Privacy Notice

As a patient of the Whittington Health NHS Trust your data will be collected and used for medical diagnosis, the provision of health or social care or treatment and the management of health or social care systems and services.
The Trust is the data controller and will process your data in accordance with the regulations that apply to:
  • Article 6 (1)(e) and Article 9(2)(h) of The General Data Protection Regulation 2016 (GDPR) /Data Protection Act 2018 (DPA18)
 Data may be shared with our health or social care partners should they be involved or required to be involved in providing care or treatment to you. Zesty is the Trusts chosen patient portal which allows patients to view and manage their Acute Outpatients Appointment online. 
The Trust is also required to produce datasets to submit for commissioning purposes by Clinical Commissioning Groups (CCGs) and national collections from NHS Digital. Your data may be provided in accordance with one or both of the above regulations.
Data may be processed for clinical audits for the purposes of service improvement and research under:
  • Article 6 (1)(e) and Article 9(2)(i) of The General Data Protection Regulation 2016 (GDPR) /Data Protection Act 2018 (DPA18)
 In cases where your data is needed for reasons other than those already stated, your explicit consent will be sought prior to processing. You have the right to object to your data being used for the research, planning and running of the NHS via the National Data Opt-out programme as well as your ‘right to object’ under Article 21 of the GDPR/DPA 18.
Further details on data collection can be found here on the NHS Digital website and more information on CCGs can be found here on the NHS England website.
In the context of the coronavirus outbreak (Covid-19) and the Trust’s role as a category one responder under the Civil Contingencies Act 2004, Whittington Health are utilizing the web-based video consultation platform called ‘Attend Anywhere’, for video consultations. Attend Anywhere requires you to enter your name, phone number and date of birth upon log on via a secure web link on your smart phone, tablet or computer. There is no requirement to create an account to use the platform. Your name, phone number and date of birth data are deleted from the platform within an hour of finishing the consultation and leaving the waiting area. 

Existing law allows confidential patient information to be used and shared appropriately and lawfully in a public health emergency, such as the current Covid-19 pandemic. Using this law the Trust is required to share confidential patient information with NHS Digital; NHS England and Improvement; local authorities; other health organisations and GPs to respond to the Covid-19 outbreak. Health and care information is essential to deliver care to individuals, to support health and social care services and to protect public health. Information will also be vital in researching, monitoring, tracking and managing the outbreak.

Any information used or shared during the Covid-19 outbreak will be limited to the period of the outbreak unless there is another legal basis to use the data. During this period of emergency, opt-outs will not generally apply to the data used to support the Covid-19 outbreak, due to the public interest in sharing information. This includes National Data Opt-outs.
Data will be stored on secure Trust systems and servers based in the UK and will not be transferred outside the EU/EEA. to any countries not covered by a European Commission ‘adequacy decision’ or organisations not covered by appropriate contractual clauses, as required by the current data protection legislation.
You can view the Trust’s Data Protection Impact Assessments (DPIA) by making a Freedom of Information request. These will be redacted of any sensitive information that may have a security risk. To make a Freedom of Information request, please email us at
Records will be retained as per the guidance set out in the Records Code of Practice for Health and Social Care 2016.
You can contact the Data Protection Officer at or by calling 0207 288 3077.
If you are dissatisfied with the service you have been provided and have exhausted the Trust’s complaints process, you can refer any complaints to the Information Commissioner’s Office (ICO) via the ICO website or by calling 0303 123 1113.
Working on it!