If we process personal data about you as a patient, employee, volunteer, or member of the public or in any other way, you have rights which you need to be aware of. 

These are called data subject rights and are detailed below. In some instances, exemptions may apply and will not be possible to exercise a specific right.

You can exercise any of your rights by:

  • Contacting the Trust’s data protection officer (DPO) with any concerns or questions you may have on how the Trust is processing your data at: Kevin.Towers@westlondon.nhs.uk
  • Completing the access to health records application
  • Sending an email to: sar@westlondon.nhs.uk
  • Writing to us at:
    Information governance team
    West London NHS Trust
    Trust Headquarters
    1 Armstrong Way
    UB2 4SD
  • Calling us on 020 8354 8354 (ask for the information governance team).

These rights come under the General Data Protection Regulations (GDPR) and the Data Protection Act 2018 (DPA18).

You have the right to be informed about the collection and use of your personal data.

We will inform you about:

  • Why we process your data
  • The legal basis for processing it
  • Who it'll be shared with and
  • How long we'll retain it for.

 This is outlined in our privacy statement.

If you ask for it, you have the right to know about and obtain a copy of any personal information we hold about you:

  • We'll send it to you along with any additional information that helps you understand how and why your information is processed
  • Your request can be verbal or in writing and we don't normally charge a fee to deal with it 
  • We respond to subject access requests within one month, but under certain circumstances the time limit may be extended 
  • We'll let you know if an extension is required. This will not normally be for longer than an additional two months.

Make a subject access request.

You can make a request to have inaccuracies in your data corrected or completed if they're incomplete. 

  • If we become aware of inaccurate or incomplete data, we'll take immediate steps to rectify them. If we need to verify whether the data are accurate, we'll restrict processing on the data while verifying their accuracy.
  • If we're satisfied that the information we hold is accurate, we'll inform you of our decision not to make amendments to the data.

This is also known as the ‘right to be forgotten’. 

You can ask us to erase the personal information we hold about you and we'll do so unless we have a lawful reason not to. For example, we won't comply with a request to erase your medical records as we have a legal obligation to retain them for a specific period.

You have the right to limit the way we use your personal data. 

You can ask us stop processing your data if you have concerns about the accuracy or the way they're being used.

Under certain circumstances, you have the right to object to the processing of your personal data. 

  • You'll need to tell us why you object and if we agree to your objection, we'll stop processing your data. 
  • We'll continue to process your data where we don't agree with your reasons or where we have legitimate reason to continue processing despite your objection. This right can only be exercised where we've stated the lawfulness of processing as necessary for a task carried out in the public interest or for legitimate interests.

You can ask us to transfer your personal data to another organisation or you can ask us to give it you.

This right only applies in the following circumstances:

  • You gave us the data
  • The data is held electronically
  • Processing is automated
  • The lawfulness of processing is based on: consent, necessary for the performance of, or entering into a contract.

You have the right to know if we make decisions solely by automated means or use your personal data for profiling.

Our privacy statement includes details of any profiling or automated decision making and you can object to your information being processed in this way.