Privacy notice

Download this page here.

Privacy notice

What we do

In the National Health Service (NHS), we aim to provide you with the highest quality healthcare. To do this we must keep information about you, your health and the care we have provided to you or plan to provide to you. This privacy statement provides a summary of how we use your information.

The Data Protection Act and General Data Protection Regulation controls how your personal information is used by organisations, businesses or the government. Under the Act the Royal Free London NHS Foundation Trust is defined as a ‘data controller’ of personal information. We collect information to help us provide and manage healthcare to our patients. The trust is registered with the Information Commissioners Office (registration number Z6460180).

If you are looking for information about privacy while using our website, please read our terms and conditions.

What kind of personal information does the trust collect?

  • Name, address, date of birth, NHS number and next of kin
  • Details of diagnosis, treatment and hospital visits
  • Allergies and health conditions

The trust also records CCTV images for the prevention and detection of crime.

Why we collect information about you

The people who care for you use your information and records to:

  • provide a good basis for all health decisions made by you and your care professionals
  • allow you to work with those providing care
  • make sure your care is safe and effective
  • work effectively with those providing you with care

Others in the NHS may also need to use records about you to:

  • check the quality of care (called clinical audit)
  • collect data regarding public health matters
  • ensure NHS funding is being allocated appropriately
  • help investigate any concerns or complaints you may have about your health care
  • teach healthcare workers and help with research

Find out how we collect information about how you use our website.

How long do we hold information for?

Records are retained in accordance with national guidance from the Department of Health and Social Care and the Records Management Code of Practice for Health and Social Care 2016. Records including confidential information are securely destroyed in line with this code of practice.

Information sharing with non-NHS organisations

For your benefit we may need to share information from your health records with non-NHS organisations from whom you are also receiving direct care, such as social services or private healthcare organisations. We may also need to share your information, such as blood test results, for direct care processing purposes by a non-NHS organisation under an agreement with the Trust. We will always seek your permission to share your information with organisations for purposes other than your direct care. However, in exceptional situations we may need to share information without your permission if:

  • it is in the public interest – for example, there is a risk of death or serious harm
  • there is a legal need to share it – for example, to protect a child under the Children Act 1989
  • a court order tells us that we must share it
  • there is a legitimate enquiry from the police under the Data Protection Act for information related to a serious crime.

We do not share, send or transfer person identifiable information outside of the European Union. 

For further information please see the 'How we use patient information' page of our website.

What are your rights?

You have the right to withdraw and refuse consent to information sharing at any time, but note that not sharing your information may affect the quality and safety of the care you receive. 

Where information from which you can be identified is held, you also have the right to:

  • request that your information is corrected
  • have your information updated where it is no longer accurate.

For further information please contact the data protection officer or Caldicott Guardian using the details below.

How do I access information recorded about me?

Under the Data Protection Act individuals have a right to access information that is held about them by an organisation. If you have undergone medical treatment at Barnet Hospital, Chase Farm Hospital or the Royal Free Hospital, find out about accessing your health records.

For further information please contact:

Data Protection Officer
Mr Tosh (Subir) Mondal
Royal Free London NHS Foundation Trust
Royal Free Hospital
Pond Street
London, NW3 2QG

Email: smondal@nhs.net
Tel: 020 3758 2000

Caldicott Guardian
Dr Kilian Hynes
Royal Free London NHS Foundation Trust
Barnet Hospital
Wellhouse Lane 
Barnet, EN5 3DJ

Email: kilian.hynes@nhs.net

How do I raise a concern?

To raise a concern with us, please contact the patient advice and liaison service (PALS) at:

Barnet Hospital Chase Farm Hospital Royal Free Hospital

Royal Free London NHS Foundation Trust
Barnet Hospital
Wellhouse Lane
Barnet, EN5 3DJ

Royal Free London NHS Foundation Trust
Barnet Hospital
Wellhouse Lane
Barnet, EN5 3DJ

Royal Free London NHS Foundation Trust
Royal Free Hospital
Pond Street
London, NW3 2QG

Tel: 020 8216 4924
Fax: 020 8216 4697
Emailbcfpals@nhs.net 

Tel: 020 8216 4924
Fax: 020 8216 4697  
Emailbcfpals@nhs.net 
Tel: 020 7472 6446/6447; (020 7472 6445 - 24 hour answer phone)
Fax: 020 7472 6463
SMS: 447860023323 (Deaf, hard of hearing and hearing impaired patients only)
Emailrf.pals@nhs.net


You can also contact the Information Commissioner’s Office, the UK's independent body set up to uphold information rights. 

Information Commissioner’s Office 
Wycliffe House
Water Lane
Wilmslow, Cheshire
SK9 5AF

Website: https://ico.org.uk/for-the-public/ 
Helpline: 0303 123 1113 (local rate) or 01625 545 745