This page explains why information is collected about you and the ways in which this information may be used: this is called a Fair Processing Notice or Privacy Notice.
It is designed to inform you about how we are complying with the General Data Protection Regulation (GDPR) 2018 and the UK Data Protection Act 2018.
We aim to update this information from time to time to reflect any changes. It also explains how you can access or get copies of your information.
Who we are
Staffordshire and Shropshire Health Informatics Service (S&SHIS) are part of Midlands Partnership NHS Foundation Trust (the Trust) who are a data controller. Our address for communications is:
The Trust are registered to process personal and sensitive information under the Data Protection Act 2018.
We operate under MPFT’s Information Governance Framework, which includes having a nominated Senior Information Risk Owner (SIRO) and a Data Protection Officer (DPO)
What Personal Data We Collect and Use
The S&SHIS only collect very limited personal data and only for the purpose of promoting our services.
The information we collect includes:
Photographs, audio and video recordings
We do not share any personal data with third-parties or transfer it overseas.
The Lawful Basis of Processing
We use ‘consent’ as the legal basis for processing personal data. This requires us to obtain clear consent from the data subject for processing data for a specific purpose.
Cookies are small text files that can be used by websites to make a user’s experience more efficient.
The law states that we can store cookies on your device if they are strictly necessary for the operation of this site. For all other types of cookies we need your permission.
This site uses different types of cookies. Some cookies are placed by third party services that appear on our pages.
You can at any time change or withdraw your consent from the Cookie Declaration on our website.
Please state your consent ID and date when you contact us regarding your consent.
Your consent applies to the following domains: www.sshis.nhs.uk
You have the right to see or have a copy of your personal information.
You do not need to give a reason; and normally there will be no charge.
If you want to access your records, you should make a written request to the MPFT subject access team at the following address:
Access to Records Team
St Georges Hospital
Telephone: 0300 790 7000
We will normally provide your information within one month (four weeks) of receiving all the information we need to respond to your request.
Before providing any information we will need to verify your identity and may request further information from you so we may progress your query as quickly as possible.
Your right to be informed
This means you have a right to be informed about the way we collect and use your data.
Your right to rectification
This means you have the right to have inaccurate (incorrect or misleading as to any matter of fact) personal data corrected or completed.
Your right to have your personal information erased
This right is not absolute and only applies in certain circumstances.
You have the right to restrict the processing of your information in the following circumstances:
You contest the accuracy of your personal data and we are verifying the accuracy of the data.
Your right to data portability
This means that you can request a secure transfer of your data to another Data Controller.
The right to data portability only applies when:
the data is about you and that it was provided by you to the Trust
where the processing is based on your consent or for the performance of a contract; and
when processing is carried out by automated means
Your right to object
This means that you have the right to object to us processing your data where the processing is based on:
legitimate interests or the performance of a task in the public interest/exercise of official authority (including profiling);
direct marketing (including profiling); and
processing for purposes of scientific/historical research and statistics
You must have an objection on “grounds relating to your particular situation”.
Your right to withdraw your consent
This means that once you have given your explicit consent for your information to be processed you have the right to:
Withdraw your explicit consent for the processing of your information
You can withdraw your consent by informing the department / team that took your consent. You can do this in writing or verbally.
Closed Circuit Television
The S&SHIS make use of CCTV systems. You have a right of access if you wish to request your data captured on CCTV.
Security of Information
We take our duty to protect personal information and confidentiality very seriously and we are committed to comply with all relevant legislation and to take all reasonable measures to ensure the confidentiality and security of personal data for which we are responsible, whether computerised or on paper.
Complaints and your Right to Complain to the Regulator
If you feel that we have not adequately dealt with your complaint regarding how we process your information you can raise the issue with the Information Commissioner who is the supervisory authority for the United Kingdom (the Regulator) at the address below:
Information Commissioner’s Office
By phone: 0303 123 1113
By email email@example.com
Website: ico.org.uk (opens in a new window)