Data controller: The natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data
Data subject: An identified or identifiable natural person (i.e. an individual); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person
Processing: Any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction
Data processor: A natural or legal person, public authority, agency or other body which processes personal data on behalf of a controller.
Information collection and use
In accordance with the Data Protection Act, we have a legal duty to protect any information we collect from you. NWAS does not store or collect any personal information about site users. The system will record your email address and other information only if volunteered to us by you. This information shall be treated as confidential. You have a right to access your personal data and rectify any inaccuracies. It may be used for internal review or to notify you about updates to this website. Information you send through this website will be treated as follows:
• We will keep it no longer than we reasonably believe is necessary
• We will use it only for the purpose for which you sent it
Links to external sites, including social media
Will we disclose your information to, or share it with, other organisations
As a government department we do not share with other organisations unless the law permits us to do so. We do not sell individual information. We will share it only with our authorised Data Processors, who must act at all times on our instructions as the Data Controller under the Data Protection Act 2018.
Right to be forgotten
You are entitled to withdraw consent regarding any personal data you have provided to us at any time. This also applies to any photographs where you can be identified, even if you have consented to its use previously. You have the right to be forgotten on our systems where appropriate.
There are some limitations to this right. If you wish to discuss this or withdraw your consent to the Trust processing your personal data, please contact email@example.com.
Data Protection Officer
If you wish to contact our Data Protection Officer, email firstname.lastname@example.org.
See below for a number of useful links relating to privacy and personal data:
• Information Commissioners Office – As the independent arbiter of information rights, the Information Commissioner has been charged with regulating the new rules for websites aimed at UK consumers.
• AboutCookies.org – More information about cookies, including how to manage or delete them.
• Directgov – Manage cookies yourself and learn more about them with this advice from Directgov.
• NHS Digital – For more detail on data processing in the NHS.
COVID-19: Processing patient information during the outbreak
The health and social care system is facing significant pressures due to the Covid-19 outbreak. Health and care information is essential to deliver care to individuals, to support health and social care services and to protect public health. Information will also be vital in researching, monitoring, tracking and managing the outbreak. In the current emergency it has become even more important to share health and care information across relevant organisations.
Existing law which allows confidential patient information to be used and shared appropriately and lawfully in a public health emergency is being used during this outbreak. Using this law the Secretary of State has required NHS Digital; NHS England and Improvement; Arms Length Bodies (such as Public Health England); local authorities; health organisations and GPs to share confidential patient information to respond to the Covid-19 outbreak. Any information used or shared during the Covid-19 outbreak will be limited to the period of the outbreak unless there is another legal basis to use the data. Further information is available on gov.uk and some FAQs on this law are available here.
During this period of emergency, opt-outs will not generally apply to the data used to support the Covid-19 outbreak, due to the public interest in sharing information. This includes National Data Opt-outs. However in relation to the Summary Care Record, existing choices will be respected. Where data is used and shared under these laws your right to have personal data erased will also not apply. It may also take us longer to respond to Subject Access requests, Freedom of Information requests and new opt-out requests whilst we focus our efforts on responding to the outbreak.
In order to look after your health and care needs we may share your confidential patient information including health and care records with clinical and non-clinical staff in other health and care providers, for example neighbouring GP practices, hospitals and NHS 111. We may also use the details we have to send public health messages to you, either by phone, text or email.
During this period of emergency we may offer you a consultation via telephone or video- conferencing. By accepting the invitation and entering the consultation you are consenting to this. Your personal/confidential patient information will be safeguarded in the same way it would with any other consultation.
We will also be required to share personal/confidential patient information with health and care organisations and other bodies engaged in disease surveillance for the purposes of protecting public health, providing healthcare services to the public and monitoring and managing the outbreak. Further information about how health and care data is being used and shared by other NHS and social care organisations in a variety of ways to support the Covid-19 response is here.
NHS England and Improvement and NHSX have developed a single, secure store to gather data from across the health and care system to inform the Covid-19 response. This includes data already collected by NHS England, NHS Improvement, Public Health England and NHS Digital. New data will include 999 call data, data about hospital occupancy and capacity data as well as data provided by patients themselves. All the data held in the platform is subject to strict controls that meet the requirements of data protection legislation.
In such circumstances where you tell us you’re experiencing Covid-19 symptoms we may need to collect specific health data about you. Where we need to do so, we will not collect more information than we require and we will ensure that any information collected is treated with the appropriate safeguards.
Lateral flow testing
Participation within the Lateral Flow Testing process is voluntary and staff should ensure they familiarise themselves with any associated training material. By participating within the Lateral Flow Testing process staff recognise that they will provide their test result data to NWAS as instructed. Staff also recognise their data will be processed in the manners laid out within NWAS privacy notices.
Test, Track and Trace
North West Ambulance Service and other NHS organisations are required to support the PHE Tier 1 contact tracing level (referred to as complex cases) of the service through the implementation of a local contact tracing policy of their employees when a staff member is confirmed COVID-19 positive. This is in line with the COPI notice and the legal processing under GDPR Article 6 and 9 for personal and special category data.
With the availability of a vaccine for Covid-19, there is a need to coordinate vaccination for the population of England. This service is supported by the National Immunisation System (NIMS).
Part of the national response to the Covid-19 pandemic is recording the details of who has been vaccinated against Covid-19. Normally, vaccinations are undertaken within GP settings. However, with Covid-19, this will be undertaken in a variety of care settings and for the majority of health and care workforce will be managed by “lead providers” on behalf of local health and care organisations.
It remains the choice of the individual whether to have the vaccine, but we need to be able to share essential workforce details with the lead providers to ensure all our workforce are given the chance to receive their vaccination and we must record the details of the vaccination and share with other NHS services to ensure health records are kept up to date.
Across NWAS, a variety of lead providers and existing local/national systems for booking/recording and sharing of the necessary information will be used to enable the ability to rapidly roll-out this vaccination programme for our essential workforce. As part of this NWAS are asking for those we do not hold personal information on the ESR record to upload the required personal data onto NWAS’s Safecheck system in order to receive the vaccine.
The information gathered via Safecheck will then be uploaded into the National Immunisation Vaccination System (NIVS) for more information on this system please click here.
Notification of changes
North West Ambulance Service reserves the right to change the privacy statement without notice. It is the responsibility of users to check this privacy statement regularly. The processing for COVID-19 is expected to cease by March 2021.