Privacy and Fair Collection

Privacy and Fair Collection

Fair Collection/Privacy Notice - Data Protection Act 1998 

This page provides you with information about how we use and manage the personal data we hold about you, including how we share it with NHS and non-NHS organisations, and how we maintain confidentiality.


What is personal data?

Personal data is information that relates to a living individual who can be identified from that data.


Why we collect information about you

Taunton and Somerset NHS Foundation Trust keeps records about the health care and treatment you receive as one of our patients.  This helps to ensure that you receive the best possible care from us.


Taunton and Somerset NHS Foundation Trust also keeps records relating to staff for the purpose of appointments or removals, pay, discipline, superannuation, work management or other personnel matters.  This is to ensure that employment at the Trust is managed to a high standard.


It helps you because:

  • Accurate and up to date information assists us in providing patients with the right care
  • Full information is readily available if you see another doctor or are referred to a specialist or another part of the NHS
  • Accurate and up to date information assists us in providing staff with the information and training required to carry out their role in the Trust


It helps the NHS to:

  • Prepare statistics on NHS performance
  • Audit NHS Services
  • Monitor how we spend public money
  • Plan and manage the health service
  • Teach and train healthcare professionals and NHS employees
  • Conduct health research and development 

Data Protection Act 1998

The Data Protection Act 1998 governs the processing of personal data held on computer systems and in other formats.  It restricts how we can use an individual’s data, and consists of 8 Data Protection Principles that must be applied when processing personal data.


Organisations that process personal data must register as a 'Data Controller', and notify the Information Commissioner (ICO) why they need to process the data.


Taunton and Somerset NHS Foundation Trust is the Data Controller of personal information that is collected by the Trust to help us provide and manage healthcare to our patients and relating to the employment of our staff.


Full details of all the purposes to which data may be put are listed at the ICO website (  Taunton and Somerset NHS Foundation Trust is registered with the Information Commissioner.  The Trust registration number is Z1405877.


What kind of information does the Trust collect/hold about you?

  • Name, address, date of birth, NHS Number and next of kin
  • Contact information i.e. telephone number
  • Contacts we have had with you such as clinic visits
  • Details of diagnosis and treatment
  • Allergies and physical or mental health conditions
  • Racial or Ethnic Origin
  • Religious or other beliefs of a similar nature
  • Offences, criminal proceedings, outcomes and sentences.
  • Family, lifestyle and social circumstances
  • Education and training details
  • Employment details
  • Financial details

How do we keep your records confidential?

Everyone working for the NHS is subject to the Common Law Duty of Confidence.  Information provided in confidence will only be used for the purposes advised and consent given by the individual to whom the information relates, unless there are other circumstances covered by the law.


Under the NHS Confidentiality Code of Conduct, all our staff are also required to protect your information, inform you of how your information will be used, and allow you to decide if and how your information can be shared.  This will be noted in your records.


Taunton and Somerset NHS Foundation Trust shares data with a range of organisations.  Wherever possible the information is anonymised.  However, data may be shared with other organisations for the purposes of caring for a patient.  In that case the data has to be identifiable to ensure that all parties are always clear exactly whose data is being used.


We may share your information for health purposes with other NHS organisations, e.g. CCG, CSU, health authorities, other NHS Trusts, general practitioners (GPs), ambulance services and other NHS common services agencies such as primary care agencies.


Information sharing with non-NHS organisations

For your benefit, we may also need to share information from your health records with non-NHS organisations, from which you are also receiving care, such as social services or private healthcare organisations. This information is only routinely shared with data processors with whom we have written contracts to undertake work for us. These non-NHS organisations are not allowed to use the data for their own purposes.

Where there is no written contract Taunton and Somerset NHS Foundation Trust will not disclose any health information to third parties without your explicit consent, unless there are exceptional circumstances, such as when the health or safety of others is at risk or where the law requires it.


We may also be asked to share basic information about you, such as your name and address, which does not include sensitive information from your health records.  Generally, we would do this to assist them to carry out their statutory duties.  In these circumstances, where it is not practical to obtain your explicit consent, we are informing you through this notice, which is referred to as a Fair Processing Notice, under the Data Protection Act.


Where patient information is shared with other non-NHS organisations, an information sharing agreement is drawn up to ensure information is shared in a way that complies with relevant legislation.


These non-NHS organisations may include, but are not restricted to: social services, education services, local authorities, the Police, voluntary sector providers and private sector providers. 


Third Parties

Taunton and Somerset NHS Foundation Trust does not sell, rent or lease its customer lists to third parties.  From time to time we may contact you on behalf of external business partners about a particular offering that may be of interest to you.   In those cases, your unique personally identifiable information (e-mail, name, address, telephone number) is not transferred to the third party.  In addition, Taunton and Somerset NHS Foundation Trust may share data with trusted partners to help us perform statistical analysis, send you email, postal mail and/or appointment reminders, provide customer support or arrange for deliveries.  All such third parties are prohibited from using your personal information except to provide these services to Taunton and Somerset NHS Foundation Trust, and they are required to maintain the confidentiality of your information.


Taunton and Somerset NHS Foundation Trust uses the following third party organisations/providers to assist in the delivery of IT services: 

IMS MAXIMS             Synertec                                 SDL                             IBM                

iPP/SPS                      Netcall                                     WORD360

Click here to read the privacy impact assessment for our collaboration with DeepMind for the delivery of mobile platform and Streams app.

Note: This list is not exhaustive of all third party organisations used by Taunton and Somerset NHS Foundation Trust. Information may sometimes be shared with system suppliers for the purposes of maintenance.

Website Information

Information about your computer hardware and software is automatically collected.  This information can include your IP address, browser type, domain names, access times and referring Web site addresses.  This information is used for the operation of the service, to maintain the quality and provide general statistics regarding use of the Taunton and Somerset NHS Foundation Trust Web sites.


Taunton and Somerset NHS Foundation Trust Web sites will disclose your personal information, without notice, only if required to do so by law or in the good faith belief that such action is necessary to: (a) conform to the edicts of the law or comply with legal process served on Taunton and Somerset NHS Foundation Trust or the sites; (b) protect and defend the rights or property of Taunton and Somerset NHS Foundation Trust; and, (c) act under exigent circumstances to protect the personal safety of users of Taunton and Somerset NHS Foundation Trust, or the public.


Please keep in mind that if you directly disclose personally identifiable information or personally sensitive data through Taunton and Somerset NHS Foundation Trust public message boards, this information may be collected and used by others.  Note: Taunton and Somerset NHS Foundation Trust does not read any of your private online communications.

Links to other websites

Taunton and Somerset NHS Foundation Trust encourages you to review the privacy statements of Web sites you choose to link to from our site so that you can understand how those Web sites collect, use and share your information.  Taunton and Somerset NHS Foundation Trust is not responsible for the privacy statements or other content on Web sites outside the Taunton and Somerset NHS Foundation Trust family of Web sites.  Therefore we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites.


Collecting personal information on E forms

Taunton and Somerset NHS Foundation Trust web sites use electronic forms. These forms enable you to give us feedback about the web site, to feedback about specific activity the Hospital is involved in; to feedback as part of a formal consultation; to take part in fundraising activities or giving; to register for an event or activity; to register interest as a member or Volunteer.


Where we are asking for personal information we will always ask you to acknowledge acceptance and understanding of this Fair Collection/Privacy Notice, before the electronic form can be submitted.   



Direct Marketing

Taunton and Somerset NHS Foundation Trust may also use your personally identifiable information to inform you of other products or services available from Taunton and Somerset NHS Foundation Trust and its affiliates.  Taunton and Somerset NHS Foundation Trust may also contact you via surveys to conduct research about your opinion of current services or of potential new services that may be offered.

Taunton and Somerset NHS Foundation Trust keeps track of the Web sites and pages our customers visit in order to determine which of our services are the most popular. This data is used to deliver customised content and advertising within to customers whose behaviour indicates that they are interested in a particular subject area.  You have the right to refuse / withdraw consent to direct marketing at any time.


Use of Cookies

The Taunton and Somerset NHS Foundation Trust Web site uses "cookies" to help you personalise your online experience.  A cookie is a text file that is placed on your hard disk by a Web page server.  Cookies cannot be used to run programs or deliver viruses to your computer.  Cookies are uniquely assigned to you, and can only be read by a web server in the domain that issued the cookie to you.

One of the primary purposes of cookies is to provide a convenience feature to save you time.  The purpose of a cookie is to tell the Web server that you have returned to a specific page.  For example, if you personalise pages, or register with Taunton and Somerset NHS Foundation Trust site or services, a cookie helps to recall your specific information on subsequent visits.  This simplifies the process of recording your personal information, such as billing addresses, shipping addresses, and so on.  When you return to the same Taunton and Somerset NHS Foundation Trust Web site, the information you previously provided can be retrieved, so you can easily use the features that you customised.

You have the ability to accept or decline cookies.  Most Web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer.  If you choose to decline cookies, you may not be able to fully experience the interactive features of the Taunton and Somerset NHS Foundation Trust services or Web sites you visit.


You can read more about the cookies used by the Musgrove web sites by clicking on the Cookie link at the bottom of the web page. 


Security of your personal information

Taunton and Somerset NHS Foundation Trust is committed to securing your personal information from unauthorised access, use or disclosure. Taunton and Somerset NHS Foundation Trust secures the personally identifiable information you provide on computer servers in a controlled, secure environment, protected from unauthorised access, use or disclosure. 


Patient satisfaction

We may use your details to contact you with patient satisfaction surveys relating to services you have used. This is to improve the way we deliver healthcare to you, our patient.


Your right to withdraw consent for us to share your personal information

You have the right to refuse / withdraw consent to information sharing at any time.  The possible consequences will be fully explained to you and could include delays in receiving care. 


Can I see my information?

Under the Data Protection Act 1998 a person may request access to information (with some exemptions) that is held about them by an organisation.  This is known as the Right of Subject Access.  If you require access to your health records you must make a written request to Medico-Legal Department at Taunton and Somerset NHS Foundation Trust depending on where you were seen:


Medico-Legal Department

Medical Records Department

Unit J, Crown Close
Taunton TA2 8RX


The Trust can only provide access to information it holds. For example to see the records held by your GP you have to contact the surgery.


The Access to Health Records Act 1990 also allows access, in certain circumstances, to information that we hold on deceased patients.


How long do we retain your records?

All our records are destroyed in accordance with the NHS Retention Schedule, which sets out the appropriate length of time each type of NHS records is retained. We do not keep your records for longer than necessary.


All records are destroyed confidentially once their retention period has been met, and the Trust has made the decision that the records are no longer required. 


Raising a concern

If you have a concern about any aspect of your care or treatment at this hospital or about the way your records have been managed, please contact:


Patient Advice & Liaison Service (PALS)

Taunton and Somerset NHS Foundation Trust

Taunton and Somerset NHS Foundation Trust

Taunton TA1 5DA


Tel: 01823 343536



Additionally, you have a right to complain to the Information Commissioner if ever you are unsatisfied with the way the Trust has handled or shared your personal information:


Information Commissioner's Office
Wycliffe House
Water Lane
Cheshire SK9 5AF

Tel: 0303 123 1113 (or 01625 545745 or 44 1625 545745 if calling from overseas)
Fax: 01625 524510


Changes to this Statement

Taunton and Somerset NHS Foundation Trust will occasionally update this Statement of Privacy to reflect company and customer feedback. Taunton and Somerset NHS Foundation Trust encourages you to periodically review this Statement to be informed of how Taunton and Somerset NHS Foundation Trust is protecting your information.

Contact Information

Taunton and Somerset NHS Foundation Trust welcomes your comments regarding this Statement of Privacy. If you believe that this Statement has not been adhered to, please contact Taunton and Somerset NHS Foundation Trust.  We will use commercially reasonable efforts to promptly determine and remedy the problem.


Further information

To learn more about how we use, manage and maintain confidentiality of your information, please speak to the health professionals concerned with your care, or contact:


Health Records & Information Governance Manager

Taunton and Somerset NHS Foundation Trust

Taunton TA1 5DA


Tel: 01823 320452


Author Carly Robertson Information Governance. Updated: March 2017