fix bar
fix bar
fix bar
fix bar
fix bar
fix bar

Children's Privacy Statement

Children's Privacy Statement

An introduction to the General Data Protection Regulations (GDPR)

Your personal information is very important to you – and to us. The way we keep, collect and use information about you has developed alongside technology.

The laws that govern the use of your personal data have changed to cover these developments. From 25 May 2018, the UK must adhere to the new Data Protection laws – which are known as the General Data Protection Regulations (GDPR).

What does this mean for me and my data?

You’re better protected

The new rules make sure that all organisations are set up to protect any personal data they hold, and to act if something goes wrong. Rest assured, robust security has always been a crucial part of everything we do.

You have more control

You have a right to have your privacy respected and your data protected. The new law gives you easier access to the personal information we hold about you, if you wish to check or change it. It is designed to give you confidence that this information is accurate, up to date, and well managed. You can choose who can contact you, and how. You can change your mind at any time. You can control if and how we contact you, for example by email or phone. We must give you the opportunity to change your mind about the choices you have made. This helps to give you options and keep you in control.

We will only collect your information to carry out health and social support. When we have collected it, here is how we use it?

  • To get in touch with you and your parents.
  • To support your health needs, monitor and report on your progress.
  • To provide appropriate care and support whilst at home or one of our clinics for example attending a party.

Do my parents need to be involved?

If you are competent and able to understand the repercussions of approving access to your data, we would expect any consent to be provided by you. A general rule we use is 13 years and over, but this can vary. But even if you are competent, your parents can be involved. It’s your choice.
We will always let you know what we need your information for.

What services do you provide?

East Suffolk and North Essex NHS Foundation Trust (ESNEFT) serves the geographical area of East Suffolk and North Essex with a population of more than 700,000. We are two acute hospitals (Colchester Hospital and Ipswich Hospital), but we are also responsible for and/or utilise the following community services:

• Aldeburgh Community Hospital
• Felixstowe General Hospital
• Bluebird Lodge
• Hartismere Place
• Foot and Ankle Service
• Community Nursing Services (East Suffolk)
• Clacton and Harwich Community Hospitals
• Halstead Hospital
• North East Essex and Suffolk Pathology Services (NEESPS)
• North East Essex Community Services

How do I access my medical records?

Your medical and healthcare information is just that – yours. You can access the information we hold about you at any time – and at no additional cost. If you would like to see the information we hold about you, you can request a copy of your medical records. There is no charge for this services, and all requests will be completed within one calendar month.

If you are seeking copies of your child’s health records, you will also need to supply proof of your child’s identity and your parental responsibility. Access to health records legislation allows us to share health records of a deceased person with authorised representative(s) or any person who may have a claim arising out of that person’s death.

If you are requesting personal information about someone who has died you will need to supply a copy of their death certificate and proof that you are the executor or a beneficiary within the last will and testament.

If this is something you would like to do please click on the following link which will take you to the SARs Portal where you will be asked to register yourself on the system and to make your request:

The first time you use the portal you will need to create an account, it only takes 2 minutes.

What are my rights under GDPR?

You have a number of rights regarding your data under GDPR:

The right to request access
You have the right to obtain:
• confirmation that your data is being processed
• access to your personal data
• other information
• evidence that we treat your information within the rules of the law.

The right to be informed
• You have the right to be informed about the collection and use of your personal information.
• We must provide you with information including: our purposes for processing your personal information, our retention periods for that personal information, and who it will be shared with. We call this ‘privacy information’.

The right to request rectification
• You have the right to ask that any information you believe is inaccurate be corrected or completed if it is incomplete.

The right to request erasure
• You have the right to ask that we delete any information we hold about you. This is also known as the right to be forgotten.

The right to restrict processing
• This means that you can limit the way we share your information. This is an alternative to requesting the erasure of your information. • This means that we can hold your information but we cannot use it or share it with external organisations.

The right to object
• to us using your information for reasons other than to provide you with care
• to your information being used for direct marketing (including profiling)
• to your information being used for purposes of scientific or historical research and statistics

How do I withdraw consent from sharing my information?

If you were asked to give consent for your information to be shared and you no longer wish for this to happen, you can withdraw your consent at any time. You can also request the following:
• To have information you believe to be incorrect, corrected (Right to Rectification)
• To have your information erased (Right to Erasure)
• The processing of your information restricted (Right to Restrict Processing) If this is something you wish to do please contact:

Sarah Preston, Head of Information Governance (Postbag S618) Ipswich Hospital, Heath Road, Ipswich IP4 5PD
Telephone: 01473 702878

What information do you collect from me?

We collect and store personal identifiable information about you in order to provide you with the necessary investigations, care and treatment that you need. This information includes but is not restricted to:
• full name
• date of birth
• address
• contact details (phone number/email address)
• NHS number
• details of current medical information
• details of care and treatment previously provided by us
• information received from other health care providers
• information sent to other health care providers.

Where do you get my information from?

The community first receives information about you from the professional who refers you for further investigation or treatment. This may be:
• your GP
• a hospital
• social care providers
• other community health services
• private care practitioners
• other care providers.
When you attend the hospital we then record information you give us directly.

How do you protect my information?

All staff employed by ESNEFT are required to undertake mandatory annual training about their role and responsibilities when collecting and handling personal data.
We keep your information safe and secure and comply with industry standards such as Cyber Security Essentials and the Data Security and Protection Toolkit. We only share your data in a way that identifies you when absolutely necessary and never sell it onto third parties.

What do you do with my information?

Most importantly we use your information to provide you with the care and treatment you need. In addition to this:
• we may need to use your information to help us protect the health of the public for example; monitoring of certain infectious diseases such as tuberculosis
• to ensure the Trust runs efficiently, plans for the future, trains its staff, pays its bills and can account for its actions
• your information may be used for the benefit of clinical research
• you may need to receive care or equipment from other providers therefore we would need to share your information so that they can provide you with the necessary equipment or care and treatment you need
• in certain circumstances we are required by law to share your information with other organisations and authorities • your information may be used to defend a legal claim or where a court instructs us to
• we may use your information to protect your vital interests or the interests of any individuals when you are unable to give consent.
There are occasions where we would like to use your information for reasons other than stated above.
• This could mean providing your information to third parties who require it to test new technologies or providing your information to assess the services we currently provide so that we can improve them.
Where we require your information for these purposes we would need your explicit consent to use it. This is because it is your information and we must have your consent to use it for any purpose other than those stated above.
Please be assured that your care will not be affected if you do not provide consent for your information to be used for anything other than your direct care.
If you do give your consent but later change your mind you have the right to withdraw your consent at any time.

Who do you share my information with?

Below is a list of some of the types of organisations we may share your information with:
• GP practices
• other NHS trusts
• clinical commissioning groups
• the police
• community teams
• social care providers
• equipment providers
• regulatory bodies
• IT providers
• support services
• registry offices
• coroners
• funeral directors
• medical schools
• the Health Research Authority (if you have consented to participate in clinical research)
• other healthcare providers.

How long do you keep my information for?

How long we keep your information depends on what the information is. For up to date details about the retention periods please refer to the Information Governance Alliance Records Management Code of Practice for Health and Social Care, available on the NHS Digital website.

Is my data held or transferred overseas?

All Trust servers are based in the UK however some of the service providers we use may hold your information outside the UK. If we do transfer your personal information outside the of the UK we will make sure that it is protected to the same extent as it would be within the UK.

Who is responsible for Data Protection at ESNEFT?

There are a number of roles within the Trust that have responsibility for protecting the information you provide us with.
• The Senior Information Risk Owner (SIRO) is Mike Meers, Director of ICT and Chief Information Officer
• The Caldicott Guardian is Dr Martin Mansfield, Deputy Chief Medical Officer
• The Data Protection Officer (DPO) is Sarah Preston, Lead for Information Governance
All our staff are required to access only the information they need to provide you with the care and treatment you need. They must also keep it safe and secure at all times.


Cookies are text files containing small amounts of information which are downloaded to your device when you visit a website. Cookies are then sent back to the originating website on each subsequent visit. Cookies are useful because they allow a website to recognise a user’s device. You can find more information about cookies by watching this simple animation.

We use cookies to collect information about how our website visitors use the website (via Google Analytics), for instance which pages visitors go to most often, and if they get error messages from web pages. These cookies don’t collect information that identifies a visitor. All information these cookies collect is aggregated and therefore anonymous. It is only used to improve how our website works.


This website contains links to other sites. Please be aware that is not responsible for the privacy practices of other websites. We encourage our users to be aware when they leave our site and to read the privacy statements of other websites.

Notification of changes

If we decide to change our privacy policy, we will post those changes on our homepage so our users are always aware of what information we collect and how we use it.


We is not responsible for the content or reliability of the linked websites and do not necessarily endorse the views expressed within them. Listing shall not be taken as endorsement of any kind. We cannot guarantee that these links will work all of the time and we have no control over the availability of linked pages.

Any further questions or concerns?

If you have any concerns about the security of your information please contact the Information Governance team on 01473 702878 or 702874.

Back to Top