Privacy Policy

Printer-friendly versionPrinter-friendly version

North West Anglia NHS Foundation Trust [the Trust] has a legal obligation to comply with all appropriate legislation in respect of data, information and data security. It also has a duty to comply with guidance issued by the Department of Health, the Information Commissioner, other advisory groups to the NHS and guidance issued by professional bodies.


The pathology laboratory is governed by the Trust’s New General Data Protection Regulation (GDPR) and Data Protection Act 2018 and Confidentiality Policy which sets out how the organisation will meet its legal obligations and NHS requirements concerning confidentiality and information security standards.

The requirements within the Policy are primarily based upon the New General Data Protection Regulation (GDPR) and Data Protection Act 2018 as this is the key piece of legislation covering security and confidentiality of personal information. Data protection principles under the GDPR.

Data protection principles underpin the new General Data Protection Regulation (GDPR). These principles set out obligations for businesses and organisations that collect, process and store individuals' personal data.

Six principles for processing of personal data

 The GDPR outlines six data protection principles you must comply with when processing personal data. These principles relate to:

  •  Lawfulness, fairness and transparency - you must process personal data lawfully, fairly and in a transparent manner in relation to the data subject.
  • Purpose limitation - you must only collect personal data for a specific, explicit and legitimate purpose. You must clearly state what this purpose is, and only collect data for as long as necessary to complete that purpose.
  • Data minimisation - you must ensure that personal data you process is adequate, relevant and limited to what is necessary in relation to your processing purpose.
  • Accuracy - you must take every reasonable step to update or remove data that is inaccurate or incomplete. Individuals have the right to request that you erase or rectify erroneous data that relates to them, and you must do so within a month.
  • Storage limitation - You must delete personal data when you no longer need it. The timescales in most cases aren't set. They will depend on your business’ circumstances and the reasons why you collect this data.
  • Integrity and confidentiality - You must keep personal data safe and protected against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.


Accountability principle under the GDPR

Accountability is a new principle under the General Data Protection Regulation. It focuses on two key elements:

  • your responsibility to comply with the GDPR
  • your ability to demonstrate compliance

How we deal with Internet Cookies

We use cookies on this website to provide you with a better user experience. We do this by placing a small text file on your device / computer hard drive to track how you use the website, to record or log whether you have seen particular messages that we display, to keep you logged into the website where applicable, to display relevant adverts or content, referred you to a third party website.

Some cookies are required to enjoy and use the full functionality of this website.

We use a cookie control system which allows you to accept the use of cookies, and control which cookies are saved to your device / computer. Some cookies will be saved for specific time periods, where others may last indefinitely. Your web browser should provide you with the controls to manage and delete cookies from your device, please see your web browser options.

 Cookies that we use are;

 Cookie 1 "Drupal session"

 The purpose of this cookie is it enables us to:

  •  Recognise you when you return to our site.
  •  Allow you to use our site in a way that makes your browsing experience more convenient, for example, if you register with us or complete our online forms, we will use cookies to remember your details during your current visit, and any future visits provided the cookie was not deleted in the interim.

 Cookie 2 "has js"

 The purpose of this cookie is it is essential for our site to:

  •  Check whether your browser has JavaScript enabled.

 Cookie 3 "utma, utmb, umtc and utmz (also known as Google Analytics)"

 The purpose of this cookie is it enables us to:

  •  Recognise you when you return to our site and track the pages you visit.
  •  Estimate our audience size.
  • Monitor traffic levels and search queries.  Cookies do not harm your computer and do not enable us or any third party to view any information on your computer’s hard drive. You block cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies. 

However, if you use your browser settings to block all cookies (including essential cookies) you may not be able to access all or parts of our site. Except for essential cookies, all cookies will expire after 23 days.


How you can access your records

 If you require any more information about the cookies we use please contact us.

Should you wish to discuss the details of the Data Protection Act 2018 and GDPR and your right to access the information we hold about you on our records. Subject Access Requests must be made in writing to:

North West Anglia Foundation Trust: post to Access Services:  Access Services Team, Department 012, Peterborough City Hospital, Bretton Gate, Peterborough, PE3 9GZ or email

 Hinchingbrooke Hospital: post to Access to Health Records Department, Hinchingbrooke Hospital, Hinchingbrooke Park, Huntingdon, PE29 6NT or email

 Further information is available on the trust website (

    • There is no charge to have a copy of the information held about you.

    • We are required to respond to you within one month. 

    • You will need to provide adequate information [for example full name, address, date of birth, NHS number, etc. so that your identity can be verified and your records located.

    • You will also be asked to provide copies of formal identification.

 If you think any information is inaccurate or incorrect then please let us know.


 Data controller

The Data Controller responsible for keeping your information confidential is: Trust Data Protection Officer c/o Dept 404, North West Anglia NHS Foundation Trust, Bretton Gate, Peterborough, PE3 9GZ Telephone: 01733 678000


 Freedom of Information Act 2000  

If you want to request any information about the organisation, which is not personal information, please write to the Freedom of Information team at our Hinchingbrooke address or email .


 Patient Advice & Liaison Service (PALS)

 The PALS staff is also available to assist patients, carers and members of the public find information about health services, or try to resolve any difficulties they may be experiencing.

 PALS officers have direct access to directors and managers to help to solve queries, along with anonymously feeding back patients’ experiences on a regular basis, which helps to improve services provided or managed by the Trust. They also liaise with colleagues in other organisations, such as social services and the voluntary sector, to ensure patients get the most appropriate and timely help.

 North West Anglia Foundation Trust Helpline: 01733 673405 (with confidential answerphone) Email:

Hinchingbrooke Hospital Helpline: 01480 428694 (with confidential answerphone) Email:

If you require further information on North West Anglia Data Privacy, please visit our website