Privacy policy

Privacy Policy

These Privacy notices describe how the Trust uses and manages the personal information it collects and holds about you, including how this information may be shared with other organisations, how its confidentiality is maintained and your rights. 

University Hospitals of Morecambe Bay NHS Foundation Trust is a ‘Data Controller’ under the Data Protection Legislation. This means we are legally responsible for ensuring that all personal data that we hold and use is done so in a way that meets the current and future data protection principles. We must also notify the Information Commissioner about all of our data processing activity.

Our registration number is Z2866193 and our registered entry can be found on the Information Commissioner’s website

To see how University Hospitals of Morecambe Bay NHS Foundation Trust store and process data about you, please choose the appropriate privacy notice to view:

Privacy notice for patients

This privacy notice tells you what to expect us to do with your personal information when you contact us or use our services.

Our contact details

Name: University Hospitals of Morecambe Bay NHS Foundation Trust

Address: Trust Head Quarters, Westmorland General Hospital, Burton Road, Kendal, Cumbria LA9 7RG

General phone number: 01539 732288

General inquiries email address: trust.hq@mbht.nhs.uk  

Website: University Hospitals of Morecambe Bay NHS Foundation Trust (uhmb.nhs.uk)

We are the controller for your information. A controller decides on why and how information is used and shared.

Data Protection Officer contact details

Our Data Protection Officer is Andy Wicks and is responsible for monitoring our compliance with data protection requirements. You can contact them with queries or concerns relating to the use of your personal data at dataprot@mbht.nhs.uk

How do we get information and why do we have it?

The personal information we collect is provided directly from you for one of the following reasons: 

  • you have provided information to seek care – this is used directly for your care, and also to manage the services we provide, to clinically audit our services, investigate complaints, or to be used as evidence as part of an investigation into care
  • you have sought funding for continuing health care or personal health budget support
  • you have signed up to our newsletter/patient participation group
  • you have made a complaint

We also receive personal information about you indirectly from others, in the following scenarios:

  • from other health and care organisations involved in your care so that we can provide you with care
  • from family members or carers to support your care

What information do we collect?

Personal information

We currently collect and use the following personal information:

  • personal identifiers and contacts (for example, name and contact details)
  • personal identifiers and contacts for your next of kin
  • mobile telephone numbers to support text messaging and automated calls, such as outpatient appointment reminders and feedback on your experience and links to Trust patient portal
  • personal email addresses to send you information or as part of a service we provide
  • patient experience feedback and treatment outcome information you provide
  • CCTV images for example, public and staff safety and crime prevention and detection and monitoring building security.

More sensitive information

We process the following more sensitive data (including special category data):

  • data concerning physical or mental health (for example, details about your appointments or diagnosis)
  • data revealing racial or ethnic origin, while we are required to collect this information you do not have to tell us if you do not want to
  • data concerning a person’s sexual orientation
  • genetic data (for example, details about a DNA sample taken from you as part of a genetic clinical service)
  • data revealing religious or philosophical beliefs

Who do we share information with?

We may share information with the following types of organisations:

  • NHS organisations such as General Practices, Acute Hospitals, Community Service and Mental Health Care Providers, Nursing Homes
  • planners of health and care services (such as Integrated Care Boards)
  • third party data processors (such as IT systems suppliers)
  • other such as social services, education services, local authorities, the police, voluntary sector providers and private sector providers

In some circumstances we are legally obliged to share information. This includes:

  • when required by NHS England to develop national IT and data services
  • when registering births and deaths
  • when reporting some infectious diseases
  • when a court orders us to do so
  • where a public inquiry requires the information

We will also share information if the public good outweighs your right to confidentiality. This could include:

  • where a serious crime has been committed
  • where there are serious risks to the public or staff
  • to protect children or vulnerable adults

We may also process your information in order to de-identify it, so that it can be used for purposes beyond your individual care whilst maintaining your confidentiality. These purposes will include to comply with the law and for public interest reasons.

The Trust will not disclose, share, sell or distribute your confidential personal information to third parties unless we have your explicit consent, or the health or safety of others is at risk, or the law requires the Trust to disclose.

We will only give information to your relatives, friends, and carers if you want us to and have given your permission

What is our lawful basis for using information?

Personal information

Under the UK General Data Protection Regulation (UK GDPR), the lawful basis we rely on for using personal information is:

(b) We have a contractual obligation - between a person and a service, such as a service user and privately funded care home.

(c) We have a legal obligation - the law requires us to do this, for example where NHS England or the courts use their powers to require the data. See this list for the most likely laws that apply when using and sharing information in health and care.

(e) We need it to perform a public task - a public body, such as an NHS organisation or Care Quality Commission (CQC) registered social care organisation, is required to undertake particular activities by law. See this list for the most likely laws that apply when using and sharing information in health and care.

(f) We have a legitimate interest - for example, a private care provider making attempts to resolve an outstanding debt for one of its service users.

More sensitive data

Under UK GDPR, the lawful basis we rely on for using information that is more sensitive (special category):

(f) We need for a legal claim or the courts require it.

(g) There is a substantial public interest (with a basis in law). See this list for the most likely laws that apply when using and sharing information in health and care.

(h) To provide and manage health or social care (with a basis in law). See this list for the most likely laws that apply when using and sharing information in health and care.

(i) To manage public health (with a basis in law). See this list for the most likely laws that apply when using and sharing information in health and care.

(j) For Archiving, research and statistics (with a basis in law). See this list for the most likely laws that apply when using and sharing information in health and care.

Common law duty of confidentiality

In our use of health and care information, we satisfy the common law duty of confidentiality because:

  • you have provided us with your consent (we have taken it as implied to provide you with care, or you have given it explicitly for other uses)
  • we have support from the Secretary of State for Health and Care following an application to the Confidentiality Advisory Group (CAG) who are satisfied that it is not possible or practical to seek consent
  • we have a legal requirement to collect, share and use the data
  • for specific individual cases, we have assessed that the public interest to share the data overrides the public interest served by protecting the duty of confidentiality (for example sharing information with the police to support the detection or prevention of serious crime). This will always be considered on a case-by-case basis, with careful assessment of whether it is appropriate to share the particular information, balanced against the public interest in maintaining a confidential health service

How do we store your personal information?

The information you provide will be subject to rigorous security measures and retained securely in line with current legislation to make sure it can only be seen, accessed and/or disclosed to those who need to know. 

We have policies and procedures that explain the approach within our Trust and our commitments and responsibilities to your privacy.

Staff are trained to understand their duty of confidentiality and their responsibilities regarding the security of patient information both on our premises and when out in the community.

Your information is securely stored for the time periods specified in the Records Management Code of Practice. We will then dispose of the information as recommended by the Records Management Code for example we will:

  • securely dispose of your information by shredding paper records, or wiping hard drives to legal standards of destruction
  • archive your information at where appropriate historically significant service’s record may be archived with the local Archive Service, which is run by the Local Authority.

What are your data protection rights?

Under data protection law, you have rights including:

Your right of access - You have the right to ask us for copies of your personal information (known as a subject access request). To request a copy of your health record you can download a copy of the Access to Health Records form here.

By Post

Access to Health Records Office

Medical Records

Unit 9

Peter Green Way

Furness Business Park

Barrow-in-Furness

Cumbria

LA14 2PE

 

By Email

 AccessToHealthRecords@mbht.nhs.uk

Your right to rectification - You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete

Your right to erasure - You have the right to ask us to erase your personal information in certain circumstances.

Your right to restriction of processing - You have the right to ask us to restrict the processing of your personal information in certain circumstances.

Your right to object to processing - You have the right to object to the processing of your personal information in certain circumstances.

If we are unable to fulfil your request as we have a legal obligation to continue processing your personal data, we will provide you with an explanation and where appropriate make a note on your health record.

You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you. If your request is deemed complex, we can extend by a further two months.

National data opt-out

We are applying the national data opt-out because we are using confidential patient information for planning or research purposes. There are some circumstances where we will not be applying the national opt-out where an agreed exception applies.

The information collected about you when you use health and care services can also be used and provided to other organisations for purposes beyond your individual care, for instance to help with:

  • improving the quality and standards of care provided
  • research into the development of new treatments
  • preventing illness and diseases
  • monitoring safety
  • planning services

This may only take place when there is a clear lawful basis to use this information. All these uses help to provide better health and care for you, your family and future generations. Confidential health and care information is only used like this when allowed by law.

Whenever possible data used for research and planning is anonymised, so that you cannot be identified, and your confidential information is not accessed.

You have a choice about whether you want your confidential information to be used in this way. If you are happy with this use of information you do not need to do anything. If you do choose to opt out your confidential information will still be used to support your individual care.

To find out more or to register your choice to opt out, please visit nhs.uk/your-nhs-data-matters.

You can change your mind about your choice at any time.

Data being used or shared for purposes beyond individual care does not include your data being shared with insurance companies or used for marketing purposes and data would only be used in this way with your specific agreement.

How do I complain or raise a concern?

If you have any concerns about our use of your personal information, you can make a complaint to us by contacting the

Data Protection Officer

By Post

Data Protection Officer

University Hospitals of Morecambe Bay NHS Foundation Trust

Trust Headquarters
Westmorland General Hospital
Burton Road
Kendal
Cumbria
LA9 7RG

By email

dataprot@mbht.nhs.uk
 

Patient Advice and Liaison Service

The Patient Relations and Patient Advice and Liaison Service (PALS) Teams provide support for our patients, their families and carers.

By Telephone

01539 715577

By email

PALS@mbht.nhs.uk


Following this, if you are still unhappy with how we have used your data, you can then complain to the Information Commissioner s Office

By Post   

Information Commissioner’s Office

Wycliffe House

Water Lane

Wilmslow

Cheshire

SK9 5AF

Helpline number

0303 123 1113

ICO website

Date of last review

Last reviewed 09 January 2024.

Privacy notice for employment and staffing

This privacy notice tells you what to expect us to do with your personal information when you are employed by the Trust.

Our contact details

Name: University Hospitals of Morecambe Bay NHS Foundation Trust

Address: Westmorland General Hospital, Burton Road, Kendal, Cumbria, LA9 7RG

General phone number: 01539 732288

General inquiries email address: trust.hq@mbht.nhs.uk

Website: Home :University Hospitals of Morecambe Bay NHS Foundation Trust (uhmb.nhs.uk)

We are the controller for your information. A controller decides on why and how information is used and shared

Data Protection Officer contact details

Our Data Protection Officer is Andy Wicks and is responsible for monitoring our compliance with data protection requirements. You can contact them with queries or concerns relating to the use of your personal data at data.officer@mbht.nhs.uk

How do we get information and why do we have it?

The personal information we collect is provided directly from you for one of the following reasons. 

  • you have applied for a job with us or work for us
  • to maintain accurate and up to date records of our all individuals working for the Trust
  • to complete necessary day to day staff management such as periods of leave and sickness absence, appraisal and performance reviews  
  • to facilitate employee relations processes such as disciplinary proceedings, attendance management, incident and complaints  
  • to support your education, training and development including mandatory training compliance
  • to ensure ongoing eligibility to work at the Trust, including professional memberships, qualifications, revalidation, right to work, and identity checks
  • to support staff wellbeing and fitness to work, including referral to and provision of Occupational Health services.
  • to provide communications about the Trust, including news and events, and about your employment.
  • to provide access to equipment, services, and areas, such as ICT/system access and access to Trust sites.
  • to manage a safe environment and, including safeguarding and the prevention, detection, and investigation of crime.
  • to enable the payment of salaries and wages, sick pay, maternity pay, and reimbursement/expenses, and deductions such as PAYE, National Insurance, and pension contributions, and any other financial administration, such as staff benefits/salary sacrifice schemes.
  • to monitor and understand the profile of the organisation’s workforce, e.g., equality and diversity analysis, to ensure fair and consistent treatment of minority groups, and meet our Trust’s obligations under equal opportunities legislation.
  • to ensure that the organisation can deliver all the patient services that our Trust has been commissioned to provide, with the appropriate roles and skillsets across our staffing population.
  • to enable workforce modelling, to ensure that services meet patient needs now and in the future.

We also receive personal information about you indirectly from others, in the following scenarios:

  • from NHS Jobs when you apply for a job
  • Disclosure and baring service for criminal records checks
  • NHS bodies such as NHS England, NHS Improvement to fulfil our legal obligations with statutory returns
  • to enable the payment of salaries and wages, sick pay, maternity pay, and reimbursement/expenses, and deductions such as PAYE, National Insurance, and pension contributions, and any other financial administration, such as staff benefits/salary sacrifice schemes
  • NHS Business Services Authority to facilitate NHS Pensions.
  • HM Revenue and Customs (HMRC) for taxation and related purposes
  • Professional bodies such as the General Medical Council (GMC) and Nursing and Midwifery Council (NMC) for professional membership, revalidation and disciplinary and investigation purposes
  • Department for Work and Pension for pension information
  • Home Office UK visas and immigration for right to work in the UK and identity checks
  • Other NHS organisations to facilitate staff movement if your employment transfers or is seconded, including via TUPE processes
  • Staff benefits and salary sacrifice providers to facilitate any offers or schemes in which you may choose to participate
  • Educational institutions, such as universities to facilitate training and education, and work experience placements
  • Staffing agencies to facilitate the employment of agency staff.
  • Any relevant parties to comply with a Court Order

What information do we collect?

Personal information

We currently collect and use the following personal information:

  • personal identifiers and contacts (for example, name, addresses, telephone numbers and Emergency contact(s))
  • personal email addresses
  • photographic identity (photo ID) (for example, photographs of staff for ID badges or our website)
  • Employment records (including professional membership, references and proof of eligibility to work in the UK and security checks)  
  • Bank details   

More sensitive information

We process the following more sensitive data (including special category data):

  • data concerning physical or mental health (for example, for occupational health reason or sickness records)
  • data revealing racial or ethnic origin
  • data concerning a person’s sexual orientation
  • data revealing religious or philosophical beliefs
  • data revealing trade union membership
  • data relating to criminal or suspected criminal offences

Who do we share information with?

We may share information with the following types of organisations:

  • Disclosure to Data Processors - e.g. process your pay,  
  • Public disclosure under Freedom of Information - e.g. requested names or contact details of senior managers or those in public-facing roles; 
  • Disclosure of job applicant details - e.g. to named referees for reference checks, to the Disclosure & Barring Service for criminal record checks, to named GPs for health checks, to housing agencies for staff relocation or accommodation; 
  • Disclosure to employment agencies - e.g. in respect of agency staff; 
  • Disclosure to banks & insurance companies - e.g. to confirm employment details in respect of loan/mortgage applications/guarantees; 
  • Disclosure to professional registration organisations - e.g. in respect of fitness to practice hearings; 
  • Disclosure to Occupational Health professionals (subject to explicit consent); 
  • Disclosure to police or fraud investigators - e.g. in respect of investigations into incidents, allegations or enquiries.
  • Other NHS organisations to facilitate staff movement if your employment transfers or is seconded, including via TUPE processes

In some circumstances we are legally obliged to share information. This includes:

  • when reporting some infectious diseases
  • when a court orders us to do so
  • where a public inquiry requires the information
  • where a serious crime has been committed
  • where there are serious risks to the public or staff

We may also process your information in order to de-identify it, so that it can be used for purposes beyond your employment whilst maintaining your confidentiality. 

What is our lawful basis for using information?

Personal information

Under the UK General Data Protection Regulation (UK GDPR), the lawful basis we rely on for using personal information is:

(c) We have a legal obligation - the law requires us to do this, for example where NHS England or the courts use their powers to require the data. See this list for the most likely laws that apply when using and sharing information in health and care.

(e) We need it to perform a public task - a public body, such as an NHS organisation or Care Quality Commission (CQC) registered social care organisation, is required to undertake particular activities by law.

(f) We have a legitimate interest for example offering external services to staff

More sensitive data

Under UK GDPR, the lawful basis we rely on for using information that is more sensitive (special category):

(b) We need it for employment, social security and social protection reasons (if authorised by law). See this list for the most likely laws that apply when using and sharing information in health and care.

How do we store your personal information?

The information you provide will be subject to rigorous security measures and retained securely in line with current legislation to make sure it can only be seen, accessed and/or disclosed to those who need to know. 

We have policies and procedures that explain the approach within our Trust and our commitments and responsibilities to your privacy.

Staff are trained to understand their duty of confidentiality and their responsibilities regarding the security of personal data.

Your information is securely stored for the time periods specified in the Records Management Code of Practice.

We will then dispose of the information as recommended by the Records Management Code for example we will:

  • securely dispose of your information by shredding paper records, or permanently deleting your folder from electronic document storage areas.
  • archive your information at where appropriate historically significant service’s record may be archived with the local Archive Service, which is run by the Local Authority.

What are your data protection rights?

Under data protection law, you have rights including:

Your right of access - You have the right to ask us for copies of your personal information (known as a subject access request). You can access what is recorded in Electronic Staff Record via the My ESR portal (self-services portal) available via Favourites on any Trust PC, via an NHS App available from App stores and via your personal PC from home. You can find more information on the Workforce intranet area.

Your right to rectification - You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete. Some information can be completed by the ESR Self Service.

Your right to restriction of processing - You have the right to ask us to restrict the processing of your personal information in certain circumstances. 

Your right to object to processing - You have the right to object to the processing of your personal information in certain circumstances.

You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you.

Please contact us at

By email

hr.queries@mbht.nhs.uk

How do I complain?

If you have any concerns about our use of your personal information, you can make a complaint to us at

By Post

Data Protection Officer

University Hospitals of Morecambe Bay NHS Foundation Trust

Trust Headquarters
Westmorland General Hospital
Burton Road
Kendal
Cumbria
LA9 7RG

By email

data.officer@mbht.nhs.uk
 

Following this, if you are still unhappy with how we have used your data, you can then complain to the ICO (Information Commissioner s Office).

By post

Information Commissioner’s Office

Wycliffe House

Water Lane

Wilmslow

Cheshire

SK9 5AF

Helpline number

 0303 123 1113

ICO website

Date of last review

Last reviewed 09 January 2024

Privacy notice for Trust Membership

This privacy notice tells you what to expect us to do with your personal information when you contact us or use our services.

Our contact details

Name: University Hospitals of Morecambe Bay NHS Foundation Trust

Address: Trust Head Quarters, Westmorland General Hospital, Burton Road, Kendal, Cumbria LA9 7RG

General phone number: 01539 732288

General inquiries email address: trust.hq@mbht.nhs.uk 

Website: University Hospitals of Morecambe Bay NHS Foundation Trust (uhmb.nhs.uk)

We are the controller for your information. A controller decides on why and how information is used and shared.

Data Protection Officer contact details

Our Data Protection Officer is Andy Wicks and is responsible for monitoring our compliance with data protection requirements. You can contact them with queries or concerns relating to the use of your personal data at dataprot@mbht.nhs.uk

How do we get information and why do we have it?

The personal information we collect

  • is provided directly from you if you as a member of public and you have registered to be as member.
  • provided indirectly from others, if you as a member of staff you are
  • on a permanent contract or on fixed-term contracts that run for 12 months or longer you are automatically registered.  Seconded from partner agencies or bank staff on 12 months or longer contracts and have been invited to stand for/pr vote in staff governor elections

What information do we collect?

Personal information

We currently collect and use the following personal information:

  • name, address, postcode, telephone number, email address and preferred method of contact and data of birth so we can verify you are over 12 years of age.

More sensitive information

We process the following more sensitive data (including special category data):

  • information about your ethnicity and if you have a disability, but this is optional and your choice whether we can hold this information

Who do we share information with?

You will also be asked if you agree for your name to be on the public register of the Trust’s membership. The public register will only show your name, constituency, and class, for example Mr Joe Bloggs, Eden, Public.

What is our lawful basis for using information?

Personal information

Under the UK General Data Protection Regulation (UK GDPR), the lawful basis we rely on for using personal information is:

(e) We need it to perform a public task - a public body, such as an NHS organisation or Care Quality Commission (CQC) registered social care organisation, is required to undertake particular activities by law.

More sensitive data

Under UK GDPR, the lawful basis we rely on for using information that is more sensitive (special category):

(a) We have your explicit consent - this must be freely given, specific, informed and unambiguous.

How do we store your personal information?

This information is stored in a membership database that is subject to rigorous measures and retained securely, to make sure it can only be seen, accessed and/or disclosed to those who need to know. This is supported by policies and procedures to explain our approach and commitments and responsibilities to privacy, with staff trained regularly to understand their duties and responsibilities regarding the security of your personal data. All records, when no longer required, are destroyed confidentially in a secure way.

The Trust will not disclose, share, sell or distribute your confidential personal information to third parties unless we have your explicit consent.

Your information is securely stored for the time periods specified in the Records Management Code of Practice. We will then dispose of the information as recommended by the Records Management Code by removing your record from the electronic system.

What are your data protection rights?

Under data protection law, you have rights including:

Your right of access - You have the right to ask us for copies of your personal information (known as a subject access request).

Your right to rectification - You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.

Your right to restriction of processing - You have the right to ask us to restrict the processing of your personal information in certain circumstances.

Your right to object to processing - You have the right to object to the processing of your personal information in certain circumstances.

You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you.

Please contact us at if you wish to make a request

By email:

FTmembership.Office@mbht.nhs.uk

By post:

Trust HQ,

Westmorland General Hospital,

Burton Road,

Kendal,

LA9 7RG

When you no longer wish to be a member

If at any point you no longer wish to be a member, you can ask for your details to be removed from the database by contacting the membership office.

Staff whose employment ceases with the Trust will no longer be a staff member. However, providing they remain resident within the geographical area served by the Trust, they will automatically become eligible for public constituency membership if not disqualified from membership for any reasons stipulated in the Constitution.

How do I complain or raise concerns?

If you have any concerns about our use of your personal information, you can make a complaint to us at data.officer@mbht.nhs.uk

Following this, if you are still unhappy with how we have used your data, you can then complain to the ICO.

By Post

Information Commissioner’s Office

Wycliffe House

Water Lane

Wilmslow

Cheshire

SK9 5AF

Helpline number

0303 123 1113

ICO website

Privacy notice for children

This privacy notice tells you what to expect us to do with your personal information when you contact us or use our services.

Our contact details

Name: University Hospitals of Morecambe Bay NHS Foundation Trust

Address: Trust Head Quarters, Westmorland General Hospital, Burton Road, Kendal, Cumbria LA9 7RG

General phone number: 01539 732288

General inquiries email address: trust.hq@mbht.nhs.uk

Website: University Hospitals of Morecambe Bay NHS Foundation Trust (uhmb.nhs.uk)

What is personal Information?

Personal Information is anything which identifies you as a person, and we all have personal information.

Personal information can be many things like your name, address, date of birth, pictures of you, your email address and your doctor’s notes. This is personal information which tells us something about you.

Sometimes people you don’t know can use your personal information to trick you or put you in a difficult situation. That is why it is important to never give out your personal information to anyone you don’t know.

You should only give this information to people you trust like your parents, teachers or when you enter a hospital.

Why do we collect your personal information?

Here at University Hospitals of Morecambe Bay NHS Foundation Trust we are trusted like your parents and you can share your personal information with us.

When you come into hospital we need your personal information to help us make you better.

Sometimes we may collect your details on paper, by telephone, email, from you or your parents/ guardians, or from a member of staff or one of our partners. This information will be used to make sure you receive the right treatment.

We will do everything we can to look after your personal information, keep it safe and secure and not share with anyone unless they are trusted. This is the law, known as the General Data Protection Regulations (GDPR). Would you ever walk into a giant hall of strangers and make it rain postcards with your name, address and telephone number? No, that’s why we take steps to ensure your personal information is kept safe and secure with only those staff who are helping you in hospital that are allowed to look at it.

We may need to share your personal information

We look after your personal information but in some cases we may need to share your information. We can only do this if it is absolutely necessary.

We may share your information with doctors, nurses, ambulance services, your parents, the police or your school to help us to help you. Remember, this is your personal information and if you are not happy about sharing your personal information you should raise your concerns.

Every individual has rights. You have a right to keep your personal information your private property. You, your parent or carer, can ask your doctor or nurse about what personal information the hospital holds on you and who we have shared it with.

This is called a Subject Access Request and you can make a request by downloading a copy of the Access to Health Records form here,

By Post:  

Access to Health Records Office  

Medical Records 

Unit 9 

Peter Green Way 

Furness Business Park 

Barrow-in-Furness 

Cumbria 

LA14 2PE 

By email:

AccessToHealthRecords@mbht.nhs.uk

Contact details

It you have any concerns or questions you can contact the Trust

By post

Data Protection Officer

University Hospitals of Morecambe Bay NHS Foundation Trust

Trust Headquarters
Westmorland General Hospital
Burton Road
Kendal
Cumbria
LA9 7RG

By email:

dataprot@mbht.nhs.uk

You can also find information on the Information Commissioners Website.

By post

The ICO’s address is:    

Information Commissioner’s Office

Wycliffe House

Water Lane

Wilmslow

Cheshire

SK9 5AF

Helpline number:

0303 123 1113

Date of last review

Last reviewed 09 January 2024. Next review 09 January 2025

Please note that if you access our service using your NHS login details, the identity verification services are managed by NHS England. NHS England is the controller for any personal information you provided to NHS England to get an NHS login account and verify your identity, and uses that personal information solely for that single purpose.  For this personal information, our role is a “processor” only and we must act under the instructions provided by NHS England (as the “controller”) when verifying your identity. To see NHS login’s Privacy Notice and Terms and Conditions, please visit NHS login Privacy Notice and Terms & Conditions. This restriction does not apply to the personal information you provide to us separately.

If you view or manage your hospital appointments via the NHS App we share your data with NHS England who operate the NHS App and provide this functionality, known as NHS Wayfinder services.  For more information see the NHS Wayfinder services privacy policy. This privacy policy explains how NHS England and other organisations may use your data for this purpose

Our contact details  

Name: University Hospitals of Morecambe Bay NHS Foundation Trust
Address: Westmorland General Hospital, Burton Road, Kendal, Cumbria, LA9 7RG
General phone number: 01539 732288
General inquiries email address: trust.hq@mbht.nhs.uk
Website: University Hospitals of Morecambe Bay NHS Foundation Trust (uhmb.nhs.uk)  

Data Protection Officer contact details 

Our Data Protection Officer is Andy Wicks and is responsible for monitoring our compliance with data protection requirements. You can contact them with queries or concerns relating to the use of your personal data at dataprot@mbht.nhs.uk


Cookies

Cookies are small text files that are placed on your computer by websites that you visit. They are widely used in order to make websites work, or work more efficiently, as well as to provide information to the owners of the site.

Cookies are used minimally on this website for site usage analytics. You may delete and block all cookies from this site, but some parts of the site may not work as expected.

In order to help us to improve the content, format and structure of this website we record and analyse how visitors use the website. For this purpose, we use Google Analytics.

"This website uses Google Analytics, a web analytics service provided by Google, Inc. ("Google"). Google Analytics uses "cookies", which are text files placed on your computer, to help the website analyze how users use the site. The information generated by the cookie about your use of the website (including your IP address) will be transmitted to and stored by Google on servers in the United States. Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google's behalf. Google will not associate your IP address with any other data held by Google. You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. By using this website, you consent to the processing of data about you by Google in the manner and for the purposes set out above."

We do not make any attempt to find out the identities of those visiting our website. We will not associate any data gathered from this site with any personally identifying information from any source. If we do want to collect personally identifiable information through our website, we will be up front about this and we will make it clear when we collect personal information and will explain what we intend to do with it.

For more information on enabling and disabling cookies please visit About Cookies.

COOKIE

NAME

PURPOSE

MORE INFORMATION

Google Analytics

_utma
_utmb
_utmc
_utmz

These cookies are used to collect information about how visitors use our site. We use the information to compile reports and to help us improve the site. The cookies collect information in an anonymous form, including the number of visitors to the site, where visitors have come to the site from and the pages they visited.

Click here for an overview of privacy at Google

 

Click here for information on downloading a browser add-on to opt-out of Google Analytics

 

concrete5

CONCRETE5

This cookie is used by the website's CMS (Content Management System) to track if the user is a public guest or is logged in to an account on the website. This cookie is not used for any other purpose. 

 

Cookie notice

cookieconsent_status

Keep track of whether or not you have clicked "Got it!" on the notice about cookies on this website, so that it doesn't keep appearing when you load a page. 

 

Google Translate

googtrans

Keep track of which language has been selected from the Google Translate tool.

 

Colour contrast

contrast-mode

Keep track of which colour contrast mode has been selected from the Accessibility Tools.

 

Accessibility bar

accessibility-controls

Keep track of whether the accessibility bar is opened or closed.

 

Text size

saveFontSize

Keep track of the text size that has been set from the Accessibility Tools.

 

Weighted Search weighted_search_ajax_[id] Keep tracks of which way you've set the "dynamic search" button on the "search results" page  

One LSC is a shared service run by the NHS for the NHS.

It will bring together services drawn from the following functions from our five provider NHS trusts:

Blackpool Teaching Hospitals NHS Foundation Trust

East Lancashire Hospitals Trusts

Lancashire and South Cumbria NHS Foundation Trust
Lancashire Teaching Hospitals NHS Foundation Trust
University Hospital of Morecambe Bay NHS Foundation Trust

Digital and Information (IM&T), Estates and Facilities, Finance, Human Resources, and Procurement and Logistics.

This privacy notice explains how University Hospital of Morecambe Bay NHS Foundation Trust handles and shares Employee Liability Information (ELI) in compliance with the Transfer of Undertakings (Protection of Employment) Regulations 2006 (TUPE) and the Data Protection Act 2018 (DPA). This sharing of information is vital for the successful TUPE of staff in to East Lancashire Hospitals as part of the formation of One Lancashire and South Cumbria (OneLSC).

What is TUPE?

TUPE is designed to protect employees’ rights when a business or service provision is transferred to a new employer. Under TUPE, certain information about employees must be shared with the new employer to ensure a smooth transition.

What Information Will Be Shared?

The following employee liability information will be shared with  East Lancashire Hospitals NHS Trust  as the new employer.

  • Identity and age of employees
  • Employment particulars (e.g., pay, hours of work, holidays)
  • Information on any disciplinary actions or grievances within the last two years
  • Details of any collective agreements affecting the employees such as salary sacrifice and childcare vouchers
  • Information on relevant grievances against the employer in the last two years

It should be noted that initially no special category data will be shared. Special Category data includes:

  • Ethnicity
  • Sexual Orientation
  • Trade Union Membership

When we move closer to the TUPE deadline special category data will be shared as this forms part of your employment record.

Purpose of Sharing Information

The purpose of sharing this information is to comply with legal obligations under TUPE and to facilitate the transfer process, ensuring that employees’ rights are protected, and that the new employer has the necessary information to continue employment seamlessly.

Information at identifiable level will only be used for TUPE processes.

Legal Basis for Sharing Information

The legal basis for sharing ELI under TUPE is compliance with a legal obligation and within your legitimate interests as  the data subjects.  

Further information on our legal obligation can be found on the Information Commissioner website.

How Will Information Be Shared?

ELI will be shared securely and with East Lancashire Hospitals Trust as the new employer. We will ensure that all data protection principles are adhered to, including accuracy, confidentiality, and security of the information. It should be noted that all information will be retained in line with Records Management code of practice for Health and Social Care.

Your Rights

You have the right to:

  • Access the personal data we hold about you
  • Request correction of any inaccurate data
  • Object to the processing of your data in certain circumstances

For more information on your rights or to exercise them, please contact the Data Protection Officer at data.officer@mbht.nhs.uk

Contact Us

If you have any questions or concerns about this privacy notice or how your data is handled, please contact Data Protection Officer at data.officer@mbht.nhs.uk If you wish to discuss OneLSC please contact your Line Manager or a member of you Leadership Team.

This Trust participates in a joint programme to support the delivery of remote/virtual outpatient appointments. Currently, this uses a system called Attend Anywhere. To enable us to deliver this service in the most efficient way possible, patients may be seen over a video call consultation by specialists from any of these Lancashire and South Cumbria Hospital Trusts:

  • Blackpool Teaching Hospitals NHS Foundation Trust

  • East Lancashire Hospitals NHS Trust

  • Lancashire Teaching Hospitals NHS Foundation Trust

  • University Hospitals of Morecambe Bay NHS Foundation Trust

To deliver services in this way, it will be essential for your personal details (relevant to the appointment) to be shared with the consultant/specialist seeing you. If you do not wish your details to be shared with consultants and specialists in more than one Hospital Trust, please let your GP or referring doctor know as soon as possible.