Alder Hey processes data on behalf of patients, their families, staff members and other individuals identified by manual or automated records. We conform to all the principles of data protection and ensure that personal data is collected fairly and processed lawfully under the requirements of data protection law.
The Data Protection Act 2018 / UK General Data Protection Regulation provides protection for individuals regarding the processing of their personal data and places specific data protection and privacy considerations on organisations holding and using their information.
Personal data must be processed in accordance with the principles set out in the law and organisations processing personal data must demonstrate compliance with the principles.
Personal data is only processed by Alder Hey for legitimate lawful purposes; information is kept as accurate as possible and is only kept for as long as is necessary. Alder Hey takes all reasonable steps to ensure your data is protected and not shared with anyone who does not have the right to access it.
If you are aware of any mistakes in the information, we hold about you please let a member of staff know or contact Information Governance:
Email us at [email protected]
Write to us at Information Governance, Alder Hey Children’s Hospital, Eaton Road Liverpool, L12 2AP.
The law gives you the right to see your health record although there are some exceptions to this. If you are still undergoing treatment you should talk to the healthcare professional responsible for your care and ask if you could see your notes. Alternatively, to see or obtain copies of your records you need to make a written request to the hospital.
The Data Protection Principles
(a) Processed lawfully, fairly and in a transparent manner
(b) Collected for specified, explicit and legitimate purposes
(c) Adequate, relevant, and limited to what is necessary
(d) Accurate and where necessary kept up to date
(e) Kept in a form which permits identification of data subjects for no longer than is necessary
(f) Processed in a manner that ensures appropriate security of the personal data
Key definitions
Personal data
Any information relating to an identified or identifiable individual (data subject); an identifiable individual is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Processing
Any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Controller
The individual, organisation or organisations which, alone or jointly with others, determines the purposes and means of the processing of personal data.
Consent
Consent of the data subject – any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
Data concerning health
Personal data related to the physical or mental health of a natural person, including the provision of health care services, which reveal information about his or her health status.