Data Controller
NHS West Yorkshire Integrated Care Board
Purpose
As we are a public authority, we have a duty to respond to requests made under the Freedom of Information Act 2000 (FOIA), Environmental Information Regulations 2004 (EIR), and the Re-Use of Public Sector Information Regulations 2015 (RPSI).
Lawful basis
The ICB’s lawful basis for processing personal data under the UK GDPR is Article 6(1) c - processing is necessary for compliance with a legal obligation to which the controller is subject and Article 6(1) e - processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
Type of information used
Personal: name and either email or postal address only.
Any other information provided is additional to our requirements and may include job title or occupation, telephone numbers and reason for interest. Telephone numbers may occasionally be used when we need to contact the applicant. In cases of re-use requests, we need the organisations’ names and re-use purposes.
Who we will share the information with (recipients)
We will not share your information outside of the ICB.
Do we use any processors
The Health Informatics Service (THIS), and West Yorkshire ICB Leeds IT and Leeds City Council IT Integrated Digital Service (IDS) our IT suppliers who store all our information securely on their servers.
Microsoft Azure, supported by IT staff, host our data.
How we collect (the source) and use the information
We will only collect identifiable information such as name and contact details which are provided by the individual making requests under the Freedom of Information Act 2000 (FOIA), Environmental Information Regulations 2004 (EIR) and the Re-Use of Public Sector Information Regulations 2015 (RPSI).
We will only use this information to respond to requests and in correspondence with you following appeals.
The personal information we process is freely provided by you, should you wish to exercise your right to use the above legislation in order to access information held by or on behalf of the ICB.
Where the individual is making a request under the Re-Use of Public Sector Regulations 2015, by law we also require the name of the organisation and the re-use purpose.
Subject to duty to disclose in the public interest, information could identify individuals or include sensitive information for example executive pay.
How long we will keep the information
FOI requests and associated responses will be kept for 3 years following the closure of the request except in cases where there has been a subsequent appeal. For those cases, information will be kept for 6 years following the closure of the appeal.
Your rights
Under the UK General Data Protection Regulation all individuals have certain rights in relation to the information which the ICB holds about them. Not all rights apply equally to all our processing activities as certain rights are not available depending on the lawful basis for the processing.
If you require further detail each link below will take you to the Information Commissioner’s Office website where further detail is provided in the section ‘When does the right apply’.
These rights are:
- The right to be informed about the processing of your data
- The right of access to the data held about you
- The right to have that information amended in the event that it is not accurate
- The right to have the information deleted
- The right to restrict processing
- The right to have your data transferred to another organisation (data portability)
- The right to object to processing
- Rights in relation to automated decision making and profiling
Under the NHS Constitution you have the right to privacy and to expect the NHS to keep your information confidential and secure.
If you have an enquiry in relation to your data protection rights please contact wyicb.