Office of the Permanent Secretary/Private Office - Privacy Notice

The Office of the Permanent Secretary (OPS) provides general support to the Permanent Secretary in his role as head of the Department, Accounting Officer and Chief Executive of the HSC.

Private Office provides support to the Health Minister on a wide range of departmental and political issues surrounding the Northern Ireland Assembly.

Contacts

Data Controller Name: Department of Health
Branch/Unit, DoH: Office of the Permanent Secretary/Private Office
Address: Castle Buildings, Stormont Estate
Telephone: 028 9052 8663
Email: OPS@health-ni.gov.uk

Data Protection Officer Name: Charlene McQuillan
Telephone: 02890522353
Email: DPO@health-ni.gov.uk

Why are you processing my personal information?

To enable us to respond to correspondence to the Minister or Permanent Secretary about Health and Social Care Services and NIFRS from service users.
We process personal information in line with the General Data Protection Regulation (GDPR) and the Data Protection Act (DPA) 2018. The lawful basis for processing under GDPR is in relation to our public task under Article 6(1)(e) of GDPR.
Where we process ‘special category’ personal data (see below), we do so in line with GDPR, Article 9(1)(g), as the processing is necessary for reasons of substantial public interest and in line with the Department’s powers and functions.

What categories of personal data are you processing?

The information we receive in correspondence to the Minister or Permanent Secretary may include:

personal details
family details
education, training and employment details
financial details
goods and services
lifestyle and social circumstances
visual images, personal appearance and behaviour
responses to surveys.

We also process sensitive classes of information, known as ‘special categories of personal data’ under GDPR, which may include:

racial and ethnic origin
offences and alleged offences
criminal proceedings, outcomes and sentences
trade union membership
physical or mental health details
religious or similar beliefs
sexual life.

Where do you get my personal data from?

We process personal information received from correspondents or those acting on behalf of individuals. This may include:

you as a Health and Social Care (HSC) service user or someone acting on your behalf
MLAs
suppliers
employees
complainants
enquirers
survey respondents
professional experts and consultants.

Do you share my personal data with anyone else?

We sometimes need to share the personal information we process with the individuals themselves, within our organisation with the relevant business area(s) and also with other organisations, in order to gather the relevant information and provide a response to the correspondence we receive. Where this is necessary we are required to comply with all aspects of DPA.

The types of organisations we may need to share personal information we process with, for one or more reasons

Where necessary, or required, we may share information with other organisations to enable us to respond appropriately to your correspondence. Some examples of the organisations we may have to share your information with include:

HSC Service Providers
family, associates and representatives of the person whose personal data we are processing
staff
current, past or potential employers
healthcare social and welfare organisations
suppliers, service providers, legal representatives
auditors and audit bodies
educators and examining bodies
survey and research organisations
people making an enquiry or complaint
financial organisations
professional advisers and consultants
business associates
police forces
security organisations
central and local government
voluntary and charitable organisations
Northern Ireland Fire and Rescue Service (NIFRS).

We may need to share information with these organisations for more than one reason and not all your personal information may need to be shared. We aim to minimise the personal information shared and the instances of sharing to what is necessary for the specific purpose and in line with the DPA.

Do you transfer my personal data to other countries?

Sometimes, on rare occasions, it may be necessary to transfer personal information within the EU. Any transfers made will be in full compliance with all aspects of the GDPR and DPA.

How long do you keep my personal data?

We will ensure that personal information is not retained for longer than necessary and have approved retention and disposal policies in place. The destruction of records is determined by the Department’s approved retention policy Good Management, Good Records (GMGR).

What rights do I have?

You have the right to obtain confirmation that your data is being processed, and access to your personal data
You are entitled to have personal data rectified if it is inaccurate or incomplete
You have a right to have personal data erased and to prevent processing, in specific circumstances
You have the right to ‘block’ or suppress processing of personal data, in specific circumstances
You have the right to data portability, in specific circumstances
You have the right to object to the processing, in specific circumstances
You have rights in relation to automated decision making and profiling

How do I complain if I am not happy?

If you are unhappy with how any aspect of this privacy notice, or how your personal information is being processed, please contact the Department’s Data Protection Officer using the contact details above.

If you are still not happy, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO):

Information Commissioner’s Office

Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Tel: 0303 123 1113

Email: casework@ico.org.uk

https://ico.org.uk/global/contact-us