Our data protection and privacy aims
The privacy of your personal information is important to us. We are committed to providing you with services that are safe, secure, and trustworthy and protect your personal information and privacy.
Process personal data lawfully
Collected and processed lawfully for a specific and legitimate purpose, fairly and in a transparent manner. It will not be used for anything other than the stated purposes. We will aim to be accurate, and where necessary, keep it up to date. Any inaccuracies will be amended or removed without undue delay. It will be stored for as long as required, as specified on our privacy notices and records retention policy.
Be transparent with the information we collect and process
We want you to understand what information we collect and how it is used to provide you with a service. We operate a complex set of services that often mean we need to share your data with suppliers and partners who provide that service on our behalf. We aim to explain what we do with your information through our set of customer privacy notices.
Be a guardian for your data and privacy
You trust us with your personal information and expect us to protect and use it and share appropriately. We operate an information governance regime, train staff in data protection, privacy and security, and have practices to manage personal data from collection through to destruction. We have operated privacy impact assessments for a number of years to ensure the risks to your privacy are assessed when introducing new systems or changes to processes. These will now become data protection impact assessments.
Be accountable to our privacy commitments
We take our commitment to privacy seriously and hold ourselves to a high standard. Our senior managers are accountable for holding and processing customer personal information. We have a Data Protection Officer and supporting function to audit this.
Provide privacy safe services
Personal data will be secured with appropriate solutions, which protect the data against unauthorised or unlawful processing and against accidental loss, destruction or damage.
We ask our services to complete a data protection impact assessment when making changes to processes, and for new systems and services. We ensure new suppliers have adequate data protection and security processes in place.
We are compliant with the annual NHS toolkit to assure us as a trusted organisation to share health and care data with NHS partners. We are compliant with the annual government security assurance to allow us to use the public service network for email and access to systems.