Home  > Privacy


Privacy statement


Your Personal Information


We aim to provide you with the highest quality care. To do this, we must keep records about you and the care we provide for you.  Health Records are held on paper and electronically and we have a legal duty to keep these confidential, accurate and secure at all times in line with Data Protection Laws.


Our staff are trained to handle your information correctly and protect your privacy. We aim to maintain high standards, adopt best practice for our record keeping and regularly check and report on how we are doing. Your information is never collected for direct marketing purposes, and is not sold on to any third parties. Your information is not routinely processed overseas and if it is we undertake to inform you.


Sometimes your care may be provided by members of a care team, which may include people from other organisations such as health, social care, education or other care organisations.


Information is held for specified periods of time as set out in the Records Management Code of Practice for Health and Social Care.


Information collected about you to deliver your health care is also used to assist with:

  • Making sure your care is of a high standard
  • Using statistical information to look after the health and wellbeing of the general public and planning services to meet the needs of the population
  • Assessing your condition against a set of risk criteria to ensure you are receiving the best possible care
  • Preparing statistics on our performance for the Department of Health and other regulatory bodies
  • Helping train staff and support research
  • Supporting the funding of your care
  • Reporting and investigation of complaints, claims and untoward incidents
  • Reporting events to the appropriate authorities when we are required to do so by law.


The legal basis for the processing of data for these purposes is that the NHS is an official authority with a public duty to care for its patients. The NHS is guided by the Department of Health and Data Protection law which says it is appropriate to process data for health and social care treatment of patients and for the management of health or social care systems and services.


If we need to use your personal information for any reason beyond those stated above, we will discuss this with you. You have the right to ask us not to use your information in this way. However, there are exceptions to this which are listed below.

  • The public interest is thought to be of greater importance, e.g.:
  • If a serious crime has been committed
  • If there are risks to the public or our staff
  • To protect vulnerable children or adults
  • We have a legal duty, for example registering births, reporting some infectious diseases, wounding by firearms and court orders
  • We need to use the information for medical research. We have to ask permission from the Confidentiality Advisory Group (appointed by the NHS Health Research Authority).


How is your information shared?

Oxleas NHS Foundation Trust, as Data Controller, will not share your data with anyone without your explicit consent, unless the law permits us to do so.

We share data only with our authorised Data Processors, who must act at all times on our instructions as the Data Controller under the Data Protection Act 2018. Our data processors are outlined below:

Data Processor - Microsoft Azure
Microsoft Azure is a cloud computing service created by Microsoft for managing applications and services.  We use Azure to manage Oxcare and store its contents.  Microsoft only stored data within the UK

To view their privacy policy please click here


Data Protection laws gives individuals rights in respect of the personal information that we hold about you. These are:

1. To be informed why, where and how we use your information.

2. To ask for access to your information (see page 4).

3. To ask for information to be corrected if inaccurate or incomplete.

4. To ask for your information to be deleted or removed where there is no need for us to continue processing it.

5. To ask us to restrict the use of your information.

6. To ask us to copy or transfer your information from one IT system to another in a safe and secure way, without impacting the quality of the information.

7. To object to how your information is used.

8. To challenge any decisions made without human intervention (automated decision making).


To request copies of your personal information, please contact the health records team at the Trust site where you are receiving treatment.

For more information please contact us at: oxl-tr.oxcare@nhs.net

NHS login

Please note that if you access our service using your NHS login details, the identity verification services are managed by NHS England. NHS England is the controller for any personal information you provided to NHS England to get an NHS login account and verify your identity, and uses that personal information solely for that single purpose. For this personal information, our role is a “processor” only and we must act under the instructions provided by NHS England (as the “controller”) when verifying your identity. To see NHS England’s Privacy Notice and Terms and Conditions, please click here. This restriction does not apply to the personal information you provide to us separately.


We use cookies to ensure that we give you the best experience on our digital platform. Click here for more information.