Office of the Permanent Secretary/Private Office - Privacy Notice

Contacts

Data Controller Name: Department of Health
Branch/Unit, DoH: Office of the Permanent Secretary/Private Office
Address: Castle Buildings, Stormont Estate
Telephone: 028 9052 8663
Email: OPS@health-ni.gov.uk

Data Protection Officer Name: Charlene McQuillan
Telephone: 02890522353
Email: DPO@health-ni.gov.uk

Why are you processing my personal information?

• To enable us to respond to correspondence to the Minister or Permanent Secretary about Health and Social Care Services and NIFRS from service users.
• We process personal information in line with the General Data Protection Regulation (GDPR) and the Data Protection Act (DPA) 2018. The lawful basis for processing under GDPR is in relation to our public task under Article 6(1)(e) of GDPR.
• Where we process ‘special category’ personal data (see below), we do so in line with GDPR, Article 9(1)(g), as the processing is necessary for reasons of substantial public interest and in line with the Department’s powers and functions.

What categories of personal data are you processing?

The information we receive in correspondence to the Minister or Permanent Secretary may include:

• personal details
• family details
• education, training and employment details
• financial details
• goods and services
• lifestyle and social circumstances
• visual images, personal appearance and behaviour
• responses to surveys.

We also process sensitive classes of information, known as ‘special categories of personal data’ under GDPR, which may include:

• racial and ethnic origin
• offences and alleged offences
• criminal proceedings, outcomes and sentences
• trade union membership
• physical or mental health details
• religious or similar beliefs
• sexual life.

Where do you get my personal data from?

We process personal information received from correspondents or those acting on behalf of individuals. This may include:

• you as a Health and Social Care (HSC) service user or someone acting on your behalf
• MLAs
• suppliers
• employees
• complainants
• enquirers
• survey respondents
• professional experts and consultants.

Do you share my personal data with anyone else?

We sometimes need to share the personal information we process with the individuals themselves, within our organisation with the relevant business area(s) and also with other organisations, in order to gather the relevant information and provide a response to the correspondence we receive. Where this is necessary we are required to comply with all aspects of DPA.

The types of organisations we may need to share personal information we process with, for one or more reasons

Where necessary, or required, we may share information with other organisations to enable us to respond appropriately to your correspondence. Some examples of the organisations we may have to share your information with include:

• HSC Service Providers
• family, associates and representatives of the person whose personal data we are processing
• staff
• current, past or potential employers
• healthcare social and welfare organisations
• suppliers, service providers, legal representatives
• auditors and audit bodies
• educators and examining bodies
• survey and research organisations
• people making an enquiry or complaint
• financial organisations
• professional advisers and consultants
• business associates
• police forces
• security organisations
• central and local government
• voluntary and charitable organisations
• Northern Ireland Fire and Rescue Service (NIFRS).

We may need to share information with these organisations for more than one reason and not all your personal information may need to be shared. We aim to minimise the personal information shared and the instances of sharing to what is necessary for the specific purpose and in line with the DPA.

Do you transfer my personal data to other countries?

Sometimes, on rare occasions, it may be necessary to transfer personal information within the EU. Any transfers made will be in full compliance with all aspects of the GDPR and DPA.

How long do you keep my personal data?

We will ensure that personal information is not retained for longer than necessary and have approved retention and disposal policies in place. The destruction of records is determined by the Department’s approved retention policy Good Management, Good Records (GMGR).

What rights do I have?

• You have the right to obtain confirmation that your data is being processed, and access to your personal data
• You are entitled to have personal data rectified if it is inaccurate or incomplete
• You have a right to have personal data erased and to prevent processing, in specific circumstances
• You have the right to ‘block’ or suppress processing of personal data, in specific circumstances
• You have the right to data portability, in specific circumstances
• You have the right to object to the processing, in specific circumstances
• You have rights in relation to automated decision making and profiling

How do I complain if I am not happy?

If you are unhappy with how any aspect of this privacy notice, or how your personal information is being processed, please contact the Department’s Data Protection Officer using the contact details above.

If you are still not happy, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO):

Information Commissioner’s Office

Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Tel: 0303 123 1113

Email: casework@ico.org.uk

https://ico.org.uk/global/contact-us