A privacy notice is a statement of how Benenden Hospital Trust collects, uses, retains and discloses your personal information. Personal information is information that identifies you and is about you.
To ensure that we process your personal data fairly and lawfully we are required to inform you:
The law determines how organisations can use personal information. The key laws are: the Data Protection Act, EU General Data Protection Regulation, the Human Rights Act, relevant health service legislation, and the common law duty of confidentiality.
Within these pages we describe instances where Benenden Hospital Trust is the “Data Controller” (the organisation who decides what data we collect and how it is used), and where we direct or commission the processing of patient data to help deliver better healthcare, or to assist the management of healthcare services.
Benenden Hospital Trust recognises the importance of protecting personal and confidential information in all that we do, all we direct or commission, and takes care to meet its legal duties.
This notice applies to Patients, Visitors, Staff Members, Clinicians, Consultants, Contractors, Vendors and Suppliers to Benenden Hospital. Benenden Health Society Members please note for clarification this notice applies to Benenden Hospital Trust and not The Benenden Healthcare Society Limited, who will issue a separate notice.
This privacy notice is effective from 11 September 2020
Link to Supplementary COVID-19 Privacy Notice
We only collect and use your personal information where at least one of the legal basis applies and for the lawful purposes of administering the business of Benenden Hospital Trust. The legal basis are as follows;
The table below shows the purposes and the associated legal basis under which we process your personal data;
Purpose of processing |
Legal basis for processing |
Accounting and Auditing |
In compliance with a legal obligation and legitimate interest |
Accounts and Records |
In compliance with a legal obligation and legitimate interest |
Advertising and Public Relations |
Under consent and legitimate interest |
Consultancy and Advisory Services |
In performance of a contract and legitimate interest |
Crime Prevention and Prosecution of Offenders |
In compliance with a legal obligation |
Education |
Under a legitimate interest |
Healthcare Administration and Services |
In performance of a contract and legitimate interest |
Information and Databank Administration |
In performance of a contract and legitimate interest |
Research |
Under consent and legitimate interest |
Sharing and matching of personal information for national fraud initiative |
In compliance with a legal obligation |
Employment and Staff administration |
In compliance with a legal obligation and legitimate interest |
We process personal information to enable us to support the provision of healthcare services to patients, maintain
our own accounts, promote our services and to support and manage our employees. We also process personal
information about healthcare professionals that deliver services within Benenden Hospital Trust.
The types of personal information we use include:
We also process special category of information for patients, staff and consultants, that may include:
Your information is used to run and improve Benenden Hospital Trust. In respect of our patients, their data may be used to:
We may keep your information in a written form or on a computer. Whenever possible all information that identifies you will be removed.
For our staff, contractors, consultants, clinical agency staff, vendors and suppliers personal data may be used to:
Benenden Hospital Trust is the data controller for the Compucare Patient Administration System (APAS) system. This system holds personal details of all patients that have been either referred by Benenden Health Society, referred by a GP via the NHS e-Referrals system or as a private patient that has attended and subsequently discharged.
The information held on this system is used primarily for the purpose of administering healthcare services, it may however be used for other non-health related purposes and shared with statutory bodies/organisations to enable them to fulfil their statutory obligations. ‘Non-health related purposes’ relate to processing such as contracted reporting to the Private Hospitals Information Network (PHIN) using pseudonymised data which allows patients to make informed choices of where they may want accept treatment. We may also use the information within the administration system for statistical analysis to see how the hospital itself is performing with respect to business targets and objectives.
The information will only be shared with other organisations where there is a statutory obligation to do so, or with the agreement of the Benenden Hospital Trust, Caldicott Guardian and the Data Protection Officer. A Caldicott Guardian is a senior person responsible for protecting the confidentiality of patient and service user information and enabling appropriate information-sharing.
We may disclose your personal information for a number of reasons (to the extent necessary). This can be due to:
In fulfilling our obligation to provide healthcare services we may share your data with the following organisations:
Benenden Hospital fully complies with the NHS National Data Opt-out policy. National Data opt-out allows NHS Patients to opt-out of their personal sensitive data to be processed (used) for purposes beyond their direct care, namely research.
We may from time to time be required to share your information with other service providers who are outside of UK and the EU. The sharing of your information with these providers is necessary in order to provide the necessary medical device or service. The transfer of personal data internationally will be conducted with the appropriate legal mechanisms in place.
We will keep your personal information in accordance with our Retention Policy and for as long as is lawfully necessary to conduct our business with you, and/ or in accordance with our legal obligations for data retention.
If you are treated at this hospital, we will create an adult patient health record for you. This Patient health record is kept for 8 years following the last treatment provided.
If you make a query via the hospital website, we ask for your name, email address and if you are a member of Benenden Healthcare Society. We will retain this information for a period of no longer than 1 year. It will be kept for this period in case of any further enquiries and/or complaints.
You have the following rights in relation to the personal data that we hold on you:
To enquire about or exercise any of your rights please contact us using the details provided below.
Providing Benenden Hospital Trust with your personal data helps us to fulfil our contract to provide you with relevant healthcare services. When providing our services, we will have entered into a contractual agreement with either Benenden Health, the NHS, Health Insurance Providers or directly with you.
Failure to provide Benenden Hospital Trust with your personal data may impact on the level of healthcare we can provide, it may even result in non-acceptance for healthcare treatment at Benenden Hospital Trust.
For staff, consultants, contractors, vendors and suppliers the restriction on processing of personal data may impact any contractual agreements in place between either party, that may result in failure to meet the contractual obligation.
Benenden Hospital Trust is a ‘data controller’ under the DPA. Our registration Number is: Z729839X. We have notified the Information Commissioner’s Office that we process personal data and the details are publicly available from the:
Information Commissioner’s Office
Wycliffe House
Water Lane,
Wilmslow.
SK9 5AF
We keep our privacy notice under regular review and we will place any updates on the Benenden Hospital webpage.
In the first instance, you should contact the Data Protection Officer on the details below:
Data Protection Officer
Telephone: 01580 857 469
Email: dataprotectionofficer@benenden.org.uk
Post: Benenden Hospital Trust, Goddard's Green Road, Benenden, Cranbrook, Kent TN17 4AX.
Our office opening hours are: 9am to 5pm Monday to Friday.
You may also refer any complaints directly to the ICO on the contact details provided above.