Privacy policy and notice

Privacy Policy (website)

Health and Social Care (HSC) organisations respect the security and privacy concerns of users of this and all its websites. Public Health Agency (PHA) is notified under the Data Protection Act 2018 and UK GDPR and we confirm that we will comply with the Data Protection Act in all our dealings with your personal data. The purpose of this privacy policy is to inform you of the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. By using the website you agree to and accept the terms of this privacy policy.

As a general rule, no personal information (ie name, address, telephone number, e-mail address) is automatically collected from users of this website. 

The information that we hold on organisations and service providers is provided to us by them. It should only contain organisational information, personal information should not be included.  

There may be circumstances in which users voluntarily supply such information, for example when providing feedback on how useful a page was. We would ask you not to. In any event such information will be kept secure and confidential and will be used only for those purposes made known to you at the time the information is collected, or for the purposes specified in this privacy policy.

We use the information provided by you to see what is most effective about our websites and to help us identify ways to improve it and make it more effective.

We do not share data with other organisations unless the law permits us to do so. We will share personal information only with our authorised data processors who must at all times act on PHA’s instructions as the Data Controller under the Data Protection Act. Before you submit any information, we will notify you as to why we are asking for specific information and it is up to you whether to provide it.

Our website uses cookies to distinguish you from other users of our website. This helps us to provide you with a good experience when you browse our website and also allows us to improve our site. For detailed information on the cookies we use and the purposes for which we use them, see our cookie policy.

Any other websites that our website links to are third party sites and we have no control over the way these sites use your information. If you choose to access these sites via the links provided, you should read their privacy policies to ascertain what information they may collect from you and how they may use it in accordance with their privacy policies.

Privacy policy (PHA)

This privacy notice provides a broad description of the way the Public Health Agency (PHA) processes your personal information. To understand how your own personal information is processed, you may need to refer to any personal communications you have received, or contact us directly.

Why are you processing my personal information?

Primarily, we collect data for administration purposes and for the commissioning, delivery and improvement of HSC services in line with legislation, research and governance requirements.

Reasons we process your information may include:

  • for quality assurance and screening purposes;
  • surveillance - to identify trends in illness/disease outbreak and to prevent/control spread;
  • analysis – for health research, health protection and health promotion and for reports and the production of official statistics;
  • to allow analysis of trends in service usage by specific groups;
  • to involve service users and carers in the planning of services;
  • for official communication and publicity purposes;
  • to provide advice to patients, clinicians and other HSC professionals;
  • to contribute to service specifications;
  • for contract monitoring and the administration, selection and evaluation of research projects and funding/grant applications.
Processing requirements

To be able to process your personal information we must have a lawful basis for doing so and at least one of the following must apply:

  1. Consent – an individual must give clear consent for us to process their personal data and then only for a specific purpose.
  2. Contract – the processing is necessary for a contract we have with an individual, or because we have asked the individual to take specific steps before entering into a contract.
  3. Legal obligation – processing is necessary to comply with the law.
  4. Vital interests – processing is necessary to protect someone’s life.
  5. Public task – processing is necessary for us to perform a task in the public interest or for our official functions and the task or function has a clear basis in law.

Processing within the Public Health Agency is likely to fall under 2, 3 or 5 above.

Do I need to give my consent?

Whilst the majority of our data is obtained on a lawful basis as outlined above, we may, occasionally, request your consent in writing when collecting data for your direct care, for media purposes or for research purposes.

You may contact us at any time to withdraw your consent or to ask that your personal data be deleted. Please see contact details below.

Information may be shared without your consent when required by law, to protect the public from serious harm or for the monitoring of certain health conditions.

What information is collected?

We only collect the information we need to. This may include your name, address, date of birth, contact details, demographics and some equality data, as well as images/photos and voice recordings.

We may also collect health related/medical data including diagnostic information as well as financial and contractual information as part of our grant/funding awards service.

Where do you get my personal data from?

Much of the personal data we use will be obtained directly from you. We also receive data from parents, carers, healthcare professionals and other health service organisations, such as hospitals, GPs and pharmacies.

We gather some personal information from surveys, consultations, funding/grant/tender applications and performance monitoring reports.

This can include information you provide in person, on an official form (online or in paper form) or by telephone.

Do you share my personal data with anyone else?

Yes. To help us provide the best care or service for you, we may need to share your information with other healthcare bodies and professionals, including GPs and hospitals, for the purposes of health protection. Personal information may also be shared with Public Health England for the purposes of national disease surveillance.

Sometimes, we may share some information with external organisations such as universities, auditors and survey/research organisations etc. As far as possible, information collected for research or to help identify trends in disease will be used in a way that does not identify you personally.

Extracts of information may also appear on our corporate website or in press documents, with your consent.

Do you transfer my personal data to other countries?

Only in exceptional circumstances, eg where information needs to be shared with public health agencies outside the UK for the purposes of disease surveillance and to protect the health of individuals and others potentially affected by an outbreak.

Any transfers will be made in full compliance with GDPR and only when we have a legitimate basis for doing so.

How long do you keep my personal data?

We will only retain your data for as long as necessary, in line with our Retention and Disposal Schedule and specific guidance issued by the Department of Health in Northern Ireland. 

What rights do I have?
  • You have the right to obtain confirmation that your data is being processed, and access to your personal data.
  • You are entitled to have personal data rectified if it is inaccurate or incomplete.
  • You have a right to have personal data erased and to prevent processing, in specific circumstances.
  • You have the right to ‘block’ or suppress processing of personal data, in specific circumstances.
  • You have the right to data portability, in specific circumstances.
  • You have the right to object to the processing, in specific circumstances.
  • You have rights in relation to automated decision making and profiling.
How do I complain if I am not happy?

If you are unhappy with any aspect of this privacy policy, or with how your personal information is being processed, please contact the Data Protection Officer
at the following address:-

Data Protection Officer:
Name: Mr Stephen Murray
Address: Public Health Agency, 12-22 Linenhall Street, Belfast BT2 8BS
Telephone: 028 9536 3534
Email: [email protected]

If you are still not happy, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO):

Information Commissioner’s Office
Wycliffe House Water Lane Wilmslow Cheshire SK9 5AF
Tel: 0303 123 1113
Email: [email protected]
https://ico.org.uk/global/contact-us/
https://ico.org.uk/concerns/handling/