Privacy Notice

The following information can be downloaded here.

The new General Data Protection Regulation (GDPR) came into place on the 25th May 2018. This legislation replaces the previous data privacy law, giving more rights to you as an individual and more obligations to organisations holding your personal data.

This privacy notice has been updated and tells you what to expect when the Clinical Commissioning Group collects personal information, the legal basis on which we are using it and the rights that you have in relation to the way that we use it.

 

Who we are

The CCG is made up of the 37 GP practices that are based in Greater Huddersfield. Led by GPs and nurses, we work together with patients and GP practices in your area to ensure the right NHS services are in place to support your health and wellbeing. We call this commissioning.

NHS Greater Huddersfield Clinical Commissioning Group plans and pays for health and care services for local people.

The CCG also manages the performance of services that it commissions to make sure that they are safe, provide high quality care and meet the needs of local people. Part of this performance management role includes responding to any concerns from our patients about those services.

The CCG is registered as a Data Controller with the Information Commissioner’s Office (the regulator for data protection). Our notification entry sets out further information about why we process personal information. Our notification reference number is: Z3621177.

As a public authority, we are required to appoint a Data Protection Officer. The Data Protection Officer for Greater Huddersfield CCG is the Head of Corporate Governance. They can be contacted at:

Head of Corporate Governance
NHS Greater Huddersfield Clinical Commissioning Group
Bradley Business Park
Dyson Wood Way
Bradley
Huddersfield
HD2 1GZ
01484464000
ContactUs@greaterhuddersfieldccg.nhs.uk

The role of the Data Protection Officer is to inform and advise the organisation and its employees about their obligations to comply with the current data protection legislation, monitor compliance with the legislation, manage internal data protection activities, advise on data protection impact assessments, ensure staff training is in place and that the CCG audits its data processing activity. The Data Protection Officer is also the first point of contact for the supervisory authority and for individuals whose data is processed.

 

What information does the CCG collect?

For most of its work, the CCG does not need to process information that might identify you; instead, wherever possible, it uses anonymised information. When information about you is made completely unidentifiable it falls out of the scope of the General Data Protection Regulation.

However, sometimes the CCG may need to use your personal information. You can read details of how and when this may take place below:

 

Visitors to our website

When someone visits our website (www.greaterhuddersfieldccg.nhs.uk) we use a third party service, Google Analytics, to collect standard internet log information and details of visitor behaviour patterns. We do this to find out things such as the number of visitors to the various parts of the site. This information is processed in a way which does not identify anyone. We do not make, and do not allow Google to make, any attempt to find out the identities of those visiting our website. If we do want to collect personally identifiable information through our website, we will be up front about this. We will make it clear when we collect personal information and will explain what we intend to do with it.

From time to time, you may be asked to submit personal information about yourself (e.g. name and email address) in order to receive or use services on our website. Such services include bulletins, email updates, website feedback, requesting investigation of complaints and any other enquiries.

By entering your details or sending us an email, you enable the CCG to provide you with the services you select. Any information you provide will only be used by the CCG, and will not be shared with any external agencies unless we either gain your consent or have a legal obligation to provide the information.

 

Use of cookies by the CCG

You can read more about how we use cookies on our Cookies page.

 

Security and performance

The CCG uses a third party service (The Health Informatics Service- THIS) based at Calderdale and Huddersfield NHS Foundation Trust, to help maintain the security and performance of the CCG website. To deliver this service it processes the IP addresses of visitors to the CCG website.

 

WordPress

We use a third party content management system, WordPress, to publish the website. WordPress is run by Automattic Inc. We use a standard WordPress feature to collect anonymous information about visitor activity on the website, for example the number of people viewing pages, in order to monitor and report on the effectiveness of the website and to help us to improve it. No information is stored with Automattic Inc. All our data, including the WordPress Content Management System, is stored on The Health Informatics Service’s (THIS) server (see Security and performance)

 

People who contact us via social media

If you send us a private or direct message via social media the message will be stored by the CCG for the appropriate amount of time that is required to fulfill your query. It will not be shared with any other organisations.

 

Communications

The CCG’s Communications Team does not routinely process personal information about you, however, when events are held, photographs or videos of the event are sometimes taken. We will always ask your permission when we either take a photo or video of you to ensure that you are happy with us using your photo. You will always have the right to refuse permission or withdraw your permission at a later date.

Occasionally as part of our response to media enquiries, it may be necessary to use and share some personal information as part of the response or press release. On these occasions we will always ask your permission first and will only ever use and share the minimum personal information necessary. The information will not be shared with others unless you have explicitly consented to this.

Lawful basis
When the communications team first get in contact with you, we will ask you to sign a consent form, this ensures that we are processing your information correctly is described in article 6 (consent) and article 9 (explicit consent) of the GDPR.

The CCG will only keep your information for as long as absolutely necessary. The CCG has a Records Management and Information Lifecycle Policy which sets out the length of time that we should keep the different types of information that we process. The information will be retained in a secure environment and access to it will be restricted according to the ‘need to know’ principle.

As with all the information that we process about you, you have a number of rights that apply to your personal information. These can be found in the “What rights you have in relation to the above processing of your personal information” section.

 

Engagement

If you choose to take part in one of the CCG’s engagement activities, we may process personal information about you.

Lawful basis
At the start of your involvement with us, we will ask you to sign a consent form, this ensures that we are processing your information correctly is described in article 6 (consent) and article 9 (explicit consent) of the GDPR.

You can withdraw your consent at any point. The only information that the CCG will process about you is information that you have given us yourself, this is likely to include; your name, address and email address. The CCG will not routinely share this information with any external organisations, unless the CCG is under a legal obligation to do so.

The CCG will only keep your information for as long as absolutely necessary. The CCG has a Records Management and Information Lifecycle Policy sets out the length of time that we should keep the different types of information that we process. The information will be retained in a secure environment and access to it will be restricted according to the ‘need to know’ principle.

You have a number of rights that apply to your personal information. These can be found in the “What rights you have in relation to the above processing of your personal information” section.

 

Continuing Health Care (CHC)

When the Continuing Health Care Team receives an application for continuing healthcare funding, we make up a file containing the details of your application and any information relating to your application. This can include information about your health and care and relevant details from other organisations that are involved in your health and care treatment. The reason that we keep this is so that we can process your application.

We will only use the information within this file for the purposes of processing your application for funding, and will not share your information with anyone who is not involved in the application and decision process. The individuals involved in this process will be the Continuing Healthcare’s administration team who manage this process, the nurses who undertake an eligibility checklist and decision support tool, and the individuals involved in the decision making process in relation to your eligibility for continuing healthcare funding.

Normally, the type of information that we process about you is information you have provided yourself, but generally this will include; your name, date of birth, address, postcode, your NHS number and other information you feel relevant to your application. In addition, during the course of the application, we will seek out further information in relation to your health and care needs to ensure that a decision can be made on eligibility and that the assessor can appropriately undertake the tools required to support this eligibility process.

Lawful basis
The lawful basis which ensures that we are processing your information correctly is described in article 6 (function of a public authority) and article 9 (provision of health care treatment) of the GDPR. However, the CCG will also seek your consent, which ensures that the common law duty of confidentiality is satisfied when we are processing your personal information.

The CCG will only share your information with partners as needed, in order to process your Continuing Healthcare application. We will have to disclose your information to providers who have been and will be involved in your care to ensure that we can gain access to accurate records regarding your needs. This will aid the assessment and review process of continuing healthcare. We may also share your information with the local authority, Doncaster CCG (which processed previously unassessed periods of care on behalf of the CCG), the CCG’s solicitors and others in line with the “need to know” principle.

The CCG will only keep your information for as long as absolutely necessary. The CCG has a Records Management and Information Lifecycle Policy which sets out the length of time that we should keep the different types of information that we process. The information will be retained in a secure environment and access to it will be restricted according to the ‘need to know’ principle.

As with all the information that we process about you, you have a number of rights that apply to your personal information. These can be found in the “What rights you have in relation to the above processing of your personal information” section.

 

Individual Funding Requests (IFR)

All IFRs are processed by the IFR team at NHS Greater Huddersfield CCG. The CCG has a shared arrangement with Calderdale, Greater Huddersfield, North Kirklees and Wakefield CCGs for the processing of Individual Funding Requests.

The CCGs have a robust procedure framework for considering IFRs and this involves the application for funding being considered at the relevant Panel / Committee which is made up of CCG staff members. The Panel / Committee will discuss the application and come to a decision in relation to the funding request.

Upon receipt of an IFR, the IFR team uploads all of the information detailed within the request on to a secure management system called Blueteq. The logging of IFRs will involve processing special categories of your personal data, which could include; your name, date of birth, address, NHS number and information about your health and care needs.

Lawful basis
The CCG’s lawful basis to process your personal information as part of an Individual Funding Request is set out in Article 6 (processing such requests is one of the functions of the CCG as a public body) and Article 9 (provision of health care treatment) of the General Data Protection Regulation.

The CCG will only retain your information for as long as absolutely necessary to conduct the individual funding request. The CCG has a Records Management and Information Lifecycle Policy which sets out the length of time that we should keep the different types of information that we process. The information will be retained in a secure environment and access to it will be restricted according to the ‘need to know’ principle.

As with all the information that we process about you, you have a number of rights that apply to your personal information. These can be found in the “What rights you have in relation to the above processing of your personal information” section.

 

Complaints

When we receive a complaint from a person we make up a file containing the details of the complaint, this is so that we can investigate and respond to your complaint appropriately. The file normally contains the identity of the complainant and any other individuals involved in the complaint.

We will only use the personal information we collect to process the complaint and to check on the level of service we provide. We do compile and publish statistics showing information such as the number of complaints we receive, but not in a form which identifies anyone.

Normally, the types of information we will process about you is information that you have provided yourself, but generally this will include; your name, date of birth, address, postcode, your health and care needs and other information you feel relevant to your complaint.

We usually have to disclose the complainant’s identity to whichever care provider the complaint is about in order to move forward with the investigation. If a complainant doesn’t want information identifying him or her to be disclosed, we will try to respect that. However, it may not be possible to handle a complaint on an anonymous basis.

Similarly, where enquiries are submitted to us we will only use the information supplied to us to deal with the enquiry and any subsequent issues and to check on the level of service we provide.

When we take enforcement action against someone, we may publish the identity of the defendant in our Annual Report or elsewhere. Usually we do not, identify any complainants unless the details have already been made public.

At the start of the complaints process you will be asked to complete a form which ensures that you are fully aware of how your information will be processed and shared.

Lawful basis
The lawful basis which ensures that we are processing your information correctly is described in article 6 (function of a public authority) and article 9 (provision of health care treatment) of the GDPR. However, the CCG will also seek your consent, which ensures that the common law duty of confidentiality is satisfied when we are processing your personal information.

The CCG will only keep your information for as long as absolutely necessary. The CCG has a Records Management and Information Lifecycle Policy which sets out the length of time that we should keep the different types of information that we process. The information will be retained in a secure environment and access to it will be restricted according to the ‘need to know’ principle.

As with all the information that we process about you, you have a number of rights that apply to your personal information. These can be found in the “What rights you have in relation to the above processing of your personal information” section.

 

Workforce (Staff)

The CCG’s Workforce and Development Team processes special categories of personal staff information to ensure that the CCG can manage workforce processes. This information includes; recruitment, payment of salaries and pensions, workforce and staff performance management, administering maternity leave and associated pay related schemes, learning and development. The types of information that the CCG processes includes personal information contained within your HR record including; name, date of birth, address, postcode, racial or ethnic origin, political beliefs and information concerning health.

The CCG uses a third party provider to undertake its Workforce and Organisational Development function. Therefore, your personal human resources information will be shared with Calderdale and Huddersfield NHS Foundation Trust (the CCG’s Data Processor). Information which is required to be disclosed by law will be disclosed to the relevant organisation, for example HMRC for tax purposes in line with their statutory obligations.

Lawful basis
The lawful basis which ensures that we are processing your information correctly is described in article 6(1)b (contractual relationship) and article 9 (2)h (assessment of working capacity of the employee), article 9 (2)b (as per relevant Human Resources employment laws) of the GDPR.

The CCG will only keep your information for as long as absolutely necessary. The CCG has a Records Management and Information Lifecycle Policy which sets out the length of time that we should keep the different types of information that we process. The information will be retained in a secure environment and access to it will be restricted according to the ‘need to know’ principle.

As with all the information that we process about you, you have a number of rights that apply to your personal information. These can be found in the “What rights you have in relation to the above processing of your personal information” section.

 

Occupational Health

The CCG processes special categories of personal staff occupational health information to ensure that the CCG can manage occupational health processes which include; administering sick leave and pay, managing absence, managing a safe working environment and ensuring fitness for work. The information processed will include; details within your HR record and information concerning your personal health.

The CCG used a third party provider to undertake its Occupational Health function. Therefore, your personal information relating to occupational health will be shared with South West Yorkshire Partnership NHS Foundation Trust (the CCG’s Data Processor for this purpose)). The CCG will also need to share your occupational health information with Calderdale and Huddersfield NHS Foundation Trust (the CCG’s Human Resources provider). In addition to the above sharing, information which is required to be disclosed by law will be disclosed to the relevant organisation, for example the Department for Work and Pensions in line with their statutory obligations relating to the working capacity of an employee.

Lawful basis
The lawful basis which ensures that we are processing your information correctly is Article 6(1)b (contractual relationship) and Article 9(2)h (assessment of the working capacity of the employee).

The CCG will only keep your information for as long as absolutely necessary. The CCG has a Records Management and Information Lifecycle Policy which sets out the length of time that we should keep the different types of information that we process. The information will be retained in a secure environment and access to it will be restricted according to the ‘need to know’ principle.

As with all the information that we process about you, you have a number of rights that apply to your personal information. These can be found in the “What rights you have in relation to the above processing of your personal information” section.

 

Payroll

The CCG uses a third party provider to process staff information relating to payroll. Calderdale and Huddersfield NHS Foundation Trust, is the CCG’s data processor for this purpose. The CCG will not share your personal information with any other organisation, unless there is a legal obligation placed upon the CCG to share with another organisation, for example HMRC for the purposes of tax.

The information that payroll will process about you is limited to what is necessary in order to complete the function adequately, but the information could include; your name, date of birth, address and bank details.

Lawful basis
The lawful basis which ensures that your information is being processed correctly is described in article 6(1) b (contractual relationship) of the GDPR.

The CCG will only keep your information for as long as absolutely necessary. The CCG has a Records Management and Information Lifecycle Policy which sets out the length of time that we should keep the different types of information that we process. The information will be retained in a secure environment and access to it will be restricted according to the ‘need to know’ principle.

As with all the information that we process about you, you have a number of rights that apply to your personal information. These can be found in the “What rights you have in relation to the above processing of your personal information” section.

 

Safeguarding

The CCG has a legal duty to have arrangements in place for safeguarding both adults and children. In order to carry out this role, the CCG’s Safeguarding Team processes information in relation to safeguarding. The information processed for relevant people only, can include; their name, date of birth, address, NHS number, information concerning their health and care and their racial or ethnic origin.

The CCG will only share this personal information where expressly permitted by law, and will not share with any partners who do not have a lawful basis to process the personal information.

The CCG will only keep your information for as long as absolutely necessary. The CCG has a Records Management and Information Lifecycle Policy which the CCG adheres to. This sets out the length of time that we should keep the different types of information that we process. The information will be retained in a secure environment and access to it will be restricted according to the ‘need to know’ principle.

As with all the information that we process about you, you have a number of rights that apply to your personal information. These can be found in the “What rights you have in relation to the above processing of your personal information” section.

 

Risk Stratification

Risk stratification is a process which GPs use to help them reduce the risk of individuals developing diseases, such as type 2 Diabetes and help prevent un-planned hospital admissions.

The type of information the CCG’s Business Intelligence Team will process about you includes your date of birth and anonymised details about your stay in hospital or your GP visit for the purposes of risk stratification. The CCG will not share personal information with other organisations.

Lawful basis
The lawful basis for processing this information is provided by Section 251 of the NHS Act 2006. This section allows the Secretary of State for Health to give limited permission for the CCG to use certain categories of personal information when it is necessary for our work other than purposes which relate to your direct care. The approval is given under regulations made under Section 251 and is based on the approval of the Health Research Authority’s Confidentiality Advisory Group.

The CCG will only keep your information for as long as absolutely necessary. The CCG has a Records Management and Information Lifecycle Policy which sets out the length of time that we should keep the different types of information that we process. The information will be retained in a secure environment and access to it will be restricted according to the ‘need to know’ principle.

As with all the information that we process about you, you have a number of rights that apply to your personal information. These can be found in the “What rights you have in relation to the above processing of your personal information” section.

 

Invoice Validation

The CCG processes individuals’ personal information for the purposes of invoice validation. This ensures that care providers can be paid the correct amount for any treatment that they have provided for you. This occurs in those circumstances where the CCG does not have an existing contract with the provider that has treated you.

The type of information that the CCG will process includes your name, date of birth, address, NHS number and the treatment you have received. The CCG will not share your information with other organisations except when it has a legal obligation to do so.

Lawful basis
The lawful basis for processing your information is provided by Section 251 of the NHS Act 2006. This section allows the Secretary of State for Health to give limited permission for the CCG to use certain categories of personal information when it is necessary for our work other than purposes which relate to your direct care. The approval is given under regulations made under Section 251 and is based on the approval of the Health Research Authority’s Confidentiality Advisory Group.

The CCG will only keep your information for as long as absolutely necessary. The CCG has a Records Management and Information Lifecycle Policy which sets out the length of time that we should keep the different types of information that we process. The information will be retained in a secure environment and access to it will be restricted according to the ‘need to know’ principle.

As with all the information that we process about you, you have a number of rights that apply to your personal information. These can be found in the “What rights you have in relation to the above processing of your personal information” section.

 

Register of Interests and the Register of Gifts, Hospitality and Commercial Sponsorship

All CCG staff, Governing Body and committee members, Associates/Subject Specialists and CCG Members must declare any actual or potential conflicts of interest. They must also declare gifts, hospitality or commercial sponsorship – this is whether they were accepted or declined.

We publish our registers of interest, Gifts, Hospitality and Commercial Sponsorship on our website. These registers list the names of relevant individuals, their position or relationship with the CCG and details of the type of interest, gift, hospitality or commercial sponsorship.

The CCG also holds a register of interest for all staff which is available on request from the Head of Corporate Governance.

The information is used to assist the CCG in the management of any real or potential conflicts of interest as set out in the CCG’s Management of Conflicts of Interest Policy.

Third party individuals are sometimes named in the register(s) because they have a business or personal relationship to the person making the declaration. These individuals are notified in advance of publication, in line with the CCG’s Conflict of Interest Policy.

Lawful basis
The Lawful basis for processing this information is provided by Article (1)(c) (Necessary for compliance with a legal obligation) and S.14(0) of the National Health Service Act 2006 (as amended by the Health and Social Care Act 2012) which sets out the minimum requirements of what both NHS England and CCGs must do in terms of managing conflicts of interest.

In exceptional circumstances, where the public disclosure of information might give rise to a real risk of harm or is prohibited by law, an individual’s name and/or other information may be redacted from the publicly available register(s). If you feel that substantial damage or distress may be caused to you or somebody else by the publication of information in the registers, you are entitled to request that the information is not published. Such requests must be made in writing to the CCG’s Conflicts of Interest Guardian or the Head of Corporate Governance in their role as Data Protection Officer.

The contacts details are provided below:

Conflict of Interest Guardian or Head of Corporate Governance
NHS Greater Huddersfield Clinical Commissioning Group
Bradley Business Park
Dyson Wood Way
Bradley
Huddersfield
HD2 1GZ
ContactUs@greaterhuddersfieldccg.nhs.uk

Information retention period
The CCG will only keep your information for as long as absolutely necessary. The CCG has a Records Management and Information Lifecycle Policy which sets out the length of time that we should keep the different types of information that we process. The CCG is required to keep a record of the interests of named individuals on the public register for a minimum of six months after the date the interest expired. In addition, the CCG is required to keep a record of historic interests and offers/receipt of gifts, hospitality or commercial sponsorship for a minimum of six years after the date on which it expired.

The information will be retained in a secure environment and access to it will be restricted according to the ‘need to know’ principle.

As with all the information that we process about you, you have a number of rights that apply to your personal information. These can be found in the “What rights you have in relation to the above processing of your personal information” section.

 

Workforce Minimum Data Set

Under the Health and Social Care Act 2012, the CCG provides individual level staff information to NHS Digital for the workforce Minimum Data Set for primary and secondary care. This data is collected to enable a detailed understanding of the current workforce, its shape, size, skills, competencies and experience. Having this information supports the NHS to identify future workforce requirements to ensure that we can meet patients’ needs now and in the future.

In order to ensure accuracy and reduce duplication, some identifying information is required at the start of this process. However, this information is removed from the dataset following the initial automated process so that no one processing the database can identify an individual. The information collected will be analysed and used for workforce planning, accountability, Parliamentary Questions, Freedom of Information requests and supplied in aggregated reports to GP Practices, Health Education England, Local Education Training Boards, Clinical Commissioning Groups and NHS England.

More information about the workforce Minimum Data Set and its uses is available from the Department of Health and Health Education England.

 

National Fraud Initiative

We participate in the Cabinet Office’s National Fraud Initiative which is a data matching exercise to assist in the prevention and detection of fraud. We are required to provide particular sets of staff and supplier data to the Minister for the Cabinet Office for matching for each exercise. For further information regarding National Fraud Initiative’s data matching at NHS Greater Huddersfield CCG, please contact Olivia Townsend (Local Counter Fraud Specialist) at: Olivia.townsend@nhs.net

Lawful basis
Please see the Cabinet Office’s privacy statement for further information on the lawful basis for collecting and processing this information.

 

Caldicott Guardian

Each NHS organisation has a senior person responsible for protecting the confidentiality of patient information and enabling appropriate information sharing.

This person is called the Caldicott Guardian. Angela Monaghan, the CCG’s Registered Nurse Advisor is the Caldicott Guardian for Greater Huddersfield CCG. You can contact Angela by writing to:

Angela Monaghan, Caldicott Guardian
NHS Greater Huddersfield Clinical Commissioning Group
Bradley Business Park
Dyson Wood Way
Bradley
Huddersfield
HD2 1GZ
ContactUs@greaterhuddersfieldccg.nhs.uk

 

Keeping your information secure and confidential

The CCG has a legal duty to protect any information we collect from you. We use leading technologies and encryption software to safeguard your data and keep strict security standards to prevent any unauthorised access to it.

All staff have contractual obligations of confidentiality, enforceable through disciplinary procedures. All staff receive appropriate training on confidentiality of information and staff who have regular access to personal confidential data will have received additional specialist training.

We take relevant organisational and technical measures to make sure that the information we hold is secure – such as holding information in secure locations, restricting access to information to authorised personnel, protecting personal and confidential information held on equipment such as laptops with encryption and information is transferred safely and securely. The CCG does not transfer personal confidential information overseas.

The CCG is registered with the Information Commissioner’s Office as a Data Controller which details all the purposes for which personal data is collected, held and processed.

The CCG will not pass on your details to any third party or other government department unless we ask your permission to do this or when it necessary to comply with a legal obligation.

The Information Commissioner’s Office maintains a public register of organisations that process personal information. NHS Greater Huddersfield Clinical Commissioning Group registration number is Z3621177.

 

What rights do you have in relation to the above processing of your personal information?

Right of Access to your personal information

This is also known as a Subject Access Request.

When we are processing your personal information, you have the right to obtain confirmation from the CCG that we are:
a) Processing your personal information,
b) That we should be processing your personal information; also you have the right to access that information.
As well as providing access to your information, we will also explain:

  • Why we are processing your personal information;
  • The categories of your personal information that we process;
  • Who we might share the information with and why;
  • How long we will retain your personal information after processing;
  • What other rights you have in relation to the information we are processing about you;
  • If we haven’t collected the information directly from yourself, who has provided your information to us.

The CCG will provide a copy of the personal information that we are processing in relation to you, this can either be posted to you or emailed, depending on your preferred method of communication and sharing of information.

Should you wish to make request to access your personal information, please follow the subject access request procedure and contact the Data Protection Officer on the details provided in the “who we are” section.

Right to Rectification of your personal information

If you believe that the personal information we are processing about your is either incorrect or incomplete, you can request that this personal information be rectified by either correcting information you believe to be inaccurate or by producing a supplementary statement if you believe that the personal information we hold is incomplete.

To make a request to have your personal information rectified, please contact the Data Protection Officer (See “who we are”).

Right to Erasure of your personal information (Right to be forgotten)

If the CCG is processing your personal information, you have the right to request that your information is erased completely, this is also known as the “right to be forgotten”. If you exercise this right, it will mean that the CCG will not keep any personal information relating to you.
This right can be used:

  • Where you believe that the personal information we hold is no longer necessary for the purpose that we originally had for processing your information;
  • Where you withdraw consent to the processing of your personal information and there is no other legal basis for the CCG to retain this information;
  • Where you object to the processing of your personal information ( please see below the “Right to Object”), and there is no overriding legitimate grounds for the continued processing of your personal information;
  • Where you believe your personal information has been processed unlawfully;
  • Where you believe that the CCG has a legal obligation to erase your personal information;
  • Where your personal information has been collected in relation to information society services.

This right to be forgotten does not apply in circumstances where processing is necessary:

  • For exercising the right of freedom of expression and information;
  • Where the CCG has a legal obligation which requires it to process your personal information, for a task carried out in the public interest or in the exercise of official authority vested in the CCG;
  • For reasons of public interest in the area of public health;
  • For archiving purposes in the public interest, scientific or historical research purposes or statistical purposes;
  • For the establishment, exercise or defence of legal claims.

To make a request to have your personal information erased, please contact the Data Protection Officer (see “who we are”).

Right to Restriction of Processing of your personal information

You have the right to restrict the processing of your personal information by the CCG, should it meet the criteria below. If you exercise this right, it will mean that the CCG stops processing your information, with the exception of storing your information.

The circumstances in which you can exercise your right to restrict the processing of your personal information are as follows:

  • If you contest the accuracy of personal information processed by the CCG. This will, for a period of time, halt the processing enabling the CCG to verify the accuracy of your personal information;
  • If you believe the processing of your personal information is unlawful and oppose its erasure but would rather restrict the its processing;
  • If you believe the CCG no longer requires your personal information for the original purpose, but your personal information may be required for the establishment, exercise of defence of legal claims;
  • Where you have objected to the processing of your personal information pending verification regarding whether the legitimate grounds of yourself override those of the CCG.

Following this restriction, the only grounds on which the CCG will begin to process your personal information are:

  • if you consent to the processing or;
  • for the establishment, exercise or defence of legal claims or ;
  • for the protection of the rights of another natural or legal person or;
  • reasons of important public interest.

You will be informed by the CCG if the restriction on processing your personal information is to be lifted.

To make a request to have the processing of your personal information restricted, please contact the Data Protection Officer (see “who we are”).

 

Right to Data Portability for your personal information

When you have provided your personal information to the CCG and it is processed automatically, and the legal basis for processing your information is based on either consent or a contractual relation, you have the right to something called “data portability”. This means that you have the right to receive your own personal information in a structured, commonly-used and machine-readable format and have the right to ask the CCG to transmit that data to another organisation.

To make a request to have your personal information provided or transferred under this right, please contact the Data Protection Officer (see “who we are”).

 

Right to object to the processing of your personal information

When the CCG is processing your personal information in relation to the exercise of its official authority, or where it is processing your personal information in the CCG’s legitimate interests, you have the right to object.

Once you have exercised this right, the CCG will no longer process your personal information unless the CCG can demonstrate compelling grounds for the processing which override your interests, rights and freedoms as the data subject or for the establishment, exercise of defence of legal claims.

Should you wish to object to the processing of your personal information, please contact the Data Protection Officer (see “who we are”).

 

Right to lodge a complaint with the Information Commissioner

At any point, you have the right to lodge a complaint with Supervisory Authority for Data Protection in the United Kingdom. The Supervisory Authority is the Information Commissioner. If you have a complaint about the way in which the CCG is processing your personal information, please contact the Information Commissioner’s Office (ICO). The ICO can be contacted on the below details:

Information Commissioner’s Office
Wycliffe House, Water Lane, Wilmslow
Cheshire, SK9 5AF
Tel: 0303 123 1113 or 01625 545 745 or www.ico.org.uk

 

Changes to this Privacy Notice

If our privacy notice changes in any way, we will place an updated version on this page. Regularly reviewing the page ensures that you are always aware of what information we collect, how we use it and under what circumstances, if any, we share it with other organisations.

 

Contact Us

If you have any questions regarding the information we hold about you or you believe the CCG has not complied with the General Data Protection Regulation in the way we have processed your personal information, you can make a complaint to:

Head of Corporate Governance
NHS Greater Huddersfield Clinical Commissioning Group
Bradley Business Park
Dyson Wood Way
Bradley
Huddersfield
HD2 1GZ
ContactUs@greaterhuddersfieldccg.nhs.uk

 

(Last updated 22nd May 2018)