Skip to content
Muted
  Vibrant
Map & Directions Contact us

Other Data Processing

Private Patients

Data processing purposes

  • Providing direct care and treatment
  • Carrying out local clinical audits; reviews of the care provided to make sure it is of the highest standard
  • Activity monitoring
  • Paying the hospital and its staff for the care they give you
  • Invoicing and debt recovery
  • Auditing financial accounts
  • Fully investigate any concerns or complaints raised about direct care provided

Information collected

  • Basic details such as your name, address, date of birth, phone number, Next of Kin; guarantor/sponsor etc.  
  • Nationality; Passport number
  • GP and insurance company details
  • Contacts we have had with you, such as outpatient clinic visits
  • Notes and reports about your health and any treatments you receive
  • Results of investigations such as laboratory and radiology results

Information may be shared with

  • Insurance company if you are not paying for your care yourself
  • NHS Shared Business Services for invoicing and debt recovery purposes
  • Your GP and other healthcare providers involved in your care

Lawful basis

  • GDPR Article 6(1)(e): Processing is necessary for the performance of a task carried out in the public interest  in the exercise of official authority vested in the controller
  • GDPR Article 6(1)(b): processing is necessary for a contract you have with the individual, or because they have asked you to take specific steps before entering into a contract
  • GDPR Article 9(2)(h): Processing is necessary for the purposes of preventive or occupational medicine, for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services.

Overseas Visitors

Data processing purposes

  • Providing direct care and treatment
  • Carrying out local clinical audits; reviews of the care provided to make sure it is of the highest standard
  • Activity monitoring
  • Paying the hospital and its staff for the care they give you
  • Invoicing and debt recovery purposes
  • Auditing financial accounts
  • Fully investigate any concerns or complaints raised about direct care provided

Information collected

  • Basic details such as your name, address, date of birth, phone number, Next of Kin; etc.  
  • Personal demographics: gender
  • Nationality; Passport number; Home Office reference number etc.
  • GP details
  • Contacts we have had with you, such as outpatient clinic visits
  • Notes and reports about your health and any treatments you receive
  • Results of investigations such as laboratory and radiology results

Information may be shared with

  • Home Office
  • NHS Shared Business Services for invoicing and debt recovery purposes
  • Your GP and other healthcare providers involved in your care

Lawful basis

  • GDPR Article 6(1)(c): Processing is necessary for compliance with a legal obligation to which the controller is subject
  • GDPR Article 6(1)(e): Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller
  • GDPR Article 9(2)(h): Processing is necessary for the purposes of preventive or occupational medicine, for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services

LHCH Charity

Data processing purposes

Annual charity mailout to raise awareness of the work under taken by the LHCH charity and support provided to the Trust from charitable funds to help deliver quality healthcare to patients. More information available on the LHCH Charity website.

Information collected

  • Name 
  • Address
 

Information may be shared with

Third party mailing services supplier under contractual terms to facilitate the annaul mail out on behalf of the hospital. No data is shared with the LHCH Charity.  

Lawful basis

GDPR Article 6(1)(f): Processing is necessary for your legitimate interests or the legitimate interests of a third party, unless there is a good reason to protect the individual’s personal data which overrides those legitimate interests. 

Foundation Trust Public Members

Data processing purposes

Information used to support your membership of the Trust, to keep your informed and invite you to participate in activities:

  • Members Matters newsletters
  • Members survey
  • Annual members meetings
  • Membership events
  • Council of Governors elections

Information collected

  • Basic details such as your name, address, date of birth, phone number, mobile phone number; email address and membership preferences (what you are most interested in).  
  • Personal demographics: gender; ethnic group

Information may be shared with

Information is only used in relation to membership and is not shared elsewhere

Lawful basis

  • GDPR Article 6(1)(e): Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller

Visitors/General Public

Data processing purposes

  • To register  ‘reportable incidents’ on hospital premises
  • CCTV images are used to protect patients, visitors and staff, and for prevention & detection of crime and disorder

Information collected

  • Basic details such as your name, address, date of birth, phone number, mobile phone number; job title, staff class (group) and email address

Information may be shared with

  • Health and Safety Executive (HSE)
  • The police

Lawful basis

  • GDPR Article 6(1)(c): processing is necessary for compliance with a legal obligation to which the controller is subject

Website Users

Data processing purposes

Lawful basis

  • GDPR Article 6(1)(e): Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller

Information may be shared with

Data is not shared externally and is not sold to third party organisations. The hospital may be required to share the data if required to be shared for any other lawful requirement imposed on the hospital.

Hosted Organisations

Liverpool Heart and Chest Hospital NHS Foundation Trust hosts the following organisations

All personal data collected by the Trust and hosted organisations is processed in accordance with the requirements of the Data Protection Act 2018 / UK General Data Protection Regulation.