Privacy Notice

How we use your information


Who are we?

Why and how we collect personal information about you?

What do we do with your personal information?

Who do we share your information with and why?

How long do we keep your information?

What is our legal basis for processing personal information about you?

What are your rights?

Contacting us about your information

Who is responsible for your data?

Contacting us if you have a complaint or concern



Who are we?

Hampshire Hospitals NHS Foundation Trust serves a population of approximately 570,000 across Hampshire and parts of West Berkshire.

Hampshire Hospitals NHS Foundation Trust employs around 6,000 staff and has a turnover of over close to £400 million (2017/18).  There are over 15,000 public and staff members.  As a Foundation Trust it is directly accountable to its members through the governors.  The Council of Governors represent the interests of their constituencies and influence the future plans of the Foundation Trust.

The Trust is registered with the Information Commissioner’s Office (ICO) to process personal and special categories of information in accordance with the General Data Protection Regulation (EU) 2016/679 (GDPR) and our registration number is Z5599447.

For further information please refer to the ‘About Us’ page on our website.

Why and how we collect personal information about you?

Your doctor and other health professionals caring for you keep records about your health and any treatment and care you receive.  These records help to ensure that you receive the best possible care from us.  The information may be written down on paper (manual records), held on a computer or a mixture of both.  The records may include:

  • basic details about you, such as name, address, telephone, email, date of birth and next of kin
  • contacts we have had with you, such as visits to a health professional
  • details and records about your health, treatment and care you receive
  • relevant information from other health professional, relatives or those people who care for you and know you well
  • information based on the professional opinion of the staff caring for you

Every NHS organisation has to collect information on the ethnic origins of its patients.  This is a mixture of information about your culture, language, history, religion, nationality and upbringing.  We only use it to make sure our services meet the needs of all members of the community.  You don’t have to give us information about your ethnic origin if you do not want to.

We have a duty to make sure that your information is accurate and current.  Information Quality Assurance Assessments are undertaken to help us improve the quality of information we record about you.  You may also request that any incorrect information held on your records is corrected.

Information is collected in a number of ways; via your healthcare professional, in referral details from your GP or information directly given by you.

Patients should note that calls to the Trust's main switchboard numbers may be recorded for training and monitoring purposes.

It is not always easy to understand formal communications.  If you find this information difficult to take in, please do not hesitate to contact a member of our staff and we will take the time to talk it through with you.

The link below will help you in understanding more about the patient data which we hold here.

What do we do with your personal information?

Your information is used to ensure that:

  • staff caring for you have accurate and up to date information to help them assess and decide the best possible care and treatment needed for you
  • we can contact you in relation to your care and treatment
  • treatments and services meet the needs of local communities
  • information is available should you need another form of care, for example if you are referred to a specialist or another part of the NHS
  • there is a good basis for looking back and assessing the type and quality of care you have received
  • your concerns can be properly investigated should you need to complain

In addition to supporting the care you receive, your information may also be used to help us to:

  • remind you about your appointments and send you relevant correspondence
  • look after the health of the general public
  • review the care we provide to ensure it is of the highest standard
  • support the funding of your care, e.g. with commissioning organisations who pay for NHS care
  • teach and train health care professionals (if you do not want your information to be used in this way, please let us know.  It will not affect your treatment in any way)
  • conduct research approved by the Local Research Ethics Committee (your personal details will not be disclosed outside of the Trust without your consent)
  • conduct audits
  • investigate complaints, legal claims or untoward incidents
  • make sure our services can meet patient needs in the future
  • prepare statistics on NHS performance to meet the needs of the population or for the Department of Health and other regulatory bodies
  • monitor the way public money is spent
  • contact you with regards to patient satisfaction surveys relating to services you have used within our hospital so as to further improve our services to patients

If you do not want certain information recorded or shared with others, please talk to the person in charge of your care.  There are however some aspects of your care which we are obliged to record.

Everyone working for the NHS has a legal duty to maintain the highest level of confidentiality.  Generally your information will only be seen by those providing or administering your care.

You may be receiving care from other people as well as the NHS such as private healthcare companies or social services.  We may need to share information about you so we can all work together for your benefit.

We will only ever use or pass on information about you if others involved in your care have a genuine need for it and usually only with your consent.

Hampshire Hospitals NHS Foundation Trust is a research active organisation and you may be offered opportunities to participate in research studies and trials. You can find out more about how patient information may be used for research on the Health Research Authority (HRA) webpage here. The HRA is the government body that protects and promotes the interests of patients and the public in health and social care research.  

When we pass on any information we will ensure it is kept confidential and secure.  A few administrative processes require information that may identify you, however wherever possible, processes will use anonymised information.

Who do we share your information with and why?

Hampshire Hospitals NHS Foundation Trust works closely with other organisations to support patient care.  This means that information will be shared between Hampshire Hospitals and other organisations that may be caring for you.  These may include:

  • Clinical Commissioning Groups (CCG)
  • your GP, pharmacy and other hospitals
  • NHS Direct
  • out of hours medical services
  • NHS walk in centres
  • ambulance services
  • NHS common services agencies such as dentists and ophthalmic services
  • local authority departments, including social services, education and housing
  • voluntary sector providers who are directly involved in your care
  • private sector providers (private hospitals, care homes, domiciliary care agencies, hospices and contractors providing services to the NHS)

The sharing of sensitive personal information is strictly controlled by law.  Generally your information will only be seen by those involved in providing or administering your care.  We will consult you before information is shared to ensure we act with your consent.  If you are unable to consent for any reason, we will only share information where it is clearly in your best interests to do so. 

With your consent, information can be shared with relatives, partners, friends or carers.  When information is shared, it is transferred securely and kept confidentially by those who receive it.  Anyone who receives information from us is also under a legal duty to keep it confidential and secure

We will normally ask you for your consent to share information about you.  There are times however when we may be required by law to share your information without your consent.  These may be:

  • where there is a serious risk of harm or abuse to you or other people
  • where a serious crime, such as assault, is being investigated or where it could be prevented
  • notification of new births
  • where we encounter infectious diseases that may endanger the safety of others, such as meningitis or measles (but not HIV/AIDS)
  • where a formal court order has been issued
  • where there is a legal requirement, for example if you had committed a Road Traffic Offence

The information from your patient record will only be used for purposes that benefit your care.  We will never share your information for marketing or insurance purposes.

How long do we keep your information?

All records held by the NHS are subject to the Records Management Code of Practice for Health and Social Care Act 2016 (the Code).  The Code sets out best practice guidance on how long we should keep your patient information before we are able to review and securely dispose of it.

What is our legal basis for processing personal information about you?

Personal information we hold about you is deemed to be ‘necessary for the performance of a task carried out in the public interest or in the exercise of official authority’ and necessary for ‘medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems’ as set out in Article 6(1)(e) and 9(2)(h) of the General Data Protection Regulations (GDPR).

We recognise the importance of protecting personal and confidential information in all that we do, and take care to meet our legal and other duties, including compliance with the following:

  • Data Protection Act 2018
  • General Data Protection Regulations 2018
  • Human Rights Act 1998
  • Access to Health Records Act 1990
  • Freedom of Information Act 2000
  • Health and Social Care Act 2012, 2015
  • Public Records Act 1958
  • Copyright Design and Patents Act 1988
  • Re-Use of Public Sector Information Regs 2004
  • Computer Misuse Act 1990
  • Common Law Duty of Confidentiality
  • NHS Care Records Guarantee for England
  • Social Care Records Guarantee for England
  • International information Security Standards
  • Information Security Code of Practice
  • Records Management Code of Practice
  • Accessible Information Standards

What are your rights?

The NHS wants to make sure you and your family have the best care now and in the future. Your health and adult social care information supports your individual care.   Please see NHS Choices for further information.

If we need to use your personal information for any reasons beyond those stated in the sections above, we will discuss this with you and ask for your explicit consent.  The General Data Protection Regulations gives you certain rights, including the right to:

  • Request access to the personal data we hold about you, e.g. in health records.  For details about how to request this see ‘Access to your health records’ on our website.
  • Request the correction of inaccurate or incomplete information recorded in our health records, subject to certain safeguards. 
  • Refuse/withdraw consent to the sharing of your health records.  We are authorised to process, i.e. share, your health records ‘for the management of healthcare systems and services’.  Your consent will only be required if we intend to share your health records beyond these purposes, as explained above (e.g. research). 
  • Request your personal information to be transferred to other providers on certain occasions.
  • NHS Digital, on behalf of NHS England assesses the effectiveness of the care provided by publicly-funded services.  We have to share information from your patient record such as referrals, assessments, diagnoses, activities (e.g. taking a blood pressure test) and in some cases, your answers to questionnaires on a regular basis to meet our NHS contract obligations.  You have the right to object to us sharing your information to NHS Digital for planning and research purposes – this will not affect your care in any way.  For information about how you can Opt-Out of sharing your data with NHS Digital please see the National data opt out programme.
  • Every effort is made to keep your information confidential and only share information when absolutely necessary.

Contacting us about your information

If you have any questions or concerns regarding the information we hold on you and the use of your information, or you would like to discuss this further, please contact the Data Protection Officer at:

Information Governance Team
2nd Floor Ashley Wing
Royal Hampshire County Hospital
Romsey Road

SO22 5DG



Who is responsible for your data?

Malcolm Ace
Chief Financial Officer
Senior Information Risk Owner (SIRO)

Dr Tamara Everington
Haematology Consultant & Chief Clinical Information Officer
Caldicott Guardian (CG)

Mark Gittins
Data Protection Officer (DPO)

If you wish to contact any of the above please email:

Contacting us if you have a complaint or concern

We try to meet the highest standards when collecting and using personal information. We encourage people to bring concerns to our attention and we take any complaints we receive very seriously.  

Customer Care Team
Basingstoke and North Hampshire HospitaL
Aldermaston Road

RG24 9NA


Call:  01256 486766

Further details are available on our website here.  


If you remain dissatisfied with the Trust’s decision following your complaint, you may wish to contact:

Information Commissioner’s Office
Wycliffe House
Water Lane



Their web site is at The Information Commissioner will not normally consider an appeal until you have exhausted your rights of redress and complaint to Hampshire Hospitals NHS Foundation Trust.









updated 14 January 2019


Related information

For details on how you can access the information held about you by Hampshire Hospitals NHS Foundation Trust, please click here