Privacy notice
So we can provide you with the best possible service, a variety of information is collected about you from a range of sources, such as your General Practitioner (GP). This information is used to support your healthcare.
Barnsley Hospital NHS Foundation Trust Privacy Notice
Barnsley Hospital NHS Foundation Trust ('the Trust') is committed to protecting your privacy and ensuring your personal information is handled in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This Privacy Notice explains what personal information we collect, how we use it, and your rights in relation to that information.
Who We Are
We are the data controller responsible for the personal information we hold about you. We are a provider of acute hospital services based in Barnsley, South Yorkshire.
What Information We Collect
We collect various types of personal data including:
- Name, address, contact details, NHS number, and date of birth
- Medical history, diagnoses, treatment plans, test results, appointment details
- Information from your GP and other health/social care professionals
- Emergency contact details and next of kin
- Relevant information provided by relatives or carers
How We Use Your Information
Your personal data is used to:
- Provide you with safe and effective care
- Ensure accurate and up-to-date records are available to care providers
- Coordinate your care with other NHS or social care organisations
- Improve service quality, support audit, clinical research and education
- Respond to complaints and manage incidents
- Support system management, public health, and legal obligations
Other Uses of Your Information
In addition to direct care, we also use your information for indirect care purposes, which may include:
- Reviewing and auditing the care we provide to ensure it meets national standards
- Responding to complaints, legal claims or incidents
- Supporting health research and development (only with your consent where applicable)
- Producing anonymised statistics to improve future services
- Ensuring the Trust is paid accurately for services it delivers
- Training and educating healthcare professionals
These uses are governed by strict NHS confidentiality rules and legal safeguards. Where identifiable information is required, this is done in line with a clear legal basis or your explicit consent.
Lawful Basis for Processing
We process your personal data under Article 6(1)(e) public task, and special category data (health data) under Article 9(2)(h) provision of health or social care. In urgent circumstances, we may also rely on:
- Article 6(1)(d) vital interests
- Article 9(2)(c) vital interests of someone physically or legally incapable of giving consent
How We Protect Your Information
We use robust technical and organisational measures to secure your information. This includes:
Secure systems, encryption, and access controls
Regular audits and staff training
Oversight by our Senior Information Risk Owner (SIRO) and Caldicott Guardian
Use of Surveillance and Call Recording
The Trust operates CCTV and body-worn video on and around its premises to:
- Ensure the safety of patients, staff and visitors
- Deter and detect crime
- Support the investigation of incidents or complaints
- Assist in traffic and facilities management
All surveillance data is retained securely for limited periods, and access is restricted. Disclosure only occurs where legally required.
Telephone calls to the Trust may be recorded to:
- Ensure quality and training
- Monitor service delivery
- Support investigations into concerns
- Protect staff and service users
Sharing Your Information
We share relevant data with:
- NHS partners, GPs, ambulance services, and mental health teams
- Social care and local authorities involved in your care
- NHS Digital, NHS England, and regulators (where required)
- Third-party service providers under strict agreements
Transfers Outside the UK and EEA
The Trust ensures that personal confidential data will not be disclosed or transferred outside the UK and EEA unless appropriate safeguards are in place, or a legal exemption applies.
National Data Opt-Out
The Trust complies with the National Data Opt-Out policy. This means you can choose whether your confidential patient information is used for purposes beyond your individual care, such as planning health services or research and development.
Please note that the National Data Opt-Out does not apply to information used for public health purposes, such as monitoring and controlling the spread of diseases, delivering vaccination programmes, or managing risks of infection.
If you are happy for your information to be used for planning and research, you do not need to do anything. If you choose to opt out, your confidential patient information will still be used to support your individual care.
You can register your choice at: www.nhs.uk/your-nhs-data-matters.
How Long We Keep Your Information
We follow the NHS Records Management Code of Practice. Records are kept for appropriate durations depending on the record type and are securely destroyed when no longer required.
Data Retention Exception
In limited cases, some legacy systems may not support automatic deletion of records once their retention period is reached. Where this occurs, the Trust retains data only under strict controls and in line with guidance from the Information Commissioner’s Office (ICO) and the NHS Records Management Code of Practice, until a resolution is in place.
Accessing Your Health Information via the NHS App
Patients can access parts of their health record, appointment information and letters via the NHS App. This service is optional, and access is only granted where you provide consent through the app.
For more information, visit: www.nhs.uk/nhs-app
Your Rights
Under UK GDPR, you have the:
- Right to be informed: We must be completely transparent with you by providing information ‘in a concise, transparent, intelligible and easily accessible form, using clear and plain language’. Our privacy notice is one of the ways we try and let you know how data is handled.
- Right to access your information : The right to request a copy of your personal data which the Trust holds about you: (Make a Subject Access Request)
- Right to request rectification: You have the right without undue delay to request the rectification or updating of inaccurate personal data.
- Right to erasure: to request deletion of your data in certain circumstances
- Right to restrict processing: to limit how we use your data under specific conditions
- Right to data portability: to request your data in a reusable format in limited cases
- Right to object: to certain types of processing such as direct marketing or where processing is based on public interest
- Rights related to automated decision-making and profiling: to ensure decisions affecting you are made fairly and with appropriate safeguards
If you have questions or concerns about your data:
Tom Davidson
Data Protection Officer
Email: information.governance@nhs.net
Phone: 01226 431996
If you are unhappy with how your personal data has been handled, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO):
Website: www.ico.org.uk
Phone: 0303 123 1113