SMART Work and Life

 Privacy Notice


At the Leicester Diabetes Centre our patients and consumers are very important to us and we are constantly striving to improve the service they receive, through looking at the ways we work and ensuring our staff are highly trained.

As a Trust (University Hospitals of Leicester NHS Trust (UHL)) we encourage implementation which allows us to offer the latest technologies, techniques and medicines – and attract and retain our enviable team of more than 15,000 highly skilled staff.

We are one of the biggest and busiest NHS Trusts in the country, serving the one million residents in our local areas and increasingly specialist services over a much wider area including the offer of our Smart Work and Life resource kit and training to help people sit less and move more.

Our purpose at UHL is to provide ‘Caring at Its Best’ by living a set of values created by our staff that embody who we are and what we are here to do. They are:

  • We focus on what matters most
  • We treat others how we would like to be treated
  • We are passionate and creative in our work
  • We do what we say we are going to do
  • We are one team and we are best when we work together

Our service users are at the heart of all we do and we believe that ‘Caring at its Best’ is not just about the treatments and services we provide, but about giving everyone who interacts with UHL the best possible experience. That is why we are proud to be part of the NHS and we are proud to be Leicester’s Hospitals.

This privacy notice lets you know what happens to any personal data that you give to us, or any that we may collect from or about you.

This privacy notice applies to personal information processed by or on behalf of the Trust. This Notice explains:

  • Who we are, how we use your information and who our Data Protection Officer (DPO) is
  • What kinds of personal information about you we process
  • What the legal grounds for our processing of your personal information are (including when we share it with others)
  • What you should do if your personal information changes
  • How long we retain your personal information
  • What your rights under data protection law are

The EU General Data Protection Regulation (EU GDPR) became law on 24 May 2016 and later replaced by UK GDPR on 14th October 2020 as a result of UK exit from the EU. This is a single UK- wide regulation on the protection of confidential and sensitive information. It entered into force in the UK on the25 May 2018, repealing the Data Protection Act (1998).

For the purpose of applicable data protection legislation (including but not limited to the General Data Protection Regulation (Regulation (UK) 2020/679) (the “GDPR”), and the Data Protection Act 2018 (currently in Bill format before Parliament) :

University Hospitals of Leicester NHS Trust is a registered “Data Controller”, Information Commissioner Office (ICO) registration number Z7882087. We collect and process personal information about you. This notice explains how we use and share your information. Information may be collected in the following formats – paper, online, telephone, email, CCTV or by a member of our staff, or one of our partners.

We will continually review and update this privacy notice to reflect changes in our services and feedback from service users, as well as to comply with changes in the law. When such changes occur, we will revise the “last updated” date as documented in the version control section.


Why we collect information about you

We need information about you so that we can contact you regarding the Leicester Diabetes Centre (LDC) and its associated health promotion interventions including but not limited to the Smart Work and Life programme.

We will contact you via email with our latest newsletters and information about any new innovations that the LDC makes available for free or to purchase. Subsequent telephone calls may be carried out but only on explicit request from yourself.

For processing to be lawful under the UK General Data Protection Regulation (UK GDPR) we need to identify a legal basis before we can process personal data. These are often referred to as the ‘Lawful basis for processing’.

The identified legal basis for University Hospitals of Leicester NHS Trust to process healthcare data is:

‘6(1)(a) – the data subject has given consent to the processing of his or her personal data for one or more specific purposes.’


What information we collect about you

For the purposes of registering you onto the LDC marketing mailing list. This comprises:

  • Your first name and surname
  • Your email address
  • Your contact telephone number
  • Your Employer/Organisation

The information we collect at this point will be outlined to you then and you will be informed of this before you decide to take part.


What are the different types of data?

According to the UK General Data Protection Regulation, personal data means any information relating to an identified or identifiable natural person. An identifiable person may be someone who can be identified directly or indirectly.

Sensitive Personal Data relates to information concerning a data subject’s racial or ethnic origin, political opinions, religious beliefs, trade union activities, physical or mental health, sexual life or details of criminal offences.

Pseudonymised data takes the most identifying fields within a database and replaces them with artificial identifiers or pseudonyms. For example, a name is replaced with a unique number. Pseudonymised data is not the same as anonymised data. When data has been pseudonymised it still retains a level of details in the replaced data that should allow tracking back of the data to its original state.

Anonymisation is the process of turning data into a form which does not identify individuals and where identification is not likely to take place. This allows for a much wider use of the information as it changes it from personal data to statistical data. Where possible, University Hospitals of Leicester NHS Trust uses and shares anonymised data instead of identifiable data to protect the confidentiality of the subjects involved while still being able to plan services.

For the purposes of registering your interest in receiving LDC marketing we will only collect the data outlined above.

This information is taken so that we can offer you the best care available and tailor it to your needs. It is kept securely and only those with a need to see it are allowed access.

We will not share identifiable information regarding your health with other agencies and organisations, including other healthcare providers. This work is completed in accordance with Data Protection law, and will have had any information that identifies you removed.


How long will we store your information?

For the purposes of registering you onto the LDC marketing mailing list we will store the data provided indefinitely. If you withdraw your consent, your data will be permanently deleted. No paper copies will be created, retained or stored.

Why we collect information about ethnicity?
We do not collect information about your ethnicity for the purposes of registering your interest in receiving LDC marketing.

If you choose to access LDC innovations/programmes as a result of the marketing, we may collect information about your ethnicity at this point. You will be informed about this at that point.


How we use your information

We will use the information you provide in a manner that conforms to the UK General Data Protection Regulation and which is supported by the Data Protection Act 2018 and The Privacy and Electronic Communications Regulations 2003 (PECR). We will endeavour to keep your information accurate and up to date and not keep it for longer than is necessary.

The data you have provided for registering your interest LDC marketing will not be used for any other purpose than to:

1)    Contact you from time-to-time to provide you with information about the latest LDC innovations/programme and how you can access these – this may or may not include the provision of an introductory free offer, and will include the LDC newsletter

2)  To add you to LDC marketing mailing database


Is any information transferred outside the European Economic Area?

Information given to us for the purposes of registering your interest will not be transferred outside the European Economic Area.


How we protect your information

We understand the personal and sensitive nature of your information. In addition to the UK General

Data Protection Regulation (UK GDPR), Data Protection Act 2018 (DPA18) and The Privacy and Electronic Communications Regulations 2003 (PECR) everyone working for the NHS is subject to the Common Law Duty of Confidence. Staff are required to protect your information under the NHS Confidentiality Code of Conduct and must inform you how your information will be used and allow you to decide if and how your information can be shared.

We may use external companies to process personal information such as for archiving or destruction of data. These organisations will be bound by contractual agreement to ensure information is kept confidential and secure in compliance with the UK GDPR/DPA18.


Who else might see your information?

The data you have provided for registering your interest in receiving LDC marketing will not be used for any other purpose than described above and therefore no one else will see your information.

We will not disclose your information to a third party unless there are exceptional circumstances, such as when the health and safety of others is at risk or if the law requires us to pass on such information.


Information sharing in the NHS

Information sharing can help to improve the quality of care and treatment, but it must be governed by the legal and ethical framework that protects the interests of service users.

The Trust co-ordinates the sharing of information through the use of official Information Sharing Agreements to ensure that data is handled in accordance with the framework. This framework ensures that the responsibilities of the owner of the data (Controller) and the party processing the data (Processor) are set out, what will happen in the event of a confidentiality breach and who takes responsibility for this.


Patient control of information

You may want to prevent confidential information about you from being shared or used for any purpose other than providing your care. You have a right to opt-out of the NHS or other organisations using your information. If you wish to do this please contact the Trust via the contact details highlighted below:

Data Protection Officer- Saiful Choudhury


We do however need to remind you that we may not be able to continue to provide you with future LDC marketing, unless we have enough information about you, or your permission to use that information.


Your rights

We have a duty to ensure your information is accurate and up to date to make certain we have the correct contact and treatment details about you. If your information is not accurate and up-to-date, you can ask us to correct the record. If we agree that the information is inaccurate or incomplete, it will be corrected. If we do not agree that the information is inaccurate, we will ensure that a note is made in the record of the point you have drawn to the organisation’s attention.

Accessing your information held by University Hospitals of Leicester NHS Trust
You have the right to see or be given a copy of personal data held about you. To gain access to your information you will need to make a Subject Access Request (SAR) to the Trust. Requests should be addressed to the Trust and we will aim to respond to your request within one month from receipt of your request. For more information please click here: records/


Freedom of Information Requests (FOI)

The Freedom of Information Act (2000) gives every Individual the right to request information held by the Trust that is deemed to be in the public interest. Your request for information must be made in writing and you are entitled to a response within 20 working days. For more details on submitting a Freedom of Information request please click:



Although we work hard to offer high standards of service and care, things can sometimes go wrong. Should this happen, we will do all that we can to put things right for you and to make sure that the same thing does not happen again. If you would like to know more information on complaints or wish to make a complaint, please click here: service/

Should you have any concerns about how your information is to be used having read this Privacy Notice, you wish to request the notice in another accessible format or if you do not wish your information to be shared by University Hospitals of Leicester NHS Trust then please contact the Trust here: liaisonservice/ or email:

The NHS is introducing a tool so that people can opt out of their confidential patient information being used for reasons other than their individual care and treatment. This service is available through NHS Digital – National Data Opt-Out programme. Further details can be found at the following link – 

There may be circumstances where we are legally obliged to share your personal data with other third parties, for reasons such as safeguarding purposes or a court order. In such cases you will not be able to opt out of data sharing. 

If you are not happy with our responses and have exhausted all the avenues in the University

Hospitals of Leicester NHS Foundation Trust’s process and wish to take your complaint to an independent body, you can do this by contacting the Information Commissioner’s Office.


Contact information and further advice

If you would like to know more about how we use your information, require information in any accessible format or language or if (for any reason) you do not wish to have your information used in any of the ways described, please contact:

Data Protection Officer- Saiful Choudhury


For independent advice about data protection, privacy and data-sharing issues you can contact the Information Commissioner:

The Information Commissioner
Wycliffe House
Water Lane

Telephone number 0845 306 060 or 01625 545 745