Privacy notice and cookies

We employ surveillance cameras (CCTV and Body Worn Video) on and around the hospital site in order to:

• Provide a deterrent effect and reduce unlawful activity.
• Help provide a safer environment for our staff.
• Protect patients, visitors, staff, and Trust property.
• Apprehend and prosecute offenders and provide evidence to take criminal or civil action in the courts.

We reserve the right to hold information where permissible under Data Protection legislation and we will only retain surveillance data for 30 days.

When you telephone Trust services, we use a system called Netcall to record calls made to Trust services. These recordings are held for 30 days and used for training and monitoring purposes.

In certain circumstances (high profile investigations, serious or criminal incidents) we may need to hold or disclose recordings longer than this time. In these circumstances the relevant retention period will be applied based on the reason we are retaining this.

All patients and visitors are reminded that mobile phones can be used in public and communal areas to make calls but are not always allowed on wards or clinical areas as they could affect medical equipment or disturb those who require rest.

Patients or visitors who wish to film, record, take photos or video call, please discuss with a member of staff and gain consent so that we can protect the privacy and dignity of staff, other patients, and their visitors. For further information please refer to the Audio and visual recordings by people who use our services and public policy.

Torbay and South Devon NHS Foundation Trust is required by law to protect the public funds it administers. It may share information provided to it with other bodies responsible for auditing or administering public funds, in order to prevent and detect fraud.

The Trust is a mandatory participant of the Cabinet Office’s National Fraud Initiative (NFI) which is a data matching exercise undertaken by the Cabinet Office to assist in the prevention and detection of fraud. We are required to provide particular sets of data to the Cabinet Office for each exercise.

This notice link sets out how the Cabinet Office use your personal data, and your rights. It is made under Article 14 of the UK General Data Protection Regulation (GDPR).

The Cabinet Office process information that you provide when seeking payment for employment from an organisation that takes part in the NFI. This is referred to as payroll data.

They process information you provide when seeking payment of an invoice from an organisation that takes part in the NFI. This is referred to as trade creditor standing and payment history data.

Data matching involves comparing sets of data, such as payroll of a body against other records held by the same or another body to see how far they match. This is usually personal information and Trust creditors’ data. The data matching allows potentially fraudulent claims and payments to be identified. Where a match is found it may indicate that there is an inconsistency which requires further investigation. No assumption can be made as to whether there is fraud, error or other explanation until an investigation is carried out.

The use of data by the Cabinet Office in a data matching exercise is carried out with statutory authority under Part 6 of the Local Audit and Accountability Act 2014

Data matching by the Cabinet Office is subject to a Code of Practice. Should you wish to know more information on this Fair Processing Notice please see the more detailed full text. View further information on the Cabinet Office’s legal powers and the reasons why it matches particular information.

For further information on data matching at Torbay and South Devon NHS Foundation Trust contact Gareth Cottrell, Local Counter Fraud Specialist

As a data subject, you have rights over your personal information as defined under UK GDPR and the Data Protection Act 2018.

Your information rights are listed below:

1. The right to be informed

You have the right to know what personal information we collect about you, why we collect it, how we use it, and who we share it with. We explain this in our privacy notice and will always try to be clear and open with you.

We make our privacy information accessible in several different ways, if you need support understanding how your data is being used, we recommend you speak to your clinical team in the first instance, otherwise you can contact Information Governance.

2. The right of access

You can ask to see the personal information we hold about you. This is sometimes called a “subject access request.” We’ll provide you with a copy of your information.

Please note, subject access requests are subject to several different exemptions depending on the type of information you have requested. For more information refer to our Data Protection pages.

3. The right to rectification

If you think any information, we hold about you is wrong or incomplete, you can ask us to correct it. We’ll fix any mistakes as quickly as possible.

Please note, we may not be able to remove incorrect information from clinical records, however we will always add an addendum or correction notice to ensure only accurate information is acted upon.

For information or to submit a rectification request, please contact the Data Access & Disclosure Office

4. The right to erasure (“right to be forgotten”)

You can ask us to delete your personal information in certain circumstances, for example, if we no longer have a reason to hold it or if you withdraw your consent (where consent is the legal basis for processing).

Please note, we do not use consent as our legal basis for processing information for direct healthcare purposes. If you wish for information to be erased from your clinical record, we will discuss the options available with you, including rectification and objection.

5. The right to restrict processing

You can ask us to limit how we use your information, for example, if you’re concerned about its accuracy or how it’s being used. The right to restrict processing is temporary measure and does not apply to all data processing activities. For more information contact Information Governance.

6. The right to data portability

You can ask us to give you your information in a format that makes it easy to move, copy, or transfer to another organisation. This right only applies where we are processing your information based on consent or under contract. For more information contact Information Governance.

7. The right to object

You can object to us using your information in certain ways, such as for direct marketing or where we process your data based on our legitimate interests. Where you object to data processing, we must demonstrate that we have compelling legitimate grounds to override your objection.

If you object to processing for care purposes, in most cases, we will ask for a senior clinician to meet with you to understand your concerns. For more information contact Information Governance.

8. Rights related to automated decision-making

If we use computers to make decisions about you without human involvement (for example, profiling), you have the right to ask for a person to review the decision. For more information contact Information Governance.

How to use your rights

You don’t need to mention a specific right or use legal terms, just tell us what you want to know or what you’d like us to do. You can make a request verbally or in writing, either by calling 01803 654868 or emailing Data Protection.

We’ll respond within one month and explain what we’ve done or why we can’t do what you’ve asked.

If you’re unhappy

If have any questions or queries about how your information is being used, please contact our Data Protection Officer (details in this notice).

You also have the right to complain to the Information Commissioner’s Office (ICO), who oversees data protection in the UK.

The ICO can be contacted on:

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Tel: 0303 123 1113

The NHS is committed to respecting the privacy of individuals using this website. Torbay and South Devon NHS Foundation Trust does not collect personally-identifiable information about users of this site.

We do analyse server log files, which contain details such as IP address, pages viewed, times of access, and the type of web browser used. None of this information is linked to individuals or shared with third parties.

Cookies used on this website

Our site uses cookies to improve functionality, provide embedded content, and help us understand how the site is used. When you first visit, you can manage your preferences using the cookie banner or via the cookie icon in the lower-left corner of your browser window.

There are two main types of cookies you may encounter:

• First-party cookies – created by this website and controlled by us.
• Third-party cookies – set by external services we embed or integrate, such as Google, Vimeo, YouTube, or the Browsealoud accessibility toolbar.

First-party cookies

A to Z list filter: We use a cookie to remember the last letter you selected in the A to Z services list. This ensures the page reloads with the same filter when you return. This is a functional cookie.

Silktide Cookie Control: We use a cookie to store your cookie consent choices (which categories you allow or reject). This is essential for the site to function correctly.

Functional / Accessibility cookies

Browsealoud (ReachDeck) toolbar: Our website uses the Browsealoud plugin, which reads text aloud. Cookies may store your preferences and settings for this tool. To find out more, visit Texthelp.

Google services cookies

Google Analytics: We use Google Analytics to collect statistics about site usage. These cookies do not contain personal information and are only used to improve the website experience.

Google Maps: Some pages include interactive maps. Cookies may store preferences for these maps or other Google services.

To find out more, visit Google’s Privacy Policy.

Third-party embedded content

Vimeo videos: We embed videos from our Vimeo channel. When you play a video, Vimeo may set cookies to enable playback and collect information about how the video is used. These cookies help Vimeo provide video functionality and analytics. More information: Vimeo Cookie Policy.

YouTube videos: We embed videos from our YouTube channel using privacy-enhanced mode. Cookies may be set once you play a video, but YouTube will not store personally-identifiable information. More information: YouTube Embedded Video Information.

How to control and delete cookies

You can manage your cookie preferences at any time via the cookie icon in the lower-left corner of your browser window. This opens the Silktide Cookie Control panel, where you can:

• Accept all cookies
• Reject non-essential cookies
• Manage individual cookie categories (Functional, Google services, YouTube, Vimeo)

If you prefer, you can also restrict or block cookies through your browser settings. Each browser is different, so check the ‘Help’ menu of your particular browser or your mobile device manual for guidance.

Comprehensive information about cookies, including how to delete them, is available at:

• www.allaboutcookies.org

Please note: restricting cookies may prevent some parts of the site from functioning correctly.

Cookies we use on our website