Skip to content

Sub menu

Privacy information

This page explains our privacy policy and how we will use and protect any information about you that you give us when you visit the West Suffolk NHS Foundation Trust website.

This privacy statement only covers the West Suffolk NHS Foundation Trust website and any of its subsidiary websites. It does not cover all sites that can be linked to from this site, so you should always be aware when you are moving to another site and read the privacy statement on that site.

General Data Protection Regulation (GDPR) 

The General Data Protection Regulation (GDPR) comes into force on 25 May, 2018, replacing the Data Protection Act 1998. 

The GDPR is designed to strengthen and unify individuals' data protection. In simple terms, it means there will be a new set of standards to strengthen the control of people have over their personal data.

There are lots of similarities between the current regulations and GDPR, but there will also be a range of new definitions, requirements of data controllers and processors, regulatory powers, and rights of data subjects. 

An  overview of GDPR can be found here.

Who is responsible for data protection at the Trust? 

The data protection officer is Sarah Preston. You can contact Sarah at

How long do we keep information? 

Information is retained in line with the NHS Records Management Code of Practice which you can read about on the NHS Digital website.

What are my rights under GDPR? 

Information regarding your rights can be found on the information commissioners office website

How do you withdraw your consent to us to share information with other organisations? 

Please contact the information governance team on 01284 712941 or If you're on the hospital site and receiving care, you can also speak to the outpatients or emergency department reception, talk to your clinicians, or ask to speak to someone from the PALS team.

Privacy notices

A privacy notice is a statement that describes how West Suffolk NHS Foundation Trust collects, uses, retains and discloses personal information. To view our privacy notices please click on the links below: 

Foundation Trust member privacy notice

Patient privacy notice

Staff privacy notice

My WiSH charity privacy notice

Volunteer privacy notice

Covid-19 patient privacy notice

COVID-19 staff privacy notice

Data privacy impact assessments

In accordance with the General Data Protection Regulation (GDPR) Article 35, DPIAs are mandatory for new systems and procedures where personal information is being processed.

These checklists are used by the WSFT information governance team when assessing the processing of personal information for data protection/confidentiality compliance.

They are approved by the Trust’s IT team and the Information Governance Steering Group. 

Click here to view our data privacy impact assessments. 


Accessing your records

Under the Data Protection Act 2018, individuals have a right of access to information held about them, such as patient records.  To request your patient record, please contact:

Medico legal department
West Suffolk NHS Foundation Trust
Hardwick Lane
Bury St Edmunds
IP33 2QZ

Use of cookies

Any cookies used by this website are either required for the website to work correctly or to help us monitor our website, to improve it for future visitors. We do not use cookies to collect personal information about you or to identify individual users. 

If you want to delete any cookies that are already on your computer, please refer to the instructions for your file management software to locate the file or directory that stores cookies. 

Information on deleting or controlling cookies is available at Please note that by deleting our cookies or disabling future cookies you may not be able to access certain areas or features of our site.


ASP.NET cookie

This cookie is set by the web server, which is then made available to web applications such as our content management system.

Name: ASP.NET_SessionId

Use: randomly generated session ID

Expires: When the user exits the browser

Type: Session, First party


Google Analytics cookies

Google Analytics sets a number of cookies to help us evaluate the use of our website, for example the number of visitors we have and the pages visited. Full details are available from the  Google Analytics website

Name: _utma

Use: randomly generated number

Expires: 2 years

Type: Persistent, first party


Name: _utmb

Use: randomly generated number

Expires: 30 minutes

Type: Persistent, first party


Name: _utmc

Use: randomly generated number

Expires: when the user exits the browser

Type: Session, first party


Name: _utmz

Use: randomly generated number, plus information on how the site was reached (for example, directly, via a link or through organic search)

Expires: 6 months

Type: Persistent, first party