Powys Teaching Health Board (the Health Board) is committed to protecting your personal information in accordance with the law. We will ensure that your information is safe and only used for the legal purposes for which we can use it. This privacy notice explains how your personal information is processed and our purpose for processing.
The Health Board holds records about you which will include the following:
NHS records may be held on a computer, on paper or a mixture of both and we use a combination of sound working practices and technology to ensure that your information is kept confidential and secure. We will protect your information through:
To use your personal data appropriately, Powys Teaching Health Board complies with the following Legislation and Standards:
General Data Protection Regulation (GDPR);
The Health Board processes personal information under the following legal basis:
Article 6(1)(e) processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller
Article 9(2)(h) processing is necessary for the purposes of preventive or occupational medicine, for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services on the basis of Union or Member State law or pursuant to contract with a health professional and subject to the conditions and safeguards referred to in paragraph 3;
Data Protection Act 2018;
Common Law Duty of Confidentiality;
Health & Social Care Act 2012;
NHS Codes of Confidentiality, Information Security and Records Management; and
European Convention on Human Rights Act 1998
Healthcare professionals who provide you with care maintain records about your health and any treatment or care you receive. These records help our staff to provide you with the best possible health care. This may include your medical records, complaint files, job applicants etc. Where required, we will use your information for Commissioned Services where treatment and services are provided by another health board or organisation. We will also use your information to help us manage the NHS and for statistical purposes and at times, your information maybe used for research purposes. There will be times when it is appropriate for us to share information about you and your healthcare with others such as, GPs, other healthcare providers, social care and others. The need to share relevant information is to help us work together for your benefit. The health board at this time does not use automated decision making.
If you are a Welsh resident who has received treatment by an NHS care provider in England, your information will be shared back into NHS Wales in order to verify and combine with your information held in Wales. That information will be used by the Health Board/Trust to identify you and validate what care was provided.
Should you wish to know more about how the Health Board uses your information and with whom it is shared please see ‘Your Information, Your Rights’ leaflet which is currently available from our legacy website at https://www.webarchive.org.uk/wayback/archive/20210215145701/http://www.powysthb.wales.nhs.uk/
We will hold your data in accordance with the law and the Health Board uses national guidelines to determine when your records can be destroyed. Please refer to the Policy and Procedure for the Destruction of Records, which is currently available from our legacy website at https://www.webarchive.org.uk/wayback/archive/20210215145701/http://www.powysthb.wales.nhs.uk/
Under the GDPR, you have rights as an individual which you can exercise, and we must consider, in relation to the information we hold about you. These include:
Under the law you have a number of rights about your information including:
If you require further information about your rights please visit the Information Commissioner's website at https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/
Information about Subject Access Requests or making a request that your record is amended can be made via our Access to Information page.
Information on how we collect information through visits to our website can be found here
If you have any concerns about how your information is managed within the Health Board please check our website for details on how you can complain or report a concern.
To contact the Health Board’s Data Protection Officer (DPO):
telephone: 07836 505 851
by post: Data Protection Officer - Glasbury House, Bronllys Hospital, Bronllys. Brecon, Powys LD3 0LY
Powys Teaching Health Board is classed as a Data Controller for the purposes of data protection and is required to register with the regulator, the Information Commissioner’s Office (ICO). Our Registration number is Z781546X.
Further details can be on the Information Commissioner's Office website at https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/
If you wish to escalate your concerns, you should contact the Information Commissioner’s Office at www.ico.gov.uk
Our statement of public task sets out the functions carried out by Powys Teaching Health Board for the purposes of the Re-Use of Public Sector Information Regulations 2015 and General Data Protection Regulation (GDPR).