Your Privacy and Information

NLFT respects your privacy and is committed to protecting your personal data.

This privacy notice will tell you about how we look after your personal data, your rights, and who you can contact for information.

The General Data Protection Regulation (GDPR) requires that data controllers provide certain information to people whose personal data they hold and use.

A privacy notice is one way of providing this information. This is sometimes referred to as a fair processing notice. A privacy notice should identify who the data controller is, with contact details for its Data Protection Officer. It should also explain the purposes for which personal data are collected and used, how the data is used and disclosed, how long it is kept and the controller’s legal basis for processing.

 NLFT Privacy Notice

You can request information that the Trust holds on you, such as your health records, by making a Subject Access Request (SAR).

You can make your SAR by emailing either nlft.information.request@nhs.net or beh-tr.records@nhs.net if you are a patient of Barnet, Enfield or Haringey Trust.

We would encourage you to fill out the below form when making your SAR as this will help us in narrowing exactly what information you require, however this is not a requirement: 

 SAR Form

Information and guidance on making a SAR can be found on the Information Commissioners Office website: Getting copies of your information (SAR) | ICO

Please supply identification when making your request, it would also be helpful to include your NHS number to address your request as efficiently as possible. Examples of acceptable proof of identification are listed below.

If you are unable to provide identification, please contact the IG Team at the above email address.

You must produce on piece of ID from each column:

Proof of Name	Proof of Address
Current signed photographic passport	Utility bill (gas, electricity, water, landline telephone bill) issued within the last 3 months
Original birth certificate	Local Authority Council Tax bill for current tax year
EEA member state identity card	Current UK driving licence (if not used for proof of name)
Current UK or EEA photocard driving licence	Bank, Building Society or Credit Union statement or passbook dated within last 3 months

You can make a SAR to obtain information about another individual provided you have a right to access this information or consent from the individual.

To request information about another person, please complete and return our form or email your request to:

Nlft.information.request@nhs.net

Or

beh-tr.records@nhs.net if the person is/was under the care of Barnet, Enfield and Haringey MH Trust.

 SAR Form

Please note we will require proof of identity when you make this request and may ask for proof that you are able to make this request – for example you have right of authority.

Requesting information about a deceased individual

The Access to Health Records Act 1990 grants rights to certain individuals to see what has been written about a deceased patient in a hospital and other health records. This only applies to written records made on or after 1^st November 1991.

Access to these records is only available to the deceased personal representative or to any person having a claim arising out of a patients’ death.

Access may not be permitted if the following circumstances apply:

• If it is considered that the patient would not have wished disclosure of their information.
• If access would lead to the identification of someone else not involved in the patients care.
• If access would cause serious mental or physical harm to someone else not involved in the patient’s care.

To request information about a deceased individual please complete and return this form or email your request to:

Nlft.information.request@nhs.net

Or

Beh.tr-records@nhs.net if the patient was under the care of Barnet, Enfield and Haringey MH Trust.

 SAR Form

 

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal or reporting requirements.

To determine the appropriate retention period for personal data, the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements have been considered.

All records held by the Trust will be kept for the duration specified by national guidance from the Department of Health and Social Care found in the Records management: Records Management Code of Practice - NHS Transformation Directorate (england.nhs.uk) and is supplemented by our Records Management policy and Retention schedule.

The national data opt out allows patients to opt out of their confidential information being used for research and planning. You can read more about it on the NHS website.

Patients can find out more and set their opt-out choice on the NHS data matters section of the NHS website.

Health and care staff can download leaflets, posters and other resources to use when informing patients. Staff can also read overview of the policy - Understanding the national data opt-out.

These notices provide you with details of our privacy practices in connection with a number of systems we use and what we do to maintain your right to privacy.

You can download the privacy notices below:

• Attend Anywhere
• CCTV
• E-Rota
• EPMA
• Granicus - GovDelivery
• Islington People's Rights
• Look Ahead
• MS Teams
• Patient Knows Best
• Recovery College
• Recruitment

• For Freedom of Information Requests: nlft.freedom.information@nhs.net
• For Medical Records/Subject Access Requests: nlft.information.request@nhs.net
• If you were treated at Barnet, Enfield or Haringey Trust: beh-tr.records@nhs.net
• For all other queries: nlft.feedback@nhs.net
• To contact the Data Protection Officer: nlft.information.request@nhs.net