What is a privacy notice?

Privacy notice is this document and it tells you how we use your personal data.

What is personal data?

Personal data is information about you. This could be things like your name, your photo, email address, your IP address (this is your computer’s internet address) or even the name of your parent or guardian. There are some types of information we have to be extra careful with. These are called special category data and are things like your health or race or even religion.

We collect this information when you visit our hospitals, clinics, gyms or our website. We always tell you when we collect your data and explain why we do this. And we never keep more information about you than is absolutely necessary.

Why do we need your personal data?

We need your personal data so we can provide you with our services. We only use your data where it is needed and when the law allows us. Sometimes we have to ask you if we can use your data, and if you tell us NO then we can’t.

Do we share your data with anyone else?

We share your data with your doctors and nurses and other people who look after you when you come to Nuffield Health. If you are under 18 years old, we share your data with the person responsible for you – your parent or your guardian.

Sometimes we need to share your data with other organisations. We only do this when it’s absolutely necessary, we always tell you about it and we make sure it’s done safely and securely.

How long do we keep your data and how do we keep it safe?

There are laws and rules that tell us how long we can (and sometimes have to) keep your data. We always make sure we follow them. We are also very serious about keeping your data safe and protected. We have many rules in place to do this. Only people who need access to your data can access it and they are trained in doing it carefully. If we need to share your personal data with other people and companies, we make sure that it done safely and securely too.

What are all “the laws and rules” we keep talking about?

The government wants to make sure that every organisation in UK looks after your data as well as possible. To do this they have written a number of laws and rules that everyone has to follow. The most important ones are the UK GDPR (UK General Data Protection Regulation) and the DPA 2018 (the Data Protection Act). All these don’t just tell us what we can and cannot do, they also give you rights when it comes to all the personal data we have about you.

What are your rights?

Rights give you powers over your personal data. This means that you can:

  • Ask us to see what information we have about you – you do this by making a Subject Access Request (SAR) or if you are under 18 years old you can ask your parent or guardian to do this for you
  • Ask us to correct any personal data we have about you if you think it is wrong
  • Ask us to delete your personal data, but remember we won’t always be able to do this
  • Ask us not to use your data in certain ways

You don’t have to pay us when you ask us to do these things and we have one month to respond to you.

Who makes sure we follow all the laws and rules?

To make sure everyone in the UK looks after your personal data properly, the government has set up a place called the Information Commissioner’s office (ICO for short).

Who can you talk to if you’d like to know more?

If you would like to know more about your rights or anything to do with the personal data we collect about you, you can:

What if you think we’ve done something wrong?

If you are unhappy with anything we have done (or want to do) with your personal data, you have a right to complain to the ICO. You can contact them here.