This Notice incorporates the changes brought about by the General Data Protection Regulation (GDPR) that came into force on 25 May 2018. GDPR includes provisions on Privacy Notices in Articles 12, 13 and 14.
All NHS organisations are now required to publish on their websites a Privacy Notice which details and demonstrates how they obtain, use and share personal and sensitive data.
The Norfolk and Waveney Health and Care Partnership as an STP will not directly obtain, have access to, or process any personal data. All the information we use to analysis and improve services is obtained in conjunction with the partners listed below. For further detail of how to access each individual organisations Privacy Notice, please refer to the links provided below.
The Norfolk and Waveney Health and Care Partnership as an STP is a group of partner organisations working together. One of the greatest benefits, unseen by the public but felt across the NHS, social care and public health, is a collaboration and joint ownership of issues as never before. We are a partnership of local health and care organisations working together to build healthier communities in Norfolk and Waveney. They are all listed with links to their websites here.
Our partnership includes local GP Practices, hospitals, community care, social services and mental health teams, and together we provide services to more than a million people. We are one of 44 Sustainability and Transformation Partnerships, or STPs, making health and care services in England fit for the future.
What is a privacy notice?
A privacy notice is a statement by the Norfolk and Waveney Health and Care Partnership to patients, service users, visitors, carers, the public and staff that describes how we collect, use, retain and disclose personal information.
Why issue a privacy notice?
The Norfolk and Waveney Health and Care Partnership recognises the importance of protecting personal and confidential information in all that we do and takes care to meet its legal and regulatory duties. This notice is one of the ways we can demonstrate our commitment to our values and to being transparent and open. It also shows our commitment to respecting diversity, acting with integrity, demonstrating compassion, striving for excellence and listening and supporting others.
Who are we accountable to?
Department of Health - https://www.gov.uk/government/organisations/department-of-health
Information Commissioner’s Office - https://ico.org.uk/
Care Quality Commission - http://www.cqc.org.uk/
NHS England - https://www.england.nhs.uk/
Legal basis for processing your information
This will be captured by each individual partner organisation at the beginning of any work stream or project via the completion of a Data Protection Impact Assessment.
Each of the organisations within the Norfolk and Waveney Health and Care Partnership is subject to information governance laws and responsibilities in line with the GDPR and Data Protection Act 2018. The Norfolk and Waveney Health and Care Partnership is not a legal entity in its own right and so will not collect or process your data directly.
Where the work of the Norfolk and Waveney Health and Care Partnership requires analysis or access to data held by its partner organisations, it is subject to the information governance rules of the partner organisations involved.
Each of our partner organisations has its own privacy notice on its website which provides full detail around any legal basis where data or information is shared.
How we use your information
How information is kept safe and confidential
Please refer to each organisation's Privacy Notice for details of your personal information is kept safe and secure.
How can I access the information you hold about me, and what are my rights?
Please refer to each partner organisations Privacy Notice for details of your rights and how to exercise them.
Data breaches under GDPR
Under the GDPR each partner organisation has a duty to report certain types of data breach to the Information Commissioner’s Office (ICO). If the breach creates a risk to your rights and freedoms they will notify you without undue delay and the ICO within 72 hours of becoming aware of the breach, where possible.
If the breach is likely to bring a high risk of adversely affecting your rights and freedoms, they will also inform you without undue delay.