Why we share your personal information
We may share your personal information with other organisations for these reasons:
assisting in checking your identity;
understanding your requirements;
developing, testing, researching and improving products and services;
training and business analysis;
legal and regulatory compliance;
preventing or detecting crime;
complaints handling; or
improving customer service.
We would not share information that identifies you unless you have given us permission. However, there are certain circumstances where we will process/share personal information without your consent. This is where we have another lawful basis such as:
to protect children and vulnerable adults;
when a formal court order has been served upon us;
when we are lawfully required to report certain information to the appropriate authorities e.g. to prevent fraud or a serious crime;
emergency planning reasons such as for protecting the health and safety of others;
when permission is given by the Secretary of State or the Health Research Authority on the advice of the Confidentiality Advisory Group to process confidential information without the explicit consent of individuals. See Section 251.
Where this is necessary, we are required to comply with all aspects of Data Protection law.
Who we may share your personal information with
Where necessary or required we may share information with:
healthcare, welfare and social organisations;
social and welfare organisations;
family, associates and representatives of the person whose personal data we are processing;
suppliers and service providers;
current, past and prospective employers;
voluntary and charitable organisations;
employment agencies and examining bodies;
educators and examining bodies;
survey and research organisations;
persons making an enquiry or complaint.
If you are receiving services from the NHS, we share information that does not identify you (anonymised) with other NHS and social care partner agencies for the purpose of improving local services, research, audit and public health.
We commission a number of organisations (both within and outside the NHS) to provide healthcare services to you. We may also share anonymised statistical information with them for the purpose of improving local services, for example understanding how health conditions spread across our local area compared with other areas.
The law allows some NHS bodies, particularly NHS Digital (Health and Social Care Information Centre), to collect and use patient data which does not identify a person, to help Commissioners to design and procure the combination of services that best suit the population they serve.
We may also share information with NHS England and NHS Digital. If you do not want your information to be used for purposes beyond providing your care, you can choose to opt-out by contacting your GP practice.
In the usual course of our business, we may use other third party organisations known as ‘data processors’ under data protection law to support the delivery of our services. These organisations process your personal information on our behalf. When we share your information with our approved third party providers, our contractual relationship with them prevents them from using your information for any other purpose outside of our instructions to them. They may use their own third party data processors but are always required to meet the same legal requirements as the CCG does.
Currently, the external data processors we work with are:
|Data Processor||Function they carry out on behalf of the CCG|
|South Central & West Commissioning Support Unit||Provision of core DCS services for the Business Intelligence and Commissioning function|
|BDO||Internal Audit related purposes|
|TIAA Ltd.||Counter fraud investigations|
|NHS Shared Business Service||Invoicing|
|Dorset Healthcare University NHS Foundation Trust||Staff payroll, occupational health services|
|Thames Valley and Wessex Leadership Academy||Provision of training for specific courses|
We may use your personal information to tell you about relevant services offered by the CCG. We can only use your personal information to send you updates about our services if we have your consent.
We will ask for your explicit consent to send you any information about:
updates on the work of Dorset’s health and care services;
updates on how the views of local people are helping shape local services;
opportunities to get involved with our work.
You can withdraw your consent or ask us to stop sending you any marketing messages at any time. If you want to do so, please contact us by:
following the unsubscribe link on the relevant email;
writing to us at: Engagement Team at Vespasian House, Barrack Road, Dorchester, Dorset, DT1 1TG
emailing us at: firstname.lastname@example.org
telephoning us on: 01202 541946
NHS Dorset CCG will never share or sell your information to external companies for their own marketing purposes.