Privacy

How we collect and use your information and health records

At Moorfields Eye Hospital NHS Foundation Trust (‘Moorfields’, ‘us’ or ‘we’), we are committed to protecting your privacy. Please read this Privacy Notice to find out how we use your information and what your rights are. This notice applies to personal data provided to us, both by individuals themselves or by third parties. We process your personal information lawfully, fairly and transparently, and only where we have a lawful basis to do so.

What we do

Moorfields Eye Hospital NHS Foundation Trust is the leading provider of eye health services in the UK and a world-class centre of excellence for ophthalmic research and education. We have a reputation, developed over two centuries, for providing the highest quality of ophthalmic care. Our 2,300 staff are committed to sustaining and building on our pioneering legacy and ensuring we remain at the cutting edge of developments in ophthalmology.

How we use your information

It would not be appropriate to rely on consent as a legal basis for processing your information in order to provide you with direct care. This is because it is necessary for us to use your personal information in order to provide you with safe and effective care, as a public healthcare provider. We are also obliged by law to record details of the care and treatment we provide to you. We cannot do this without your personal information, therefore it would not be appropriate to rely on your consent. For this reason, instead of consent, we rely on specific provisions under the law, such as ‘in the exercise of official authority vested in the controller’, under a ‘legal obligation,’ or as ‘a task carried out in the public interest.’

This means we use your personal information to provide you with your direct care without seeking your consent. However, you do have the right to object to our use of your information. We will consider your objection but if we comply with your wishes we will explain how this could have an impact on our ability to provide you with care. It also means that you do not have the right to be forgotten as we are legally obliged to keep your information, and do so under the Records Management Code of Practice for Health and Social Care 2016.

Using your record for your care

Your personal health record, which includes your name, address and date of birth, will be used to:

• Make sure that decisions about your care and treatment are always based on accurate, up-to-date information

• Sharing information with other NHS organisations or social care providers where there is a lawful requirement to do so, for example your GP, other NHS hospitals and local Authorities

• Investigate any concerns or complaints raised by you or your family Measure the outcomes of your treatment and ensure the service/care provided to you is excellent.however we will use minimal amount of personal information for this purpose

• Incidents

• Public bodies such as NHS Digital, Commissioners, Public Health England but only where there is a legal requirement to share personal information

Using it for other purposes:

Most of your information we process will be for direct healthcare purposes; however, there are other important reasons that we may need to process your personal information. For example:

• As a public healthcare provider to conduct health and social care research under the UK Policy Framework for Health and Social Care Research (please note that any published data is anonymised).

• As a world-class centre of excellence in ophthalmic education, we may use your information including images, but any information used is anonymised otherwise we would seek your consent.

• Unless we are under a legal obligation, where information is to be used beyond direct care purposes we would make you aware of the processing and seek your consent to use your information.

• We will only use your personal information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose or where there is another lawful basis for processing.

We will only use enough of your personal information that is relevant and necessary for us to carry out various tasks within the delivery of your care or for other lawful reasons.

We will keep your information accurate and up to date when using it and, if it is found to be wrong, we will make it right, where appropriate, as soon as we can. However, where it is part of your health record, we are obliged to keep records of any changes, and so the incorrect information may not be erased, but instead would be crossed out with the correct information entered with a note..

We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, accounting, or reporting requirements. You can find details of how long we keep information for in the Records Management Code of Practice for Health and Social Care 2016.


Protecting your privacy

Your health records are confidential. Your privacy is protected under the:

• Common law duty of confidentiality

• General Data Protection Regulations 2016

• Data Protection Act 2018

• Human Rights Act 1998

Everyone who works for the NHS has a legal duty to maintain the highest level of confidentiality.

In some circumstances we may anonymise your personal information (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.

We have secure processes in place to keep your personal information safe when it is being used, shared, and when it is being stored.

We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a legitimate need to know. They will only process your personal information on our instructions and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected personal information breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

How you can help us to keep your health record up to date

• Let us know when you change address or name

• Keep a note of your unique NHS number

• Tell us if any information in your record is incorrect

• Tell us if you change your mind about how we share the information in your record

• Don’t let anyone – insurers, mortgage lenders, employers, solicitors – look at your records unless you are sure it is necessary for your purposes

Accessing your health record

To see a copy of your health record, or for further information about our records system, please contact our health records manager as follows:

• In writing: Health records department, Moorfields Eye Hospital NHS Foundation Trust, City Road, London EC1V 2PD

• By telephone: 020 7566 2200

• By email: moorfields.recordsrequest@nhs.net

If at any point you believe the information we process on you is factually incorrect you can request to see this information and even have it corrected or deleted. However, rather than delete information in your health record, we are usually obliged to cross it out and add the correct information with a note on to the record.

If you wish to raise a complaint on how we have handled your personal data, you can contact our Data Protection Officer who will investigate and respond to your concerns.

How long we keep your information for

We are required under UK legislation to keep your information for the full retention periods as specified by the NHS Records Management Code of Practice for Health and Social Care.

More information on records retention can be found online at https://digital.nhs.uk/article/1202/Records-Management-Code-of-Practice-for-Health-and-Social-Care-2016.

Your rights

Under certain circumstances, you have rights under data protection legislation in relation to your personal information. These rights include:

• Requesting access to your personal information. – You are able to apply for a copy of personal information held about you free of charge. This process is called a subject access request

• Requesting correction of your personal information – This would apply if factual information held such as name, address or health information was incorrect. In this instance we usually be obliged to cross it out and add the correct information with a note on to the record. We would consider any requests regarding any professional opinions that may be in your records; however, we are not legally obliged to change them, but may enter a note on your comments.,

• Requesting erasure of your personal information – The right may apply if the information was no longer needed for your healthcare or it had been kept for longer than set out in the NHS Records Management Code of Practice, unless there is an overriding legal obligation for us to keep it.

• Objecting to processing of your personal information – You can object to us processing your information if there was no overriding legal reason for us to do so.

• Requesting restriction of processing your personal information – You can request to restrict processing of some of the information held about you in certain circumstances, such as instances where you believe it would cause you distress. Where this is the case we will discuss with you how the restriction this may have an impact your ongoing care .

• Requesting transfer of your personal information – This right would generally not apply for health related information as this information would be shared as part of ongoing direct care with another provider

• Right to withdraw consent – You can opt-out of activities where the basis of us using your information is consent such as marketing or research,

If you wish to exercise your rights in relation to the above please contact the Trust’s Data Protection Officer, contact details are provided below.

How the NHS and care services use your information

Moorfields Eye Hospital NHS Foundation Trust is one of many organisations working in the health and care system to improve care for patients and the public.

Whenever you use a health or care service, such as attending Accident & Emergency or using Community Care services, important information about you is collected to help ensure you get the best possible care and treatment.

The information collected about you when you use these services can also be provided to other approved organisations, where there is a legal basis, to help with planning services, improving care provided, research into developing new treatment and preventing illness. All of these help to provide better health and care for you, your family and future generations. Confidential personal information about your health and care is only used in this way where allowed by law and would never be used for insurance or marketing purposes without your explicit consent.

You have a choice about whether you want your confidential patient information to be used in this way.

To find out more about the wider use of confidential personal information and to register your choice to opt out if you do not want your data to be used in this way, visit https://www.nhs.uk/your-nhs-data-matters/manage-your-choice/. If you do choose to opt out you can still consent to your data being used for specific purposes.

If you are happy with this use of information you do not need to do anything. You can change your choice at any time.

Moorfields’ contact details

The trust has Data Protection Officer, who is a dedicated individual responsible for data protection who can be contacted as follows:

Data Protection Officer

Information Governance Department

Moorfields Eye Hospital NHS Foundation Trust

162 City Road

London

EC1V 2PD

Email: moorfields.ig@nhs.net

Tel: 020 7253 3411

Complaints

If you are not satisfied with our response or believe we are processing your personal data not in accordance with the law you can complain to the Information Commissioner’s Office (ICO) as follows:-

• In writing: Information Commissioner’s Office, Wycliffe House, Cheshire SK9 5AF

• By telephone: 08456 30 60 60

• Online: ·

www.ico.org.uk

Last updated: 16th October 2018

This site uses cookies to enhance its use and by continuing you agree to us placing cookies on your device. Please click here to read the Information Commission’s Office Guidance on Cookies.

A cookie is a small file of letters and numbers that we store on your browser or the hard drive of your computer if you agree. Cookies contain information that is transferred to your computer’s hard drive.

We use All Response Media Ltd. for our analysis and optimisation and they utilise your non-personal data to plan and optimise media campaigns to most effectively deliver our marketing strategies and ensure the ads that you receive from us are relevant to you. They do this through Analysis and Targeting cookies.

‘Analysis’ cookies are used to profile user behaviour and optimise marketing campaigns e.g. we may track which creative and medium has more resonance with the target audience. This is designed to ensure relevant ads are served to you, to deliver a better experience with the brand. PLATFORMS: TAG4ARM, CARBON**

‘Targeting’ cookies use the insight from the analysis to match the user with the relevant product and services. This includes re-targeting a user as part of a digital audience (a grouping of cookies with similar interests based on the insight - not an individual) after they visited our publisher’s websites. PLATFORMS: CARBON**

**Please note that Carbon utilises Neilson and the DoubleClick Bid Manager to facilitate ad serving.

Tag Name

Tag4ARM

What is this tag?

All Response Media Ltd. analytics performance measurement tag. For more information on the tag please visit:

https://www.allresponsemedia.com/cookie-policy/#clientcookies

Why is it on the site?

We use the Tag4ARM to measure site visits and conversions and overlay this with offline advertising to measure the impact of the media. This tag might activate cookies from Carbon, Neilson and DoubleClick Bid Manager to build digital audiences related to offline advertising (dependant on agreed engagement).

How do we use this data?

We use this data to produce results that measure and optimise the media effectiveness. Digital audiences might be used for re-targeting (dependent on agreed engagement).

Opt out of cookies

If you would like to opt out of cookies please follow the links below:

Opt of out of seeing personalised ads

Further information

View the Carbon privacy policy here – https://carbondmp.com/privacy/ and the cookie policy for the Carbon platform – https://carbondmp.com/carbon-cookies

If we decide to change our privacy policy, we will post those changes on our homepage so our users are always aware of what information we collect and how we use it.

Any information submitted through forms on the website is transferred to us by email, and will be dealt with by us in accordance with data protection legislation. Emails are not encrypted before being sent to us and, as the internet is not always totally secure, users are sending the information at their own risk.

Content on this website is subject to Moorfields Private copyright

protection unless otherwise stated. Where copyright applies, visitors can download material for private research, study or in-house use only. Visitors must not copy, distribute, or publish any material from this website. Any other use of copyright material requires the permission of the trust. If you wish to use this information for commercial purposes then, in accordance with the Regulations on the Re-use of Public Sector Information 2005, you must first ask our permission. Such re-use may or may not involve the granting of a licence and the application of a fee.

Where images of people appear on this site, those people have given their consent for the use of the images for this site. The use of those images for any other purpose would constitute a breach of confidentiality on the part of the person using them for that other purpose.

If you have any questions about copyright, please contact us.

The following information relates to email sent by Moorfields Private.

Please note as recipient of this email:

This email is intended solely for the addressee. If you are not the addressee please do not read, print, re-transmit, store or act in reliance on it or any attachments. Instead, please email it back to the sender and then immediately permanently delete it.

Unless otherwise expressly agreed by the sender of this email, this communication may contain privileged or confidential information which is exempt from disclosure under English law and this information may not be used or disclosed except for the purpose for which it has been sent.

Contracts may only be concluded on behalf of Moorfields Private by authorised signatories and not by email communication. No employee or agent of Moorfields Private is authorised to conclude any binding agreement on behalf of Moorfields Private with another party by email without the express written confirmation of an authorised signatory.

Any views expressed by the sender of this email are not necessarily those of Moorfields Private. Moorfields Private employees are expressly requested, among other things, not to make any defamatory, threatening or obscene statements and not to infringe any legal right (including any infringement of copyright) by email communication. Any such communication is contrary to Moorfields Eye Hospital NHS Foundations Trust Internet and email policy (see below) and outside the scope of the employment of the individual concerned. Moorfields Private and Moorfields Eye Hospital NHS Foundation Trust will not accept any liability in respect of such a communication, and the employee responsible will be personally liable for any damages or other liabilities arising.

The information contained in this email and any reply may be subject to disclosure under the Freedom of Information Act 2000.

Warning: computer viruses can be transmitted by email and you should be aware that emails may be intercepted by third parties. Any attachments to this email will be received as separate, the subject line of which will be the file name. You are advised to check this email and any attachments for the presence of viruses as neither Moorfields Private nor the sender accept responsibility for any viruses transmitted by this email and/or any attachments.

Please note: Moorfields Private does not generally engage in systematic monitoring activities although it reserves the right to do so where there is reason to believe that misuse of its computing facilities is occurring.