Data controller: The natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data

Data subject: An identified or identifiable natural person (i.e. an individual); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person

Processing: Any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction

Data processor: A natural or legal person, public authority, agency or other body which processes personal data on behalf of a controller.

In accordance with the Data Protection Act, we have a legal duty to protect any information we collect from you. NWAS does not store or collect any personal information about site users. The system will record your email address and other information only if volunteered to us by you. This information shall be treated as confidential. You have a right to access your personal data and rectify any inaccuracies. It may be used for internal review or to notify you about updates to this website. Information you send through this website will be treated as follows:

• We will keep it no longer than we reasonably believe is necessary
• We will use it only for the purpose for which you sent it

NWAS may process anonymised or pseudonymised patient data for service improvement and innovation. This includes developing proof of concept projects involving artificial intelligence (AI) to enhance the accuracy and efficiency of healthcare services which are used solely to support patient care and operational improvement. These projects are conducted in strict adherence to governance standards, data protection regulation and privacy safeguards, ensuring that patient data is processed securely and confidentially at all times.

This website contains links to other websites, including those of government departments and of other organisations. This privacy policy applies only to this website, so when you are moving to another site which collects personal data you should always read the privacy policy relating to that website. We do not pass on any personal information you have given us to any other website operators.

The social media sites that we link are third-party sites and the trust does not have any control over the way that these sites use your information. If you choose to access these sites using the links provided, the operators of these sites may collect information from you that may be used by them in accordance to their privacy policy, which may differ from ours.

As a government department we do not share with other organisations unless the law permits us to do so. We do not sell individual information. We will share it only with our authorised Data Processors, who must act at all times on our instructions as the Data Controller under the Data Protection Act 2018.

You are entitled to withdraw consent regarding any personal data you have provided to us at any time. This also applies to any photographs where you can be identified, even if you have consented to its use previously. You have the right to be forgotten on our systems where appropriate.
There are some limitations to this right. If you wish to discuss this or withdraw your consent to the Trust processing your personal data, please contact [email protected].

If you wish to contact our Data Protection Officer, email [email protected].

See below for a number of useful links relating to privacy and personal data:
• Information Commissioners Office – As the independent arbiter of information rights, the Information Commissioner has been charged with regulating the new rules for websites aimed at UK consumers.
• AboutCookies.org – More information about cookies, including how to manage or delete them.
• Google Analytics – How Google Analytics use cookies and how to opt out of being tracked by Google Analytics.
• Directgov – Manage cookies yourself and learn more about them with this advice from Directgov.
• NHS England Digital – For more detail on data processing in the NHS.

North West Ambulance Service (NWAS) routinely collect information from the initial contact in the 999 Emergency Operations Centre (EOC) and by completing an electronic patient record (EPR) when we attend to patients on scene. Some of this information goes on to form part of the Ambulance Data Set (ADS).

To understand the patient’s journey from the ambulance service to other urgent and emergency healthcare settings, information within this data set is shared with NHS Digital, where it can be linked with information received from the Emergency Care Data Set (ECDS) if patients have been transported to Emergency Care departments, using some personal details such as NHS number or date of birth. A small subset of ECDS linked information is then returned by NHS Digital to us with the inclusion of a unique number generated by us during the initial 999 call, and a unique vehicle reference which will help us re-identify the original care record. Access to this information will enable us to help develop the skills of our clinicians to improve the care they provide and support us in delivering service improvements to improve patient experience.

The lawful basis for the ambulance service to process this information under GDPR is Article 6 (1)(e) – “…exercise of official authority” and for processing special categories (health) data the basis is: Article 9(2)(h) – ‘…health or social care…’.
NHS England have obtained a section 251 approval (of the NHS Act 2006 and Health Service (Control of Patient Information) Regulations 2002) on behalf of the ambulance service. This provides a legal basis for patient information to be processed for these purposes.