Under the data protection law we are legally required to explain how we use your personal information and your data protection rights.

Our contact details

Gateshead Health NHS Foundation Trust

Address: Gateshead Health NHS Foundation Trust, Queen Elizabeth Hospital, Queen Elizabeth Avenue, Sheriff Hill, Gateshead, NE9 6SX

Phone number: 0191 445 8418


ICO Registration Number: Z5014607

The type of personal information we collect

We currently collect and process the following information:

  • Patients
  • Employees
  • Complaints
  • Enquirers
  • National Surveys and Audits
  • Individuals captured by CCTV images

How we get the personal information and why we have it


Purpose of the Processing

At Gateshead Health NHS Foundation Trust we collect and process personal data on a daily basis in order to deliver the best possible services and outcomes to our users. This is essentially a daily part of our role. Records are kept in physical and electronic format to cover areas such as:

  • Basic details about you for example your address and next of kin, contacts, status etc
  • Details about your treatment care and support that you need and receive 
  • Investigation results notes and reports such as x-rays and laboratory tests
  • Relevant information from other health and social care professionals, relatives or those who know you and know you well.

We collect your information because it helps us to:

  • Confirm who you are and when we can contact you;
  • Make decisions about your ongoing care and treatment;
  • Administer and check your care is the right type and is safe and  effective;
  • Ensure that our healthcare professionals have accurate and up to date information to assess your needs and improve your care/treatment;
  • Ensure appropriate information is available should you be referred to other specialists/GPs or another part of the NHS, Social Care or Health Provider;
  • Allows us to investigate any concerns or complaints that you make against us.

It is essential that your details are accurate and up to date to avoid any mistakes. Patients should always check that their details are up to date and inform us of any changes as soon as possible.

Information Sharing

The Trust works in partnership with a number of NHS and Non-NHS organisations to deliver joined up integrated services to users. This may involve the Trust routinely sharing information with third parties where there is a genuine need for the information to be shared where there is a legal basis or patient consent has been provided.

Principal organisations we share information with include:

  • NHS Trusts involved in your care
  • GPs
  • Ambulance Services
  • Private sector providers who work with the Trust.

Subject to stricter agreements it may also include:

  • Adult and Children Services
  • Care Homes 
  • Local Authorities
  • Education Establishments
  • Voluntary Sector Providers.

We may also share anonymised data with Clinical Commissioning Groups for performance and commissioning purposes. Users are informed that the Trust has a legal obligation to share data where it is in respect of:

  • The notification of births
  • Where a formal court order has been served on us
  • To third parties such as the Police, the Department of Work and Pensions and anti-fraud agencies where it is for the purpose of the prevention and detection of crime and fraud
  • Where there is a need to protect the public interest
  • Where there is a need to protect vulnerable children and adults
  • Health and Safety purposes for example infectious diseases such as meningitis, measles etc.

Personal information is sometimes used to audit and manage the NHS and to help us protect the health of the public. Your information may be used to:

  • Audit our NHS services
  • Prepare statistics for NHS performance
  • Review the care we provide to ensure that it is of the highest standards
  • Investigate patient queries, audits, inspections, complaints and legal claims
  • Make sure our services can meet patient’s needs in the future for example service planning and service evaluations
  • Help educate and train our healthcare professionals

Legal Basis

The legal basis for the processing is covered under Article 6 (1)(e) of the General Data Protection Regulation where “processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller” and Article 9 (2)(h) where “processing is necessary for the purposes of preventative or occupational medicine for the assessment of the working capacity of the employee medical diagnosis the provision of health or social care or treatment or the management of health or social care systems and services on the basis of Union Or Member State law or pursuant to contract with a health professional”.

Disclosure of information

Sensitive personal information may be used in the following cases:

  • The information is necessary for your direct healthcare.
  • We have received consent from individuals to be able to use their information for a specific purpose.
  • There is a legal requirement that will allow us to use or provide information.
  • We have special permission called a “Section 251 agreement” (Section 60 of the Health and Social Care Act 2001 as re-enacted by Section 251 of the NHS Act 2006) which allows the Secretary of State for Health to make regulations to set aside the common law duty of confidentiality for defined medical purposes. Further information can be found on the Health Research Authority’s website

If you have any queries please contact your clinician or the Trust Data Protection Officer whose contact details are at the end of this notice. 

Research and Development

Research plays a pivotal role in the development of the health care service and in the delivery of the Trust services. The Trust is a proactive research institution which is reflected in our aims and values.

All research studies that involve the use of patient data for secondary purposes are required to present their trial and have their study approved by the Trusts Research and Ethics Committee before it takes place to ensure it is appropriate and worthwhile.

Users are always asked if they want to directly participate in the trial. In these circumstances, the Trust will always ask you for your express consent and inform you how your information will be used unless legislation permits use.


The Trust uses third-party companies to assess images and obtain diagnosis outcomes from clinicians for direct patient care. The companies act as data processors for the Trust and comply with the requirements of the General Data Protection Regulation and Data Protection Act 2018. The companies are 4Ways Healthcare, Everlight Radiology and MSI Reporting.

Access to these images is enabled for healthcare professionals in the provision of care and all companies are covered by contract as required.

Employees, volunteers and job applicants

Purpose of the Processing

During the course of its employment activities, Gateshead Health NHS Foundation Trust collects, stores and processes personal information about prospective, current and former staff. This Privacy Notice includes applicants, employees (and former employees), workers (including agency, casual and contracted staff), volunteers, trainees and those carrying out work experience. 

Purposes of processing include:

Staff administration and management (including payroll and performance), Pensions administration, Business management and planning, Accounting and Auditing, Accounts and records, Crime prevention and prosecution of offenders, Education, Health administration and services, Information and databank administration and the Sharing and matching of personal information for national fraud initiative.

The types of information handled for the purposes of employment include:

Personal demographics (including gender, race, ethnicity, sexual orientation, and religion), Contact details such as names, addresses, telephone numbers and emergency contact(s), Employment records (including professional membership, references and proof of eligibility to work in the UK and security checks), Bank details, Pension details, Medical information including physical health or mental condition (occupational health information), Information relating to health and safety, Trade union membership, Offences (including alleged offences), criminal proceedings, outcomes and sentences, Employment tribunal applications, complaints, accidents, and incident details.

We have a legal basis to process this as part of your contract of employment (either permanent or temporary) or as part of our recruitment processes following data protection and employment legislation. We aim to maintain high standards, adopt best practices for our record keeping and regularly check and report on how we are doing.  Your information is never collected or sold for direct marketing purposes and is not processed overseas.

Employment Process

Gateshead Health NHS Foundation Trust is the data controller for all information you provide as part of the employment process unless otherwise stated. If you have any queries about how we handle your information please contact us at

All of the information provided to the Trust will only be used for the purposes of progressing your application or in certain circumstances to fulfil legal regulatory requirements if necessary.

We will not share the information you provide during the recruitment process for marketing purposes or store any of your information outside of the European Economic Area. The information you provide will be held securely by us and/or our data processors whether the information is in electronic or physical format. We will use the contact details you provide to us to contact you to progress your application. We will use the other information you provide to assess your suitability for the role you have applied for.

Information is provided through NHS jobs which is collated by Gateshead NHS Foundation Trust for the purposes of administering recruitment.

Legal Basis

Staff personal data is held by Gateshead Health NHS Foundation Trust for the purpose of administering the employment of its staff.  The legal basis for processing this data is based on Article (6)(1)(c) and Article (9)(2)(b) of the General Data Protection Regulation. Any other use will be explained at the point of collection with the relevant statutory provisions.

Disclosure/Sharing Information

The data is held for employment purposes by the Trust and will only be transferred to third parties where there is an established legal basis to do so with the appropriate safeguards in place. This may include but is not limited to statutory bodies such as the Care Quality Commission and Health and Safety Executive or regulatory bodies such as the General Medical Council, Nursing and Midwifery Council or the Health and Care professions Council where applicable.

There are a number of reasons why we share information.

  • Our obligations to comply with legislation
  • Our duty is to comply with any Court Orders which may be imposed.

 Any disclosures of personal data are always made on a case-by-case basis, using the minimum personal data necessary for the specific purpose and circumstances, along with appropriate security controls in place.  Information is only shared with those agencies and bodies who have a “need to know” or where you have consented to the disclosure of your personal data to such persons.

To enable effective staff administration Gateshead Health NHS Foundation Trust may share your information with external companies to process your data on our behalf in order to comply with our obligations as an employer. The Trust utilises Northumbria Healthcare NHS Foundation Trust Payroll as its payroll service who process data on employees.

The information which you provide during the course of your employment (including the recruitment process) will be held on the national NHS Electronic Staff Record (ESR) system.

We may use the information we hold about you to detect and prevent crime or fraud. We may also share this information with regulatory bodies such as the General Medical Council (GMC), Nursing and Midwifery Council (NMC), Health and Care Professions Council (HCPC) and other bodies that inspect and manage public funds where applicable.

We will not routinely disclose any information about you without your express permission. However, there are circumstances where we must or can share information about you owing to a legal/statutory obligation.

Complaints and enquiries

When the Trust receives a complaint from a person we make up a file containing the details of the complaint. This will normally contain the identity of the complainant and any other individuals involved in the complaint. This is based on the consent of the individual as the relevant legal basis under Article 6(1)(a) and Article 9(2)(a).

National surveys and audits

The Trust carries out National Surveys and Audits which allow us to manage our services, prepare statistics on our performance and review the care we are providing by ensuring we are meeting patients’ needs and national NHS obligations. If you would like to opt-out of taking part in surveys and audits please contact the Trust Data Protection Officer and your views will be respected. The following websites offer more information:

NHS Surveys website
National Patient and Staff surveys
Clinical Audit  

 We may use your contact details to conduct this survey under the relevant legal basis which in this case is paragraph 1(e) of Article 6 and “a task carried out in the public interest”.


The Trust aims to meet the highest standards when collecting and using personal information and we take any complaints we receive very seriously. We encourage people to bring concerns to our attention if they think that our collection or use is unfair misleading or inappropriate. Please contact the Trust using the contact details above if you have any such concerns.

Information will be held for the purposes of the complaint with your consent and will be used in the investigation and as part of any necessary enquiries.

Individuals captured by CCTV images

The Trust outsources its CCTV provision to QE Facilities which acts as a data processor for the Trust. These images are stored in a secured area and are only accessible by authorised staff and are deleted after 31 days.

Data protection rights

Under data protection law, you have rights including:

Your right of access – You have the right to ask us for copies of your personal information.

Request your health records

Your right to rectification – You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.

Your right to erasure – You have the right to ask us to erase your personal information in certain circumstances.

Your right to restriction of processing – You have the right to ask us to restrict the processing of your personal information in certain circumstances.

Your right to object to processing – You have the right to object to the processing of your personal information in certain circumstances.

Your right to data portability – You have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances.

You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you.


Information Governance Team

Data Protection Officer
Post: c/o Information Governance Team, Trust HQ, Queen Elizabeth Hospital, Sherriff Hill, Gateshead, NE9 6SX

If you are not content with the outcome of your confidentiality and data protection concern/complaint raised with the Trust you have the right to apply directly to the Information Commissioner’s Office (ICO) for a decision. 

Information Commissioner's Office

Via post at: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF