Your personal data is data which by itself or with other data available to us can be used to identify you. We are Birmingham Women’s and Children’s NHS Foundation Trust, the data controller. Our Trust is registered with the Information Commissioner’s Office (ICO) to process personal and special categories of information under the General Data Protection Regulation (GDPR) and Data Protection Act 2018 (subject to parliamentary approval) and our registration number is Z6078102.
The types of personal data and special categories of personal data we collect and use
The types of personal information we may collect include but is not limited to:
- Full name and personal details including contact information (eg home, address, postcode and address history, email address, home and mobile telephone numbers)
- Username and password if you have registered an account with us
- Customer service information (such as customer service enquiries, comments and history)
- Device information eg IP address, the location of the mobile device or tablet used to access the website
- Photographs, comments and other content you provide;
- Social media information
- Contact information you provide about friends or other people you would like us to contact
- Information we may obtain from our third party service providers.
Sharing of your personal data
Subject to applicable data protection law, we may share your personal data with:
- Relevant staff at Birmingham Women’s and Children’s NHS Foundation Trust
- Other related organisations and other persons who help us to provide our services
- Our legal and other professional advisors including our solicitors
- Other organisations or persons who help us to improve our services
- In an emergency or to otherwise protect your vital interests
- Anyone else where we have your consent or where it is required by law
- Our site may contain links to third party websites and we are not responsible for those sites. We provide links to these websites for your convenience only and you access them at your own risk.
Using your personal data: legal basis and purposes
We will process your personal data:
As necessary to provide the particular service you have requested which might include but is not limited to:
- storing your information in written records and on electronically on computer
- Keeping our records updated
- Verifying your identity
- Verifying that you are a current patient of our Children’s Hospital or Women’s Hospital
- Sharing your information with other people and organisations that are either responsible or directly involved in your care. This may involve taking your information off-site.
As necessary to comply with a legal obligation eg
- When you exercise your rights under data protection law and make requests for information we hold about you
- For compliance with legal and regulatory requirements and related disclosures eg quality reviews, incident reporting, handling of complaints
- For activities relating to the prevention, detection and investigation of crime.
We will process your special category (sensitive) personal data eg, ethnic origin and gender:
- As necessary to protect your vital interests eg where there are safeguarding concerns
- As necessary to serve the substantial public interest eg in ensuring that Trust serves its population and surrounding areas eg you may be asked to participate in satisfaction surveys. Personal information may be used to help us improve the quality of services we provide
- Based on your consent.
You are free at any time to change your mind and withdraw your consent, If you wish to do so please contact our Data Protection Officer.
Your personal data may be transferred outside the UK and the European Economic Area. While some countries have adequate protections for personal data under applicable laws, in other countries steps will be necessary to ensure appropriate safeguards apply to it. These include imposing contractual obligations on adequacy.
Criteria used to determine retention periods
We will retain your personal data in line with the Trust’s retention policy. We only retain information for as long as it is required. You contact the Data Protection Officer if you wish your personal data to be erased from our systems.
Your rights under applicable data protection law
Your rights are as follows (noting that these rights do not apply in all circumstances and that data portability is only relevant from May 2018):
- The right to be informed about our processing of your personal data
- The right to have your personal data corrected if it is inaccurate and to have incomplete personal data completed
- The right to object to processing of your personal data
- The right to restrict processing of your personal data
- The right to have your personal data erased (the ‘right to be forgotten)
- The right to request access to your personal data and information about how we process it
- The right to move, copy or transfer your personal data (‘data portability’).
You have the right to complain to the Information Commissioner’s Office (ICO). It has powers and can investigate compliance with data protection law: https://ico.org.uk/. For more details on all the above you can contact our Data Protection Officer at Birmingham Children’s Hospital, Steelhouse Lane, Birmingham B4 6NH.
Data anonymisation and aggregation
Your personal data may be converted into statistical or aggregated data which cannot be used to identify you, and then used to produce statistical research and reports. This aggregated data may be shared and used in all the ways described above.
Children should be supervised when using this website. Please let us know if a child under the age of 13 has provided us with personal information online.
See our specific data protection policies for our parent and carers and children and young people.