Key definitions
UK Data Protection Laws:
- UK General Data Protection Regulation (UK GDPR).
- Data Protection Act 2018 (DPA 18).
Personal data: Any information relating to an identifiable individual. This might include your name, NHS number, contact details. It can also be location data or an online identifier.
Special categories of personal data are defined as: Racial or ethnic origin, politics, religious or philosophical beliefs, trade union membership, genetics, and biometrics (where used for identification) information concerning your health, sex life or sexual orientation.
Data Controller: An entity or individual that determines how and why personal data is processed.
Data Processor: A entity or individual that processes personal data on the behalf of the data controller.
Who are we?
HCRG Care Services Ltd are commissioned to provide integrated Sexual Health services in Cheshire West and Chester, Oldham, Rochdale, Bury, Middlesbrough, Stockton, Redcar and Cleveland and Hartlepool. We are the data controller for any personal information we hold about you.
HCRG Care Services Ltd is a limited company registered in England and Wales, registered number 7557877. Registered office: The Heath Business and Technical Park, Runcorn, Cheshire, WA7 4QX. Part of the HCRG Care Group of companies.
Please see our website for further information about the services we provide: https://www.thesexualhealthhub.co.uk/
Who can you contact regarding your personal information we hold?
Service Manager – Karen Tipping | ||
Oldham Sexual Health
Oldham Integrated Care Centre Tel: 0300 303 8565 |
Rochdale Sexual Health
Nye Bevan House Tel: 0300 303 8565 |
Bury Sexual Health
3rd Floor Townside Tel: 0300 303 8565 |
Oldham’s Young People’s Service
Oldham Integrated Care Centre Tel: 0300 303 8565 |
Rochdale Young People’s Service
Nye Bevan House Tel: 0300 303 8565 |
Bury Young People’s Service
3rd Floor Townside Tel: 0300 303 8565 |
Service Manager – Brad Pearson-Barnard |
Cheshire West and Chester Sexual Health Service
Fountains Health, Tel: 0300 247 0020 |
Service Manager – Lauri McLaughlin | |||
Teesside Sexual Health Services | |||
2nd Floor, Lawson Street Health Centre, Stockton on Tees, TS18 1HUTel: 0300 330 1122 |
Redcar & Cleveland Leisure & Community Heart Ridley Street Redcar, TS10 1TDTel: 0300 330 1122 |
The Fens Medical Centre 434 Catcote Road Hartlepool TS25 2LSTel: 0300 330 1122 |
Livewell Centre Dundas Shopping Centre Dundas Street Middlesbrough TS1 1HRTel: 0300 330 1122 |
Data Protection Officer
Deborah Tonkin
The Heath Business Park
Runcorn
Cheshire
WA7 4QX
via email: Ask.IG@hcrgcaregroup.com
If you are not happy about the way your information is handled, you have the right to lodge a complaint with a supervisory authority. In the UK, this is the Information Commissioners Office (ICO).
The Information Commissioner’s Office
Wycliffe House
Cheshire
SK9 5AF
Helpline: 0303 123 1113 (local rate)
Email: casework@ico.org.uk
Website: www.ico.org.uk
What Information do we collect about you?
We will collect ‘personal data’ about you such as your name, date of birth, address and contact details. We may also ask you for more sensitive data, called ‘special category data’, such as your ethnicity, sexual orientation, and information about your health.
Health care professionals are required by law to maintain records about your health. Your health record may include:
- Your contact details & preferences.
- Information about the treatment or care you have received.
- Supporting information such as test results, letters, or reports.
- Relevant information from other health professionals, relatives or those who care for you.
These records help to provide you with the best possible healthcare.
What Is our legal basis for processing your Information?
In order for HCRG Care Group to legally process your information a ‘lawful basis’ needs to be identified.
Our legal basis for processing your personal information falls under one of the following legal bases:
- It is necessary for the performance of a task carried out in the public interest or in the exercise of official authority.
- It is necessary for a legal obligation or such as responding to a request from a coroner.
- We have your explicit consent (where none of the above bases apply).
Our legal basis for processing special category data falls under one of the following legal bases:
- The provision of health or social care.
- Social protection law for safeguarding purposes.
- Where it is necessary to protect your vital interests – when you are physically or legally incapable of providing consent.
- It is necessary for reason of public interest in area of public health.
- We have your explicit consent (where none of the above bases apply).
How do we use your Information?
The information we hold about you is used to:
- Provide information to make health decisions made by care professional with and for you.
- To register you on our clinical system and book an appointment.
- You will also have the option to add your appointment directly in to your mobile calendar at the end of the online booking process.
- To post home sampling kits with your consent.
- Make sure your care is safe and effective.
- To issue treatments or supply contraception.
Without your permission we will not:
- Inform your GP or healthcare professional about the fact that you had the test or your results*.
- Refer you to other specialist services.
- Share your information.
* The only time we may need to discuss your results with a GP or healthcare professional is if we are unable to contact you by your chosen method of communication and your test is positive. This is to help protect your health.
We may also use, or share, your information for the following purposes:
- Looking after the health of the general public.
- Making sure that our services can meet patient needs in the future.
- Preparing statistics on NHS performance and activity.
- Investigating concerns, complaints or legal claims.
- Helping colleagues review the care they provide to make sure it is of the highest standards.
- Training and educating staff.
For research purposes (we will always ask your consent for this).
The Friends and Family Test (FFT):
NHS organisations including HCRG Care Group are required to use the Friends & Family Test (FFT) to capture feedback and submit response data to NHS England each month.
Patients can access the data which will then help them make informed choices about their future care. We collect feedback from a number of different channels, including SMS text messaging, online – via our HCRG Care Group website and paper questionnaires/feedback forms.
Invoice validation:
Invoice validation enables us to identify which ICB is responsible for paying for your treatment.
Section 251 of the NHS Act 2006 provides a statutory legal basis to process data for invoice validation purposes and uses your NHS number to validate payment. We can also use your NHS number to check whether your care has been funded through specialist commissioning, which NHS England will pay for. The process makes sure that the organisations providing your care are paid correctly.
For further information please see: NHS Digital – how we use your information for invoice validation
CCTV:
We have installed CCTV systems in our premises for the purposes of public and staff safety and crime and prevention and detection. In all locations, signs are displayed notifying you that CCTV is in operation and providing details of who to contact for further information.
Images captured by CCTV will be deleted 30 days after the CCTV footage was taken. However, on occasions there may need to be a need to keep images for longer, for example where a crime is being investigated.
You have the right to see CCTV images of yourself and be provided with a copy of the images. We will only disclose images to authorised bodies such as the police, who intend to use it for the purposes stated above. You will find our contact details at the beginning of this privacy notice If you wish to request a copy of the CCTV recording.
Lilie touch self check-in:
We have installed Lille Touch self-check-in screens at some of our services. The information we collect on Lilie Touch is used to maintain the demographic information on your patient record. All of the information you submit is secure.
Home sampling kits:
When ordering a home sampling kit for sexually transmitted infections, your information will be shared with a third-party provider, namely Acculabs Diagnostics UK LTD. Acculabs will send the home sampling kits to you, and when returned, carry out the testing and return results to HCRG Care Group Ltd. via a secure link. This information will not be processed further by Acculabs but will be stored on their IT servers within the UK. HCRG Care Group Ltd. and Acculabs have comprehensive agreements in place to ensure the secure and confidential processing on your information.
Without your permission we will not:
- Inform your GP or healthcare professional about the fact that you have had the test or your results*.
- Refer you to other specialist services.
- Share your information.
* The only time we may need to discuss your results with a GP or healthcare professional is if we are unable to contact you by your chosen method of communication and your test is positive. This is to help protect your health.
SMS text results service – when a patient is tested at one of our clinics:
We will ask you to update your contact preferences when you book an appointment or visit our service. This is to understand how you wish to be contacted about your results. If you need to update your contact preferences or opt out of receiving SMS messages, please contact your local service. Some of our services have a dedicated results line for you to contact to obtain your results. If this service is available in your area, details will be provided when you take your test. If you choose to be informed by SMS text, you will receive one of the SMS messages shown in Appendix A depending on your results.
SMS text results Service – postal test kits:
When you order a postal kit on our website, we will send out your results via SMS text. If you do not wish to be contacted via SMS text, please visit your local service to have a test. If your contact details have changed following completion of your postal order, please contact your local service for support. If you complete a postal test, you will receive one of the SMS messages shown in Appendix B depending on your results
SMS text recall service:
When you attend our service for treatment, the nurse or doctor may identify that that you need to attend the service at a later date for repeat testing. We usually send an SMS reminder text to remind you that your repeat test is due. You can opt out of receiving reminder texts if you do not wish to receive these. You will receive one of the SMS messages shown in Appendix C.
SMS text reminder service:
When you book an appointment or visit the service we will also ask if you wish to receive SMS reminders for your appointment. If you wish to change your preferences, you can do so by contacting your local service or by logging into your online account.
Who do we share your Information with?
We may share your information for the purpose of providing you with care, or another lawful reason, with our partners and other recipients. We work in partnership with our commissioners and other health and care providers.
- NHS England and NHS Digital
- Integrated Care Boards (ICB’s)
- Other health service providers such as hospitals, GPs, ambulance services, urgent care.
- Local Authorities
- Regulatory Bodies
- Trusted providers that host our IT, archiving, email and texting services and surveys.
- HCRG Care Group corporate teams who provide our ‘back office’ support – such as IT
- Marie Stopes
- Acculabs for management of samples.
- British Association for Sexual Health and HIV (BASHH)
- Family Planning Association Contraception
- British Pregnancy Advisory Service (BPA)
- Terrence Higgins Trust
- Brook
- Early Break
- SH24 for emergency hormonal contraception SH24 Privacy Policy
- Pharmacies
- SXT – Partner Notification Tool SXT Privacy Policy
- Idox Health
- Chat Health – SMS messaging application
- Accurx – Video Consultation platform
Where is your data stored and how long we keep it for?
Your information is stored in secure locations and only accessible on a need-to-know basis. These include:
- Electronic Health Records (EHR’s) on our clinical systems.
- Secure Clinical Areas.
- Internal encrypted servers.
- Approved storage companies.
We will keep your healthcare records in accordance with the NHS Records Management Code of Practice for Health and Social Care.
Please note that due to a legal hold on the destruction of records by NHS England, we are currently not destroying records that have reached their retention period. This is to support ongoing statutory public inquiries including:
- UK Covid 19 Inquiry
- Infected Blood Public Inquiry
- Historic Child Sexual Abuse Inquiry
How can I access a copy of my Information?
UK data protection laws provide you with the following rights:
The right to be informed | As a data controller, we are obliged to provide understandable and transparent information about the way we process your data (this is provided by our privacy policy) |
The right of access | You are entitled to request a copy of the personal data we hold about you. |
The right to rectification | You are entitled to request changes to information if it is inaccurate or incomplete. |
The right to erasure | Where no overriding legal basis or legitimate reason continues to exist for processing personal data, you may request that we delete the personal data. |
The right to restrict processing | Under certain circumstances, you may ask us to stop processing your personal data. We will still hold the data but will not process it any further. |
The right to data portability | Subject to certain conditions, you may request a copy of your personal data to be transferred to another organisation. |
The right to object to processing | You have the right to object to our processing of your data where:
§ Processing is based on legitimate interest. § Processing involves automated decision-making and profiling. § Processing would be for a purpose beyond your care and treatment, e.g., direct marketing and scientific or historic research. You can opt-out to the sharing of this information under the National Data Opt-Out. Further information can be found on the following website: |
Please note that the above rights may not apply in all circumstances, but we will respond within a month of any requests. If you have any questions or concerns about the information we hold on you, please contact our Data Protection Officer.
How to request a copy of your information:
Please email the Access to Records Team accesstorecordsteam@hcrgcaregroup.com or write to us at The Heath Business Park, Runcorn, Cheshire, WA7 4QX.
Keep us updated of any changes:
Please let us know if you change your address or contact details etc. so that we can keep your information accurate and up to date.
Contract end provisions
In the event of the contract with the service and HCRG Care Ltd coming to an end, all relevant documentation and records will be transferred to the new provider (s).
The transfer of records will be conducted in accordance with the current UK Data Protection Law.
Changes to our privacy notice
We will update this privacy notice from time to time to reflect any changes to our ways of working.
Date privacy notice last updated: May 2024.