Skip to content
Map & Directions Contact us

Privacy Policy

This privacy notice tells you what to expect us to do with your personal information when you complete an online enquiry form to Liverpool Heart and Chest Hospital NHS Foundation Trust.

Personal information (or personal data) is any information which relates to and identifies you. Data protection legislation (the General Data Protection Regulation (GDPR) and the Data Protection Act 2018) sets out how we should handle your personal information.

What information do we collect from you?

In addition to using cookies on our website, we collect information from online forms. The forms on our website are:

  • Contact Form 
  • Bereavement comments and feedback 
  • Your ICD Questions
  • Request Service
  • Access to Health Records 
  • Ask Jane

How is your information collected?

We collect information from you when you complete an electronic enquiry form on our website. Other enquiry routes may include, but isn’t limited to, letter, email, telephone, social media or an enquiry in person.

What is the purpose of processing your data?

When you make an enquiry to Liverpool Heart and Chest Hospital, we will use your information to answer your enquiry and to communicate with you.

How do we keep your information secure

Liverpool Heart and Chest Hospital NHS Foundation Trust has robust information security policies in place to protect your information. Your information will be stored on the Trust’s secure electronic systems and all staff within Liverpool Heart and Chest Hospital have a responsibility to make sure that your data is handled securely.

What is the legal basis for processing your information

Liverpool Heart and Chest Hospital relies on the following legal bases from the GDPR to process information about you for the purposes set out in this notice:

Article 6(1)(a), which allows us to process personal data where you have provided your consent. Where we rely on consent, we will ensure your consent is freely given, fully informed and that you can withdraw it at any time.

How long is your information stored for?

We do not keep data longer than is necessary and will keep online form completion data for period your enquiry is active but no more than three months.

Who is your information shared with?

When you provide us with your personal data, we will only use it for the reason you provided. This data will not be shared with a third party unless you are informed that this will happen and you agree.

What are your individual rights?

Data Protection law gives individuals rights in respect of the personal information that we hold about you. These are:

  1. To be informed why, where and how we use your information
  2. To ask for access to your information
  3. To ask for your information to be corrected if it is inaccurate or incomplete
  4. To ask for your information to be deleted or removed where there is no need for us to continue processing it
  5. To ask us to restrict the use of your information
  6. To ask us to copy or transfer your information from one IT system to another in a safe and secure way, without impacting the quality of the information
  7. To object to how your information is used
  8. To challenge any decisions made without human intervention (automated decision making)

You have the right to refuse (or withdraw) consent to information sharing at any time. However, this may not be possible if the sharing is a mandatory or legal requirement imposed on the Trust.


If you have any questions about the personal information that we hold about you, or have any concerns as to how your data is processed, you can contact the Communications Department on 0151 600 1410 / 1423, email or write to us at Communications Department, Liverpool Heart and Chest Hospital NHS Foundation Trust, Thomas Drive, Liverpool, L14 3PE.

You can also contact the Trust’s Head of Information Governance / Data Protection Officer (DPO) by email to

Changes to this notice

This Notice has been developed to be compliant with the General Data Protection Regulations (GDPR). This Notice is regularly reviewed and sometimes updated. It is important that you check for updates to this Notice which could be made at any time.


Privacy Policy


When we provide services, we want to make them easy, useful and reliable. Where services are delivered on the internet, this sometimes involves placing small amounts of information on your device, for example, computer or mobile phone. These include small files known as cookies. They cannot be used to identify you personally.

These pieces of information are used to improve services for you through, for example:

  • Enabling a service to recognise your device so you don't have to give the same information several times during one task
  • Recognising that you may already have given a username and password so you don't need to do it for every web page requested
  • Measuring how many people are using services, so they can be made easier to use and there's enough capacity to ensure they are fast

You can manage these small files yourself and learn more about them through Internet browser cookies - what they are and how to manage them.

Cookies for improving service

Google Analytics sets cookies to help us accurately estimate the number of visitors to the website and volumes of usage, e.g. website statistics. This to ensure that the service is available when you want it and fast.

Name: _utma 
Typical content: randomly generated number 
Expires: 2 years

Name: _utmb 
Typical content: randomly generated number 
Expires: 30 minutes

Name: _utmc 
Typical content: randomly generated number 
Expires: when user exits browser

Name: _utmz 
Typical content: randomly generated number + info on how the site was reached (e.g. directly or via a link, organic search or paid search) 
Expires: 6 months

For further details on the cookies set by Google Analytics, please refer to the Google Code website.

Performance Cookies

Name: cc_cookie_accept 
Typical Content: Plain text which stores that you have clicked the accept cookies banner on the website. So it is not shown on every page. 
Expires: 1 year

Name: asp.net_sessionid 
Typical Content: Randomly generated string 
Expires: On browser close (session cookie)

Typical Content: Randomly generated string 
Expires: 1 month