Privacy Policy

This Privacy Policy describes the policies of Cornwall Ambulance Service and how we use your data.

Please feel free to get in touch with us if you need any further information.

Privacy Policy

Privacy Privacy Policy

Privacy Notice – Patients

Why we create and hold records about you

We keep records about the care and treatment you receive from Cornwall Ambulance Service . This helps to ensure you get the best possible care from us and that your information is available if you see another health care professional such as a doctor.

Only those with a legitimate reason to do so will view your information to:

  • Make sure the care we offer meets patients needs
  • Manage our activity and the demand on our services
  • To monitor how we spend money
  • To plan and manage the services we provide
  • To manage service demand
  • To teach and train all our employees
  • To audit and manage functions for financial accounting and reporting functions
  • To support any investigation in accordance with our contractual obligations

What information do we hold?

Examples of the types of personal data that we may hold about you are:

  • Your name, address, date of birth, hospital number
  • Your contact information i.e. telephone number
  • Details of your next of kin / representative
  • Details of your diagnosis and treatment
  • Your medications / drug usage
  • Any allergies you may have
  • Your physical or mental health conditions
  • Your racial or ethnic origin
  • Your religious or other beliefs of a similar nature
  • Any offences, criminal proceedings, outcomes and sentences you may have
  • Your family, lifestyle and social circumstances
  • Your employment details

What types of records do we have?

  • Patient records - paper and / or electronic
  • Details of attendance to you
  • Details of service / care we have provided to you

Where has my information come from / who do we share data with?

We may get personal information from, or share it with the following organisations for the purposes of delivering, or improving the care we provide, or where there is a legal or authoritative requirement for us to do so:

  • Clinical commissioning groups
  • Health authorities such as NHS England
  • Other NHS Trusts General practitioners (GPs)
  • Ambulance Trusts
  • Other NHS agencies such as community care agencies or clinics
  • Social services
  • Education services
  • Fire services
  • HM Coroners
  • Local Authorities such as County Councils
  • Police Forces
  • Search and Rescue services
  • Prison Services
  • Legal representatives
  • DVLA
  • Regulatory Bodies such as the Care Quality Commission (CQC)
  • Professional Bodies such as Nursing & Midwifery Council (NMC), General Medical Council (GMC), Health & Care Professions Council (HCPC), Health and Safety Executive (HSE)
  • Department for Work & Pensions
  • Contractual partners
  • Voluntary Sector providers and private sector providers

We may share information with the Police or DVLA for example where we have concerns over the safety of you, another person / other people, or the general public.

Automated decision making

We do not rely on any automated decision making systems or processes.

Sharing information

When we share information about you with others, we always do this in the best interests of you, the patient. We only share information that is strictly necessary. Where possible, we will not share your name or personal details about you. For other reasons, such as potential media coverage or for our own publications (unless there is a really clear, overriding public interest), we will ask for your agreement before sharing information about you.

What authority do we have to share information?

We, with the following organisations, may share personal data for the purposes of delivering or improving healthcare or where there is a legal or authoritative requirement for us to do so. This table explains the laws we have to follow when we share your information with other public authorities and organisations:

Type of sharingLawful BasisLegislation / authority
Financial Information e.g. pensions, payroll etc.ContractualGeneral Data Protection Regulation – Section 6 (1)(b) & Section 9 (2)(b)
Professional Registration e.g. HCPCLawful basis of public interest or Contractual.General Data Protection Regulation – Section 6 (1)(e) & Section 9 (2)(h)
Pursuit / Defense of Legal ClaimsNecessary for the establishment, exercise or defence of legal claimsGeneral Data Protection Regulation – Section 6 (1)(c) & Section 9 (2)(f)
Prevention and Detection of CrimeLawful basis of legislationGeneral Data Protection Regulation – Section 6 (1)(c) & Section 9 (2)(g). Data Protection Act 2018
InquestsLawful basis of legislationCoroners and Justice Act 2009
Statutory Returns e.g workforce, ethnicity etc. disability,Public InterestGeneral Data Protection Regulation – Section 6 (1)(e) & Section 9 (2)(b)
Recruitment (current and prospective)ContractualGeneral Data Protection Regulation – Section 6 (1)(b) & Section 9 (2)(b)

Any sharing of information is bound by the Common Law Duty of Confidentiality.

How long do we keep your records?

We retain records in accordance with our retention and disposal schedule. Once we no longer have a legal requirement to retain your personal information, it will be securely destroyed. Where this is not possible (i.e. due to technical limitations), your records will be ‘put beyond use’ in accordance with the Information Commissioners Office guidance, and will be inaccessible unless we are served with a Court Order.

How do we keep your data safe and secure?

Information is only shared on a need to know basis supported by legislation and/or appropriate authority. Your information is kept safe via the use of secure IT systems and suitable record management processes.

How to obtain a copy of my personal data and find out about my individual rights?

A request for a copy of your personal records can be made in writing to:

The Data Protection Officer Gloweth House Unit 10, Great Brynn Barton Roche, Cornwall PL26 8LH

How do I withdraw my consent?

Where we rely on your consent to perform a function then you will have the opportunity to withdraw your consent. However, we will not be able to withdraw your consent where the process forms a key part of any medical assessment or intervention performed by Cornwall Ambulance Service. If you do decide to withdraw or withhold personal information, we will clearly highlight and explain any consequences of doing so. To withdraw your consent please contact us clearly stating what information about you that you do not want us to use.

Raising a concern / providing feedback

Details of how to raise a complaint, concern, comment or provide feedback is available on our website or alternatively you can email us directly at feedback@cornwallambulanceservice.org If you are unhappy with how we have handled your information, you can contact the

Information Commissioner at: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF Tel: 01625 545 700 Web: https://ico.org.uk/

Records amendment and deletion

Under certain circumstances you have the right to the amendment or deletion of records held by Cornwall Ambulance Service about you. Requests for employee records, amendment, or deletion requests should be made in writing to:

The Data Protection Officer Gloweth House Unit 10, Great Brynn Barton Roche, Cornwall PL26 8LH

Data Protection Officer

The Data Protection Officer for Cornwall Ambulance Service is Steve Small and he can be contacted by writing to them at the following address:

Gloweth House Unit 10, Great Brynn Barton Roche, Cornwall PL26 8LH

We hope this information is clear, but if you have any questions about how we use your personal information, please contact Penny England via email: penny.england@cornwallambulanceservice.org