Your rights and Subject Access Requests

Your rights and Subject Access Requests

 

Your Rights

Data Protection law gives you significant rights over the use of your personal data. The most important is the right to make a "Subject Access Request" for access to the information we hold, usually by being provided with a copy. Further details are provided below. Your other rights include:

  • Rectification: a right to ask us to change any personal data which is wrong
  • Erasure: a right to ask us to delete any personal data we hold. This is sometimes referred to as "the right to be forgotten"
  • Restriction: a right to ask us not to process your information for certain purposes. There is also a specific right to ask us not to use your contact details for marketing purposes.
  • Objection: a right to object to some types of processing based on your own individual circumstances
  • Data portability: the right to receive your information in a specific form so that it can be used by another organisation. However this right usually only applies where we are processing information by consent so it does not apply to medical records. For more information please see the Information Commissioner's website.

These rights are not absolute (other than prevention of marketing) and will not apply in all circumstances. For example, you do not have a right to insist that we delete your medical records as we have a legal duty to keep them.

For more information about your rights please see the ICO's guide to individual rights. 

If you wish to exercise any of the rights other than a Subject Access Request please contact the Trust's Data Protection Officer via post to Legal Services Department, Weston Area Health NHS Trust, Grange Road, Uphill, Weston-Super-Mare, North Somerset, BS23 4TQ, email  wnt-tr.dpo@nhs.net or by phone on  01934 647002

You also have a right to complain to the Information Commissioner if you are in any way unhappy with the way we have processed your personal information or allowed you to exercise your rights. Please see: www.ico.org.uk/concerns.

 

Subject Access Requests

GDPR gives you the right to access the information we hold about you on our records.

For medical records requests should be made in writing to the Medical Records Department. The Trust will provide the information to you within one month of receipt of your request and sufficient information to identify you.

There is generally no charge but the Trust reserves the right to make a reasonable administrative charge in the case of requests which are manifestly unfounded or excessive, in particular because of their repetitive character.

It is possible for you to make requests on behalf of children you are responsible for and in some cases for adults e.g. where you have their specific authority or a Power of Attorney or they are incapable of making their own request.

Further information can be gained by contacting the legal services at the above address.

You can also find useful information about exercising your right of access and what you can expect here.

 

Rectification

If you think that the data we hold on you is inaccurate or incomplete you may ask us to rectify or complete it. You can make your request by contacting the Trust's Data Protection Officer at the above address, by email to wnt-tr.dpo@nhs.net or by phone on 01934 647002. We will tell you within one month what action we intend to take in response to your request.

 

Erasure

Under GDPR you sometimes have a right to have personal data erased. The right to erasure is also known as 'the right to be forgotten'. You can make your request by contacting the Trust's Data Protection Officer at the above address, by email to wnt-tr.dpo@nhs.net   or by phone on 01934 647002. We will tell you within one month what action we intend to take in response to your request.

However this right does not apply to many of our key data holdings such as health records and employees' records as we are keeping such records as part of our legal duties. For a full explanation of the right and when it applies please see the Information Commissioner's website.

Restriction

This is closely linked to other rights. You have the right to restrict processing in limited circumstances for example if you think our data is inaccurate and you want to limit what we do with it until we have considered rectification (see above).  You can make your request by contacting the Trust's Data Protection Officer at the above address, by email wnt-tr.dpo@nhs.net o or by phone on 01934 647002 We will tell you within one month what action we intend to take in response to your request.

 

Objection

You have a general right to object to our processing your personal data if we are processing your information for direct marketing. We will always respect such an objection.

You also have a right to object on "grounds relating to your particular situation" when we are processing your personal data:

  • On the basis of our legitimate interests or the performance of a task in the public interest/exercise of official authority. This would include our processing of medical records and employee records; or
  • For purposes of scientific/historical research and statistics.

For example, someone might object to us sharing identifying or address information if they were on a witness protection program. We can refuse to uphold an objection, if it is not based on their particular situation or in any event on compelling grounds - for example to save the life of a child of the person on the witness protection program.

You can make your request by contacting the Trust's Data Protection Officer at the above address, by email to wnt-tr.dpo@nhs.net or by phone on 01934 647002. We will tell you within one month what action we intend to take in response to your request.

For a full explanation of the right and when it applies please see the Information Commissioner's website.