Ask Aunty App Privacy Notice

  This privacy notice tells you what to expect us to do with your personal information when you contact us or use our services.

You would be asked to tick the box to agree with the Terms and conditions of using the application, if you do not agree to tick the box, you will not be able to use the application

By using the Ask Aunty application, you agree that your data will be processed as set out below:

Our contact details 

Name: Epsom and St Helier University Hospital NHS Trust (ESTH)

  • Address: Epsom and St Helier University Hospitals NHS Trust, St Helier Hospital, Wrythe Lane, Carshalton, Surrey, SM5 1AA
  • General phone number: (020) 8296 2000.
  • General inquiries email address: esth.askaunty@nhs.net
  • Website: https://www.epsom-sthelier.nhs.uk/ask-aunty-programme  

Name: St George's University Hospitals NHS Foundation Trust (SGUH)

ESTH and SGUH are joint controllers, Epsom and St Helier are the lead controller. 

We are the controller for your information . A controller decides on why and how information is used and shared

Data Protection Officer contact details 

Our Data Protection Officer is Paul Kenny and is responsible for monitoring our compliance with data protection requirements. You can contact them with queries or concerns relating to the use of your personal data at paul.kenny@nhs.net 

How do we get information and why do we have it? 

The personal information we collect is provided directly from you for one of the following reasons: 

Information is collected for staff and Aunties and Uncles, analysed, stored, communicated and reported, to provide access to the Ask Aunty Application (App) and related services.

We also receive personal information about you indirectly from others, in the following scenarios: Chapelcroft Ltd. Chapelcroft Limited will make available information about the use of service.

What information do we collect?

Personal information

We currently collect and use the following personal information: 

  • Name
  • Contact info - Email
  • Type of Device      
  • Month of Arrival
  • Occupation                    
  • Languages spoken
  • Religious/Philosophical  
  • Marital status
  • Racial / Ethnic Origin
  • Disability
  • Gender Reassignment
  • Age Range
  • Maternity and Pregnancy
  • Culture insights
  • Carer information
  • Armed Forces
  • Additional information provided by the international staff/Mentee/Mentor

If you communicate using the Application with a language other than English, we will use an external translation service. Information processed via the translation service might be subject to inaccurate translation.   

More sensitive information 

We process the following more sensitive data (including special category data): 

       data concerning physical or mental health (for example, details about your appointments or diagnosis)

       data revealing racial or ethnic origin

       data concerning a person’s sex life

       data concerning a person’s sexual orientation

       data revealing religious or philosophical beliefs

       data revealing trade union membership

       Social activities

       Any data staff choose to provide

Who do we share information with? 

We may share information with the following types of organisations:

       The two organisations mentioned below are in a group of organisations, called St Georges, Epsom and St Helier University Hospitals and Health Groups (gesh)

       Epsom and St Helier University NHS Trust

       St George's University Foundation Trust 

In some circumstances we are legally obliged to share information. This includes:

       when required by NHS England to develop national IT and data services

       when reporting some infectious diseases

       when a court orders us to do so

       when protecting your vital interest

We will also share information if the public good outweighs your right to confidentiality. This could include:

       where a serious crime has been committed

       where there are serious risks to the public or staff

       to protect children or vulnerable adults

We may also process your information in order to de-identify it, so that it can be used for purposes to support the Ask Aunty Service, whilst maintaining your confidentiality.  These purposes will include to comply with the law and for public interest reasons.

Is information transferred outside the UK? 

Staff information is not transferred outside the UK by gesh, but staff can access the Application outside the UK.

What is our lawful basis for using information? 

Personal information

Under the UK General Data Protection Regulation (UK GDPR), the lawful basis we rely on for using personal information is: 

6(1)(e) ‘…for the performance of a task carried out in the public interest or in the exercise of official authority…’

With official authority resulting from the National Health Service and Community Care Act 1990.

More sensitive data

9(2)(h) ‘…medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems…’

9(2)(b) ‘…is necessary for the purposes of carrying out the obligations and exercising the specific rights of the controller or of the data subject in the field of employment…social protection law in so far as it is authorised by Union or Member State law..’

9(2)(f) ‘…processing is necessary for the establishment, exercise or defence of legal claims or whenever courts are acting in their judicial capacity…;

Common law duty of confidentiality 

In our use of health and care information, we satisfy the common law duty of confidentiality because: 

       for specific individual cases, we have assessed that the public interest to share the data overrides the public interest served by protecting the duty of confidentiality (for example sharing information with the police to support the detection or prevention of serious crime). This will always be considered on a case by case basis, with careful assessment of whether it is appropriate to share the particular information, balanced against the public interest in maintaining a confidential health service.

How do we store your personal information?

Your information is securely stored for the time periods specified in the Records Management Code of Practice . Your information will be securely stored for a minimum of 5 years. We will then dispose of the information as recommended by the Records Management Code for example we will: 

       securely dispose of your information by Shredding paper records and disposing of them securely, and securely wiping electronic data.

What are your data protection rights?

Under data protection law, you have rights including:

Your right of access - You have the right to ask us for copies of your personal information (known as a subject access request ). 

Your right to rectification - You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete. 

Your right to erasure - You have the right to ask us to erase your personal information in certain circumstances. 

Your right to restriction of processing - You have the right to ask us to restrict the processing of your personal information in certain circumstances. 

Your right to object to processing - You have the right to object to the processing of your personal information in certain circumstances.

You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you.

Please contact us at esth.askaunty@nhs.net if you wish to make a request.

How do I complain?

If you have any concerns about our use of your personal information, you can make a complaint to us at 

Address: Epsom and St Helier University Hospitals NHS Trust, St Helier Hospital, Wrythe Lane, Carshalton, Surrey, SM5 1AA

Address : St George's University Hospitals NHS Foundation Trust, Blackshaw Rd, London SW17 0QT

Following this, if you are still unhappy with how we have used your data, you can then complain to the ICO.

The ICO’s address is:    

Information Commissioner’s Office

  • Wycliffe House
  • Water Lane
  • Wilmslow
  • Cheshire
  • SK9 5AF
  • Helpline number: 0303 123 111

ICO website: https://www.ico.org.uk

Date of last review: 3/12/24 

Next scheduled review 02/12/26

Get connected

  • Like us on Facebook 
  • Follow us on Twitter
  • Follow us on LinkedIn 
  • Reviews on NHS Choices
  • Watch our videos

 

  • Like us on Facebook
  • Follow us on Twitter 
  • Follow us on LinkedIn
  • Review on NHS Choices
  • Watch our videos

NHS image placement

Healthy Workplace Achievement Award 2016 NHS Choices