Toggle Site Contrast Toggle Site Contrast
Please be aware, the information on this page relates to Luton & Dunstable University Hospital

Your personal data, records and rights

We are committed to protecting your privacy and will only process personal confidential data lawfully and in accordance with the Data Protection Act 2018, The General Data Protection Regulations (GDPR), the Privacy and Electronic Communications Regulations (PECR), the Common Law Duty of Confidentiality and the Human Rights Act 1998.

Luton and Dunstable University Hospital is a Data Controller under the terms of the Data Protection Act. We are legally responsible for ensuring that all personal information we hold and use is done so in compliance with the law. All data controllers must ensure they are compliant of the Data Protection Act 2018. More information can be found on the Information Commissioner’s website.

Everyone working for the NHS has a legal duty to keep information about you confidential. The NHS Care Record Guarantee, the NHS Constitution, the Health and Social Care Information Centre Guide to Confidentiality as well as the NHS Confidentiality Code of Practice provide a commitment that all NHS organisations, and those providing care on behalf of the NHS will use records about you in ways that respect your rights and promote your health and well-being.

We will not share information that identifies you unless we have a fair and lawful basis on which to do so:

  • To ensure your safe care and treatment
  • To protect children and vulnerable adults
  • When a formal court order has been served on us
  • When we are lawfully required to report certain information to the appropriate authorities
  • To protect the health and safety of others e.g. Emergency Planning reasons
  • When permission is given by the Secretary of State for Health or the Health Research Authority (HRA) on the advice of the Confidentiality Advisory Group to process confidential information without the explicit consent of individuals

If you are receiving services from the NHS, we share information that does not identify you (anonymised) with other NHS and social care partner agencies. This is done for the purpose of improving local services, research, audit and public health. This is an important part of our processing as it ensures that the NHS keeps improving its standards and treatments.

We also anonymise information for Indirect Care so that we can:

  • Review our planning and services so that we meet patients expectations and needs
  • Prepare statistics and performance figures
  • Safeguard the health of the general public
  • To provide training and continuing education for our staff.

If you would like more information about your rights, about how we process your information or if you feel your confidentiality has been breached, please contact:

Data Protection Officer (Heidi Walker) Tel: 01582 497928
Information Governance Team: Tel: 01582 718386

For Further information on the Data Protection act 2018/General Data Protection regulations (GDPR) or to make a complaint to the governing body, please contact:

The Information Commissioners Office (ICO)

Information Commissioner’s Office
Wycliffe House, Water Lane, Wilmslow Cheshire SK9 5AF
Tel: 0303 123 1113