Your rights and Subject Access Requests
Your Rights
Data Protection law gives you significant rights over the use of
your personal data. The most important is the right to make a
"Subject Access Request" for access to the information we hold,
usually by being provided with a copy. Further details are provided
below. Your other rights include:
- Rectification: a right to ask us to change any personal data
which is wrong
- Erasure: a right to ask us to delete any personal data we hold.
This is sometimes referred to as "the right to be forgotten"
- Restriction: a right to ask us not to process your information
for certain purposes. There is also a specific right to ask us not
to use your contact details for marketing purposes.
- Objection: a right to object to some types of processing based
on your own individual circumstances
- Data portability: the right to receive your information in a
specific form so that it can be used by another organisation.
However this right usually only applies where we are processing
information by consent so it does not apply to medical records. For
more information please see the Information Commissioner's website.
These rights are not absolute (other than prevention of
marketing) and will not apply in all circumstances. For example,
you do not have a right to insist that we delete your medical
records as we have a legal duty to keep them.
For more information about your rights please see the IOC's guide to individual rights.
If you wish to exercise any of the rights other than a Subject
Access Request please contact the Trust's Data Protection Officer
via post at Trust Headquarters, Marlborough Street, Bristol, BS1
3NU, email
InformationGovernance@UHBristol.nhs.uk or by phone at 0117 342
3701.
You also have a right to complain to the Information
Commissioner if you are in any way unhappy with the way we have
processed your personal information or allowed you to exercise your
rights. Please see: www.ico.org.uk/concerns.
Subject Access Requests
GDPR gives you the right to access the information we hold about
you on our records.
For medical records requests should be made in writing to the
Medical Records Department. The Trust will provide the information
to you within one month of receipt of your request and sufficient
information to identify you.
There is generally no charge but the Trust reserves the right to
make a reasonable administrative charge in the case of requests
which are manifestly unfounded or excessive, in particular because
of their repetitive character.
It is possible for you to make requests on behalf of children
you are responsible for and in some cases for adults e.g. where you
have their specific authority or a Power of Attorney or they are
incapable of making their own request.
For further information can be found here. To make a request
relating to information shared with Connecting Care please follow this link.
You can also find useful information about exercising your right
of access and what you can expect here.
Rectification
If you think that the data we hold on you is inaccurate or
incomplete you may ask us to rectify or complete it. You can make
your request by contacting the Trust's Data Protection Officer at
the above address, by email to
InformationGovernance@UHBristol.nhs.uk or by phone at 0117 342
3701. We will tell you within one month what action we intend to
take in response to your request.
Erasure
Under GDPR you sometimes have a right to have personal data
erased. The right to erasure is also known as 'the right to be
forgotten'. You can make your request by contacting the Trust's
Data Protection Officer at the above address, by email to
InformationGovernance@UHBristol.nhs.uk or by phone at 0117 342
3701. We will tell you within one month what action we intend to
take in response to your request.
However this right does not apply to many of our key data
holdings such as health records and employees' records as we are
keeping such records as part of our legal duties. For a full
explanation of the right and when it applies please see the Information Commissioner's website.
Restriction
This is closely linked to other rights. You have the right to
restrict processing in limited circumstances for example if you think
our data is inaccurate and you want to limit what we do with it
until we have considered rectification (see above). You can
make your request by contacting the Trust's Data Protection Officer
at the above address, by email to
InformationGovernance@UHBristol.nhs.uk or by phone at 0117 342
3701. We will tell you within one month what action we intend to
take in response to your request.
Objection
You have a general right to object to our processing your
personal data if we are processing your information for direct
marketing. We will always respect such an objection.
You also have a right to object on "grounds relating to your
particular situation" when we are processing your personal
data:
- On the basis of our legitimate interests or the performance of
a task in the public interest/exercise of official authority. This
would include our processing of medical records and employee
records; or
- For purposes of scientific/historical research and
statistics.
For example, someone might object to us sharing identifying or
address information if they were on a witness protection program.
We can refuse to uphold an objection, if it is not based on their
particular situation or in any event on compelling grounds - for
example to save the life of a child of the person on the witness
protection program.
You can make your request by contacting the Trust's Data
Protection Officer at the above address, by email to
InformationGovernance@UHBristol.nhs.uk or by phone at 0117 342
3701. We will tell you within one month what action we intend to
take in response to your request.
For a full explanation of the right and when it applies please
see the Information Commissioner's website.