Why are you processing my personal information?
Primarily, we collect data for administration purposes and for the commissioning, delivery and improvement of HSC services in line with legislation, research and governance requirements.
Reasons we process your information may include:
- surveillance - to identify trends in illness/disease outbreak and to prevent/control spread;
- analysis – for health research, health protection and health promotion and for reports and the production of official statistics;
- to allow analysis of trends in service usage by specific groups;
- to involve service users and carers in the planning of services;
- for official communication and publicity purposes;
- to provide advice to patients, clinicians and other HSC professionals;
- to contribute to service specifications;
- for contract monitoring and the administration, selection and evaluation of research projects and funding/grant applications.
To be able to process your personal information we must have a lawful basis for doing so and at least one of the following must apply:
- Consent – an individual must give clear consent for us to process their personal data and then only for a specific purpose.
- Contract – the processing is necessary for a contract we have with an individual, or because we have asked the individual to take specific steps before entering into a contract.
- Legal obligation – processing is necessary to comply with the law.
- Vital interests – processing is necessary to protect someone’s life.
- Public task – processing is necessary for us to perform a task in the public interest or for our official functions and the task or function has a clear basis in law.
Processing within the Public Health Agency is likely to fall under 2, 3 or 5 above.
Do I need to give my consent?
Whilst the majority of our data is obtained on a lawful basis as outlined above, we may, occasionally, request your consent in writing when collecting data for your direct care, for media purposes or for research purposes.
You may contact us at any time to withdraw your consent or to ask that your personal data be deleted. Please see contact details below.
Information may be shared without your consent when required by law, to protect the public from serious harm or for the monitoring of certain health conditions.
What information is collected?
We only collect the information we need to. This may include your name, address, date of birth, contact details, demographics and some equality data, as well as images/photos and voice recordings.
We may also collect health related/medical data including diagnostic information as well as financial and contractual information as part of our grant/funding awards service.
Where do you get my personal data from?
Much of the personal data we use will be obtained directly from you. We also receive data from parents, carers, healthcare professionals and other health service organisations, such as hospitals, GPs and pharmacies.
We gather some personal information from surveys, consultations, funding/grant/tender applications and performance monitoring reports.
This can include information you provide in person, on an official form (online or in paper form) or by telephone.
Do you share my personal data with anyone else?
Yes. To help us provide the best care or service for you, we may need to share your information with other healthcare bodies and professionals, including GPs and hospitals, for the purposes of health protection. Personal information may also be shared with Public Health England for the purposes of national disease surveillance.
Sometimes, we may share some information with external organisations such as universities, auditors and survey/research organisations etc. As far as possible, information collected for research or to help identify trends in disease will be used in a way that does not identify you personally.
Extracts of information may also appear on our corporate website or in press documents, with your consent.
Do you transfer my personal data to other countries?
Only in exceptional circumstances, eg where information needs to be shared with public health agencies outside the UK for the purposes of disease surveillance and to protect the health of individuals and others potentially affected by an outbreak.
Any transfers will be made in full compliance with GDPR and only when we have a legitimate basis for doing so.
How long do you keep my personal data?
We will only retain your data for as long as necessary, in line with our Retention and Disposal Schedule and specific guidance issued by the Department of Health in Northern Ireland.
What rights do I have?
- You have the right to obtain confirmation that your data is being processed, and access to your personal data.
- You are entitled to have personal data rectified if it is inaccurate or incomplete.
- You have a right to have personal data erased and to prevent processing, in specific circumstances.
- You have the right to ‘block’ or suppress processing of personal data, in specific circumstances.
- You have the right to data portability, in specific circumstances.
- You have the right to object to the processing, in specific circumstances.
- You have rights in relation to automated decision making and profiling.
How do I complain if I am not happy?
Data Protection Officer:
Name: Rosemary Taylor
Address: Public Health Agency, 12-22 Linenhall Street, Belfast BT2 8BS
Telephone: 028 9536 3519
If you are still not happy, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO):
Information Commissioner’s Office
Wycliffe House Water Lane Wilmslow Cheshire SK9 5AF
Tel: 0303 123 1113