Skip to main content

For a safer, faster, better experience online you should upgrade your browser. Find out more about browsers Close

Personal information charter

This charter sets out what you can expect from the Department of Health when we ask for or hold your personal information - and what we ask for from you.

The charter covers correspondence, involvement in public policy consultations or any other dealings that lead to us holding personal information about you.

What you can expect from us, and what we ask from you

We need to handle personal information about you so that we can provide better services.

High standards in handling personal information are very important to us, because they help us maintain the confidence of everyone who deals with us. So when we ask you for personal information, we promise:

  • to make sure you know why we need it
  • to ask only for what we need, and not to collect too much or irrelevant information
  • to protect it and make sure nobody has access to it who shouldn’t
  • to let you know if we share it with other organisations to give you better public services – and if you can say no
  • to make sure we don’t keep it longer than necessary
  • not to make your personal information available for commercial use without your permission

In dealing with your personal information, we will also:

  • value the personal information entrusted to us and make sure we respect that trust
  • abide by the law when it comes to handling personal information
  • consider the privacy risks when we are planning to use or hold personal information in new ways, such as when introducing new systems
  • provide training to staff who handle personal information and respond appropriately if personal information is not used or protected properly

In return, we ask you to:

  • give us accurate information
  • tell us as soon as possible if there are any changes, such as a new address

This helps us to keep your information reliable and up to date.

Agencies and arm’s length bodies

Most of our agencies and arm’s length bodies hold personal data for specific purposes that are set out in their own information charters. For example, NHS Blood and Transplant holds information on patients requiring transplants so that a match can be arranged efficiently once an organ becomes available.

Department of Health data protection policy

When we ask you for information we will keep to the law, including the Data Protection Act 1998. Through appropriate management and strict controls, we will follow the 8 principles of data protection described in the act.

We will also ensure that:

  • there is someone with specific responsibility for data protection in the organisation (the nominated person is called the Data Protection Manager)
  • everyone managing and handling personal information understands that they are contractually responsible for following good data protection practice, is appropriately trained to do so and is appropriately supervised
  • we deal with enquiries about how we handle personal information promptly and courteously
  • we describe how we handle personal information clearly, regularly review and audit how we manage personal information, and regularly assess and evaluate methods of handling personal information

How to make a subject access request to the Department of Health

The Data Protection Act allows you to find out what information we hold about you on computer and in some paper records. This is known as the ‘right of subject access’. We don’t charge a fee for this service.

To request access to personal data we hold about you, write to:

Data Protection Manager
Department of Health
Room 3D Skipton House
80 London Road
London SE1 6LH

Request for personal data held by the Department of Health - sample letter

This file may not be suitable for users of assistive technology. Request a different format.

To request this document in an alternative format such as braille, audio or a different file type please email quoting your address, telephone number along with the title of the publication ("Request for personal data held by the Department of Health - sample letter").

We are required to supply you with your personal data within 40 days of receiving a valid request. If we can’t meet this deadline, we will keep you informed of progress towards fulfilling your request.

Find out more about how we deal with personal information

Details of how we use personal data are set out in the Information Commissioner’s Register of Data Controllers.

Contact us for a hard copy of our personal information charter, or to find out more about:

  • agreements we have with other organisations for sharing information
  • circumstances where we can pass on your personal information without telling you, for example, to prevent and detect crime or to produce anonymised statistics
  • our instructions to staff on how to collect, use and delete your personal information
  • how we check the information we hold is accurate and up to date

Get in touch using our web contact form.

Or write to our Data Protection Manager at the address given above.

Independent advice on data protection and privacy

For independent advice about data protection, privacy and data-sharing issues, you can contact:

The Information Commissioner
Wycliffe House
Water Lane

Telephone: 08456 30 60 60 or 01625 545 745 Fax: 01625 524 510