This document provides information on how Norfolk County Council’s Public Health Service (Public Health) uses your personal information to exercise our statutory public health functions.
By ‘use’ we mean the various ways your personal information may be processed including storing and sharing the information.
We act as a ‘data controller’. This means that we collect and process information. We also follow the high information governance standards and instructions as set by NHS Digital.
We also provide further details regarding:
You can see this information in our general privacy notice on our web site or you can ask us for a copy of this information.
The personal information about you we may collect and use may include basic details about you such as name, date of birth, gender, email address, postcode and NHS number.
For infants, we collect and use identifiable data about births, including the baby’s NHS number, date of birth and residential address of the mother.
We also collect health information including any disabilities and medical conditions you may have, details of your appointments, clinic visits and information from other health professionals. Health information is classed as “special category data” under the GDPR.
We use your personal information primarily to understand more about the health and care needs of the populations in our area. In particular, we use the data to measure the health, mortality, morbidity and care requirements of our population, allowing us to plan and deliver health and care services in a coordinated and efficient way.
As well as the functions outlined above, we use your personal information for the following purposes:
We also use this information to assess the quality of our services and evaluate and improve our policies and procedures. We may also use information in other ways compatible with the above.
The National Data Opt-Out: Confidential patient information is used to provide you with support and care and to organise the services you need. It may also be used for wider planning or research in health and social care. To find out more or to stop your confidential patient information being used for this, see our national data opt-out privacy notice.
In addition, we work with data that does not identify you personally to be able to promote health and support improvements in the delivery of health and care services in Norfolk. This includes processing of
The personal information we hold includes information from the following sources:
We have legal grounds to process this personal information because it is necessary to comply with a legal duty or fulfil a public task under the Health and Social Care Act 2012.
We also process personal information where it is necessary for the performance of a contract (e.g. lease, licence, service and maintenance contract).
We have legal grounds to process special category data where it is necessary
The GDPR includes safeguards to protect the use of your special category data. Further details can be found on our website in the document named ‘Special category data and criminal offences data policy’ which sets out our procedures for compliance with the principles of the GDPR and the retention and erasure of this information.
We may also share your personal information with other organisations and public bodies, in particular:
We share this information without your specific consent as it is reasonable and necessary to do so to fulfil our public tasks or it is otherwise in the substantial public interest to do so. The law imposes safeguards to protect your privacy in these circumstances.
We will also share your personal information, subject to contractual and other legal safeguards, with organisations contracted by NCC to provide a service to the council or directly to you. These service providers are known as data processors and have a legal obligation under GDPR and to NCC to look after your personal information and only use it for providing that service. These organisations include:
We may also share your personal information across different departments of the NCC, where it is necessary for our public tasks or functions to do so.
We also share anonymised information with other organisations and public bodies including research partners.
We do not make automated decisions about you and your family.
The personal information is stored electronically, on the NCC’s records management system. Additionally, information is securely stored in other mediums, including email accounts and in paper files. We do not process your information outside of the European Economic Area.
This notice was updated in February 2020.