Musculoskeletal Health Privacy Notice
Why are we collecting your information?
This Privacy Notice has been written to inform you that York Teaching Hospital NHS Foundation Trust (the Trust) processes information about you in order to provide musculoskeletal (MSK) services after a referral.
Who do we collect your information from?
Your information comes to us via the Your Physio website. Your Physio is hosted by See Green Systems Ltd. who works with the Trust to provide a self-referral pathway to access the MSK service. The Trust only access and record details that you provide through the Your Physio Self Referral electronic form. To view the See Green Systems Ltd privacy information please go to: https://www.seegreen.uk/privacy/
Who are we?
The Trust is a ‘Data Controller’, this means that we determine the purposes for which, and the manner in which, your personal data is processed. We have a responsibility to you and your personal data and will only collect and use this in ways which are compliant with data protection legislation.
The Trust has appointed Rebecca Bradley (Head of Information Governance) to be its Data Protection Officer (DPO). The role of the DPO is to ensure that the Trust is compliant with Data Protection legislation and to oversee data protection procedures. The DPO contact details are:
York and Scarborough Teaching Hospital NHS Foundation Trust
When you share your self-referral information on the Your Physio website, See Green Systems Ltd. act as a Processor. The Trust and See Green have a Contract which documents the relationship and See Green will only act upon instructions from the Trust.
What Information are we collecting when you self-refer?
- Basic information about you, such as name, gender, date of birth, address, contact details, NHS number
- Your carer status
- Your military status
We may also process special categories of information that may include:
- Information about your health history that you may choose to disclose as part of your self-referral
- Details about the treatment and care you receive which are relevant to the self-referral
What is our lawful basis for processing your information?
Any personal data we process is done so in accordance with the data protection legislation. Our lawful basis for processing are:
- Article 6(1)(e) Public Task: the processing is necessary to perform a task in the public interest, or our official functions, which have a clear basis in law.
Where we process your special category information our lawful basis are:
- Article 9(2)(h) Health and Social purposes; Schedule 1, Part 1 (c) medical diagnosis, (d) the provision of health care or treatment, or (f) the management of health care systems or services or social care systems or services.
We do not need your consent to use your personal information for the delivery of direct care because we have a public task to do this. We use personal information because it is necessary for us to use this to carry out our activities as an NHS organisation.
How long do we keep your information for?
The Trust follows NHS Digitals recommended retention schedule which can be found in the Records Management Code of Practice for Health and Social Care 2016.
Who do we share your information with?
We may share your information with:
- Your GP
- Where required, other health or medical professionals
Do we transfer your information outside the UK?
We do not transfer this information outside the UK.
What rights do you have over your data?
Under GDPR data subjects have the following rights in relation to the processing of their personal data:
- to be informed about how we process your personal data. This notice fulfils this obligation
- to request access to your personal data that we hold, and be provided with a copy of it
- to request that your personal data is amended if inaccurate or incomplete
- to request that your personal data is erased where there is no compelling reason for its continued processing
- to request that the processing of your personal data is restricted
- to object to your personal data being processed
If you have any concerns about the way we have handled your personal data or would like any further information, then please contact our DPO on the address provided above. To put in a Subject Access Request please contact:
If we cannot resolve your concerns you may also complain to the Information Commissioner’s Office (the Data Protection Regulator) about the way in which the Trust has handled your personal data. You can do so by contacting:
First Contact Team
Information Commissioner’s Office
Wycliffe House Water
firstname.lastname@example.org // 0303 123 1113