Privacy statement

How this page works.

This Privacy Notice sets out how South Central Ambulance Service NHS Foundation Trust (SCAS) processes (collects, uses, retains, protects and discloses) personal information.

We recognise the rights you have over your data and acknowledge the control you exercise over how it should be used. We respect these rights and are committed to safeguarding your privacy.

The key laws that determine how we use your information are: the General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679), Data Protection Act 2018, the Human Rights Act 1998 (HRA), relevant health service legislation, and the common law duty of confidentiality.

South Central Ambulance Service NHS Foundation Trust is registered as a Data Controller with the Information Commissioner’s Office (Registration Number: Z9522464).

The information we collect and how we use it is explained in more detail in the following sections.

Data protection

Overview

The key data protection legislation that sets the rules and determines how we process personal information is the General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) and the Data Protection Act 2018 (DPA 2018).

Under the GDPR, all processing of personal information must adhere to the following principles:

1. Processed fairly, lawfully and transparently.

2. Processed only for specified, explicit and legitimate purposes.

3. Adequate, relevant and limited to what is necessary in relation to the purposes of processing

4. Accurate and rectified without delay if inaccurate.

5. Not kept for longer than necessary.

6. Processed securely – to preserve the confidentiality, integrity and availability of the data

Rights

Individuals (data subjects) are given various rights under the law, including the right to access their personal information. There is further information on your rights and explanations of how to exercise them on the following pages;

Ask us for your information by using our Data Subject Access Request Form

Alternatively view our Exercise Your Rights document for more information.

When you visit any of our websites

Our main website is www.scas.nhs.uk. We also operate the following websites; www.scasjobs.co.uk: provides information on job roles in SCAS and links in to the NHS Jobs website. www.scasyouth.co.uk: provides information about SCAS to young people www.scaskids.co.uk: provides information about SCAS to children

What kind of personal information do we process?

No personal information is processed when you visit any of our websites. Sites hosted on www.scas.nhs.uk use strictly necessary cookies for technical reasons; those that enable a personalised experience for visitors and registered users. For more details on how we use cookies, go to our Cookies page.

Will my information be shared with anyone else?

We use a third party provider, SurveyMonkey, to carry out online surveys and links to these surveys are placed in various locations on our sites. We also use services from this provider as a communication channel through which members of the Foundation Trust can use to manage their membership preferences. Their privacy notice can be accessed by visiting https://www.surveymonkey.co.uk/mp/legal/privacy-policy/

When you use our 999 Service

We respond to emergency 999 calls by getting medical help to patients who have life-threatening injuries or illnesses as quickly as possible. Every time we receive a 999 call, our staff record the relevant details and use information about the nature of the patient’s illness or injury to ensure they are sent the right medical help.

What kind of personal information do we process?

The following information is taken when a call is made to our 999 service;

  • Name of caller (if not the patient)
  • Name of patient
  • Age of patient
  • Gender of patient
  • Contact details of caller
  • Contact details of patient (if not with the caller)
  • Reason why 999 service is required
  • Any relevant medical history of the patient
  • The recording of the 999 call

Other information that may be processed includes;

  • Medical treatment provided to the patient.
  • Visual images for example CCTV and Still Photography.
  • Religious or similar beliefs
  • Racial and ethnic origin
  • In some cases it may be appropriate to obtain contact details of other individuals present at the scene.

How will the information be used and what is the lawful basis?

The information is processed by Emergency Operation Control staff (these can include call takers, dispatchers and responding crews) to determine the most appropriate response for patient’s care. Information is also processed to promote or support the provision of healthcare services to patients. Personal information from 999 calls is processed on the lawful basis that;

  • We have a legal duty to perform our tasks in the public interest [GDPR Art 6(1)(e)].
  • It is necessary to protect someone’s life [GDPR Art 6(1)(d)].
  • You have given us your consent [GDPR Art 6(1)(a)].
  • You have given us your explicit consent [GDPR Art 9(2)(a)].

Will my information be shared with anyone else?

It may be appropriate to share your information with other services and third parties. These can include:

  • NHS Commissioners, who are responsible for procuring healthcare services to meet patient’s needs.
  • Hospitals for example where a pre alert is necessary for an acutely ill patient on route to Hospital.
  • Out of Hours GP services to provide alternative medical services where deemed appropriate.
  • Midwifes, SCAS and community; when the call is regarding obstetrics.
  • Social Services where there is a concern for the welfare of the patient or others involved.
  • Mental Health services where the patient has a mental health illness and specific treatment is required.
  • Dental Service providers may be contacted where the Emergency relates to dental complaints.
  • Next of Kin, where the patient has requested us to make the person aware of any ongoing incident.

Personal information is shared with NHS Digital under their powers to require or request provision of information needed for the functions it exercises. We will also share information with other third parties if there is a statutory basis for disclosure or a requirement to comply with a court order [GDPR Art 6(1)(c)].

When you use our 111 service

Our Clinical Co-ordination Centre (CCC) and Clinical Support Desk (CSD) staffed by trained nurses provide the NHS 111 service. Call handlers use the NHS Pathways assessment tool, a standard set of questions to establish what service the caller may need. Where a call is identified as other than life threatening or serious, it may be transferred to nurses to provide further assessment and an appropriate care option.

What personal information do we collect?

  • Name of caller (if not the patient)
  • Name of patient
  • Age of patient
  • Gender of patient
  • Contact details of caller
  • Contact details of patient
  • Reason why 111 service is required and any relevant medical history of the patient
  • The recording of the 111 call.
  • Address of the patient
  • Location of the patient
  • Patient’s GP

Other information that may be taken includes

  • Racial or Ethnic Origin
  • Religion

How will the information be used?

The information that is taken will be used to determine the most appropriate care for the patient.

Will my information be shared with anyone else?

It may be appropriate to share your information with other services and third parties including:

  • NHS Commissioners, who are responsible for procuring healthcare services to meet patient’s needs.
  • Out of Hours GP services
  • Midwifes, SCAS and community when the call is regarding obstetrics
  • Clinicians within the control room
  • Social Services where there is a concern for the welfare of the patient and others involved
  • Mental health Services where the patient has a mental health illness and specific treatment is required
  • Next of Kin, where the patient has requested for us to make the person aware of any ongoing incident
  • Dental Service providers for calls relating to dental problems
  • SCAS 999 Service
  • The Police Service

Personal information is shared with NHS Digital under their powers to require or request provision of information needed for the functions it exercises. We will also share information with other third parties if there is a statutory basis for disclosure or a requirement to comply with a court order [GDPR Art 6(1)(c)].

When you use our Non-Emergency Patient Transport Service

Non-Emergency Patient Transport is a commissioned service. We provide patient transport to people who are unable to use public or other transport due to their medical condition, and include those who are:

  • attending hospital outpatient clinics
  • being admitted to or discharged from hospital wards
  • needing life-saving treatments such as radiotherapy, chemotherapy or renal dialysis or DVT treatment

Patients have to register to use this service.

What kind of personal information do we process?

To process applications for transport, the following information is required;

  • Date of Birth,
  • First Name,
  • Last Name,
  • Home Address,
  • NHS Number, (this is your unique identification number in the NHS)
  • Telephone Number (home and or mobile), (to contact you if there is a problem)
  • GP Practice (to identify your Clinical Commissioning Group)

Other information required for each transport booking will include

  • Destination, (Where you need to go for your appointment)
  • Date of travel,
  • Patient mobility (helps us to provide the right vehicle for you)
  • Name of caller making the booking and contact number.

Information can be provided by the patient or a Health Care Professional.

How will the information be used and what is the lawful basis?

The information is used to create an account for you and manage your transport bookings. Information is also processed to promote or support the provision of healthcare services to patients. Information is processed on the lawful basis that;

  • We have a legal duty to perform our tasks in the public interest [GDPR Art 6(1)(e)].
  • It is necessary to protect someone’s life [GDPR Art 6(1)(d)].
  • You have given us your consent [GDPR Art 6(1)(a)].
  • You have given us your explicit consent [GDPR Art 9(2)(a)].

We rely on your explicit consent to process personal information that enables us produce and monitor equal opportunity statistics. This information will not be used to identify you and not providing it does prevent you from using the service.

Will my information be shared with anyone else?

It may be appropriate to share your information with other organisations and individuals. These may include:

  • NHS Commissioners of Non-Emergency Patient Transport, who are responsible for procuring healthcare services to meet patient’s needs.
  • Third party organisations working on behalf of South Central Ambulance Service NHS Foundation Trust. These organisations have been approved by the Trust and are bound by a contract with strict information governance clauses approved by the Department of Health.
  • Hospitals and GP Services
  • Safeguarding and or Social Services
  • Next of Kin

We use third party software supplied and hosted by Cleric to manage out non-emergency patient transport service. Their privacy notice can be accessed by visiting https://www.cleric.co.uk/. Personal information is shared with NHS Digital under their powers to require or request provision of information needed for the functions it exercises. Information may be shared with other third parties if there is a statutory basis for disclosure or it necessary to comply with a court order [GDPR Art 6(1)(c)].

When you apply for a job with us

What kind of personal information do we process?

When you work for SCAS

  • Your name
  • Your contact details including email address, home address and telephone numbers
  • Details of your CV which can include work experience, locations, dates and positions held.
  • Names and contact information of your referees
  • Equal opportunities information such as race, ethnic origin and disabilities.

Employee records including;

  • Employment history with the organisation
  • Employment terms and conditions (e.g. pay, hours of work, holidays, benefit, absence)
  • Any accidents connected with work
  • Sickness records
  • Any training taken
  • Any disciplinary action
  • Personal details relating to occupational health
  • Bank Account details
  • NHS Pension details
  • Contract and supporting documentation
  • Next of Kin contact details
  • Information collected as part of the recruitment process.

Some information is provided by the candidates during the recruitment process via NHS Jobs or through a recruitment agency via your CV. During employment, information may be provided directly by the staff member or generated as a direct result of activities related to your employment.

How will the information be used and what is the lawful basis?

Information is processed in a variety of paper and electronic formats and is used to;

  • Create and maintain your staff record (GDPR Art 6(1)(b) Processing in necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.
  • Communicate with you throughout your employment with SCAS. (GDPR Art 6(1)(b) – Processing in necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.
  • Monitor equal opportunity statistics and help us understand staff demographics (GDPR Art 9(2)(a) – we have your explicit consent to process this data)
  • Check criminal records every 5 years to help make safer working environments. (GDPR Art 9(2)(a) – we will ask for your explicit consent to process this data) (GDPR Art 10 – Personal data relating to criminal convictions and offences includes personal data relating to the alleged commission of offences by an individual, proceedings for an offence committed or alleged to have been committed by an individual or the disposal of such proceedings (including sentencing)
  • To maintain sickness records (GDPR Art 9(2)(h) – is necessary for the assessment of the working capacity of the employee)
  • Check facts about your qualifications (GDPR Art 9(2)(b) – is necessary for the purposes of carrying out obligations in the field of employment and social security and law)

Will my information be shared with anyone else?

We carry out Enhanced Disclosure for existing staff already undertaking Regulated Activity, who move by secondment, promotion, or transfer to another Regulated Activity, and have never had a CRB/ DBS disclosure carried out before, or has a disclosure that is more than five (5) years old. A new disclosure will also be processed where a previously issued disclosure does not contain a PoCA or PoVA check where one is required. Follow this link for more information on Trust’s DBS policy. The Trust use the services of Atlantic Data to carry out criminal records check via the Disclosure and Barring Service (DBS). Please follow the link below to access their privacy policy. https://www.disclosures.co.uk/ All successful applicants will be required to complete an Occupational Health Questionnaire, this may be required again should the staff member have health requirements needing to be met. Staff members may be referred if required at any point during their employment. All roles involving driving will need a medical with our occupational health providers. Our Occupation Health provider is Team Prevent. https://www.teamprevent.co.uk/our_services/fitness_for_work.html A number of HR records are maintained on a third party records management system called Omnidox, their privacy policy can be viewed by following the link https://www.boxit.co.uk/privacy-policy/

When you work us

What kind of personal information do we process?

When you work for SCAS

  • Your name
  • Your contact details including email address, home address and telephone numbers
  • Details of your CV which can include work experience, locations, dates and positions held.
  • Names and contact information of your referees
  • Equal opportunities information such as race, ethnic origin and disabilities.

Employee records including;

  • Employment history with the organisation
  • Employment terms and conditions (e.g. pay, hours of work, holidays, benefit, absence)
  • Any accidents connected with work
  • Sickness records
  • Any training taken
  • Any disciplinary action
  • Personal details relating to occupational health
  • Bank Account details
  • NHS Pension details
  • Contract and supporting documentation
  • Next of Kin contact details
  • Information collected as part of the recruitment process.

Some information is provided by the candidates during the recruitment process via NHS Jobs or through a recruitment agency via your CV. During employment, information may be provided directly by the staff member or generated as a direct result of activities related to your employment.

How will the information be used and what is the lawful basis?

Information is processed in a variety of paper and electronic formats and is used to;

  • Create and maintain your staff record (GDPR Art 6(1)(b) Processing in necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.
  • Communicate with you throughout your employment with SCAS. (GDPR Art 6(1)(b) – Processing in necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.
  • Monitor equal opportunity statistics and help us understand staff demographics (GDPR Art 9(2)(a) – we have your explicit consent to process this data)
  • Check criminal records every 5 years to help make safer working environments. (GDPR Art 9(2)(a) – we will ask for your explicit consent to process this data) (GDPR Art 10 – Personal data relating to criminal convictions and offences includes personal data relating to the alleged commission of offences by an individual, proceedings for an offence committed or alleged to have been committed by an individual or the disposal of such proceedings (including sentencing)
  • To maintain sickness records (GDPR Art 9(2)(h) – is necessary for the assessment of the working capacity of the employee)
  • Check facts about your qualifications (GDPR Art 9(2)(b) – is necessary for the purposes of carrying out obligations in the field of employment and social security and law)

Will my information be shared with anyone else?

We carry out Enhanced Disclosure for existing staff already undertaking Regulated Activity, who move by secondment, promotion, or transfer to another Regulated Activity, and have never had a CRB/ DBS disclosure carried out before, or has a disclosure that is more than five (5) years old. A new disclosure will also be processed where a previously issued disclosure does not contain a PoCA or PoVA check where one is required. Follow this link for more information on Trust’s DBS policy. The Trust use the services of Atlantic Data to carry out criminal records check via the Disclosure and Barring Service (DBS). Please follow the link below to access their privacy policy. https://www.disclosures.co.uk/ All successful applicants will be required to complete an Occupational Health Questionnaire, this may be required again should the staff member have health requirements needing to be met. Staff members may be referred if required at any point during their employment. All roles involving driving will need a medical with our occupational health providers. Our Occupation Health provider is Team Prevent. https://www.teamprevent.co.uk/our_services/fitness_for_work.html A number of HR records are maintained on a third party records management system called Omnidox, their privacy policy can be viewed by following the link https://www.boxit.co.uk/privacy-policy/

Volunteer as a Community First Responder

What kind of personal information do we process?

When you apply to volunteer as a CFR, we ask you to complete an application form where we request the following information;

  • Personal Details including;
  • Name; current and any previous
  • Aliases (known as)
  • Date of Birth
  • National Insurance Number
  • Telephone numbers (Home, Mobile & Work)
  • E-mail
  • Home Address
  • Ethnicity
  • Details of any disabilities
  • Marital Status
  • Sexuality
  • Religion or belief
  • Health Questionnaire
  • Next of Kin Details
  • Current Employment Details
  • References
  • Driving Licence Details including endorsements and accidents history
  • Personal Vehicle Details
  • Details of any criminal convictions
  • Your location, when you are on duty

Successful applicants are required to provide an up to date passport or digital photograph.

How will the information be used and what is the lawful basis?

The information you provide will be used to evaluate your suitability to become a CFR. The evaluation process will include confirming your identity, seeking assurance of your good character, trustworthiness and reliability, checking your driving record and carrying out health screening. We rely on your consent [GDPR Art 6(1)(a)] to do this. We rely on your explicit consent [GDPR Art 9(2)(a)] to process your health information. Information on race or background, disability, sexuality and religion or belief is used for equality monitoring and to help us understand the demographics of our volunteer group. We rely on your explicit consent [GDPR Art 9(2)(a)] to process this information. An application to become a CFR is not affected in any way if you choose not to provide it. We will require:

  • Proof of your identity – you will be asked to bring original documents confirming your identity to a meeting with the Community Engagement & Training Officer.
  • Access to your Driving Licence Record – to confirm the number of points on your licence and history of any accidents (if any).
  • A completed Disclosure and Barring Service form and declare any unspent convictions.
  • Details of your referees so they can be contacted directly and asked to provide references and vouch for your good character.
  • A completed health questionnaire to establish your health suitability to work as a CFR. The health evaluation is carried out by a third party called Team Prevent.
  • Written confirmation from your car insurance company that your policy permits you to use your car for this purpose.

Your contact information will be used to:

  • Update you on the progress of your application.
  • Provide you with information necessary to perform your responder role.
  • Provide you with relevant information relating to SCAS.

The following records will be maintained for every CFR:

  • Details of your training, including records of any assessments and test results.
  • Information on your responder activities, including any records you generate.

Passport photographs are used to create an identity card. Next of kin details will be used if we need to contact somebody whilst you are volunteering for us.

Will my information be shared with anyone else?

The role of a CFR involves being actively involved in their scheme’s fundraising activities in aid of South Central Ambulance Charity. We rely on your consent to share your personal information with South Central Ambulance Charity for the purposes of administering and supporting your fundraising activities. The charity privacy notice can be accessed by visiting https://scascharity.org.uk/privacy-policy/ Our Occupational Health service is provided by Team Prevent. They process the information in your health questionnaire and assess whether you are fit for the role of a CFR. You are able to request to see their assessment before it is sent to us. Here is a link to their website: http://www.teamprevent.co.uk We use a third party processing application called Harlequin Software to manage our database of volunteers. Access to the database is linked to specific role functions and has to be authorised. Harlequin’s privacy notice can be accessed by going to http://www.harlequinsoftware.co.uk/privacy/ Information is also processed on secure servers in SCAS. This can only be accessed by using an authorised SCAS account. Information will only be shared with other third parties when there is a statutory basis for disclosure or court order requiring us to comply with a legal obligation [GDPR Art 6(1)(c)].

When you become a member of the Foundation Trust

All prospective members of the public constituency are asked to fill and submit an application form which could be in paper format or online. Online forms are hosted and processed by Membership Engagement Services Limited (MES). MES is a wholly owned subsidiary of Electoral Reform Services Limited (ERS).Their privacy notice can be accessed by visiting https://www.membra.co.uk/privacy-policy/ Staff become automatic members if they are employed by the Trust under a contract of employment which has no fixed term or has a fixed term of at least 12 months; or have been continuously employed by the Trust under a contract of employment for at least 12 months. This is legally based on:

What personal information do we collect?

All prospective members of the public constituency are asked to fill an application form where we request the following personal information:

  • Name
  • Address
  • Date of birth
  • Telephone Number

We also ask for the following information but there is no obligation to provide it:

  • Email
  • Gender
  • Disability information
  • Ethnicity
  • Employment status

New members are added to the staff constituency based on the following information provided by the Human Resources department:

  • Name
  • Address
  • SCAS Email

How will the information be used and what is the lawful basis?

Relying on consent [GDPR Art 6(1)(a)], we use the information on the application form to register new members in the public constituency and include their details on the Foundation Trust database. Contact information is used to communicate with members based on their specified preferences. We use information on disability, age and ethnicity to monitor the Trust’s membership against the South Central population and ensure that the membership is representative of its communities and that we can provide the best care for all our service users. When this information is provided on the application form, we rely on your explicit consent [GDPR Art 9(2)(a)] to process it. Parental consent is sought from all prospective members under the age of 16. Under the GDPR, our legal justification for continuing to process your data is Article 6(1)(e), ‘Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Data Controller (South Central Ambulance Service NHS Foundation Trust)’. This forms the legal basis for:

  • Engaging with our local community and encouraging stakeholders to become members of the Trust
  • Maintaining a register of Members showing, in respect of each member, the constituency to which the member belongs
  • Communicating with members to keep them informed and engaged in the activities of the Trust

Profiling and Targeted Communication

We use profiling techniques to demonstrate the diversity of our membership and to ensure communications to members are relevant and timely. For example, we may send you specific information based on your age group and the area you live. Profiling also enables us to allocate resources more effectively and improve service delivery.

Will my information be shared with anyone else?

The Foundation Trust is legally obliged to keep a public register of its members available for inspection by members of the public, free of charge at all reasonable times. Any member of the public can request for and receive a copy of or extract from the register. The public register will show, in respect of each member, the name and constituency to which the member belongs. Where a member has requested not to be included in the public register, their details will not be included in the registers available for inspection. We manage the membership data using a hosted commercial platform provided by Membership Engagement Services (MES). Their privacy notice can be accessed by visiting https://www.membra.co.uk/privacy-policy/ We provide online forms that enable existing members to communicate with us and manage their preferences. These are forms are hosted by SurveyMonkey and their privacy notice can be accessed by visiting https://www.surveymonkey.co.uk/mp/legal/privacy-policy/ Your demographic information (Name and Address) may also be shared with approved suppliers, in order to send any information you have chosen to receive, via the postal service, or for the purpose of enabling members to participate in Governor Elections, which are required to be run by an independent company. Under some circumstances, we can be required to share your information when it is necessary to comply with a legal obligation [GDPR Art 6(1)(c)].

How long will SCAS keep this information for?

Public membership Public members can cancel their membership at any time by contacting the Data Protection Officer at the address shown below. Details will be removed from our membership database upon receiving notification. Members’ paper or online application form will be securely retained for a period of one year for administrative purposes after which all details will be permanently removed. Staff membership Staff leavers will be removed from our membership database upon notification from HR that they are no longer in the employment of the Trust. If a staff member decides to opt out of the membership they can do so by contacting the Data Protection Officer at the address shown below. Upon receipt of notification, all the details which we hold for this particular individual will be permanently removed from the membership database

How long will SCAS keep my information for?

Information regarding SCAS retention periods are detailed in our Lifecycle policy which can be accessed using the link below

How secure is my information?

There are appropriate technical and security measures in place to ensure the confidentiality, integrity and availability of our systems and personal information.

We do not share any of the information you provide with third parties for marketing purposes and it will never be sold.

Your data subject rights

Every individual has rights in relation to how their data is processed. These rights are detailed below;

  • The right to know how your data is processed; this is explained to you in this privacy notice
  • The right to know what personal information we hold about you; this can be exercised by sending us a subject access request using the contact details below. We will respond within one month.
  • The right to rectification; you can make a request to have any inaccuracies in your data rectified or completed it if it is incomplete
  • The right to erasure; also known as the ‘right to be forgotten’. We will comply with any request for your data to be erased.
  • The right to restrict processing: you the right to limit the way that we use your data.
  • The right to object to processing; all processing will stop if you tell us why you object and we agree with you.
  • The right to data portability; you can ask us to transfer your data to another organisation or give it you.
  • Your rights are determined by the legal basis upon we process your information, therefore in some circumstances not all rights will be applicable.

Further explanation on your rights and how they can be exercised are provided on our Data Subject Rights document.

Data gathered for research purposes

All research by the Trust & the NHS is undertaken in accordance with the NHS Health Research Authorities Framework. Their policy and frameworks can be found here Patient information and health and care research – Health Research Authority (hra.nhs.uk)

Where possible Research will always be undertaken with anonymised data, which is data which cannot identify the individual. Where this I not possible and person identifiable data is used, your data will still be treated in the same confidential manner and kept secure.

Where we are required to inform you or gain consent for your permission to use your data or invite you to a Clinical Trial we will contact you via one or more of the methods below;

  • During a consultation
  • Text Message
  • Email
  • Letter
  • Telephone

You do however have the right not to take part in a Clinical trial or Research but you should consider the benefits these might offer you and your medical condition. You may exercise this right at any time by;

  • Informing the research team asking for your permission
  • Using the NHS Data Opt Out – you can find more information here

Further information on how our research teams use data in research can be found in the research section.

Contact

If you have any queries, require further information or want to exercise any of your rights please contact:

Data Protection Officer South Central Ambulance Service
7-8 Talisman Road
Bicester
Oxfordshire
OX26 6HR

Tel: 01869 365000
Email: scas.dpa@nhs.net

Complaints

If you have any concerns about how your information has been processed and want to lodge a complaint with the Supervisory Authority in the UK, you can contact:

Information Commissioner’s Office
Wycliffe House
Wilmslow
SK9 5AF

Email: www.ico.org.uk/global/contact-us/email

*Accessibility

Please note that some of our documents do not meet the Public Sector Bodies (Websites and Mobile Applications) (No. 2) Accessibility Regulations 2018 due to the fact that they represent a ‘Disproportionate burden’. See our Accessibility Statement page for more details.