The Diabetic Kidney Disease Centre is a facility within Barts Health NHS Trust. Our overall vision is to align Barts’ clinical academic expertise with the diverse East London patient population to become a world leader for therapeutic innovation in diabetic kidney disease.
The Diabetic Kidney Disease Centre is committed to ensuring your privacy is protected when you visit our website and use our services. This privacy notice explains how we use information about you and how we protect your privacy.
The Diabetic Kidney Disease Centre is obligated to abide by the laws and regulations that apply to protecting your data and how it is used. These are the General Data Protection Regulation 2016 (GDPR) and the Data Protection Act 2018.
Looking after your personal information
The Diabetic Kidney Disease Centre is committed to protecting your privacy when you use our website and our services. In this privacy notice, we will explain how we collect and use personal information about you, and how we ensure your privacy is protected. This document will also outline the below:
What personal information is
What information we collect about you
Where we get your information from
Why we collect your information
How we keep your information safe
How long we keep your information
Why we are allowed to process your information
Your right to object to information processing
Your rights as a data subject
Where to get further advice
What is personal information?
Personal information can be:
Anything that identifies a living individual, either on its own or when put together with other information. Some examples of personal information are names, addresses, telephone numbers, National Insurance numbers or hospital numbers.
Information of a sensitive nature about an individual, which they would not usually want to be widely known without their consent. Examples of sensitive information are a person’s physical or mental health record, genetic or biometric data, their racial or ethnic origin, sexuality, and political or religious beliefs.
What information do we collect?
Depending on your circumstances and the nature of the health care you require, we may collect the following information about you:
Your general details (i.e name, address, date of birth, telephone number)
Details about your GP
Your medical history
Any medications you are taking
Details about your physical or mental health
Your family details (for example, your next of kin)
Your religious beliefs
Your lifestyle and social circumstances
Scans, x-rays, blood tests and other diagnostic images
Your genetic or biometric data
The information we collect about you may be written down in a paper file as a manual record, or stored on a computer system as an electronic record.
You have the right to receive a copy of your medical records via a Subject Access Request.
Where do we get your information from?
Generally, personal information provided to us comes directly from our patients. However we may also receive personal data from:
Parents, relatives or carers
General Practitioners (GPs)
Other NHS Trusts, hospitals, clinics or hospices
Private healthcare providers
Why does The Diabetic Kidney Disease Centre collect your information?
To carry out medical research
We will process your data to carry out scientific research. The Health Research Authority sets standards for NHS organisations to make sure they protect your privacy and comply with the law when they do research work. When The Diabetic Kidney Disease Centre uses your data for research purposes we will ensure that appropriate safeguards are in place, such as using the minimum amount of data needed or making sure you cannot be identified by the data.
Sometimes a member of your care team may review your health records to see if you might be a good candidate for any research we have planned. However, except in very specific circumstances, we are required to inform you first and get your explicit consent before we are allowed to use any of your information for research. We will not use data from private or non-NHS patients for research purposes.
If you do not want your personal information to be used for planning and research, you may express your preference under the National Data Opt-Out Programme. You can use this service to request that your confidential patient information is not used for anything other than your own individual care.
How do we protect your information?
It is paramount that everyone working in the Diabetic Kidney Disease Centre team ensures they maintain the highest levels of confidentiality, and all our staff receive training in how to handle your information securely. Your records will generally only be seen by those involved in providing or administering your care.
Your paper healthcare records are stored in physically secure areas and electronic records held on computer systems are protected by appropriate technology such as data encryption and access controls.
If you decide to send or receive personal information by email, please be aware that we cannot be responsible for the security of the information during its transfer to or from our email system, or for any loss or compromise of the information due to technical or security issues occurring outside our computer networks.
Can you object to our processing of your personal information?
In addition to your other rights as a data subject (see below), you have the right to object to the processing of your personal information, although you must give specific reasons for your objection based upon your particular concerns. This is not an absolute right and depending on the circumstances we may decide that there are compelling and legitimate grounds for us to continue to process your information. If we do decide to continue processing your information we will let you know and explain the reasons for our decision to you. You would also have the right to challenge our decision, for example, with the Information Commissioner’s Office (ICO).
If you wish to object to the processing of your personal information by The Diabetic Kidney Disease Centre then please get in touch with Barts Health NHS Trust’s Data Protection Officer, Derek Peacock, at DPO@bartshealth.nhs.uk
What are your rights as a data subject?
Under the General Data Protection Regulation you have a number of rights as a data subject. These are:
The right to be informed
We are required to inform you about how we collect and use your personal information (for example, by the information given in this Privacy Notice).
The right to access
By law you are entitled to request a copy of the information we hold about you. This is known as a Subject Access Request. We will aim to provide the requested information to you within 30 days, but if we are unable to do so then we will explain the reasons to you. In most cases we will provide a copy of the information to you for free but there are some circumstances where we will need to charge.
At times we may not be able to share your whole record with you, particularly if the record contains confidential information about other people, information which could cause harm to your or someone else’s physical or mental wellbeing, or which might affect a police investigation.
The right to rectification
You may request that we make changes to any data we hold about you that is incorrect or incomplete. We will take action to rectify inaccuracies in the personal information we hold about you when it is drawn to our attention. Sometimes it may be necessary to add an explanatory note to your information (an addendum) rather than change the original record. We would do this to ensure that we have all necessary information available to provide your care (your complete medical history, for example).
The right to erasure
In most cases you are not able to request that we erase the medical information that we hold about you for your direct care and public health purposes, under our lawful basis for processing your data as set out in the GDPR.
The right to restrict processing
You may request that we restrict the processing of your information in certain circumstances, for example if you believe it to be inaccurate. In most cases a restriction of processing is a temporary measure while we investigate your concerns. The right to restrict processing is not an absolute right, and we may decide not to restrict the processing of your information if we consider that processing to be necessary for the purpose of the public interest or for the purpose of your legitimate interests.
The right to data portability
The Trust’s basis for processing your data under the GDPR means that we are not legally required to provide your information in a machine-readable form, although we will try to provide information that you have asked us for (such as under a Subject Access Request) in the format you prefer if it is practical for us to do so.
Rights related to automated decision making (including profiling)
Barts Health does not make automated decisions about patients or carry out evaluations based on any automated processes (profiling).
Do we pass your information on to other people or organisations?
When we are required to do so, we will ensure that we seek your consent before sharing your personal information with other people. We will not pass your personal information to your friends, relatives or carers without your explicit consent. If you are unable to consent for any reason, we will only share information where it is clearly in your best interests to do so or it is required by law.
The Diabetic Kidney Disease Centre may occasionally need to share the personal information we process with other organisations. When we do this we are required to comply with all aspects of the General Data Protection Regulation.
The organisations we share information with can include:
Other public and private healthcare, social and welfare organisations
Central and local government organisations
Police forces and security organisations
Public and private service providers, suppliers of medical equipment and support systems
Public and private auditors and audit bodies
Survey and research organisations
Professional advisers and consultants
The reasons why we would share your information can include:
Notification of births and deaths
An emergency (when there is risk of loss of life or limb)
To control infectious diseases (such as meningitis or tuberculosis)
Child protection when required by a formal court order
For the prevention or detection of a crime
By using this website you are implying consent for these cookies to be placed on your computer. If you would like to remove these cookies and opt-out of the services that use them you can by selecting the appropriate settings on your browser.
What is a cookie?
A cookie is a simple text file that is stored on your computer or mobile device by a website’s server and only that server will be able to retrieve or read the contents of that cookie. Each cookie is unique to your web browser. It will contain some anonymous information such as a unique identifier and the site name and some digits and numbers. It allows a website to remember things such as your preferences or remembers your details when filing out a form. They are controlled by your computer. If you visit the Tools section in your browser menu, you will find details of your cookies settings.
Cookies may come with or without an expiry date. Cookies without an expiry date exist until the browser is closed, while cookies with an expiry date may be stored by the device until the expiry date passes.
You can set your browser to warn you before accepting cookies, or you can set it to automatically reject them. Please note that by rejecting cookies it may inconvenience you in browsing our website. See your browser 'help' button for how to change your cookie settings.
We use the following cookies on this site:
When you visit the site for the first time a message about cookies appears on the screen. If you select ‘Continue’ an acceptance cookie will be stored on your machine, otherwise the message will always appear. Once the cookie is set the message will disappear.
Contains an anonymous identifier that can be used by the server to provide a continuous service.
Session – expires when browser is closed
Google Analytics cookie - Used to distinguish users
Google Analytics cookie - Used to distinguish users
Google Analytics cookie - Used to throttle request rate