This Privacy Notice is part of our commitment to ensure that we process personal information/data fairly and lawfully.
We can provide a paper copy of this notice upon request to the Information Governance Unit on 0161 922 6936 or DPO@tgh.nhs.uk
Tameside and Glossop Integrated Care NHS Foundation Trust serves a community of 250,000 people across Tameside and Glossop. We provide a range of high quality services both within the hospital and across our local community for both adults and children.
Tameside and Glossop Integrated Care NHS Foundation Trust is named as the controller of the personal information.
We are registered with the Information Commissioner with the registration number Z2236125
The Data Protection Officer’s role is to ensure that the personal data used within the Organisation is used responsibly, safely, and within the data protection laws.
Data Protection Officer
Tameside and Glossop Integrated Care NHS Foundation Trust
0161 922 5599
Personal data is information that relates to a living individual who can be identified from that data.
We may also have information that is personal sensitive, such as sexuality, race, your religion or beliefs, and whether you have a disabilities, allergies, or health conditions.
This information is collected in a number of different ways, via your healthcare professional, referral information provided by for GP, or directly given by you.
We also collect surveillance images/video for the prevention and detection of crime.
It helps you because:
Where possible, when using information to inform future services and provision, non-identifiable information will be used.
Unless you object, we will normally share information about you with other health and social care professionals directly involved in your care so that you may receive the best quality care. For example every time you attend the hospital as a patient, we will send your GP a summary of any diagnoses, test results or treatment given.
You may be receiving care from other people as well as the NHS, for example Social Care Services. We may need to share some information about you with them so we can all work together for your benefit. We will only do this when they have a genuine need for it or we have your permission.
When we share your information it is subject to strict agreements on how it is protected and used, the organisations that we may share information with are:
We will not disclose your information to any other third parties without your permission unless there are exceptional circumstances, such as when either your or somebody else’s health and safety is at risk; or the law requires us to pass on information.
We use the following lawful basis for direct care when processing your information:
We also use information we hold about you to:
Nationally there are strict controls on how your information is used for these purposes. These control whether your information has to be de-identified first and with whom we may share identifiable information. You can find out more about these purposes, which are also known as secondary uses, on the NHS England and NHS Digital websites:
We use the following lawful basis for indirect care when processing your information:
For Research, Health & Social Care Providers, Commercial Research Partners, Arms' Length Bodies, Universities
Clinical Commissioning Group/commissioning and planning purposes
We may use your details to contact you with patient satisfaction surveys relating to the services you have used. This is to improve the quality of healthcare we deliver to you.
We process information on staff members in order to fulfil a contract of employment, the information is protected the same as patient information.
The lawful basis for processing the information related to staff is:
We only transfer information with companies whose purposes for processing match ours. It is rare that personal information is processed outside of the NHS.
No personal information is sent outside of the European Union.
It is important that we keep your information safe, secure, and available only to those who are involved in your care. To do this we restrict access using technology.
Everyone working for the Organisation is subject to the Common Law Duty of Confidentiality and the General Data Protection Regulation (2016). Information provided in confidence will only be used for your treatment unless there are other circumstances when we will ask for your consent.
Under the NHS Confidentiality Code of Conduct, all staff are required to protect your information. All staff are required to undertake annual training in data protection, information governance, and confidentiality. In addition to this staff that access and process information on your health do so using a number of security measures including chip and PIN access to computerised medical information. Paper records are held in a secure room protected with door access controls.
We store your records and use the NHS Retention Schedule to determine how long we keep these records. The length of time is determined on the type and format of the record.
The retention schedule is accessible at the following address https://www.nhsbsa.nhs.uk
The Data Protection Act (1998) has been replaced by new data protection laws called the General Data Protection Regulation (GDPR) 2016 and Data Protection Act 2018.
These laws are very similar to the old Data Protection Act (1998), with additional rights for the data subject.
These rights are:
Right of access by the data subject (GDPR Art 15), often called a Subject Access Request – SAR).
You have the right to receive the personal data concerning them in a commonly used electronic format for no charge. We are required to complete this request within calendar month. Additional copies of notes may incur a fee.
The right to rectification (GDPR Art 16), people have the right for their personal information to be changed if it is found to be incorrect.
This for instance, could be because of inaccurate personal data, how a name is spelt, to change your next of kin details, or a new address.
The right to restriction of processing (GDPR Art 18), people have the right to restrict how data is collected, used, and stored relating to them.
The right to data portability (GDPR Art 20), this is closely linked with Art 15, the Right of Access to the Data Subject. You have the right to receive the personal data concerning them in a commonly used electronic format for no charge.
The right to object (GDPR Art 21), under the General Data Protection Regulation you have the right to object to us processing your information.
If we change any of the information due to a request from you, we will contact you and tell you what we have changed. In some cases upholding the rights to object, rectification, and the restriction data may affect the treatment you receive, and may make the provision of treatment or care more difficult or even unavailable. We may refuse to uphold the request. If this is the case we will inform you without undue delay, and within one month of the request.
We will tell you
If you require access to your health records you will need to make a written request to:
OPD/Health Records Administration Manager
Tameside & Glossop Integrated Care NHS Foundation Trust
Tel 0161 922 6519
The Organisation can only provide access to the information it holds. For instance, to see the records held by your GP you will have to contact your GP surgery.
This authority is under a duty to protect the public funds it administers, and to this end may use the information you have provided on this form for the prevention and detection of fraud. It may also share this information with other bodies responsible for auditing or administering public funds for these purposes.
For further information contact your Local Anti-Fraud Specialist [Neil McQueen 0161 206 1909 or 07721 237353 or email@example.com].
We take confidentiality very seriously, should something go wrong and your data has been compromised we will contact you, and the Information Commissioner’s Office to inform of the breach.
If the incident is part of a wider breach and it is impossible to inform all those affected personally, we will contact the media news outlets to inform people of the data breach.
If you would like to contact us or have any concerns about your care of treatment, or that of your relative we need to know about them as soon as possible, so we can take action to improve the situation.
Quality and Governance Unit
PALS and Complaints Department
Silver Springs House
Tameside and Glossop Integrated Care NHS Foundation Trust
Tel 0161 922 4466
The General Data Protection Regulation 2016 requires the Trust to lodge a notification with the Information Commissioner to describe the purposes for which we process information.
The details are publicly available from the Information Commissioner’s Office:
The Information Commissioner’s Office
Telephone: 01624 545 745
Tameside and Glossop Integrated Care NHS Foundation Trust is one of many organisations working in the health and care system to improve care for patients and the public.
Whenever you use a health or care service, such as attending Accident & Emergency or using Community Care services, important information about you is collected in a patient record for that service. Collecting this information helps to ensure you get the best possible care and treatment.
The information collected about you when you use these services can also be used and provided to other organisations for purposes beyond your individual care, for instance to help with:
This may only take place when there is a clear legal basis to use this information. All these uses help to provide better health and care for you, your family and future generations. Confidential patient information about your health and care is only used like this where allowed by law.
Most of the time, anonymised data is used for research and planning so that you cannot be identified in which case your confidential patient information isn’t needed.
You have a choice about whether you want your confidential patient information to be used in this way. If you are happy with this use of information you do not need to do anything. If you do choose to opt out your confidential patient information will still be used to support your individual care.
To find out more or to register your choice to opt out, please visit www.nhs.uk/your-nhs-data-matters. On this web page you will:
You can also find out more about how patient information is used at:
https://www.hra.nhs.uk/information-about-patients/ (which covers health and care research); and
https://understandingpatientdata.org.uk/what-you-need-know (which covers how and why patient information is used, the safeguards and how decisions are made).
You can change your mind about your choice at any time.
Data being used or shared for purposes beyond individual care does not include your data being shared with insurance companies or used for marketing purposes and data would only be used in this way with your specific agreement.
Health and care organisations have until 2020 to put systems and processes in place so they can be compliant with the national data opt-out and apply your choice to any confidential patient information they use or share for purposes beyond your individual care.
Our organisation is working towards compliance with the national data opt-out policy.
Approved by IGG [Version 1.4]
16/08/2019 Updated National NHS Data Opt-Out Programme information.
28/08/2018 Updated contact details.
04/10/2018 Added Anti-Fraud information.
19/12/2018 Updated 'What is a Privacy Notice' section on MIAA's PG's suggestions.