Your Privacy and Information

We are the North London Foundation Trust (NLFT) created on 1st November 2024 following the formation of the North London Mental Health Partnership between Camden and Islington NHS Foundation Trust and Barnet, Enfield and Haringey Mental Health Trust.

The Trust collects and processes information about you when you have accessed and used our services. Full information on the types of information that we collect and process can be found in our Privacy Notice.

Under the Data Protection Act, you have the right to request and access the information that we hold about you. You can access your information by making a Subject Access Request (SAR)

Privacy Notice

NLFT respects your privacy and is committed to protecting your personal data.

This privacy notice will tell you about how we look after your personal data, your rights, and who you can contact for information.

The General Data Protection Regulation (GDPR) requires that data controllers provide certain information to people whose personal data they hold and use.

A privacy notice is one way of providing this information. This is sometimes referred to as a fair processing notice. A privacy notice should identify who the data controller is, with contact details for its Data Protection Officer. It should also explain the purposes for which personal data are collected and used, how the data is used and disclosed, how long it is kept and the controller’s legal basis for processing.

NLFT Privacy Notice

Service Specific Privacy Notices

These notices provide you with details of our privacy practices in connection with a number of systems we use and what we do to maintain your right to privacy.

You can download the privacy notices below:

• Privacy Notice - Attend Anywhere
• Privacy Notice - CCTV
• Privacy Notice - C&I Decant Programme
• Privacy Notice - ePMA
• Privacy Notice - E-rota
• Privacy Notice - Granicus
• Privacy Notice - Islington People's Rights
• Privacy Notice - Lookahead
• Privacy Notice - MS Teams
• Privacy Notice Patients Know Best
• Privacy Notice - Recovery College
• Privacy Notice - Recruitment Activity

Accessing your information

You can request information that the Trust holds on you, such as your health records, by making a Subject Access Request (SAR).

You can make your SAR by emailing either nlft.information.request@nhs.net or beh-tr.records@nhs.net if you are a patient of Barnet, Enfield or Haringey Trust.

We would encourage you to fill out the below form when making your SAR as this will help us in narrowing exactly what information you require, however this is not a requirement: SAR Form

Information and guidance on making a SAR can be found on the Information Commissioners Office website: Getting copies of your information (SAR) | ICO

Please supply identification when making your request, it would also be helpful to include your NHS number to address your request as efficiently as possible. Examples of acceptable proof of identification are listed below.

You must produce on piece of ID from each column:

Examples of Proof of Identification

Proof of Name	Proof of Address
Current signed photographic passport	Utility bill (gas, electricity, water, landline telephone bill) issued within the last 3 months
Original birth certificate	Local Authority Council Tax bill for current tax year
EEA member state identity card	Current UK driving licence (if not used for proof of name)
Current UK or EEA photocard driving licence	Bank, Building Society or Credit Union statement or passbook dated within last 3 months

If you are unable to provide identification, please contact the IG Team at the above email address.

Requesting information about someone else

You can make a SAR to obtain information about another individual provided you have a right to access this information or consent from the individual.

To request information about another person, please complete and return our form or email your request to:

nlft.information.request@nhs.net

Or

beh-tr.records@nhs.net if the person is/was under the care of Barnet, Enfield and Haringey MH Trust.

Please note we will require proof of identity when you make this request and may ask for proof that you are able to make this request – for example you have right of authority.

Requesting information about a deceased person

The Access to Health Records Act 1990 grants rights to certain individuals to see what has been written about a deceased patient in a hospital and other health records. This only applies to written records made on or after 1^st November 1991.

Access to these records is only available to the deceased personal representative or to any person having a claim arising out of a patients’ death.

Access may not be permitted if the following circumstances apply:

1. If it is considered that the patient would not have wished disclosure of their information.
2. If access would lead to the identification of someone else not involved in the patients care.
3. If access would cause serious mental or physical harm to someone else not involved in the patient’s care.

To request information about a deceased individual please complete and return this form or email your request to:

nlft.information.request@nhs.net

Or

beh.tr-records@nhs.net if the patient was under the care of Barnet, Enfield and Haringey MH Trust.

Data Retention

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal or reporting requirements.

To determine the appropriate retention period for personal data, the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements have been considered.

All records held by the Trust will be kept for the duration specified by national guidance from the Department of Health and Social Care found in the Records management: Records Management Code of Practice - NHS Transformation Directorate (england.nhs.uk) and is supplemented by our Records Management policy and Retention schedule.

National Data Opt-Out

The national data opt out allows patients to opt out of their confidential information being used for research and planning. You can read more about it on the NHS website.

Patients can find out more and set their opt-out choice on the NHS data matters section of the NHS website.

Download and read the your data matters patient information leaflet [pdf] 232KB

Health and care staff can download leaflets, posters and other resources to use when informing patients. Staff can also read overview of the policy - Understanding the national data opt-out.

Contact Us

For Freedom of Information Requests: nlft.freedom.information@nhs.net
For Medical Records/Subject Access Requests: nlft.information.request@nhs.net
If you were treated at Barnet, Enfield or Haringey Trust: beh-tr.records@nhs.net 
For all other queries: nlft.feedback@nhs.net
To contact the Data Protection Officer: nlft.information.request@nhs.net

Useful Documents

• Patient Information Leaflet - Handling your information 
• NLFT Privacy Notice
• C&I Privacy Notice for Staff 
• SAR Form