In order to process personal information the Trust needs to have a legal basis to do so.
The primary purpose for which the Trust processes personal information is in order to support its healthcare activities as set out in the National Health Service and Community Care Act 1990, this is the Trusts source of 'Official Authority'.
The basis for the Trust processing your information is described in Article 6 (lawfulness of processing) and Article 9 (processing of special categories of personal data) of the General Data Protection Regulation.
The legal basis for using your data is dependent upon what we need to do with it, these are the legal basis we can use:
- Consent – We would obtain freely given, specific and informed consent to process your personal data for some purposes
- Contract – The processing is necessary for a contract we have with an individual, for example a member of staff
- Legal Obligation – The processing is necessary for us to comply with the law
- Vital Interest – The processing is necessary to protect someone's life
- Public Task – The processing is necessary to perform a task in the public interest or for official functions, and the task or function has a clear basis in law
- If there is a safeguarding concern then data may be shared
In general, however, for the purpose of providing you with healthcare, the Trust relies on
Article 6(1)(e) - processing is necessary for the purposes of a task carried out in the public interest or in the authority of official authority vested in the data controller
Article 9(2)(h) – processing is necessary for the purposes of preventative or occupational medicine, for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment