Privacy Notice

As a patient of the Whittington Health NHS Trust your data will be collected and used for medical diagnosis, the provision of health or social care or treatment and the management of health or social care systems and services.
The Trust is the data controller and will process your data in accordance with the regulations that apply to:
  • Article 6 (1)(e) and Article 9(2)(h) of The General Data Protection Regulation 2016 (GDPR) /Data Protection Act 2018 (DPA18)
Data may be shared with our health or social care partners should they be involved or required to be involved in providing care or treatment to you.
The Trust is also required to produce datasets to submit for commissioning purposes by Clinical Commissioning Groups (CCGs) and national collections from NHS Digital. Your data may be provided in accordance with one or both of the above regulations.
In cases where your data is needed for reasons other than those already stated, your explicit consent will be sought prior to processing.
In the context of the coronavirus outbreak (Covid-19) and the Trust’s role as a category one responder under the Civil Contingencies Act 2004, Whittington Health are utilizing the web-based video consultation platform called ‘Attend Anywhere’, for video consultations. Attend Anywhere requires you to enter your name, phone number and date of birth upon log on via a secure web link on your smart phone, tablet or computer. There is no requirement to create an account to use the platform. Your name, phone number and date of birth data are deleted from the platform within an hour of finishing the consultation and leaving the waiting area.
You have the right to object to your data being used for the research, planning and running of the NHS via the National Data Opt-out programme as well as your ‘right to object’ under Article 21 of the GDPR/DPA 18.
Further details on data collection can be found here on the NHS Digital website and more information on CCGs can be found here on the NHS England website.
Data will be stored on secure Trust systems and servers based in the UK and will not be transferred outside the EU.
You can view the Trust’s Data Protection Impact Assessments (DPIA) by making a Freedom of Information request. These will be redacted of any sensitive information that may have a security risk. To make a Freedom of Information request, please email us at
Records will be retained as per the guidance set out in the Records Code of Practice for Health and Social Care 2016.
You can contact the Data Protection Officer at or by calling 0207 288 3077.
If you are dissatisfied with the service you have been provided and have exhausted the Trust’s complaints process, you can refer any complaints to the Information Commissioner’s Office (ICO) via the ICO website or by calling 0303 123 1113.
Working on it!