Other Data Processing
Private Patients
Data processing purposes
- Providing direct care and treatment
- Carrying out local clinical audits; reviews of the care provided to make sure it is of the highest standard
- Activity monitoring
- Paying the hospital and its staff for the care they give you
- Invoicing and debt recovery
- Auditing financial accounts
- Fully investigate any concerns or complaints raised about direct care provided
Information collected
- Basic details such as your name, address, date of birth, phone number, Next of Kin; guarantor/sponsor etc.
- Nationality; Passport number
- GP and insurance company details
- Contacts we have had with you, such as outpatient clinic visits
- Notes and reports about your health and any treatments you receive
- Results of investigations such as laboratory and radiology results
Information may be shared with
- Insurance company if you are not paying for your care yourself
- NHS Shared Business Services for invoicing and debt recovery purposes
- Your GP and other healthcare providers involved in your care
Lawful basis
- GDPR Article 6(1)(e): Processing is necessary for the performance of a task carried out in the public interest in the exercise of official authority vested in the controller
- GDPR Article 6(1)(b): processing is necessary for a contract you have with the individual, or because they have asked you to take specific steps before entering into a contract
- GDPR Article 9(2)(h): Processing is necessary for the purposes of preventive or occupational medicine, for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services.
Overseas Visitors
Data processing purposes
- Providing direct care and treatment
- Carrying out local clinical audits; reviews of the care provided to make sure it is of the highest standard
- Activity monitoring
- Paying the hospital and its staff for the care they give you
- Invoicing and debt recovery purposes
- Auditing financial accounts
- Fully investigate any concerns or complaints raised about direct care provided
Information collected
- Basic details such as your name, address, date of birth, phone number, Next of Kin; etc.
- Personal demographics: gender
- Nationality; Passport number; Home Office reference number etc.
- GP details
- Contacts we have had with you, such as outpatient clinic visits
- Notes and reports about your health and any treatments you receive
- Results of investigations such as laboratory and radiology results
Information may be shared with
- Home Office
- NHS Shared Business Services for invoicing and debt recovery purposes
- Your GP and other healthcare providers involved in your care
Lawful basis
- GDPR Article 6(1)(c): Processing is necessary for compliance with a legal obligation to which the controller is subject
- GDPR Article 6(1)(e): Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller
- GDPR Article 9(2)(h): Processing is necessary for the purposes of preventive or occupational medicine, for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services
LHCH Charity
Data processing purposes
Annual charity mailout to raise awareness of the work under taken by the LHCH charity and support provided to the Trust from charitable funds to help deliver quality healthcare to patients. More information available on the LHCH Charity website.
Information collected
- Name
- Address
Information may be shared with
Third party mailing services supplier under contractual terms to facilitate the annaul mail out on behalf of the hospital. No data is shared with the LHCH Charity.
Lawful basis
GDPR Article 6(1)(f): Processing is necessary for your legitimate interests or the legitimate interests of a third party, unless there is a good reason to protect the individual’s personal data which overrides those legitimate interests.
Foundation Trust Public Members
Data processing purposes
Information used to support your membership of the Trust, to keep your informed and invite you to participate in activities:
- Members Matters newsletters
- Members survey
- Annual members meetings
- Membership events
- Council of Governors elections
Information collected
- Basic details such as your name, address, date of birth, phone number, mobile phone number; email address and membership preferences (what you are most interested in).
- Personal demographics: gender; ethnic group
Information may be shared with
Information is only used in relation to membership and is not shared elsewhere
Lawful basis
- GDPR Article 6(1)(e): Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller
Visitors/General Public
Data processing purposes
- To register ‘reportable incidents’ on hospital premises
- CCTV images are used to protect patients, visitors and staff, and for prevention & detection of crime and disorder
Information collected
- Basic details such as your name, address, date of birth, phone number, mobile phone number; job title, staff class (group) and email address
Information may be shared with
- Health and Safety Executive (HSE)
- The police
Lawful basis
- GDPR Article 6(1)(c): processing is necessary for compliance with a legal obligation to which the controller is subject
Website Users
Data processing purposes
- You can read our specific internet privacy policy page
- You can read more about how we use cookies on our Cookies page
Lawful basis
- GDPR Article 6(1)(e): Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller
Information may be shared with
Data is not shared externally and is not sold to third party organisations. The hospital may be required to share the data if required to be shared for any other lawful requirement imposed on the hospital.
Hosted Organisations
Liverpool Heart and Chest Hospital NHS Foundation Trust hosts the following organisations
All personal data collected by the Trust and hosted organisations is processed in accordance with the requirements of the Data Protection Act 2018 / UK General Data Protection Regulation.