[Skip to Content]
Wirral University Hospital NHS Foundation Trust

How We Use Your Information

We aim to provide you with the highest quality care. To do this we must keep records about you and the care we provide for you. Under data protection legislation, all organisations which handle personal data must comply with a number of important principles regarding the privacy and disclosure of this data.

Everyone working for the NHS is subject to the common law duty of confidentiality.  Data provided in confidence will only be used for the purposes advised and consented to, unless it is required or permitted by the law.

Our staff are trained to handle your data securely and correctly and protect your privacy. We believe that the lawful and correct treatment of personal data is critical to our successful operation, and to maintaining your confidence in us.  

Protecting Your Data

Wirral University Teaching Hospital NHS Foundation Trust is registered as a Data Controller with the Information Commissioner's Office (registration number: Z1092834). Our correspondence address is:

Wirral University Teaching Hospital NHS Foundation Trust

Arrowe Park Hospital

Arrowe Park Road



CH49 5PE

We have a Senior Information Risk Owner (SIRO) who is accountable for overseeing the management of all data assets and any associated risks and incidents. We have a Caldicott Guardian who is responsible for overseeing the management of patient data and patient confidentiality. We also have a Data Protection Officer (DPO) to inform and advise the Trust on data protection obligations and to assist in monitoring internal compliance.  The DPO can be contacted here: wih-tr.IGTeam@nhs.net.

The Legal Basis for Processing Your Data

The legal basis for processing data for care purposes is that the NHS is an official authority with a public duty to care for its patients, as guided by the Department of Health. Data protection law says it is appropriate to do so for health and social care treatment of patients and the management of health or social care systems and services.

Other bases for sharing your data may be reasons of public interest in the area of public health, for reasons of substantial public interest, in order to protect the vital interests of an individual or for the establishment, exercise or defense of legal claims. In certain circumstances we may ask for your consent.

Who We Share Your Data With

Where lawful and necessary we will share appropriate, relevant and proportionate personal data with the following:

  • Healthcare providers, education services, local council, social care providers and voluntary/third sector organisations who are directly involved in your care.
  • We will also need to supply your data to organisations we have contracted to provide a service. We will only ever share your data if we are satisfied that our partners or suppliers have sufficient measures in place to protect your data in the same way that we do.
  • Auditors, regulatory and monitoring bodies such as the General Medical Council and the Care Quality Commission.
  • Legal claims and complaints.

We are also a research active Trust and data may be processed for approved scientific research purposes. There is the possibility that your records may be looked at by a Research Nurse or Research administrator, who is not involved in your direct care, so we can see if you are eligible to be invited to participate in approved research projects being run in the Trust that may be relevant to you. In most instances we will only use anonymised or pseudonymised data so that you cannot be identified. If this is not possible, we will ask for your consent to use your personal data and you have the right to ask us not to use it in this way. Please be assured if you do not want to take part in research this will not affect your care in any way.

A number of statistical analytical exercises may be carried out on the data we hold in order to monitor our performance and to improve our service. These statistics may be published or shared with other organisations however no one can be identified from the data.

Please note that if you provide us with your mobile phone number then we may use this to send you reminders about your appointments, to contact you about our waiting lists and to ask you for feedback about our service. We may also use your contact details for discussing the way our services have been accessed. Please let us know if you do not wish your data to be used in these ways.

If you do not want your data to be used for any purpose beyond providing your care you can choose to opt out. Just let us know and we will respect your decision not to use your personal data for any purpose other than your care. Please note that in some circumstances we may be legally required to share your data (for example, to prevent a serious crime or prevent harm to you or others, to register births, report some infectious diseases and act on court orders).

National Data Opt-Out

The national data opt-out was introduced on 25 May 2018, enabling patients to opt out from the use of their data for research or planning purposes, in line with the recommendations of the National Data Guardian’s review of Data Security, Consent and Opt-Outs.

Whenever you use a health or care service, such as attending Accident and Emergency or using Community Care services, important information about you is collected in a patient record for that service. Collecting this information helps to ensure you get the best possible care and treatment.

The information collected about you when you use these services can also be used and provided to other organisations for purposes beyond your individual care, for instance to help with:

  • Improving the quality and standards of care provided
  • Research into the development of new treatments
  • Preventing illness and diseases
  • Monitoring safety
  • Planning services

This may only take place when there is a clear legal basis to use this information. All these uses help to provide better health and care for you, your family and future generations. Confidential patient information about your health and care is only used like this where allowed by law.

Most of the time, anonymised data is used for research and planning so that you cannot be identified in which case your confidential patient information isn’t needed.

You have a choice about whether you want your confidential patient information to be used in this way. If you are happy with this use of information you do not need to do anything. If you do choose to opt out your confidential patient information will still be used to support your individual care.

To find out more or if you would like to view or change your national data opt-out choice at any time, you can visit: www.nhs.uk/your-nhs-data-matters. If you do choose to opt out you can still consent to your data being used for specific purposes.

Accessing our Patient Portal services using your NHS login details

Our Trust provides access to the Patient Portal which you can register for to access your health records, clinic letters and view your appointments from your personal devises or computer.

Please note that if you access our service using your NHS login details, the identity verification services are managed by NHS England. NHS England is the controller for any personal information you provided to NHS England to get an NHS login account and verify your identity and uses that personal information solely for that single purpose. For this personal information, our role is a “processor” only and we must act under the instructions provided by NHS England (as the “controller”) when verifying your identity. To see NHS England’s Privacy Notice and Terms and Conditions, please here. This restriction does not apply to the personal information you provide to us separately.

Your Rights

Data protection law gives you certain rights in respect of the personal data that we hold about you including:

  • To be informed why, where and how we use your data.
  • To ask for data to be updated if inaccurate or incomplete.
  • To ask us to restrict the use of your data.
  • To object to how your data is used.

Requesting Data

You also have the right to request a copy of the personal data that we hold about you.  If you wish to access this data please write to:

Information Governance/Records Manager

Access to Information Department

Wirral University Teaching Hospital NHS Foundation Trust

Arrowe Park Hospital

Arrowe Park Road



CH49 5PE


This will be provided free of charge. However, we may charge a reasonable fee for repetitive, unfounded or excessive requests or additional copies.

Freedom of Information Act 2000 (FOI)

The FOI Act allows the public to request general corporate information which the Trust holds such as policies or minutes of meetings.

Transfer Outside of the United Kingdom

If we ever need to transfer your information outside of the United Kingdom we would always take the appropriate security measures to ensure your privacy rights continue to be protected as outlined in this notice.

Data Retention

Records are maintained in line with the ‘Records Management Code of Practice for Health and Social Care’ retention schedule which determines the length of time records should be kept.

If you have any concerns about how your data is handled please contact the Information Governance Team at wih-tr.IGTeam@nhs.net  or write to the Data Protection Officer at the postal address above and we will investigate this for you. If you are unhappy with the outcome you can contact the Information Commissioner’s Office (ICO) who can investigate compliance with data protection law. Further details can be found here https://ico.org.uk/

We regularly review and, where necessary, update our privacy information.

If you require any further information or an explanation of the privacy notice please contact the Information Governance Team at wih-tr.IGTeam@nhs.net or on 0151 334 4000.


Additional Documents

WUTH Patient Privacy Notice, Modified: 18/03/2024 4:11PM | Download: WUTH Patient Privacy Notice