Privacy Policy

The iconic clocktower at Medway Maritime Hospital with the sky behind it

Privacy Notice – Visitors

Medway Foundation Trust is committed to protecting your personal information.

Please see our cookie policy, which details how this website collects, stores, and uses (processes) your data.

Please see our separate privacy notices that provide detail on how the Trust processes the personal data of patients, children, carers and staff.

How we keep your information safe and secure

The Trust takes the protection of your personal information seriously.

All our staff are trained annually on data protection, including the steps needed to keep patient information safe and secure, including restricting access to information on a ‘need to know’ basis.

We use technical security measures (such as data encryption) in combination with strong passwords and physical measures to prevent unauthorised access to information. We also employ other tools to guard our network and the devices on the network such as Anti-Malware software.

Use of CCTV (including body-worn cameras) and lone-worker protection solutions

The Trust has CCTV deployed around the site to manage and investigate the following circumstances:

  • alleged security incidents, theft, assault or baby abduction on Trust premises
  • staff, visitor and patient safety
  • investigation of traffic incidents or congestion on the Trust site
  • supporting the management of a fire or major incident alert
  • the security of Trust premises
  • investigation of persons acting suspiciously on Trust premises.

CCTV images are retained for 28 days only.

Images are only viewed by Trust personnel, but images may be shared with the police where necessary to aid the investigation or prosecution of criminal activities within Trust grounds and premises.

Body-worn cameras

Traffic enforcement officers and security personnel wear body-worn cameras that record both sound and images. Before cameras are activated, staff will formally advise the Trust that they are going to do so. Images and sound will be used in the prevention and de-escalation of security incidents; patient, visitor and staff safety; traffic and parking enforcement; and the investigation of persons acting suspiciously on the Trust’s premises.

Images and sound recording from body-worn cameras are retained for 28 days only.

Lone-worker protection solutions

The Trust values the safety and security of its staff, especially where staff may visit patients by themselves at a patient’s home. For their safety and security the Trust uses Reliance Protect lone worker solution which when triggered, will relay live conversation and the GPS location of our staff to the Reliance Customer Support Team in order to ensure their safety as quickly as possible.

How long do we keep your information for?

The time we keep information for can vary depending on treatment and the type of record. The general rule is we keep adult patient records for 8 years after a patient is discharged, but this time can be extended for up to 30 years e.g. for a cancer diagnosis, in which case we will keep the record for 30 years from the date of diagnosis in accordance with national standards.

The Trust follows the NHS Records Retention Code of Practice and has Record Management procedures for Corporate and Clinical Information which are available upon request.

Kent, Medway and Sussex Secure Data Environment for research

Medway NHS Foundation Trust is a programme partner for the Kent, Medway and Sussex Secure Data Environment for research. This is a trusted environment for researchers to access non-identifiable health and care data safely and securely.

Visitors to our website

When someone visits www.medway.nhs.uk we use a third-party service, Google Analytics, to collect standard internet log information and details of visitor behaviour patterns. We do this to find out things such as the number of visitors to various parts of our site. This information is only processed in a way which does not identify anyone. We do not make, and do not allow Google to make, any attempt to find out the identity of those visiting our website. If we do want to collect personal data through our website, we will notify you about this before we do. We will make it clear when we collect personal information and will explain what we intend to do with it.

Use of cookies

You can read more about how we use cookies on our cookies page.

Search engine

Our website search function is powered by Wordpress. Search queries and results are logged anonymously to help us improve our website and search functionality. No user-specific data is collected by either the Trust or any third party.

Calling us via our switchboard

When you call the Trust switchboard on 01634 830000 the number, time and date of your call may be recorded – call content is not recorded.

People who email us

Any email sent to us including any attachments may be monitored and used by us for reasons of security and for monitoring compliance with office policy. Email monitoring or blocking software may also be used. Please be aware that you have a responsibility to ensure that any email you send to us complies with all relevant laws.

People who make a complaint to us

When we receive a complaint from a person, we make up a file containing the details of the complaint. This normally contains the identity of the complainant and any other individuals involved in the complaint.

We will only use the personal information we collect to process the complaint and to check the level of service we provided. We will keep personal information contained in complaint files in line with our retention policy. This means that information relating to a complaint will be retained for ten years from closure. It will be retained in a secure environment and access to it will be restricted on a ‘need to know’ principle.

Job applicants

If you apply to work at the Trust, we will only use the information you supply to us to process your application and to monitor recruitment statistics. Where we want to disclose information to a third party, for example where we want to take up a reference or obtain a ‘disclosure’ from the Disclosure and Barring Scheme (DBS) we will not do so without informing you beforehand, unless the disclosure is required by law.

Personal information about unsuccessful candidates will be held for 12 months after the recruitment exercise has been completed, it will then be destroyed and deleted. We retain de-personalised statistical information about applicants to help inform our recruitment activities, but no individuals are identifiable from that data.

Once you join the Trust as an employee, we will compile a file relating to your employment. The information contained in this will be kept secure and will only be used for purposes directly relevant to your employment. If you subsequently leave, we will retain the file in accordance with the requirements of our retention schedule and then delete it.

Access to personal information

We try to be as open as possible in terms of giving people access to their personal information. You can find out what information we may hold about you by making a ‘subject access request’ under the UK General Data Protection Regulation (UK GDPR).

If we do hold information about you we will:

  • give you a description of it
  • tell you why we are holding it
  • tell you who it could be disclosed to
  • let you have a copy of the information in an intelligible form.

To make a request to the Trust to access personal information we may hold about you:

By post:
Legal Services – SARs Team
Residence 13
Medway NHS Foundation Trust
Medway Maritime Hospital
Windmill Road
Gillingham Kent ME7 5NY

By email: medwayft.sars@nhs.net

If you have a concern about how the Trust processes your personal information, we would recommend initially contacting our Data Protection Officer (DPO) via email at medwayft.dpo@nhs.net. The DPO assists the Trust to monitor internal compliance with data protection obligations, and acts as a contact point for individuals and for the ICO.

It may also be possible to resolve your concerns through a discussion with our Patient Advice and Liaison Service (PALS) before (or without the need to start) a more formal process:

Email: medwayft.pals@nhs.net
Call: 01634 825004
In person: please drop into the PALS office at reception or on Level 2, Blue Zone (9am to 5pm).

If you remain dissatisfied following the outcome of your concern, you may then wish to contact the Information Commissioner’s Office (ICO):

  • on their website
  • by phone on 0303 12 1113
  • by email to casework@ico.org.uk
  • by their live chat facility on their website, or
  • by post to: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AFPlease note that the Information Commissioner will not normally consider an appeal until you have exhausted your rights of complaint to the Trust directly.

Links to other websites

Our privacy notice does not cover websites of other organisations, including those with links from the Trust website. We encourage you to read the privacy statements on the other websites you visit.

Changes to this privacy notice

We keep our privacy notice under regular review. This privacy notice was last updated on 13 March 2024.

Please see our separate privacy notices that provide detail on how the Trust processes the personal data of patients, children, carers, and staff.

How to contact us

To contact the Trust’s Data Protection Officer (DPO) please email: medwayft.dpo@nhs.net

Or write via post:

Data Protection Officer
C/O The Information Governance Team
Residence 13
Medway NHS Foundation Trust
Windmill Road
Gillingham
Kent
ME7 5NY