HMR CCG Privacy Notice
Protecting Your Data
This privacy notice explains in detail the type of information (including personal data) that we, Heywood, Middleton and Rochdale (HMR) CCG, process about you. The CCG is a Data Controller. A Data Controller determines how the data will be processed and used within the CCG and with others who we share data with. We are legally responsible for ensuring that all personal data that we hold and use is done so in a way that meets the data protection principles under the General Data Protection Regulation (GDPR) and Data Protection Act 2018. This notice also explains how we handle that data and keep it safe.
Under GDPR, all public bodies must nominate a Data Protection Officer (DPO) whose responsibilities include advising on compliance with GDPR, training and awareness for staff as well as being the main contact with the Information Commissioner. The DPO is: Karen Hurley (Director of Operations and Executive Nurse).
To contact the DPO, please email: email@example.com
The CCG also has a Caldicott Guardian. A Caldicott Guardian is a senior person within a health and social care organisation, preferably a health professional, who makes sure that personal information about those who use its services is used legally, ethically, appropriately and that confidentiality is maintained. The Caldicott Guardian for the CCG is: Dr Chris Duffy (HMR CCG Chair).
To contact Dr Duffy please email: firstname.lastname@example.org
Personal Information: Right to Access Requests (formerly Subject Access Requests)
How do I make a request for my personal information?
The General Data Protection Regulation (GDPR) and Data Protection Act 2018 gives you the right to request a copy of the information we hold about you. This is sometimes also called a Subject Access Request (SAR).
To request a copy of your personal information, we would prefer you to complete the SAR request form and either email it to email@example.com or post it to NHS HMR CCG, PO Box 100, Rochdale, OL16 9NP
This will help us to understand the types of information you would like to be sent to you and it also helps us to carry out your request more quickly. This form also has a checklist to explain the identification (ID) that we will need to see (copies only, not original documents) before we release any information to you, should we need to identify you.
To make a request for personal information please complete this form docx 19 KB
Can I ask someone else to make a Subject Access Request?
Usually, other people cannot access your personal information but in certain circumstances this may be permitted. For example, where you have given written permission for someone else to make a request on your behalf, or if you have parental responsibility or you have power of attorney for someone.
How long does it take?
We aim to respond to each request within one calendar month from the day after we have received your request. This period may be extended by two further months should the complexity and number of the requests mean this is required. If this is the case, we will inform you of any such extension within one month of receiving your request, together with the reasons for the delay.
How much does it cost?
There is usually no charge for this service but there may be a charge if we believe your request is repetitive or excessive.
Your rights to your personal information
Under the General Data Protection Regulation (GDPR) and the Data Protection Act 2018, you have certain rights when we use your personal information. These rights are not automatic, but to summarise, you have the right to ask:
Please also refer to our A Guide to Individual Rights for more detailed information. pdf 0.7 MB
- If your personal information is being used by us.
- For your personal information to be corrected or updated.
- For your personal data to be erased. We will comply with this request in certain circumstances, for example, if you initially consented to the use of your personal information but have now withdrawn that consent.
- To withdraw your consent to the use of your personal information.
- Us to transfer your personal information directly to another data controller. This applies to personal information that is held electronically.
- Us to restrict or quarantine your personal information if there is a dispute as to the accuracy or processing of your personal information. This means your personal information will not be used except in limited circumstances.
- To object to the use of your personal information and request we stop using your personal information.