Data Controller Name: Department of Health
Public Health Information and Research Branch
BELFAST BT4 3SQ
Telephone: 028 9052 0500
Data Protection Officer Name: Charlene McQuillan
Being transparent and providing accessible information to individuals about how we may use personal data is a key element of the Data Protection Act (DPA) and the EU General Data Protection Regulation (GDPR). The Department of Health (DoH) is committed to building trust and confidence in our ability to process your personal information.
Description of our processing & our Lawful Basis for Processing
For the Department to process personal information we must have a lawful basis for doing so and we consider that the processing of this information is necessary as part of our public task:
GDPR Article 9 2(h) (management of health and social care systems) and Article 9 2(j) (statistical purposes), provides our lawful basis for processing what is classed as ‘special category’ or sensitive personal data, (see types of personal information we process below). The Department of Health employs NISRA to collect survey data on their behalf. NISRA collects, cleans, validates, stores this data and then passes to Department of Health. The department does further processing, analyses the data and publish results.
Why we might need to process your survey information
- Health and social care related research purposes
- For the production of official statistics
- For official communications and publicity materials
What types of personal information we process
The personal information we process may include:
- personal details (Date of Birth, Home Postcode)
- responses to surveys (Health information)
We also process sensitive classes of information that may include:
- racial and ethnic origin
- physical or mental health details
- religious or similar beliefs
- sexual life
We may also may further process your data by:
- Matching and linking your survey responses with your other Health and Social Care data held by DoH and HSC organisations to improve the quality and coverage of the final data e.g. hospital attendances, prescription data etc. Where this is done, the data will be used and held in compliance with the Data Protection Act and General Data Protection Regulation, with all personal identifiers removed from the final database after matching has occurred. The final anonymised database will be used for statistical and research purposes only.
Who is the information processed about?
We process personal information about:
- you as a Health and Social Care (HSC) service user
- survey respondents
Who is the survey information shared with?
NISRA in performing their role in data collection for the survey (on behalf of the Department of Health) will necessarily share the data, however solely for the purpose of delivering cleaned and validated data to DoH. The Department will not share personal data with any other organisations or individuals. After two years, as is regarded as good practice for most government surveys, the Department will place an anonymised copy (all personal identifiable/potentially disclosive information is removed) of the HSNI dataset on the UK data archive to allow further research to take place.
Our objective is to promote and safeguard the production of official statistics that serve the public good. This means that any personal data we collect, for HSNI or from other organisations or government departments, will only ever be used to produce statistics or undertake statistical research.
The types of organisations we may need to share personal information we process with, for one or more reasons.
Where necessary, or required, we may share information with HSC Service Providers and other central and local government organisations for the reasons included above in the ‘Why we might need to process your information section’. We may need to share information with these organisations for more than one reason and not all your personal information may need to be shared each time. We aim to minimise the personal information shared and the instances of sharing to what is needed for the specific purpose and in line with the Data Protection Act.
Personal information relating to Health Survey Northern Ireland will not be transferred or stored outside the UK. However if in the unlikely event that any transfers of this information must be made then they will be carried out in full compliance with all aspects of the Data Protection Act.
Retention of records
The retention and destruction of records is determined by the Department’s approved retention policy Good Management, Good Records (GMGR). There is an exemption that allows information held for statistical purposes to be kept for longer periods. We will only continue to hold personal data where they are still used to produce statistics. In addition, we de-identify or anonymise data at the earliest opportunity possible without compromising their utility.
What rights do you have?
You have the right to obtain confirmation that your data is being processed, and access to your personal data
You are entitled to have personal data rectified if it is inaccurate or incomplete
You have a right to have personal data erased and to prevent processing
You have the right to ‘block’ or suppress processing of personal data
You have the right to data portability
You have the right to object to the processing, in specific circumstances
You have rights in relation to automated decision making and profiling
How to complain if you are not happy with how we process your personal information
If you are unhappy with any aspect of this privacy notice, or how your personal information is being processed, please contact the Department’s Data Protection Officer at the address above.
If you are still not happy, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO):
Information Commissioner’s Office
Tel: 0303 123 1113
Website: Information Commissioner's Office