Privacy Policy

University Hospitals of Derby and Burton NHS Foundation Trust (the Trust) recognises the importance of protecting personal and confidential information and is committed to ensuring that your privacy is protected. 

The law determines how organisations can use personal information.  This is covered within the General Data Protection Regulation (GDPR), UK Data Protection Law, Caldicott Principles, Common Law Duty of Confidentiality, the Human Rights Act and other Health Service legislation.

In accordance with NHS guidance, the Trust has:

  • A Caldicott Guardian – an Executive Director who is responsible for protecting the confidentiality of patient and service user information and enabling appropriate information sharing
  • A Senior Information Risk Owner (SIRO) – an Executive Director with overall responsibility for information risk within the Trust

The GDPR requires the Trust to appoint a Data Protection Officer to facilitate compliance with the data protection legislation and requirements, act as an intermediary between relevant stakeholders and be the first point of contact for supervisory authorities.

The Trust’s Data Protection Officer is Anne Woodhouse, contact details are

This privacy notice is intended to inform you about:

  • The type of information we hold and how we use and manage that information
  • How we ensure that the confidentiality of personal/sensitive information is maintained
  • How and why we may share information with other NHS organisations and non-NHS organisations.

Definition of personal and sensitive data:

  • Personal data is information about an identifiable living person such as name, address, telephone number, date of birth, email address, online identifiers, and credit card/bank details. This includes, but is not limited to, written correspondence, emails, photographs, audio recordings and video recordings
  • Sensitive data is special categories of personal data, i.e. data concerning health, ethnic origin, race, political opinion, religious beliefs, biometric and genetic data.

Information collection

The Trust may collect information about you when you request any information about us or our services, submit your personal details and / or complete any forms on the website.

While the Trust is confident that data submitted via our website is secure we do advise that this is generally not the case for all websites on the Internet and you are advised to check the security of the site when using online forms to help protect your personal data.  Any transmission of personal data via websites is at your own risk.

Our website may from time to time contain links to and from third party websites.  If you follow a link to these websites, please note that they have their own privacy policies and will be subject to separate terms and conditions.  The Trust does not accept any responsibility or liability for these sites.

Google Analytics

Our website uses Google Analytics to track visitors.  This process uses cookies to recognise returning visitors.  For full terms of the Google Analytics process, please see the Google Analytics privacy policy.  The information collected via this mechanism is used so that the Trust can monitor the number of visitors, the most popular pages and the length of time users spend browsing.  This information is not used for any other reason.

Cookies and Use of Cookies on our site

Cookies are small amounts of information stored by your web browser for a web site and then returned to the web site on request if needed. This website does not use cookies to store any personal information about you.

If you prefer not to receive cookies in general, you can turn them off in your web browser, or you can set your browser to ask you before accepting a new cookie. Some pages may not function properly if the cookies are turned off. A cookie will typically contain the name of the domain from which the cookie has come, the "lifetime" of the cookie, and a value, usually a randomly generated unique number.

How we protect your data and ensure confidentiality of information is maintained

All NHS organisations and everyone who works for the NHS or in partnership with them have a legal duty to keep information confidential and take great care with the security of information and records. 

Staff have a legal responsibility to maintain confidentiality and security of all the personal information we hold and ensure compliance with the Data Protection Law, the Caldicott Principles, the NHS Code of Confidentiality and the Human Rights Act. 

The Trust is the Data Controller for the data it holds.  All information and information systems within the Trust are stored on our secure network with appropriate security controls, which includes access controls, cyber security and assessments against all aspects of data security. 

Training - Staff are trained to understand their responsibilities regarding the security and confidentiality of patient information and that access is on a strictly need to know basis.  They must update this mandatory training on an annual basis.

Audit trails – records are available to show who accessed what information.  Routine and random audits take place to ensure access is appropriate.  Any inappropriate access identified will be dealt with in accordance with the Trust’s Disciplinary Policy.

The Information Commissioner’s Office maintains a public register of organisations that process personal identifiable data.  The Trust’s registration number is Z8575998

How we may share your information

For more details of how and why we may share your information please click on one of the additional policies via the links below:

Patient Privacy Policy - please click here

Employment Records Privacy Policy - please click here

Trust Membership & Governors Privacy Policy - please click here

Research and Development – please click here

Retention of your data

The Trust will retain your information in line with the Department of Health Retention Schedule. Click here for more information                            

If you wish to discuss any other issues regarding your data the contact details are:

  • Mrs Anne Woodhouse, Data Protection Officer
  • Post – Information Governance Office, Ground Floor, Geoffrey Hodges Wing (Room 5122), University Hospitals of Derby and Burton NHS Foundation Trust, Queen’s Hospital’s, Belvedere Road, Burton upon Trent, Staffordshire DE13 0RB

Email -

If you are still unhappy with the outcome of your enquiry you can write to:  The Information Commissioner, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF

Telephone: 01625 545700 or email:

Notification of Changes

The Trust may change the terms of this Privacy Policy from time to time. If we do so, those changes will be posted here so please check the Privacy Policy occasionally. By continuing to use our services and our website you will be deemed to have accepted such changes.


  • GEM Going that extra mile
  • Top 40 Hospital Winner
  • NHS Choices
  • Urdu Polski
  • Burton Clinic