Read our privacy notice below to find out how we’ll use and protect your personal information. We will only process your personal information or your child’s personal information in compliance with Data Protection Legislation.
Where possible, your or your child’s test results will be added to your medical record. Only your or your child’s GP and other authorised NHS staff, Public Health England, NHS Test and Trace staff and the local Health Protection Team can access your or your child’s test results. No-one else will be able to see your or your child’s personal test results.
The Department of Health and Social Care (DHSC) has commissioned the piloting of a coronavirus (COVID-19) testing programme (‘the Programme’) in Southampton.
This Privacy Notice explains how personal data (information about you or your child) collected as part of this Programme will be processed (collected, stored, used, and destroyed).
At different points in the process, organisations have been commissioned to process your or your child’s personal data and may therefore have Data Controller status for the purposes of Data Protection legislation in deciding what information is required and how it needs to be used to deliver the Programme.
Each organisation will require a different level of information about you or your child, but all will use the minimum necessary to do what they are required to deliver their part of the Programme.
Data Controllers for the Programme responsible for looking after your or your child’s personal data and using it properly to deliver the Programme are:
We collect the data you provide us with when you have:
The details we may collect and process for you are:
Your details will be used to:
Your data will be stored within the United Kingdom.
We have legal duties to keep information about you confidential. Strict rules apply to keep your information safe and comply with Data Protection Act 2018, the EU General Data Protection Regulation (GDPR) and organisational Data Protection policies.
The NHS database used to store your personal data linked with your health data is held securely on NHS servers and access to this information is tightly governed, in line with Data Protection requirements.
The information processed by the NHS is kept for as long as it is required to provide you with direct care and to support NHS initiatives to fight COVID-19. Information held for direct care purposes are stored in line with the Records Management Code of Practice for Health and Social Care 2016. This means such information will be held for up to 8 years before it is deleted. Any personal data gathered as part of this Programme for other purposes will be deleted at the end of the Programme.
By law, you have a number of rights as a data subject and this testing programme does not take away or reduce these rights.
You have the right to contact the Data Controllers to ask for the following:
Data protection law requires us to have a valid legal reason (‘lawful basis’) to process and use your Personal data.
The NHS’s lawful basis for processing your personal data are:
Other organisations involved in processing your data are doing so with an agreement in place with DHSC or the University of Southampton to provide that service, or with a lawful basis of their own.
The University’s lawful basis for processing your personal data for operational delivery of the Programme is legitimate interests.
The Schools (Mount Pleasant Junior (including students/staff based here who are registered at Springwell School), Maytree Infant, Swaythling Primary and Cantell School – all members of the Aspire Trust) lawful basis for processing your and your child’s personal data is GDPR Article 6(1)(e) – the processing is necessary for the performance of a task carried out in the public interest.
If you would like to raise a complaint about how your personal data is used as part of the Programme, you can phone the Enquiries team at: 0808 1962 282. Depending on your query, it will be forwarded to the relevant Data Controller to resolve your issue.
Please contact each Data Controller if you want to know more about their lawful bases for processing your personal data for their role in delivering the Programme. Links to each Data Controller’s privacy policy are below, which contain contact details for their Data Protection Officer.
Queries for the University of Southampton can also be sent direct to data.protection@soton.ac.uk. More details and the University’s Data Protection Policy can be found at: https://www.southampton.ac.uk/legalservices/what-we-do/data-protection-and-foi.page.
Queries for Southampton City Council can be sent directly to dataprotection@southampton.gov.uk. More details and the Council’s Data Protection Policy can be found at www.southampton.gov.uk/privacy.
Queries for the Schools can be sent to the Chair of the Aspire Trust head@cantell.co.uk.
You may also complain to the Information Commissioner’s Office (ICO) if you believe that your personal data is handled in a way that is not lawful. See its website at ico.org.uk.