THIS Cog Ident
home icon


Privacy Policy

Privacy Policy information

The following Privacy policy relates to employment by THIS and the work that they do. The website does not store any details about you other than when you submit a form. This information is stored for 7 days in the site and then removed. 

Security of information

Confidentiality affects everyone: the Calderdale and Huddersfield NHS Foundation Trust collect’s, stores and uses large amounts of personal and sensitive personal data every day, such as medical records, personal records and computerised information. This data is used by many people in the course of their work.

We take our duty to protect personal information and confidentiality very seriously and we are committed to comply with all relevant legislation and to take all reasonable measures to ensure the confidentiality and security of personal data for which we are responsible, whether computerised or on paper.

At Trust Board level, we have appointed a Senior Information Risk Owner who is accountable for the management of all information assets and any associated risks and incidents, and a Caldicott Guardian who is responsible for the management of patient information and patient confidentiality.

Legal basis for the processing of your data

The General Data Protection Regulation (GDPR) 2018 requires the Trust to process:

1.     Sensitive personal data under 9(2)(b) – “processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract

1.     Personal data under 6(1)(b) “processing is necessary for the purposes of carrying out the obligations and exercising specific rights of the controller or of the data subject in the field of employment and social security and social protection law in so far as it is authorised by Union or Member State law or a collective agreement pursuant to Member State law providing for appropriate safeguards for the fundamental rights and the interests of the data subject

Why do we collect information about you?

As your employer, Calderdale and Huddersfield NHS Foundation Trust needs to keep and process information about you for employment purposes. The information we hold and process will be used for our management and administrative use only. We will keep and use it to enable us to comply with contractual, statutory, and management obligations and responsibilities.

We collect information during the recruitment process, whilst you are working for us and at the time when your employment ends.This includes using information to enable us to comply with the employment contract, to comply with any legal requirements, pursue the legitimate interests of the Trust and protect our legal position in the event of legal proceedings.

The information we hold about you consists of:

  • Name, date of birth, email address, next of kin.
  • Bank details for payroll, benefits and expenses purposes
  • National Insurance Number
  • Application form and references
  • Employment Contract
  • Records of holiday’s sickness and other absences.
  • Training records
  • Any disciplinary or grievance records.

It is essential that your details are accurate and up to date. Always check that your personal details are correct and amend any details within ESR.

How your personal information is used

Your personal information is used for payroll purposes and also as part of your employment contractual agreement.

Electronic Staff Record

The electronic Staff record system (ESR) holds your personal information for employment purposes aswell as your mandatory training records you can view and amend the information we hold by logging into ESR.

The Records Management Code of Practice

This Records Management Code of Practice for Health and Social Care 2016 is a guide for the NHS to use in relation to the practice of managing records. It is relevant to organisations who work within, or under contract to NHS organisations in England. This also includes public health functions in Local Authorities and Adult Social Care where there is joint care provided within the NHS.

The Code is based on current legal requirements and professional best practice. It will help organisations to implement the recommendations of the Mid Staffordshire NHS Foundation Trust Public Inquiry1 relating to records management and transparency.

When do we share information about you?

We will only disclose information about you to third parties if we are legally obliged to do so or where we need to comply with our contractual duties to you.

Everyone working within the NHS has a legal duty to keep information about you confidential. Similarly, anyone who receives information from us also has a legal duty to keep it confidential.

Data subjects rights

Under the Data Protection Act - 6th Principle:

  • a right of access to a copy of their personal data;
  • a right to object to processing that is likely to cause or is causing damage or distress;
  • a right to object to decisions being taken by automated means;
  • a right in certain circumstances to have inaccurate personal data rectified, blocked, erased or destroyed; and
  • a right to claim compensation for damages caused by a breach of the Act

Under the General Data Protection Regulation (GDPR)

  • a right to confirmation that their personal data is being processed and access to a copy of that data which in most cases will be Free of Charge* and will be available within 1 month (which can be extended to two months in some circumstances)
  • Who that data has or will be disclosed to;
  • The period of time the data will be stored for
  • a right in certain circumstances to have inaccurate personal data rectified, blocked, erased or destroyed;
  • Data Portability – data provided electronically in a commonly used format
  • The right to be forgotten and erasure of data does not apply to an individual’s health record or for public health purposes
  • The right to lodge a complaint with a supervising authority (see Raising a concern page 7)

*information will be provided free of charge when the GDPR comes into force on the 25th May 2018

Refusing or withdrawing consent

The possible consequences of refusing consent will be fully explained to you at the time, and could affect your employment.

In those instances where the legal basis for sharing of confidential personal information relies on your explicit consent, then you have the right at any time to refuse consent to the information sharing, or to withdraw consent that was previously given.

Surveillance Cameras (CCTV)

We employ surveillance cameras (CCTV) on and around our sites in order to:


  • protect staff, patients, visitors and Trust property
  • apprehend and prosecute offenders, and provide evidence to take criminal or civil court action
  • provide a deterrent effect and reduce unlawful activity
  • help provide a safer environment for our staff
  • assist in traffic management and car parking schemes
  • monitor operational and safety related incidents
  • help to provide improved services, for example by enabling staff to see patients and visitors requiring assistance
  • assist with the verification of claims

You have a right to make a Subject Access Request of surveillance information recorded of yourself and ask for a copy of it. Requests should be directed to the address below and you will need to provide further details as contained in the section ‘How you can access your records’. The details you provide must contain sufficient information to identify you and assist us in finding the images on our systems.

We reserve the right to withhold information where permissible by the General Data Protection Regulation (GDPR) 2018 and we will only retain surveillance data for a reasonable period or as long as is required by law. In certain circumstances (high profile investigations, serious or criminal incidents) we may need to disclose CCTV data for legal reasons. When this is done there is a requirement for the organisation that has received the images to adhere to the GDPR.

How you can access your records

If you would like a copy of your employment record please contact your line manager in the first instance.

Data controller

The Data Controller responsible for keeping your information confidential is:

Huddersfield Royal Infirmary

Trust Headquarters

Acre Street



West Yorkshire


Main Switchboard: 01484 342000

Data Protection Officer Contact:

Helen Mcnae

*information will be provided free of charge when the GDPR comes into force on the 25th May 2018

Raising a concern

If you have a concern about any aspect of the way your records have been managed please contact Human Resources in the first Instance.

If you have any concerns about how we handle your information you have a right to complain to the Information Commissioners Office about it.

The GDPR 2018 requires organisations to lodge a notification with the Information Commissioner to describe the purposes for which they process personal information. These details are publicly available from: 
Information Commissioner’s Office
Wycliffe House, Water Lane
Wilmslow, SK9 5AF
Telephone: 08456 306060

Freedom of Information

The Freedom of information Act 2000 provides any person with the right to obtain information held by the Calderdale and Huddersfield NHS Foundation Trust, subject to a number of exemptions. If you would like to request some information from us, please visit the Freedom of information section of our website.

Please note: if your request is for information we hold about you (for example, your health record), please instead see above, under "How You Can Access Your Records".