Last updated: 6 December 2019
Your personal information
- Who we are
- Contacting us
- Our commitment to you
- Your Data Protection Rights
- You have the right to ask us to correct inaccurate personal information
- You have the right to ask for our processing of your personal data to be restricted
- You have the right to object to certain processing
- You can ask for certain information about you to be deleted
- Information we collect from you and what we do with it
- Our legal basis for processing personal data
- Sensitive personal data
- Who we share information with
- CCTV systems
- Where we store your information and how we keep it safe
- How long we keep information about you
- Changes to this notice
- Making a complaint
- The information we collect and its use
- Limiting collection, use, disclosure and retention
- Keeping your data secure
- Customer access
- Other websites
- Social media platforms
Terms and conditions
Your personal information
Who we are
For the purpose of the Data Protection requirement the data controller is Kent Community Health NHS Foundation Trust, The Oast, Unit D, Hermitage Court, Hermitage Lane, Barming, Maidstone, Kent ME16 9NT. This is also our registered office.
If you want to request further information about this privacy notice or exercise any of your rights, you can email the Data Protection Officer at firstname.lastname@example.org.
For Freedom of Information requests:
Write to us:
Freedom of Information lead
Kent Community Health NHS Foundation Trust
Unit D, Hermitage Court
Kent ME16 9NT
If you want access to your health record please contact us at:
Write to us:
Legal Services Department
Kent Community Health NHS Foundation Trust
110-120 Upper Pemberton
Eureka Business Park
Kent TN25 4AZ
Our commitment to you
We are committed to protecting and respecting your privacy, and we take your privacy very seriously and we recognise the trust placed in us by individuals whose information we use.
To enable us to provide the best healthcare we can, we collect different personal data and information required to undertake our NHS trust activities and aims.
The information below sets out the basis on how any personal data we collect from you, or that you provide to us, or that we obtain about you will be processed by us. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it. We are committed to ensuring that we do so in a manner that is both lawful and respects your privacy.
Your Data Protection Rights
We take the protection of your personal data very seriously and respect your privacy in accordance with data protection legislation and best practice. You have rights relating to your personal information. You can find more information about your privacy rights on the Information Commissioner's Office website www.ico.org.uk.
The Data Protection Act 2018 and the General Data Protection Regulation 2018 (GDPR) directs how we must use the personal information we hold about you.
You have the right to be informed about how and why we process your personal information and any time you give us personal information you have the right to be informed about why we need it and how we'll use it.
You can find most of the information you need in this Privacy Notice.
You have right of access to any of your personal data that we hold about you
If you make a formal Subject Access request, we will respond to acknowledge your request and will first require you to prove your identity. We may also ask you for information about any specific information you are seeking to help us make sure we meet your request fully and speed up the process. If you agree, we will try to deal with your request informally, for example by providing you with the specific information you need over the telephone.
We will provide you the information that you are entitled to as soon as possible and without unreasonable delay and at the latest within one month of your identity been verified by us.
In exceptional cases we may extend the period of compliance by a further two months if the request(s) are complex or numerous. If this is the case, we will inform you within one month of the receipt of the request and explain why the extension is necessary.
In most circumstances there will be no charge for this right of this access.
Write to us:
Legal Services Department
Kent Community Health NHS Foundation Trust
110-120 Upper Pemberton
Eureka Business Park
Kent TN25 4AZ
You have the right to ask us to correct inaccurate personal information
If you believe information, we hold about you to be inaccurate or incomplete, you can ask us to correct it at any time for example the spelling of your name or your contact information.
You have the right to ask for our processing of your personal data to be restricted
For example, if you are contesting the accuracy of data we are using about you. In such cases we will restrict our processing while we verify the accuracy of the data that we hold.
You have the right to object to certain processing
In addition to the right to restrict the use of your data, you also have a right to object to how we process it in certain circumstances.
You can ask for certain information about you to be deleted
You can also ask for certain information about you to be deleted. For example, if you are moving out of the area. In some cases, we will be unable to delete your information if there are statutory grounds to retain it (i.e. HMRC or other legal requirements).
Information we collect from you and what we do with it
It is important that we inform you about the information we collect and why we collect it. The information we collect and the reason for collecting it are different for different groups of individuals.
Information can be classed as 'personal' for example your name, address or date of birth or 'sensitive' e.g. details about your health, race or ethnic origin, sexual orientation.
We do not collect more information than we need to fulfil our stated purposes and will not retain for longer than is necessary.
Our legal basis for processing personal data
As an NHS trust we are a legal entity, set up by order of the Secretary of State under section 25 of, and Schedule 4 to, the National Health Service Act 2006, to provide goods and services for the purposes of the health service. We act as Health Care Providers and provide community health services.
As such our work is based upon statutory powers which underpin the legal bases that apply for the purposes of the GDPR. The legal bases for the majority of our processing are:
We collect and use your personal information under the following primary lawful bases:
- the processing is necessary for us to perform a task in the public interest or for our official functions, and the task or function has a clear basis in law;
- where we have the consent of the data subject;
- where it is necessary for compliance with any legal obligation, for example the processing is necessary for us to comply with legislation such as Subject Access or Freedom of Information requests;
- where processing is necessary to protect the vital interests of the data subject or another person.
Sensitive personal data
Where we process special category data, for example data concerning including health, racial or ethnic origin, or sexual orientation, we need to meet an additional condition in the GDPR.
- Where it is necessary for the purposes of preventive or occupational medicine, for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and service;
- processing is necessary to protect the vital interests of the data subject or of another natural person where the data subject is physically or legally incapable of giving consent;
- processing is necessary for the purposes of carrying out the obligations and exercising specific rights of the controller or of the data subject in the field of employment and social security and social protection law;
- processing is necessary for the establishment, exercise or defence of legal claims;
- processing is necessary for reasons of public interest in the area of public health; or
- where you have consented to specific processing, for example under some special projects that we may undertake.
The list below provides a general overview of the types of information we collect and why, it is not an exhaustive list but gives an indication of the general types of information we collect.
In general, the personal information that we collect, hold and share includes:
- personal information (such as name, date of birth, NHS number, addresses, contact details);
- characteristics (such as gender, ethnicity, language, medical conditions, nationality, country of birth);
- details of the medical records and health of patients including current and previous GP practice details;
- specific information relation to child protection or safeguarding.
Most of the time, anonymised data is used for research and planning so that you cannot be identified in which case your confidential patient information isn’t needed.
You have a choice about whether you want your confidential patient information to be used in this way. If you are happy with this use of information you do not need to do anything. If you do choose to opt out your confidential patient information will still be used to support your individual care.
To find out more or to register your choice to opt out, please visit www.nhs.uk/your-nhs-data-matters. On this web page you will:
- See what is meant by confidential patient information
- Find examples of when confidential patient information is used for individual care and examples of when it is used for purposes beyond individual care
- Find out more about the benefits of sharing data
- Understand more about who uses the data
- Find out how your data is protected
- Be able to access the system to view, set or change your opt-out setting
- Find the contact telephone number if you want to know any more or to set/change your opt-out by phone
- See the situations where the opt-out will not apply
You can also find out more about how patient information is used at https://www.hra.nhs.uk/information-about-patients/ (which covers health and care research); and https://understandingpatientdata.org.uk/what-you-need-know (which covers how and why patient information is used, the safeguards and how decisions are made.
You can change your mind about your choice at any time.
Data being used or shared for purposes beyond individual care does not include your data being shared with insurance companies or used for marketing purposes and data would only be used in this way with your specific agreement.
Health and care organisations have until 2020 to put systems and processes in place so they can be compliant with the national data opt-out and apply your choice to any confidential patient information they use or share for purposes beyond your individual care. Our organisation is currently compliant with the national data opt-out policy.
Who we share information with
We understand that sharing information is a sensitive topic, however on occasions it is necessary for us to allow others to see your personal data. We will never sell your information and are committed to being transparent with you about where we legally share information, the reason why and who with. The information below gives an overview of the most frequent sharing that we undertake.
We routinely share information with internal and external health professionals directly involved with your care. We may share your personal information with other NHS organisations, or the Local Authority for health care purposes. This may include other NHS trusts, or other providers of NHS services including for example general practitioners (GPs), ambulance services and primary care agencies.
We may need to share information from your health records with other non-NHS organisations, such as Social Services if you are also receiving care or support from them, to ensure that the services you receive are appropriate.
These non-NHS organisations may include, but are not restricted to:
- Social Services
- Education services
- Local authorities
- The police
- Voluntary sector providers
- Private sector providers.
All members of staff employed by these agencies are bound by the common law duty of confidentiality which means that information that you provide to us must be held in confidence and not shared with anyone else.
We may need to share information from your health record for the purposes of evaluating the quality of care that we provide, for example with professional bodies and regulators in accordance with our statutory obligations.
We may also be asked by other statutory bodies to share basic information about you, such as your name and address – but not sensitive information from your health records. When this happens, it is normally because it will assist them to carry out their statutory duties and it is lawful for us to do so.
On occasions we may be required by law to provide information about you for any of the following purposes:
- the prevention or detection of crime,
- the apprehension or prosecution of offenders, or
- the assessment or collection of any tax or duty or of any imposition of a similar nature.
We are not obliged to inform you when this happens.
Your information may be accessed and shared internally by our staff in the event of routine enquiries, complaints about us or where we are required to do so by law, for example processing subject access requests or Freedom of Information requests, financial transactions, maintaining our accounts and prevention of fraud. This may include members of different departmental admin teams and our IT staff if access to the data is necessary for performance of their roles, the nature of the enquiry or request and it is within the above lawful bases.
Information about the use of our IT systems is shared with technical suppliers for the purposes of support and system administration.
In the event that we share personal data with third parties, we will provide the minimum amount of personal data necessary to fulfil the purpose for which we are required to share the data.
Kent Community Health NHS Foundation Trust has a Closed-Circuit Television (CCTV) surveillance system ("the system") in operation with images being monitored and recorded. The system is owned, operated and managed by Kent Community Health NHS Foundation Trust. It is used for maintaining public safety, the security of property and premises and for the detection, prevention and investigating of crime. Disclosure of recorded material will only be made to third parties in accordance with the purposes of the system and in compliance with Data Protection legislation.
Where we store your information and how we keep it safe
All personal information is stored on our IT systems on secure servers or in secure cabinets in protected areas and offices etc. We operate a suite of IT and security policies to ensure your information is kept secure, including appropriate access and auditing controls.
We use anti-virus software and firewalls to protect against cyber-attack. Unfortunately, the transmission of information via the internet isn't completely secure. Although we'll do our best to protect your personal information, we cannot guarantee the security of information you may send to us that is outside of our security arrangements, for example via your personal email accounts etc.
We also operate strict physical security at all our sites and our employees all receive security and data protection awareness training.
Your information is not sent outside the United Kingdom or the European Union unless the recipient has the same level of legal responsibility as we do.
How long we keep information about you
We only keep information for as long as necessary in accordance with legislation or relevant regulations. Once we no longer need to keep your information, we remove it from our systems or securely dispose of it.
All patient and customer records are destroyed in accordance with the Records Management Code of Practice for Health and Social Care which sets out the appropriate length of time each type of NHS record is retained for.
The trust does not keep personal records for longer than necessary and all records are destroyed confidentially once their retention period has been met, and the trust has made the decision that the records are no longer required.
CCTV images are kept for one calendar month. Access to ensure that images are deleted is restricted to key individuals.
Changes to this notice
This privacy notice may change from time to time, for example, if the law around privacy or personal information changes or for operational purposes. We encourage you to check for updates to this notice from time to time
Making a complaint
Kent Community Health NHS Foundation Trust tries to meet the highest standards when collecting and using personal information. For this reason, we take any complaints we receive about this very seriously. We encourage people to bring it to our attention if they think that our collection or use of information is unfair, misleading or inappropriate. We would also welcome any suggestions for improving our procedures. Please contact PALS for more information.
If you believe that Kent Community Health NHS Foundation Trust has not complied with your data protection rights, you can complain to the Information Commissioner's Office, their address is Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AFor by calling 0303 123 1113.
- Our main website - www.kentcht.nhs.uk
- Our Medway Sexual Health Service - www.cloverstreet.nhs.uk
- Our School Health Service - www.kentyouthhealth.nhs.uk
- Discovery Orthotics - www.discoveryorthotics.co.uk
- New Street Dental Practice - www.newstreetdentalpractice.co.uk
- Quality Improvement - qi.kentcht.nhs.uk
- We are Beside You - www.wearebesideyou.co.uk
It sets out the different areas where user privacy is concerned and outlines the obligations and requirements of the users, the website and website owners. This policy also explains the way this website processes, stores and protects user data and information.
The information we collect and its use
We collect certain information and/or data about you when you use this website. This can be from questions, queries or feedback you leave, transactions you make or from cookies we may use. This helps us to monitor and improve the site, respond to any feedback you may send us – if you have asked us to or provide you with other information. While using our website, we may ask you to provide us with personally identifiable information that can be used to respond to your query or for delivery purposes. The information required can vary between items/functions and may include, but is not limited to:
- your full name
- your address
- your email address
- your date of birth
- your NHS number.
We have referral forms for a number of our services and these forms ask for a range of different information to help the service with the referral.
Like most websites, we collect non-personally identifying information about your interactions and use of www.kentcht.nhs.uk. Cookies are small files saved to your computer that track, save and store this information The information that cookies may collect can be about:
- your computer and your visits to and use of this website, including your IP address, geographical location, browser type and version, operating system, referral source, length of visit, page views, website navigation details
- any transactions carried out between you and us on or in relation to this website, including information relating to any purchases you make of our goods or services
- the details that you provide to us for the purpose of registering with us
- the details that you provide to us for the purpose of subscribing to our website services, email notifications and/or marketing materials
- any other information that you choose to send to us.
Limiting collection, use, disclosure and retention
Keeping your data secure
Personal information will be protected by security safeguards that are appropriate to the sensitivity level of the information. We take all reasonable precautions to protect your personal information from any loss or unauthorised use, access or disclosure. Wherever we collect personal information, such as for an online purchase, this information is encrypted and transmitted in a secure way. You can verify this by looking for a closed padlock icon and/or for ‘https’ in the address bar of your browser. Your information is only accessed by those people who need it to perform a specific task, such as responding to a query or the delivery of goods ordered through the website. This is restricted solely to the service responsible for the item/product you have purchased or the individual(s) dealing with your query. We won’t share your information with other organisations for marketing, market research or commercial purposes.
Upon request, you will be informed of the existence, use and disclosure of what information we hold about you in relation to this website. You may verify the accuracy and completeness of your information and, if appropriate, may request that it be amended. However, in certain circumstances permitted by law, we will not disclose certain information to you. For example, if there are legal, security or commercial proprietary restrictions.
Social media platforms
Communication, engagement and actions taken through external social media platforms with which this website and its owners participate are custom to the terms and conditions, as well as the privacy policies held with each social media respective platform. Users are advised to use social media platforms wisely and communicate/engage upon them with due care and caution in regard to their own privacy and personal details. This website may use social sharing buttons which help share web content directly from web pages to the social media platform in question. Users are advised before using such social sharing buttons that they do so at their own discretion and note that the social media platform may track and save your request to share a web page respectively through your social media platform account.
Shortened links in social media
This website and its owners through their social media platform accounts may share web links to relevant web pages. By default some social media platforms shorten lengthy urls (web addresses). Users are advised to take caution and good judgement before clicking any shortened urls published on social media platforms by this website and its owners. Despite the best efforts to make sure only genuine urls are published, many social media platforms are prone to spam and hacking and so this website and its owners cannot be held liable for any damages or implications caused by visiting any shortened links.
Terms and conditions
Use of the Website
- The content of the pages of the Website is for your general information and use only. It is subject to change without notice.
- your computer and your visits to and use of the Website (including your IP, address, geographical location, browser type and version, operating system, referral source, length of visit, page views and website navigation details)
- any transactions carried out between you and us on or in relation to the Website, including information relating to any purchases you make of our goods or services
- details that you provide to us for the purpose of registering with us
- details that you provide to us for the purpose of subscribing to our website services, email notifications and/or marketing materials
- any other information that you choose to send to us.
- This is statistical data about our users’ browsing actions and patterns and does not identify any individual.
- Neither we nor any third parties provide any warranty or guarantee as to the accuracy, timeliness, performance, completeness or suitability of the information and materials found or offered on the Website for any particular purpose. You acknowledge that such information and materials may contain inaccuracies or errors and we expressly exclude liability for any such inaccuracies or errors to the fullest extent permitted by law.
- Your use of any information or materials on the Website is entirely at your own risk, for which we shall not be liable. It shall be your own responsibility to make sure that any products, services or information available through the Website meet your specific requirements.
- The Website contains material, which is owned by or licensed to us. This material includes, but is not limited to, the design, layout, look, appearance and graphics. Reproduction is prohibited other than in accordance with the copyright notice, which forms part of these terms and conditions.
- All trade-marks reproduced in the Website which are not the property of, or licensed to Kent Community Health NHS Foundation Trust, are acknowledged on the Website.
- Unauthorised use or reproduction of material on the Website may be a breach of copyright and give rise to a claim for damages and/or be a criminal offence.
- From time to time, the Website may also include links to other websites. These links are provided in good faith for your convenience to allow you to quickly access sources of further information. However the presence of these links does not signify that we endorse the website(s) and we have no responsibility for the content of the linked website(s).
- Your use of the Website and any dispute arising out of such use of the Website is subject to the laws of England and Wales.
When ordering or purchasing a product or service on the Website, we may ask you to supply certain information relevant to your purchase including, but not limited to, your:
- full name
- phone number
- email address
- date of birth
- NHS number.
Payments are dealt with independently by our payment supplier WorldPay on our behalf and no card details are kept by us. The information you supply is used for billing and delivery purposes. If we have difficulty in processing your order, we will use this information to contact you.
For purchases of goods, unless otherwise stated, a delivery charge will be added. This will be the actual cost of delivering the item using standard Royal Mail postal charges, or a minimum charge of £5, whichever is greater. If you are returning items because you have changed your mind and are cancelling your order, return delivery will be at your own cost. We will only pay for the return delivery of items that have been received by you if they are damaged, faulty, mis-described,received in error due to delivery at the wrong address or the wrong product was sent.
Right to cancel
When you buy goods from a business, in law you have a number of rights as a consumer. All customers have the right to cancel their orders under the Distance Selling Regulations which give consumers extra protection when buying online. These include the right to claim a refund, replacement, and/or repair where the goods are faulty or mis-described. In addition to your legal rights, we will also allow you to return goods if you simply change your mind. Please let us know that you have changed your mind and return the unused goods to us with the original receipt/delivery note within 14 days and we will offer you an exchange or refund. Once you are in possession of the goods, you are under a duty to retain them and take reasonable care of them. You must send the goods back to us at our contact address below at your own cost unless they are damaged , faulty, mis-described, or received in error due to delivery at the wrong address or the wrong product was sent. You must return the goods as soon as possible. Please refer to the delivery section above for more information. We reserve the right to make a charge not exceeding our direct costs of recovering the goods if you do not return the goods or return them at our expense. Once you have notified us that you wish to cancel the contract, any sum that you have paid to us, less where appropriate the cost of delivering goods to you, will be refunded to you as soon as possible and, in any event, within 30 days of your cancellation. You will not have any right to cancel a purchase for the supply of any of the following goods:
- for the supply of goods made to your specifications or clearly personalised or which by reason of their nature cannot be returned or are liable to deteriorate or expire rapidly
- for the supply of audio or video recordings or computer software if they are unsealed by you.
Links to other websites
The Website may contain links to third party websites or services that are not owned or controlled by us. We have no control over, and assume no responsibility for, the content, privacy policies, or practices of any third party websites or services. You further acknowledge and agree that we shall not be responsible or liable, directly or indirectly, for any damage or loss caused or alleged to be caused by, or in connection with, use of or reliance on any such content, goods or services available on or through any such websites or services.
We reserve the right, at our sole discretion, to modify or replace these terms and conditions at any time.
If you have any questions about these terms and conditions, please contact us at: Communications and Marketing Team, The Oast, Unit D, Hermitage Court, Hermitage Lane, Barming, Maidstone, Kent, ME16 9NT or on 01622 211940.