Privacy Notice


This notice is applicable to all patients.

I am registered with the Information Commissioner Office (ICO) registration   as he collects and processes personal information about you. This notice explains how I use and share your information. Information may be collected in the following formats – paper, telephone, email, CCTV or by a member of our staff. 

I will continually review and update this privacy policy to reflect changes in our services and feedback from service users, as Ill as to comply with changes in the law. When such changes occur, I will revise the ‘last updated’ date.

Why do I collect data about you?

I need information about you so that I can give you the best possible care. When you come into contact with the health service provided at the Hospitals & Clinics where I work you will be asked to provide details about yourself. This information will help  & may contribute to the following:

Delivery of high quality healthcare services

Confirm your identity to ensure accurate, up to date information to provide the best possible care and treatment for you.

Support the provision of joined up services that meet your holistic health and social care needs.

Plan, manage and work out what care service are needed and when

It will enable the hospital to be paid for your treatment

To support audits of NHS services and accounts

Contributes to national NHS Statistics

Finding better ways to prevent illness and treat conditions

I may not be able to provide you with a service unless I have enough information, or your permission to use that information.

For processing to be lawful under the General Data Protection Regulations (GDPR) I need to identify a lawful basis before I can process personal data. These are often referred to as ‘the conditions for processing’. The identified legal basis to process healthcare data is:

‘6(1)(e) – Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller’.

What information do I collect about you?

What are the different types of data?

According to the Data Protection Act, personal data means any information relating to an identified or identifiable individual; an identifiable person is one who can be identified directly or indirectly.

Sensitive Personal Data relates to information concerning a data subject’s racial or ethnic origin, political opinions, religious beliefs, trade union activities, physical or mental health, sexual life or details of criminal offences.

Pseudonymised data takes the most identifying fields within a database and replaces them with artificial identifiers or pseudonyms. For example a name is replaced with a unique number. Pseudonymised data is not the same as anonymised data. When data has been pseudonymised it still retains a level of detail in the replaced data that should allow tracking back of the data to its original state. Anonymisation is the process of turning data into a form which does not identify individuals and where identification is not likely to take place. This allows for a much wider use of the information.


CCTV systems are installed in some of   the premises I use, for the purposes of public and staff safety and crime prevention and detection. CCTV is also installed on the outside of some of the building for the purposes of monitoring building security and crime prevention and detection.

Images captures by CCTV will not be kept for longer than necessary. However, on occasions there may be a need to keep images for longer, for example where a crime is being investigated. The operators of the CCTV do so   and disclose in accordance with the codes of practice issued by the Information Commissioner.

How I use your information

I will use the information you provide in a manner that conforms to the Data Protection Act. I will endeavour to keep your information accurate and up to date and not keep it for longer than is necessary. In some instances the law sets the length of time information has to be kept. The retention period set within the NHS are contained in the Records Management Code of Practice for Health and Social Care.

I will process your information for the following purposes:

Staff caring for you have accurate and up to date information to help them decide the best possible care and treatment needed for you

I can contact you in relation to your care and treatment

Information is available should you need another form of care, for example if you are referred to another specialist or another part of the NHS

There is a good basis for looking back and assessing the type and quality of care you have received

Your concerns can be properly investigated should you need to complain

How your information is used for other purposes

In addition to supporting the care you receive, your information may also be used to help us:

Look after the health of the general public.

Review the care I provide to ensure it is of the highest standard.

Conduct audits

Investigate complaints, legal claims or untoward incidents

Make sure our services can meet patient needs in future

Prepare statistics on NHS & Independent Hospital performance

Ensure treatments and services meet the needs of the local communities

Monitor the way public money is spent

If you do not want certain information recorded or shared with others, please talk to the person in charge of your care. There are however some aspects of your care that I are obliged to record.

Is any information transferred outside the European Economic Area?

I do not transfer any information to countries outside the UK.

How I protect your information

I understand the personal and sensitive nature of your information. In addition to the Data Protection Act 1998 everyone working for the NHS is subject to the Common Law Duty of Confidence. Staff are required to protect your information under the NHS Confidentiality Code of Conduct and must inform you how your information will be used and allow you to decide if and how your information can be shared.

I may use external companies to process personal information such as for archiving or destruction of personal data. These organisations will be bound by contractual agreement to ensure information is kept confidential and secure in compliance with the Data Protection Act.

Who else might see your information?

You may be receiving care from other people such as  other private sector providers so I may be required to share your information with them for example with:

Other healthcare professionals e.g. doctors, nurses, ambulance services

Partner organisation who contribute to your long term care e.g. GP’s, social services, other private sector providers

Other services e.g. complaints, auditing – (Anonymised/pseudonymised or your consent will be sought)

I may also need to share your information for other purposes for example with (please note this list is not exhaustive):

Carers/guardians with parental responsibilities

Carers/guardians without parental responsibility (subject to explicit consent, unless data is anonymous)

Disclosure to NHS managers and the Department of Health for the purposes of planning, commissioning, managing and auditing healthcare services.

Disclosure to bodies with statutory investigative powers – e.g. the Care Quality Commission, the GMC, the Audit Commission. The Health Service Ombudsman

Disclosure where necessary and appropriate, to non-statutory investigations, e.g. Members of Parliament

Disclosure where necessary and appropriate, to government departments other than the Department of Health

Disclosure to solicitors, to the police, to the courts (including a Coroner’s court) and to tribunals and enquiries.

Disclosure to the media (the minimum necessary disclosure subject to explicit consent)

I may therefore need to share your information with these individuals to ensure the best possible care is provided. I will only ever pass information about you if they have a genuine need for it, on a need to know basis. If there is a court order, there is a statutory order to share patient data or I have your consent. I will not disclose your information to a third party unless there are exceptional circumstances, such as when the health and safety of others is at risk or if the law requires us to pass on such information.

Information sharing in the NHS

Information sharing can help to improve the quality of care and treatment, but it must be governed by the legal and ethical framework that protects the interests of service users.

The NHS co-ordinates the sharing of information through the use of agreements to ensure data is handled in accordance with the framework.

Patient control of information

You may want to prevent confidential information about you from being shared or used for any purpose other than providing your care. You have the right to opt-out of the NHS or other organisations using your information. If you wish to do this please contact me via the contact details below:

The Yorkshire Clinic

Bradford Road

Bingley BD161TW

Telephone number 01274 550600


I do however need to remind you that I may not be able to provide you with a service or be able to undertake the appropriate care needed unless I have enough information, or your permission to use that information.

Your rights

Correcting inaccurate information

I have a duty to ensure your information is accurate and up to date to make certain I have the correct contact and treatment details about you. If your information is not accurate and up-to-date, you can ask us to correct the record. If I agree that the information is inaccurate or incomplete, it will be corrected. If I do not agree that the information is inaccurate, I will ensure that a note is made in the record of the point you have drawn to the organisation’s attention. If you wish to have any inaccurate information corrected please write to:

Contact details:

The Yorkshire Clinic

Bradford Road

Bingley BD161TW

Telephone number 01274 550600


Accessing your information held by Mr David L Shaw

You have the right to see or be given a copy of personal data held about you. To gain access to your information you will need to make a Subject Access Request (SAR) to the hospital. Requests should be addressed to the hospital and I will aim to respond to your request within one month from receipt of your request.

Freedom of Information Requests (FOI)

The Freedom of Information Act (2000) gives every individual the right to request information held by the hospital. Your request for information must be made in writing and you are entitled to a response within 20 working days.



Although I work hard to offer high standards of service and care, things can sometimes go wrong. Should this happen, I will do all that I can to sort things right for you and to make sure that the same thing does not happen again. If you would like to know more information on complaints or wish to make a complaint please write to me at:

The Yorkshire Clinic

Bradford Road

Bingley BD161TW


Should you have any concerns about how your information is to be used having read this Privacy Notice. Patients can object to information about them leaving the   Hospital in identifiable form for purposes other than direct care, then confidential information about them will not be shared. This is known as a type 1 objection.

Patients can object to information about them leaving the  Hospital in identifiable form, then information about them will not be sent to anyone by the Orthopaedics and Spine Specialist Hospital. This is known as a type 2 objection.

Further details on opt out and your personal information can be found here:

There may be circumstances where I are legally obliged to share your personal data with other third parties, for reasons such as safeguarding purposes or a court order. In such cases you will not be able to opt out of data sharing.

If you are not happy with our response and have exhausted all avenues in the Orthopaedics and Spine Specialist Hospitals process and wish to take your complaint to an independent body, you can do this by contacting the Information Commissioners Office. Contact details can be found below:

The Information Commissioner

Wycliffe House

Water Lane




Telephone number 0845 306 060 or 01625 545 745 – website: