Information Requesters Privacy Notice


This Privacy Notice explains what information we collect about you, how we store this information, how long we retain it and with whom and for which legal purpose we may share it.

Why do we collect personal information about you?

Our purpose for processing your personal data is so we can fulfil your information request to us.

This enables us to comply with our legal obligations under the legislation we are subject to:

  • General Data Protection Regulation (2016)
  • Data Protection Act (2018)
  • Freedom of Information Act (2000)
  • Environmental Information Regulations (2004)
  • Re-use of Public Sector Information Regulations

What is our legal basis for processing personal information about you?

The lawful basis for this is article 6(1)(C) of the GDPR, which relates to processing necessary to comply with a legal obligation to which we are subject.

If any of the information you provide us in relation to information request contains special category data, such as health, religious or ethnic information the lawful basis we rely on to process it is article 9(2)(g) of the GDPR, which also relates to our public task and the safeguarding of your fundamental rights. And Schedule 1 part 2(6) of the DPA2018 which relates to statutory and government purposes

What personal information do we need to collect about you and how do we obtain it?

We need information from you to respond to you and to locate the information you are looking for. If you are making a request about your personal data, or are acting on behalf of someone making such a request, then we’ll ask for information to satisfy us of your identity. If it’s relevant, we’ll also ask for information to show you have authority to act on someone else’s behalf.

What do we do with your personal information?

The data you provide will be used so that you are able to exercise your lawful rights under the relevant legislation. We may be required to share the data with the relevant departments/employees who may hold the data you require to enable us to respond to your request.

When we receive a request from you, we’ll set up an electronic case file containing the details of your request. This normally includes your contact details and any other information you have given us. We’ll also store on this case file a copy of the information that falls within the scope of your request.

We’ll use the information supplied to us to process your information request and check on the level of service we provide.

How we maintain your records

We have a duty to:

  • maintain accurate records
  • keep records about you confidential and secure
  • provide information in a format that is accessible to you

Once a request has been completed, the relevant data will be held by the Information Governance Team for three years (extended to six years if there has been a subsequent appeal) in line with the Records Management Code of Practice 2020.

Data Protection Officer

Information Governance OfficeDevonshire HouseRiverside RoadBarnstapleEX31 1SW

Email: ndht.dpo@nhs.net

Cookies

Our site uses cookies to help give you a better experience. By continuing to use it you consent to the use of cookies as set out in our privacy policy.

Last updated: March 30, 2022