Leicestershire Partnership NHS Trust (the Trust) is part of the NHS and provides the following services across Leicester, Leicestershire and Rutland:

  • Inpatient mental health services
  • Community mental health services
  • Specialist Inpatient and Community mental health services e.g. Huntington’s Disease service etc.
  • Services for people who come into contact with the criminal justice system
  • Inpatient learning disability services
  • Community learning disability services
  • Inpatient and Community Adult eating disorders
  • Inpatient Child and Adolescent mental health services
  • Community child and adolescent mental health services
  • Child and Adolescent Mental Health Services Eating Disorders
  • Inpatient mental health services for older people
  • Community mental health services for older people
  • Children’s Services e.g. public health nurses (health visitors and school nurse) etc
  • Community physical health services e.g. district nursing, community therapy etc
  • Inpatient physical health services – Community Hospitals including all therapy services
  • Acute and Community dietetic services
  • Podiatry services
When we process your personal information, Leicestershire Partnership NHS Trust (LPT) is the Data Controller. As a Data Controller, the Trust has a duty to comply with the EU General Data Protection Regulation (GDPR) and the UK Data Protection Act 2018, which requires that processing of your personal information is fair, lawful and transparent. This means we must:
  • Keep sufficient information to provide services and fulfil our legal responsibilities
  • Keep your records secure and accurate
  • Only keep information as long as necessary
  • Collect, store and use the information you provide in a manner that is compatible with data protection legislation

Furthermore, we have a legal obligation to respect the common law duty of confidentiality. All our staff are contractually bound by this obligation through the terms and conditions of their employment with the Trust. Healthcare professionals are further committed to maintain confidentiality through their professional registration with the relevant professional bodies.

The Trust is registered as a data controller with the Information Commissioners Office – registration number Z6769559. Our registration entry can be seen here

Trust’s Contact Details

Leicestershire Partnership NHS Trust

Unit 2, Bridge Park Plaza, Bridge Park Road, Thurmaston, LE4 8BL

Tel: 0116 225 2525

Data Protection Officer

The Trust’s Data Protection Officer is the Head of Data Privacy and be contacted at:

Data Privacy Team

Unit 2, Bridge Park Plaza, Bridge Park Road, Thurmaston, LE4 8BL

Email: LPT-DataPrivacy@leicspart.nhs.uk

Covid-19 and your information – Updated on 8th April 2020

Key Worker Testing

Where you have been invited for Keyworker testing for COVID-19, the Department of Health and Social Care are the Data Controller and the Privacy Notice for information collected and used for this purpose is available via this link:


 Supplementary Privacy note on Covid-19 for Service Users

 This notice describes how we may use your information to protect you and others during the Covid-19 outbreak. It supplements our main Privacy Notice which is available below.

 The health and social care system is facing significant pressures due to the Covid-19 outbreak. Health and care information is essential to deliver care to individuals, to support health and social care services and to protect public health. Information will also be vital in researching, monitoring, tracking and managing the outbreak. In the current emergency it has become even more important to share health and care information across relevant organisations.

Existing law which allows confidential patient information to be used and shared appropriately and lawfully in a public health emergency is being used during this outbreak. Using this law the Secretary of State has required NHS Digital; NHS England and Improvement; Arms Length Bodies (such as Public Health England); local authorities; health organisations and GPs to share confidential patient information to respond to the Covid-19 outbreak. Any information used or shared during the Covid-19 outbreak will be limited to the period of the outbreak unless there is another legal basis to use the data. Further information is available on gov.uk here and some FAQs on this law are available here.

During this period of emergency, opt-outs will not generally apply to the data used to support the Covid-19 outbreak, due to the public interest in sharing information. This includes National Data Opt-outs. However in relation to the Summary Care Record, existing choices will be respected. Where data is used and shared under these laws your right to have personal data erased will also not apply. It may also take us longer to respond to Subject Access requests, Freedom of Information requests and new opt-out requests whilst we focus our efforts on responding to the outbreak.

In order to look after your health and care needs we may share your confidential patient information including health and care records with clinical and non clinical staff in other health and care providers, for example neighbouring GP practices, hospitals and NHS 111. We may also use the details we have to send public health messages to you, either by phone, text or email.

During this period of emergency we may offer you a consultation via telephone or video- conferencing. By accepting the invitation and entering the consultation you are consenting to this. Your personal/confidential patient information will be safeguarded in the same way it would with any other consultation.

We will also be required to share personal/confidential patient information with health and care organisations and other bodies engaged in disease surveillance for the purposes of protecting public health, providing healthcare services to the public and monitoring and managing the outbreak. Further information about how health and care data is being used and shared by other NHS and social care organisations in a variety of ways to support the Covid-19 response is here.

NHS England and Improvement and NHSX have developed a single, secure store to gather data from across the health and care system to inform the Covid-19 response. This includes data already collected by NHS England, NHS Improvement, Public Health England and NHS Digital. New data will include 999 call data, data about hospital occupancy and A&E capacity data as well as data provided by patients themselves. All the data held in the platform is subject to strict controls that meet the requirements of data protection legislation.

In such circumstances where you tell us you are experiencing Covid-19 symptoms we may need to collect specific health data about you. Where we need to do so, we will not collect more information than we require and we will ensure that any information collected is treated with the appropriate safeguards.

We may amend this supplemented privacy notice at any time so please review it frequently. The date at the top of this supplementary notice will be amended each time the notice is updated

Why do we need information about you

In order to provide you with the highest quality of healthcare, we need to keep records about you. Health records comprise information relating to your physical or mental health, created by a healthcare professional to support your care. The Health records we create are mostly electronic, although you may also have some paper records. We have a legal duty to keep these confidential, accurate and secure at all times in line with Data Protection law. Our staff are trained to handle your information correctly and protect your privacy. We aim to maintain high standards, adopt best practice for our record keeping and regularly check and report on how we are doing. Your information is never collected for direct marketing purposes, and is not sold on to any other third parties

What information we hold about you

If you are a patient, we hold records about you which may include the following set out below. This information is necessary in order to provide direct health care to you.

Basic details such as address, date of birth, next of kin/emergency contact details:
• Name, address and date of birth: We collect your name, address and date of birth to enable us to send you letters about your care such as appointments. Additionally, your name, address and date of birth are used to identify you and distinguish you from other patients. A change of name or incorrect date of birth can result in misidentification; please inform us of any changes to your details.
• Telephone number(s): We collect contact telephone numbers from you which will be used to contact you about your care. We will use your mobile phone number to send text messages about forthcoming appointments or other reminders. If you do not wish your mobile number to be used in this way, please contact the service you are being seen by in order that they can make a note on your records.
• Ethnicity: We are legally required to collect your ethnicity to ensure that we provide a fair and open service where all patients receive equal treatment. An individual’s ethnicity can also have a bearing on the type of illnesses an individual is susceptible to. Anonymised information on patient’s illnesses/disease and their ethnicity is passed by us to the Department of Health & Social Care who share this information with the World Health Organisation to identify patterns in illness or diseases.
• Disability or language preferences: This information is collected to enable the Trust to provide care which meets your needs such as accommodating wheelchair users or providing interpreters.
• Religion: We offer all patients a Chaplaincy service. Your religion is passed to the Chaplains who run this service to enable them to visit you whilst in hospital to ensure the pastoral and spiritual needs of patients, their families and staff members are adequately supported.
• Your email address – where you have provided this as a communication preference
• Your NHS number
• Your marital status
• Your preferred contact details e.g. relatives, friends and carers contact details
• Your opinions and decisions about your contact with our services

Details about contact the Trust has had with you as clinical visits
We maintain electronic information about your visits and contacts with us. Your record is shared with clinical and care staff providing your care, to ensure consistent, appropriate and safe healthcare is provided to you.

Details and records about your treatment and care
To ensure the treatment and care provided to you by the Trust is appropriate and consistent, details and records about the treatment and care you have been provided will be recorded. This will ensure that there is a full and comprehensive record which is available to all staff who are involved with providing your care and treatment.

We work in partnership with other organisations such as:
• University Hospitals of Leicester NHS Trust
• Nottinghamshire Healthcare NHS Foundation Trust
• Nottingham University Hospitals NHS Trust
• East Midlands Ambulance Service
• Leicester City Council
• Leicestershire County Council
• Rutland County Council • Leicestershire Police

Relevant information from other professionals who have contact with you
Most of the information held about you in the Trust has either come directly from you or as a result of the interaction between you and the health professional and administrative staff with whom you have contact. We may also receive information about you from:

  • Your GP
  • Other NHS Trusts such as a Hospital (e.g. University Hospitals of Leicester NHS Trust; Nottinghamshire Healthcare Foundation Trust, Nottingham University Hospitals NHS Trust)
  • East Midlands Ambulance Service
  • Local Authorities (e.g. Leicester City Council, Leicestershire County Council, Rutland County Council)
  • Police
  • Relatives, carers and friends
  • Your registration & updates to a Trust Wellbeing Account

We may also collect and store information about previous convictions where this is relevant to the care and treatment we are providing to you and/or where this is relevant to the health and safety of our staff and other patients.

Discuss and agree with you what they are going to record about you
The NHS has seven key principles, one of which is “The NHS aspires to put patients at the heart of everything it does”. Trust staff will work with you to deliver the best possible care including discussing with you the care they are going to provide.

We try to make sure that patients are involved with the decision about their care. A copy of letters sent to you GP about your care will also be sent to you, unless you expressly state that you do not want this to happen.

Show you what they have recorded about you, if you ask
To continue to include you in decisions about your care whilst you are being seen under Trust services, if you ask during your consultation/treatment, the appropriate staff can show you what they are writing in your records about the care they are providing. However, if you wish to obtain a copy of your records, you will need to make a request to the Information Request Team. Information on how to request a copy of your records can be found in the ‘Contact Us’ section of the Trust website.

The Trust collects information from you to be able to:
• Contact you by post, email, telephone and MyMailbox Application (dependent on your preferences)
• Deliver appropriate health and care to you as out patient
• To contact you to get feedback on your experiences of our services including the handling of complaints
• Respond to legal requirements including provision of information on notifiable diseases
• Provide information to other NHS organisations as required by law or other directions
• Ensure payments are made for Out of Area care or other specific care packages
• Prevent and detect fraud or crime
• Provide statistical analysis of the use of services and so that we can plan future services

Our legal reason for collecting your information

The Trust has to provide a legal basis for the processing of your information. The Trust is part of the NHS which has a public duty to care for its patients. Under the Data Protection Act the Trust may process information which is appropriate to provide the health and social care treatment to patients, as well as the management of health and social care systems and services.

If we need to use your personal information for any reason beyond those stated above, we will discuss this with you. You have the right to ask us to not use your information in this way, however there might be times when we will still have to share your information; if this is the case we will discuss this with you.

Under the terms of the General Data Protection Regulations, we are required to notify you of the legal basis for processing the data we handle.


Personal data provided to the Trust for the purpose of healthcare delivery, management and treatment:

6(1)(e)Necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller

Special Category Personal Data provided to the Trust for the purpose of healthcare delivery, management and treatment:

9(2)(h) Necessary for the reasons of preventative or occupational medicine, for assessing the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or management of health or social care systems and services on the basis of Union or Member State law or a contract with a health professional

To manage our contractual obligations for the services we have been commissioned to deliver:

  • Ensure that money is used properly to pay for the services it provides
  • Investigate complaints, legal claims or important incidents
  • Make sure that services offered give value for money
  • Make sure services are planned to meet patients’ needs in the future
  • Review the care given to make sure it is of the highest possible standard
  • To improve the efficiency of healthcare services

Schedule 1 Part 2 of the Data Protection Act 2018, provides the basis in UK law for the processing of criminal offence data that is gathered by the Trust for healthcare management purposes.

How your records are used

The Trust collects information about you in order to be able to provide you with the direct health and social care and treatment.

The people who care for you use your records to:

Produce a record of all the health decisions made about you and the care provided to you:
Your information is used by clinical, support workers and administrative staff; this could include professionals based in another location. Clinical staff access your information to view the care you have been provided and to ensure the care they give you is appropriate, safe and effective.
Clinical support workers and administrative staff may also access your records to support the clinical staff e.g. support workers in the delivery of your care, additionally administrative staff ensure the care you have been provided with is recorded correctly and will communicate this with your GP.
Where appropriate the Trust has access to the Summary Care Records which detail basic information and lists your current medication, e.g. this system is accessed by the Trust’s Pharmacy staff when issuing your prescriptions
If you need to be transferred to another hospital for further treatment, information about your condition and care will be sent to the hospital you are being transferred to.

Support you during your contact with the Trust
The Trust uses whiteboards in ward areas, this is to help identify you during your stay. Your initial and surname will be displayed on the whiteboard which may be in a public area, if you do not wish for your name to be displayed you must inform a member of Trust staff as soon as possible.

CCTV cameras are installed around the Trust to assist in the prevention, investigation and detection of crime and anti-social activity. CCTV recording and equipment are securely stored in a restricted area and password protected; all images are deleted after a set period of time unless the images form part of an investigation. Requests for viewing of images are managed by the Local Security Management Specialist.

Telephone calls to some areas of the Trust are routinely recorded, such as our Booking Centres and Single Points of Access (SPA). The reasons for the recording are:

  • Prevent crime or misuse
  • Make sure that staff act in compliance with Trust procedures
  • Ensure quality control and improve services
  • Train staff

Check the quality of care provided (e.g. clinical audit)
The Department of Health & Social Care mandates all NHS Trusts to undertake clinical audits on care delivered to patients, which can be undertaken by clinical staff employed by us or by external audit companies. This could involve individuals who have not been involved with your direct care accessing your medical records.

We have an annual clinical audit programme which requires all clinical staff to participate. Clinical staff review patient medical records to audit the care provided, and to identify ways in which the care could be improved in the future.

The Trust participates in a number of National Clinical Audits including:
Further information can be found at: https://www.england.nhs.uk/clinaudit/
Occasionally, external companies will audit our treatment of patients to provide assurance to the Trust and our Commissioners on the care and treatment provided to patients. In some instances the auditors may review a patient’s medical record. These individuals are bound by strict codes of confidentiality. If you do not wish your records to be accessed by these staff, please write to the Data Privacy Department.

• Investigate any concerns or complaints you or your family have raised to the Trust about your healthcare
In order to deal with issues raised by you or to process your complaint or legal claim, staff within our Legal Department and Complaints Department will access your medical records and may share this information with other staff as well as external third parties where applicable, including our solicitors or NHS Resolution.

We take patient safety very seriously. If an incident occurs which was not expected we will investigate it, therefore the staff involved in your care, with support from the Trust's Patient Safety Team will access your medical records.

• To help teach and train new members of staff
The Trust partners with a number of universities/colleges to teach and train student and newly qualified Doctors and Nurses in order to help them gain valuable experience and practice in delivering care.

• Manage the services provided by the Trust:
Every NHS Trust is performance managed. Statistical information about patient care is collated by the Trust e.g. how long patients have waited for an appointment, etc. The Trust will use and share coded patient information to undertake statistical analysis on the management and performance of NHS Services locally and the NHS as a whole.

We use statistical information about patients to improve the services we provide such as reviewing the length of time a patient has stayed in hospital or the number of hospital infections. This information is coded so individual patients cannot be easily identified.

Coded information about patient care is sent to NHS Digital on a daily basis. NHS Digital manages information sent to the Department of Health & Social Care. This information is used by NHS Digital and the Department of Health & Social Care to review the treatment provided to patients across the NHS and identify trends/changes in the health of the population.

The Trust collects information from you to be able to:
• Contact you by post, email, telephone and MyMailbox Application (dependent on your preferences)
• Deliver appropriate health and care to you as out patient
• To contact you to get feedback on your experiences of our services including complaints handling
• Respond to legal requirements including provision of information on notifiable diseases
• Provide information to other NHS organisations as required by law or other directions
• Ensure payments are made for Out of Area care or other specific care packages
• Prevent and detect fraud or crime
• Provide statistical analysis of the use of services and so that we can plan future services

Other Information and Uses

Using your information for research

Research has a vital role to play in the development of healthcare and health service delivery. The Trust is a proactive research institution and this is reflected in our aims and values. The Trust’s Research and Development Department must approve research before it takes place.

As an NHS organisation we use personally-identifiable information to conduct research to improve health, care and services. As a publicly-funded organisation, we have to ensure that it is in the public interest when we use personally-identifiable information from people who have agreed to take part in a research. This means that when you agree to take part in a research study, we will use your data in the ways needed to conduct and analyse the research study. Your rights to access, change or move your information are limited, as we need to manage your information in specific ways in order for the research to be reliable and accurate. If you withdraw from the study, we will keep the information about you that we already have obtained. To safeguard your rights, we will use the minimum personally-identifiable information possible.

Health and care research should serve the public interest, which means that we have to demonstrate that our research serves the interests of society as a whole. We do this by following the UK Policy Framework for Health and Social Care Research

Commissioning for Quality and Innovation (CQUIN)

To help improve the quality of services, better outcomes for patients and ensuring the right treatment is being provided to patients, the Department of Health & Social Care has mandated Trusts to achieve certain standards – Commissioning for Quality and Innovation (CQUIN). To achieve these standards the Trust will work with other NHS organisations to share information relating to patients to provide them with the best possible care e.g. frequent A&E attenders.

You will always be informed when the Trust identifies a need to share your information with another organisation to provide you with the best possible care.

Questionnaires and Surveys

To help ensure the Trust is meeting the needs and satisfaction of the community it serves, it will commission companies to run questionnaires or surveys on the Trust’s behalf, only the minimum information will be securely shared with these companies and these companies are bound by strict confidentiality clauses.

Working with other Organisations

We will share your information with other organisations, to assist with giving you the best care possible. Where we share your information with these organisations, they are subject to strict information sharing protocols/agreements. Anyone who receives information from the Trust has a legal duty to keep it confidential and secure. Only information that is required and appropriate to support your care and treatment will be provided.

Where we share your information with other organisations that do not form part of your care, permission from yourself will be sort before sending the information unless we have a legal obligation to provide the information or we have to because the interest of the public is thought to be of greater importance.

There are occasions where we have a legal duty to pass patient information to external organisations which operate to oversee and address issues relating to the management of the NHS as a whole. These include:

  • Notification of infectious diseases including Food Poisoning are reported to Public Health England
  • The Care Quality Commission which has the powers of inspection and entry into required documentation
  • Investigations by regulators of professionals i.e. General Medical Council and the Nursing and Midwifery Council
  • Coroners investigations into the circumstances of a death
  • Reports of deaths, major injuries and accidents to the Health and Safety Executive
  • The NHS Security Management Service collects information on reported security incidents (e.g. thefts of patient/staff property, assaults on NHS staff)/
  • NHS Counter Fraud Authority is responsible for policy and operational matters relating to the prevention, detection and investigation of fraud in the NHS
  • For the management of NHS Prescription Services/
  • Information must be provided to the Police to help prevent an act of terrorism or prosecuting a terrorist (The Terrorism Act 2000 and Terrorism Prevention and Investigation Measure Act 2011)
  • For the protection of a child or vulnerable adult for safeguarding purposes
  • Report cases of Female Genital Mutilation

Working with Others

To protect your best interests, your information may be securely shared in an emergency situation.

We have developed extensive emergency contingency plans including in the event of fire, flood, loss of power, etc. If an emergency occurred within the hospital, details of patients currently within the hospital or due to come into hospital might be securely shared with external organisations that are assisting us to manage the emergency.

LLR Sustainability and Transformation Partnership (STP)

The Trust alongside the three local authorities, University Hospitals of Leicester NHS and the Clinical Commissioning Groups form part of the LLR Sustainability and Transformation Partnership (STP) which is part of the NHS England’s five-year strategy to close the gap between Health & Wellbeing, Care & Quality and Finance & Efficiency, building strong collaborative relationships to work together to achieve shared goals and ambitions for our population. There may be occasions where your basic information is securely shared to help with planning services as part of the STP.

Integrated Care Teams

The Trust has various Integrated Care Teams which are teams of health professionals that integrate health, care and support services from across our area to work together to provide you with seamless care whether in the Trust, the community or in your home, only information that is essential to the care the ICT team is providing will be securely shared within the ICT team.

All organisations we share your information with are subject to strict information sharing protocols/agreements. Anyone who receives information from us also has a legal duty to keep it confidential and secure. Where we share your information with these organisation we will let you know.

We will not share information with external organisations unless:

  • It supports your care and treatment
  • You ask us to do so
  • We ask your permission
  • We have to by law
  • We have special permission for health or research purposes; or
  • We have to because the interests of the public are thought to be of greater importance than your confidentiality.

Other uses of Information

Patient and public involvement

If you take part in our patient and public involvement or patient experience activities, we may collect and process personal confidential information which you have shared with us.

Where you submit you details to us for involvement and patient experience purposes, we will only use your information for this purpose.

Equality and Diversity Data

As a Trust we have a duty to eliminate unlawful discrimination, harassment or victimisation, to advance equality of opportunity and to foster good relations. All public bodies must treat people from different groups fairly and equally. Data on equality and diversity is captured in accordance with the Equality Act 2010.

Special Category Personal Data provided to the Trust for the purpose of compliance with Equality legislation :

9(2)(b) necessary for the carrying out of obligations under employment, social security or social protection law, or a collective agreement.

Mental Health Act Data

Most people who receive treatment in hospitals or psychiatric units for mental health conditions are there voluntarily and have the same rights as people receiving treatment for physical illnesses. However, a small number of patients may need to be compulsorily detained under a section of the Mental Health Act 1983.

Special Category Personal Data provided to the Trust for the purpose of healthcare delivery, management and treatment:

9(2)(b) necessary for the carrying out of obligations under employment, social security or social protection law, or a collective agreement.

9(2)(c) Necessary to protect the vital interests of a data subject who is physically or legally incapable of giving consent

9(2)(h) Necessary for the reasons of preventative or occupational medicine, for assessing the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or management of health or social care systems and services on the basis of Union or Member State law or a contract with a health professional

Use of Photographs

Photographs where an individual can be clearly identified will only be used as part of promotional materials and website where explicit consent has been given by the individual.

Personal data for the purpose of promoting the work of the Trust:

6(1)(a)Consent of the data subject

Recovery College

Recovery College LPT supports individuals with experience of mental health difficulties to live the life they want to lead and become experts in their own self-care. The college supports individuals through courses designed to contribute towards wellbeing.

Data captured during enrollment is required to manage this service and to provide you details of available courses and resources.

Personal data provided by individuals for the purpose of enrollment:

6(1)(e)Necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller

Special Category Personal Data provided to the Trust for the purpose of healthcare delivery, management and treatment:

9(2)(b) necessary for the carrying out of obligations under employment, social security or social protection law, or a collective agreement;

Staff Information

During the course of its employment activities, Leicestershire Partnership NHS Trust collects, stores and processes personal information about prospective, current and former staff.

The scope of this Privacy Notice includes applicants, employees, former employees, workers (including agency, bank, honorary contract holders and contracted staff), volunteers, trainees and those carrying out work experience and clinical placements.

We recognise the need to treat staff personal and sensitive data in a fair and lawful manner.  No personal information held by us will be processed unless the requirements for fair and lawful processing can be met.

The types of personal/sensitive data we hold

In order to carry out our activities and obligations as an employer we handle data in relation to:

  • Personal demographics (including age, disability, gender reassignment, marriage and civil partnership, pregnancy and maternity, race, sex, sexual orientation, religion or belief)
  • Contact details such as names, addresses, telephone numbers, emergency contact details and personal email addresses (where provided)
  • Employment records (including professional body registration/membership, references, proof of eligibility to work in the UK and security checks)
  • Bank details
  • Pension details
  • Medical information including physical health or mental condition (occupational health information)
  • Information relating to health and safety
  • Trade union / professional organisation membership
  • Offences (including alleged offences), criminal proceedings, outcomes and sentences
  • Employee relations files (grievance, disciplinary, performance, sickness absence/ill-health cases)Employment Tribunal applications, complaints, accidents, and incident details

Our staff are trained to handle your information correctly and protect your confidentiality and privacy.

We aim to maintain high standards, adopt best practice for our record keeping and regularly check and report on how we are doing.  Your information is never collected or sold for direct marketing purposes.

Purpose of processing data

  • Staff administration, management (including payroll and performance) and engagement
  • Payroll and pensions administration
  • Business management and planning
  • Accounting and auditing, including to HMRC
  • Accounts and records
  • Crime prevention and prosecution of offenders
  • Education, learning and organisational development
  • Health administration and services
  • Information and local and national databases and data warehouse administration
  • Sharing and matching of personal information for national fraud initiative

We have a legal basis to process this as part of your contract of employment (either permanent, temporary or other working arrangements) or as part of our recruitment processes (see scope above) following data protection and employment legislation.

Sharing your information

There are a number of reasons why we share information. This can be due to:

  • Our obligations to comply with legislation
  • Our duty to comply with any Court Orders which may be imposed

Any disclosures of personal data are always made on a case-by-case basis, using the minimum personal data necessary for the specific purpose and circumstances and with the appropriate security controls in place. Information is only shared with those agencies and bodies who have a “need to know” or where you have consented to the disclosure of your personal data to such persons.

Use of Third Party Companies

To enable effective staff administration, Leicestershire Partnership NHS Trust will share your information with external companies to process your data on our behalf in order to comply with our obligations as an employer.

Employee Records; Contracts Administration

The information which you provide during the course of your employment (including the recruitment process) will be shared with NHS Shared Business Services (SBS) for maintaining your employment records held on the national NHS Electronic Staff Record (ESR) system.

NHS Streamlining

Details may be transferred from this Trust to other NHS Trusts to support the safe, efficient and effective transfer of staff information when a member of the workforce transfers from one NHS Organisation to another NHS Organisation.  The personal data that is shared includes: name, address, date of birth, national insurance number, completed training and registration details.

Prevention and Detection of Crime and Fraud

We are required to use the information we hold about you to detect and prevent crime or fraud.  We are also required to share this information with other bodies that inspect and manage public funds.

We will not routinely disclose any information about you without your express permission.  However, there are circumstances where we must or can share information about you, owing to a legal/statutory obligation.

The Trust is participating in the National Fraud Initiative (NFI) 2020 exercise. The NFI matches electronic data within and between public and private sector bodies for the purpose of assisting with the prevention and detection of fraud. Some of your personal data will be collected and used by the Cabinet Office to support this exercise. The data required from participants will be the minimum needed to undertake the matching exercise including name, gender, NI number, bank account and passport number. All data will be stored electronically by the Cabinet Office or by another organisation under contract with the Cabinet Office. It will be held on a secure encrypted, password protected computer system maintained in a secure environment. For processing to be lawful under the General Data Protection Regulation (EU) 2016/679 and Data Protection Act 2018, we need to identify a legal basis before this data can be processed.

All Trust staff (and supplier) data may be submitted to the National Fraud Initiative on a regular basis. The use of data is carried out with statutory authority under Part 6 of the Local Audit and Accountability Act 2014. You can read further information about the national fraud initiative on the Gov UK website – https://www.gov.uk/government/publications/fair-processing-national-fraud-initiative/fair-processing-level-3-full-text

The identified legal basis for this activity is: GDPR Article 6 (1) (e) Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller. The Trust has a legal obligation under the ‘Right to Work’ – Home Office Regulations DPA 2018 Schedule 1 Part 2 Section 10 Preventing or detecting unlawful acts.

Government agencies

In order to comply with statutory requirements, we are required to supply information about you and/or your employment relationship with the Trust to central government agencies, departments or agents acting on their behalf (e.g. HMRC, Department of Health and Social Care, Home Office, DWP).

Payroll and pensions administration

The Trusts payroll provider is Lincolnshire Partnership NHS Trust. Only information to support the payroll function is provided to them. Information will be shared with Lincolnshire Partnership in pursuit of administering your pay and any associated pensions, under or overpayments

The Trust uses a system called EASY for the submission and management of expenses related to your contracted work and for which claims can be made. As part of this system Google Maps is launched to review and update distances, which is defined as ‘automated decision making’ through its linkage to your personal details held within the system, including home postcode. The Trust has a legitimate basis for using this automated decision making, in its obligation to support your rights under your contract of employment. There are systems in place to allow employees to amend any distances that are presented and also to challenge any decisions made about the claim and relevant expenses paid.

Your information rights under General Data Protection Regulations (GDPR)/UK Data Protection Law

  • The right to be informed – you have the right to know what information we hold about you, what we use it for and if the information is shared, who it will be shared with, which we do through this privacy notice..
  • The right of access – for details about how  to access your personal data, please click here
  • The right to rectification – this is your right to have your personal data rectified if it is inaccurate or incomplete.  If you believe that the information recorded about you is incorrect, you will need to tell us so that we are able to contact the person who entered the information.  We will correct factual mistakes and provide you with a copy of the corrected information.
  • The right to erasure – this is also known as your ‘right to be forgotten’, where there is no compelling reason to continue processing your data in relation to the purpose for which it was originally collected or processed.

The Trust is required to retain your employment record in order to carry out activities and obligations as an employer and therefore cannot delete the record until it reaches the required Department of Health and Social Care retention period.

  • The right to restrict processing – this is your right to block or suppress the processing of your personal data. If you raise an issue that requires us to restrict processing, we will investigate your concerns.
  • The right to data portability – this is your right to obtain and re-use any information you have provided to us as part of an automated process.  At present we do not process any personal data that meets this requirement.
  • The right to object – this is your right to object the processing of your data because of your particular situation.  Because of our obligation as an employer it is extremely rare that we would stop processing your data whilst you are still employed by this Trust.  If you believe you have compelling grounds for us to stop processing your data you should contact our Data Protection Officer.
  • Rights in relation to automated decision making and profiling – GDPR provides safeguards for individuals against the risk that a potentially damaging decision is taken without human intervention. Through the use of EASY for the submission and management of work claims and expenses, limited automated decision making is used through the launching of Google Maps to review and update distances. The Trust has a legitimate basis for this in its ability to support your employment rights through the contract of employment.

Retention of your data

We will retain your information in line with the Retention Schedule within the Information Governance Alliance Records Management Code of Practice for Health and Social Care (2016). Click here for more information.

If you have cause to complain, please contact the Human Resources Department in the first instance on 0116 2957530 or via email to hrinputting@leicspart.nhs.uk