Privacy
The East of England Ambulance Service NHS Trust (also referred to on this site as EEAST or the Trust or we or our) are committed to preserving the privacy of all visitors to this website.
Please read the following privacy policy to understand how we use and protect the information that you provide to us.
By using this website you consent to the collection, use and transfer of the information that you provide to us in accordance with the terms of this policy.
We reserve the rights to change the contents of this website, including this privacy policy at any time, by posting such changes on the website. It is your responsibility to familiarise yourself with this policy regularly to ensure that you are aware of any changes. Your continued use of this website following the posting of any such changes will constitute your acceptance of the revised privacy policy.
We will process your data in accordance with the Data Protection Act (2018). The purpose of the privacy policy is to inform you as a user of the site about what information we collect when you visit the site, how we use the information, whether the information is disclosed, the ways in which we protect users' privacy and how you can remove your data from our systems should you wish to do so.
We want you to feel secure and informed when visiting the site. We are committed to respecting your privacy. Below we give an overview of how we do that.
Please find our patient and public privacy notice here.
Please find our employee privacy notice here.
Please find our COVID-19 privacy notice here.
Please find our ambulance data set privacy notice here.
Find out information about how we use cookies on our site here.
We may collect the following information:
- name and job title
- contact information including email address
- demographic information such as postcode, preferences and interests
- other information relevant to customer surveys and/or offers
If you register with the website, or if you fill in a form on the website, you may be asked to provide information about yourself (including your name and necessary contact details) to allow us to process your request. The individual form will explain what we will do with your data and how long we will keep this for.
We also collect information about your usage of this website as you and others browse and use our website (see section on cookies).
We collect information indirectly and directly. When you access www.eastamb.nhs.uk, we use technology to collect information indirectly, such as your Internet address, which is then kept in our Internet access logs. (see paragraph below about our webserver log files)
We collect information directly from you in a number of ways. One way is by using cookies. You can view our cookie statement and find about cookies that we use on our site. If you are uncomfortable about the use of cookies, you can disable cookies on your computer by changing the settings in the preferences or options menu in your Internet browser.
We also collect information when you give it to us. When we collect this type of information, we will notify you as to why we are asking for information and how this information will be used. It is completely up to you whether you provide it.
We analyse it to see what is most effective about our site, to help us identify ways to improve it, and to make it more effective. We may also use data for other purposes, which we would identify to you at the point we collect the information and request you to formally opt-in and agree to your data being used for that specific purpose.
This website contains links to other websites, both those of government departments and of other organisations. This privacy policy applies only to this website, so when you are moving to another site which collects personal information you should always read the privacy policy relating to that website.
We do not pass on any personal information you have given us to any other website operators.
The social media sites that we link to are third-party sites and the Trust does not have any control over the way that these sites use your information. If you choose to access these sites using the links provided, the operators of these sites may collect information from you that may be used by them in accordance with their privacy policy, which may differ from ours. You should read their respective privacy policies carefully to find out what happens to any information that is collected by these services when you use them.
As a government department, we do not share data with other organisations unless the law permits us to do so. We do not sell individual information. We will share it only with our authorised Data processors, who must act at all times on our instructions as the Data Controller under the Data Protection Act (2018). Before you submit any information, we will notify you as to why we are asking for specific information and it is up to you whether you provide it. For more information please view our privacy notice.
You are entitled to know whether we hold information about you and, if we do, to have access to that information and require it to be corrected if it is inaccurate. You can do this by contacting sars@eastamb.nhs.uk.
You are entitled to withdraw your consent regarding any personal data you have provided us at any time. This also applies to any photographs where you can be identified, even if you may have consented to its use previously. You have the right to be forgotten on our systems.
There are some limitations to this right, if you wish to discuss this or withdraw your consent to the Trust processing your personal data please contact sars@eastamb.nhs.uk.
We take appropriate steps to maintain the security of your data on our website. Unfortunately, the transmission of information via the Internet is not completely secure. Although we employ security measures to protect the information provided by you, we cannot guarantee the security of your data transmitted to our site and any transmission is at your own risk. Once we have received your information, we will use appropriate security procedures and features aimed at preventing any unauthorised access, unlawful processing, accidental loss, destruction or damage.
IP addresses are used by your computer every time you are connected to the Internet. Your IP address is a number that is used by computers on the network to identify your computer. IP addresses are automatically collected by our web servers so that data (such as the web pages you request) can be sent to you.
Webserver log files are used to record information about our site, such as system errors. The Trust also uses log files to monitor site traffic. Log files do not contain any personal information or information about which other sites you have visited.
We routinely collect information from the initial contact when we receive a call in the 999 Emergency Operations Centre (EOC) through to completing an electronic patient record (EPR) with information about the patient and care we provide, when we attend an incident. Some of this information goes on to form part of the Ambulance Data Set (ADS).
If a patient is transferred from ambulance services to the care of an Emergency Department, information within the Ambulance Data Set is subsequently linked with key information collected in Emergency Departments as part of the Emergency Care Data Set (ECDS).
The purpose of this is to fully understand the patients journey from the ambulance service to other urgent and emergency healthcare settings. This will enable clinicians, ambulance services and the NHS to learn from patient journeys and further improve the care they provide in the future.
Data collected by ambulance services and emergency departments is securely linked and transferred to us. Data collected as part of the Ambulance Data Set is shared with NHS Digital* - a section of NHS England specialised in data and IT systems - where it is linked with key relevant information in the Emergency Care Data Set and securely returned to us.
This linked information includes a unique number generated by us during the initial 999 call, as well as a unique vehicle reference which will help us re-identify the original care record for the incident and the patient.
Appropriate access to this information will enable us to help develop the skills of our clinicians to improve the care they provide and support us in delivering service improvements to improve patient experience.
The lawful basis for the ambulance service to process this information under General Data Protection Regulation (GDPR) is Article 6 (1)(e) - exercise of official authority and for processing special categories (health) data the basis is: Article 9(2)(h) - health or social care of the GDPR Regulations.
To lawfully process information in the manner described, NHS England on behalf of ambulance services have obtained a section 251 approval, as required by the NHS Act 2006 and Health Service (Control of Patient Information) Regulations 2002. This provides a legal basis for patient information to be processed for these purposes.
*NHS Digital officially merged with NHS England on 1st Feb 2023, therefore the organisation previously known as NHS Digital is legally known as NHS England and data held by NHS Digital is now held within NHS England.
If you wish to contact our Data Protection Officer, please email dpo@eastamb.nhs.uk.
What is the national data opt-out?
The national data opt-out policy was introduced on 25 May 2018, following recommendations from Dame Fiona Caldicott in the 'Review of data security, consent and opt-outs'. National data opt-out is a service which allows the public to opt out of their confidential information being used for purposes beyond their individual care and treatment. This review aimed to ensure the public can make choices on how their data is used for research and planning purposes.
What does it mean for me?
The information collected about you when you use these services can also be used and provided to other organisations for purposes beyond your individual care, for instance to help with:
- improving the quality and standards of care provided
- research into the development of new treatments
- preventing illness and diseases
- monitoring safety
- planning services
This may only take place when there is a clear legal basis to use this information. All these uses help to provide better health and care for you, your family and future generations. Confidential patient information about your health and care is only used like this where allowed by law.
Most of the time, anonymised data is used for research and planning so that you cannot be identified in which case your confidential patient information isnt needed.
You have a choice about whether you want your confidential patient information to be used in this way. If you are happy with this use of information you do not need to do anything. If you do choose to opt out your confidential patient information will still be used to support your individual care.
To find out more or to register your choice to opt out, please visit www.nhs.uk/your-nhs-data-matters. On this web page you will:
- See what is meant by confidential patient information
- Find examples of when confidential patient information is used for individual care and examples of when it is used for purposes beyond individual care
- Find out more about the benefits of sharing data
- Understand more about who uses the data
- Find out how your data is protected
- Be able to access the system to view, set or change your opt-out setting
- Find the contact telephone number if you want to know any more or to set/change your opt-out by phone
- See the situations where the opt-out will not apply
You can also find out more about how patient information is used at:
https://www.hra.nhs.uk/covid-19-research/guidance-using-patient-data/; and
https://understandingpatientdata.org.uk/what-you-need-know (which covers how and why patient information is used, the safeguards and how decisions are made).
You can change your mind about your choice at any time.
Data being used or shared for purposes beyond individual care does not include your data being shared with insurance companies or used for marketing purposes and data would only be used in this way with your specific agreement.
East of England Ambulance Service NHS Trust is part of My Care Record, an approach to improving care by joining up health and care information. Health and care professionals from other services will be able to view information from the records we hold about you when it is needed for your care. Please see www.mycarerecord.org.uk for more information.
Notice: Between the dates of 10 August and 18 August 2023, some of our Patient Care Records were not processed in accordance with our usual procedures. The records were securely destroyed before they were recorded on the Trust database and are not recoverable. This means that we can no longer access these records unfortunately. If you think you have been affected by this, please contact dpo@eastamb.nhs.uk who will be able to provide further advice and assistance.
Notice: On 4 October 2023, the Trust became formally aware that some of our staff personnel files relating to staff leavers (2017) were not processed in accordance with our usual procedures. The records were securely destroyed before the appropriate timeframe as set out in the Trust’s retention schedule. Unfortunately, this means that these records are no longer available. If you think you have been affected by this, please contact dpo@eastamb.nhs.uk who will be able to provide further advice and assistance.