Muted Vibrant

We are sorry but our website is not supported on your browser.

Please switch to a supported browser to continue using You can see a list of supported browsers below.

Skip to content

Formerly St Helens and Knowsley Teaching Hospitals NHS Trust

Privacy Notice for Patients and Public

This privacy notice explains in detail the type of personal data that we, Mersey and West Lancashire Teaching Hospitals NHS Trust (MWL), process about you. What we do with the information that we collect and hold about you and why we might need to share it with other organisations involved in the delivery of your care.

Informing you how we Use and Collect Your Data

Covid 19 Patient Privacy Notice - please click here

The Trust is a Data Controller. A Data Controller determines how the data will be processed and used within their organisation and with others they can share the data with. 

We are legally responsible for ensuring that all personal data that we hold, and use, is done so in a way that meets Data Protection legislation, particularly the data protection principles under the UK General Data Protection Regulation (UK GDPR) and Data Protection Act 2018. We need to make sure that where we process your personal data, we can do so legally. Article 6 of the UK GDPR lists 6 lawful bases for processing personal data, at least one must apply. This notice will explain the legal bases available, where we process personal data and in addition explains how we handle that data and keep it safe and secure.

The Trust is committed to looking after your personal data and it is the responsibility of all staff throughout the organisation to make sure of this. Our staff are required to sign up to and abide by the Trust’s Code of Confidentiality Policy.

The Trust employs specific roles to provide leadership and direction to ensure accountability and transparency to support compliance with Data Protection law.

These roles include:

Caldicott Guardian

The Trust is required to have a Caldicott Guardian. The Caldicott Guardian is a senior health professional, appointed to ensure that the data, about those who use its service, is handled in a confidential manner by the Trust and enables appropriate data / information sharing. The Caldicott principles are incorporated into the NHS Code of Practice.

Our Caldicott Guardian is Mr Alex Benson.

Senior Information Risk Owner (SIRO)

The SIRO is an Executive Director at the Trust with overall responsibility for managing organisational information risk, security of information and putting strategies in place to control the identified risks.

Our SIRO is Christine Walters.

Data Protection Officer (DPO)

Under the UK GDPR all large public authority organisations like ourselves are legally required to employ a Data Protection Officer. This person is an expert in data protection and can therefore inform and advise the Trust and  its staff about their obligations to comply with the UK GDPR and other Data Protection laws. Where there are data protection concerns the DPO will look into the matter on your behalf and will also act as the main contact for communication with the Information Commissioner’s Office.

Our Trust Data Protection Officer (DPO) is Camilla Bhondoo.

Our DPO can be contacted via the following means:

Address: Jubilee Court, Academy Site, Waterside, St Helens, WA9 1TT

We will continually review and update this privacy notice to reflect changes in our services and to comply with changes in the law. 

This page was last updated July 2022 and will be reviewed in July 2023.


Feedback Form