[View our Privacy Statement and Cookies instead]
Privacy Notice – COVID 19
Blackpool Teaching Hospitals is committed to protecting your personal information. In the fight against this global pandemic we are currently working with all of our partners in Health and Social Care to ensure information is shared with the right people at the right time to ensure you receive the best possible care.
Data Protection rules will not hinder the sharing of personal information during these unprecedented times and we will continue to process information in accordance with national law and GDPR.
The processing of personal information is necessary for reasons of planning and providing health and social care to our patients and it is of substantial public interest in relation to public health and specifically to support the control of an epidemic. For more detailed information regarding the lawful basis to undertake these activities please see the links below:
- Public Task Art 6 (1e)
- Provision of Health and Social Care/Management of Health Care Systems Art 9(2h)
- Public Interest/Public Health Art 9(2i)
- Vital Interests of a Data Subject Art 9(2c)
- Monitoring Epidemics Recital 46
WHO WE ARE:
Blackpool Teaching Hospitals NHS Foundation Trust (the Trust) provides a range of health-related services across a regional health economy catchment area that spans Lancashire and South Cumbria. To do this, the Trust needs to collect and use personal information about you; this makes the Trust a ‘Data Controller’.
As a Data Controller, the Trust is committed to providing you with clear and accessible information about our obligations; including how and why we process your information, and your rights in relation to this. These rights apply to living individuals who are identifiable from the data, often referred to as data subjects.
THE GENERAL DATA PROTECTION REGULATION (GDPR):
Developments in technology have changed how information about individuals, including our patients and staff (‘data subjects’), is used. As such, the DPA had become outdated and no longer reflected these technological developments or the needs of data subjects.
The Data Protection Act 2018 (DPA) came into effect on 25th May 2018 and has replaced the Data Protection Act 1998. It sits alongside the General Data Protection Regulation (GDPR) and tailors how the GDPR applies in the UK, for example providing exemptions. It also sets out separate data protection rules for law enforcement authorities, extends data protection to some other areas such as national security and defence, and sets out the Information Commissioner’s functions and powers.
Following the UK’s departure from the EU, GDPR as a European Regulation will continue to apply in UK law until the end of the transition period. After this period has ended, GDPR will from part of UK law under the European Union (Withdrawal) Act 2018 with some technical changes to make it work effectively in a UK context.
The GDPR governs how we look after personal data and gives more control to individuals on how organisations process their information.
For each section below, click the blue ‘Show details’ button to read more.
WHAT WE COLLECT, WHY AND HOW IT’S USED:
SHARING YOUR INFORMATION:
CONSEQUENCES OF FAILING TO PROVIDE DATA:
HOW LONG DO WE KEEP YOUR INFORMATION?
YOUR INFORMATION RIGHTS:
Your information and your rights are important to us, and our Data Access Team are here to help. If you wish to exercise any of your GDPR rights or would like further information, please contact the Data Access Team.
The Data Access Team
Blackpool Teaching Hospitals NHS Foundation Trust
c/o Home 15
Blackpool Victoria Hospital
Whinney Heys Road
Our Trust has appointed a Data Protection Officer (DPO). They are tasked with monitoring how the Trust protects and uses your information. The contact details for the DPO can be found below.
The Data Protection Officer
Blackpool Teaching Hospitals NHS Foundation Trust
Information Governance Department
Unless otherwise stated, all references relate to GDPR: EU, General Data Protection Regulation, https://gdpr-info.eu/
 Article 4(1)
 Crown, Data Protection Act (2018), https://www.legislation.gov.uk/ukpga/2018/12/contents
 Crown, European Union (Withdrawal) Act 2018 http://www.legislation.gov.uk/ukpga/2018/16/contents/enacted
 Trust High Level Data Flow Map https://www.bfwh.nhs.uk/our-services/hospital-services/information-governance/information-sharing-partners/
 Department of Health (NI), The Common Law Duty of Confidentiality, https://www.health-ni.gov.uk/articles/common-law-duty-confidentiality
 As above
 Crown, National Health Service Act (2006), https://www.legislation.gov.uk/ukpga/2006/41/contents
 NHS Health Research Authority, Why is Confidential Patient Information Used? https://www.hra.nhs.uk/about-us/committees-and-services/confidentiality-advisory-group/why-confidential-patient-information-used/
 Article 5
 Article 6(1)e
 Article 9(1)
 Article 9(2)
 Article 9(2)(h)
 For the entirety of ‘Exercising Your Rights’: Articles 12(1) to 12(8), Recitals 59 and 64
 Articles 16 to 19
 Articles 37 to 39, Recital 97