Skip to content

Sub menu

Privacy

This page explains our privacy policy and how we will use and protect any information about you that you give us when you visit the West Suffolk NHS Foundation Trust website.

This privacy statement only covers the West Suffolk NHS Foundation Trust website and any of its subsidiary websites. It does not cover all sites that can be linked to from this site, so you should always be aware when you are moving to another site and read the privacy statement on that site.

General Data Protection Regulation (GDPR) 

The General Data Protection Regulation (GDPR) comes into force on 25 May, 2018, replacing the Data Protection Act 1998. 

The GDPR is designed to strengthen and unify individuals' data protection. In simple terms, it means there will be a new set of standards to strengthen the control of people have over their personal data.

There are lots of similarities between the current regulations and GDPR, but there will also be a range of new definitions, requirements of data controllers and processors, regulatory powers, and rights of data subjects. 

An  overview of GDPR can be found here.

Who is responsible for data protection at the Trust

The data protection officer is Sara Taylor, head of information governance. You can contact Sara on 01284 712781 or at %26lt;a href="mailto:sara.taylor@wsh.nhs.uk" target="_top"%26gt;Sara.Taylor@wsh.nhs.uk%26lt;/a%26gt;

How long do we keep information?

Information is retained in line with the NHS Records Management Code of Practice which you can read about on the %26lt;a href="https://digital.nhs.uk/article/1202/Records-Management-Code-of-Practice-for-Health-and-Social-Care-2016"%26gt; NHS Digital website%26lt;/a%26gt;;.

What are my rights under GDPR?

Information regarding your rights can be found %26lt;a href="https://ico.org.uk/for-organisations/data-protection-reform/overview-of-the-gdpr/individuals-rights"%26lt;/a%26gt;here on the information comissioners office website%26lt;/a%26gt;

How do you withdraw your consent for us to share information with other organisations?

Please contact the Information Governance Team on 01284 712781 or If you%26apos;re on the hospital site and receiving care, you can also speak to the outpatients or emergency department reception, talk to your clinicians, or ask to speak to someone from the %26lt;a href="http://www.wsh.nhs.uk/Patients-and-visitors/Your-views-matter/PALS-Patient-advice-and-liaison-service.aspx"%26lt;/a%26gt;patient advice and liaison service (PALS)%26lt;/a%26gt;.


Privacy notices

A privacy notice is a statement that describes how West Suffolk NHS Foundation Trust collects, uses, retains and discloses personal information. To view our privacy notices please click on the links below: 

Foundation Trust member privacy notice

Patient privacy notice

Staff privacy notice

My WiSH charity privacy notice

 

Data privacy impact assessments

In accordance with the General Data Protection Regulation (GDPR) Article 35, DPIAs are mandatory for new systems and procedures where personal information is being processed.

These checklists are used by the WSFT information governance team when assessing the processing of personal information for data protection/confidentiality compliance.

They are approved by the Trust’s IT team and the Information Governance Steering Group. 

Click here to view our data privacy impact assessments. 

 

Accessing your records

Under the Data Protection Act 1998, individuals have a right of access to information held about them, such as patient records.  To request your patient record, please contact:

Medico legal department
West Suffolk NHS Foundation Trust
Hardwick Lane
Bury St Edmunds
Suffolk
IP33 2QZ

Use of cookies

Any cookies used by this website are either required for the website to work correctly or to help us monitor our website, to improve it for future visitors. We do not use cookies to collect personal information about you or to identify individual users. More details about cookies can be found  http://www.allaboutcookies.org/ which will also tell you how you can manage cookies on your own device.

 

ASP.NET cookie

This cookie is set by the web server, which is then made available to web applications such as our content management system.

Name: ASP.NET_SessionId

Use: randomly generated session ID

Expires: When the user exits the browser

Type: Session, First party

 

Google Analytics cookies

Google Analytics sets a number of cookies to help us evaluate the use of our website, for example the number of visitors we have and the pages visited. Full details are available from the  Google Analytics website

Name: _utma

Use: randomly generated number

Expires: 2 years

Type: Persistent, first party

 

Name: _utmb

Use: randomly generated number

Expires: 30 minutes

Type: Persistent, first party

 

Name: _utmc

Use: randomly generated number

Expires: when the user exits the browser

Type: Session, first party

 

Name: _utmz

Use: randomly generated number, plus information on how the site was reached (for example, directly, via a link or through organic search)

Expires: 6 months

Type: Persistent, first party