contact us”).

If we do hold information about you and you consider it to be inaccurate, you can ask us to correct any mistakes by, once again, contacting us at the address below.

We will only retain information for as long as necessary. Records are maintained in line with the Department of Health retention schedule which determines the length of time records should be kept.

Contact us

If you have any questions or concerns regarding how we use your information, please contact us here.

Complaints or questions

We try to meet the highest standards when collecting and using personal information. For this reason, we take any complaints we receive about this very seriously. We encourage people to bring concerns to our attention if they think that our collection or use of information is unfair, misleading or inappropriate. We would also welcome any suggestions for improving our procedures.