Data Privacy

Who is the Data Controller?

University Hospitals of Derby and Burton NHS Foundation Trust of Royal Derby Hospital, Uttoxeter Road, Derby, DE22 3NE is the Data Controller.

Post: Information Governance, Level 3 M&G, Royal Derby Hospital, Uttoxeter Road, Derby DE22 3NE
Email:  uhdb.dataprotectionofficer@nhs.net
Telephone:  01332 788 645


The type of information we hold

  • Person Identifiable data – name
  • Contact details – address, telephone number, email address
  • Job Title/ Employer

In order to assist us with keeping accurate information about you please tell us if your personal details change – email address, telephone number etc so that we can update you details.   If you need to update your details, please email  uhdb.DerbyCTSU@nhs.net.


How do we obtain your personal data? 

We may obtain personal data from you when you contact us or meet with us, including when you call us or get in touch with us via our website.


What do we do with your personal data? 

We may send you newsletters or details of upcoming events which we think will be of interest to you. 

We will share limited information with an organisation we receive funding from, including the NIHR Research Support Service Hub delivered by the University of Leicester and Partners East Midlands. We may also share data with other organisations for reporting purposes such as the Clinical Research Network East Midlands (CRN:EM). We will not share your details with third parties without your consent, unless there is an overriding statutory requirement.


Legal basis for processing your personal data

By providing us with your contact details, you are consenting to the DCTSU using these details as a means of communicating you.


How long do we keep your personal data?

We will hold your data for as long as it is required for the purpose it was collected, or until you withdraw consent.


Your rights as a data subject

You have the right to confidentiality under Data Protection Law, the Human Rights Act 2018 and the Common Law Duty of Confidentiality.

  • The right to be informed –you have the right to know what information we hold about you, what we use it for and if the information is shared, who it will be shared with, which we do through this privacy notice.
  • The right of access –for details about how to access the data we hold on you, please contact  uhdb.DerbyCTSU@nhs.net.
  • The right to rectification–this is your right to have your personal data rectified if it is inaccurate or incomplete. If you believe that the information recorded about you is incorrect, you will need to tell us so that we are able to contact the person who entered the information.  We will correct factual mistakes and provide you with a copy of the corrected information.
  • The right to erasure –this is also known as your ‘right to be forgotten’, where there is no compelling reason to continue processing your data in relation to the purpose for which it was originally collected or processed.
  • The right to restrict processing –this is your right to block or suppress the processing of your personal data.
  • The right to data portability –this is your right to obtain and re-use any information you have provided to us as part of an automated process. 
  • The right to object –this is your right to object to us processing your data because of your particular situation. 
  • Rights in relation to automated decision making and profiling –GDPR provides safeguards for individuals against the risk that a potentially damaging decision is taken without human intervention.


If you no longer wish to hear from us

If you no longer wish to receive emails from us, please contact  uhdb.DerbyCTSU@nhs.net and we will remove you from our mailing list.