Muted Vibrant

We are sorry but our website is not supported on your browser.

Please switch to a supported browser to continue using www.sthk.nhs.uk. You can see a list of supported browsers below.

Skip to content

Privacy Notice for Patients and Public

This privacy notice explains in detail the type of personal data that we, St Helens and Knowsley Teaching Hospitals NHS Trust (STHK), process about you. What we do with the information that we collect and hold about you and why we might need to share it with other organisations involved in the delivery of your care.

Informing you how we Use and Collect Your Data

Covid 19 Patient Privacy Notice - please click here

The Trust is a Data Controller. A Data Controller determines how the data will be processed and used within their organisation and with others they can share the data with. 

We are legally responsible for ensuring that all personal data that we hold, and use, is done so in a way that meets Data Protection legislation, particularly the data protection principles under the UK General Data Protection Regulation (UK GDPR) and Data Protection Act 2018. We need to make sure that where we process your personal data, we can do so legally. Article 6 of the UK GDPR lists 6 lawful bases for processing personal data, at least one must apply. This notice will explain the legal bases available, where we process personal data and in addition explains how we handle that data and keep it safe and secure.

The Trust is committed to looking after your personal data and it is the responsibility of all staff throughout the organisation to make sure of this.

The Trust employs specific roles to provide leadership and direction to ensure accountability and transparency to support compliance with Data Protection law.

These roles include:

Caldicott Guardian

The Trust is required to have a Caldicott Guardian. The Caldicott Guardian is a senior health professional, appointed to ensure that the data, about those who use its service, is handled in a confidential manner by the Trust and enabling appropriate data / information sharing. The Caldicott principles are incorporated into the NHS Code of Practice.

Our Caldicott Guardian is Mr Alex Benson.

Senior Information Risk Owner (SIRO)

The SIRO is an Executive Director in the Trust with overall responsibility for managing organisational information risk, security of information and putting strategies in place to control the identified risks.

Our SIRO is Christine Walters.

Data Protection Officer (DPO)

Under the UK General Data Protection Regulations (UK GDPR) all large public authority organisations such as STHK are legally required to employ a Data Protection Officer. This person is an expert in data protection and can therefore inform and advise the Trust and  its staff   about their obligations to comply with the UK GDPR and other Data Protection laws. Where there are data protection concerns the DPO will act as a contact point for you and will also act as the main contact for communication with the Information Commissioner’s Office.

Our Trust Data Protection Officer (DPO) is Camilla Bhondoo.

Our DPO can be contacted via the following means:

Address: Pavilion Building, Alexandra Business Park, Prescot Road, St Helens, WA103TP
Email: IG@midmerseyda.nhs.uk 

We will continually review and update this privacy notice to reflect changes in our services and to comply with changes in the law.  When such changes occur, we will revise the last updated date as documented in the version status in the footer of this document.

 

Feedback Form