Privacy Statement

Guy’s and St Thomas’ Trust (GSTT)

Guy’s and St Thomas’ aims to ensure the highest standard of healthcare for our patients. To do this we keep records about you, your health and the care we have provided or plan to provide to you.

We are committed to ensuring that your privacy is protected. If we ask you to provide information by which you can be identified, you can be assured that it will only be used in accordance with this privacy statement.

The information we collect

You will be asked to provide necessary registration details when you require secondary (hospital) healthcare. We will also hold a record of your referral and clinical appointments which will be updated by your healthcare professionals. We will make your Medical Centre aware of your secondary care treatment so that your GP is kept informed.

By providing this personal information, you consent to it being used to facilitate your safe and effective healthcare.

We will also ask you for further information to improve your secondary healthcare experience. This is optional. If you choose to provide it, you consent to it being used as described on the registration form.

We have a legitimate interest in holding the information you provide and list this as our lawful basis for doing so.

How we use your information

Your records are used to:
  • Provide a basis for all health decisions made by care professionals with and for you; e.g. your record includes a medical history, your medication and any allergies, and helps staff review the care they provide to ensure it is of the highest standards;
  • Make sure your care is safe and effective; e.g. we may use your anonymized information in clinical audits or for staff training purposes;
  • Work effectively with others providing you with care; i.e. we may need to share information with other individuals or providers involved in your healthcare;

Sharing information with your consent

By providing your personal information, you consent to it being stored and shared, as described in this document, with healthcare professionals involved in your care and in accordance with the Data Protection Act 2018 and the Common Law Duty of Confidentiality.

Data Protection Act (DPA) 2018 and the Common Law Duty of Confidentiality. Full details of the DPA 2018 are available at

Providing optimal care may necessitate sharing this information with your other healthcare providers, such as those below:

  • NHS hospitals;
  • Host Nation hospitals
  • MOD Contracted Primary and Community Care providers;
  • Host Nation GP Practices;
  • Dentists, opticians and pharmacies;
  • Host Nation Community Providers (private hospitals, care homes, hospices)
  • Voluntary Sector Providers who are directly involved in your care;
  • HQ British Forces Germany Health Service;
  • Translation service

We may receive requests from non-healthcare parties asking for medical reports (i.e. solicitors, life assurance companies or social services). In most cases, the request will be accompanied by your signed consent for us to disclose information. If we do not receive a consent form, we will not disclose information about you. We will not normally release details about other people that are contained in your records (i.e. family members) unless we also have their consent.

You may wish to involve other parties in decisions about your care and we will ask your specific consent for us to do so. Without such consent no information will be disclosed.

Sharing your information without your consent

There are times when we may lawfully share your information without your consent, for example:

  1. In order to fulfill our contract to provide you with optimum healthcare; e.g. accounting practises associated with your healthcare, or having your healthcare records translated.
  2. For legitimate purposes, e.g. helping staff to review the care they provide and undertaking audits,
  3. Carrying out duties in the public interest; e.g. investigating complaints or concerns relating to healthcare providers,
  4. Acting in your vital interests; e.g. protecting vulnerable children and adults,
  • When we are legally obliged to report certain information; e.g. to prevent fraud or serious crime.
  • How we keep your information confidential and secure

    We will only use the minimum amount of information needed about you to provide optimum care and all information will be held confidentially on a secure and accredited electronic medical records system. We use strict controls to ensure that only a limited number of authorized staff are able to see information that identifies you - and only the information that is necessary for them to fulfil their role effectively.

    All our staff sign a confidentiality agreement that explicitly clarifies their duties in relation to personal health information and the consequences of breaching that duty.

    We will only keep information for as long as is necessary and in accordance with the retention periods set out in the Records Management Code of Practice for Health and Social Care 2016.

    Anyone who receives information from us is also under a legal duty to keep it confidential and secure

    We are committed to protecting your privacy and will only use information collected lawfully in accordance with the Data Protection Act 1998, GDPR May 18, Article 8 of the Human Rights Act, the Common Law Duty of Confidentiality, and the NHS Codes of Confidentiality and Security.

    All persons in GSTT healthcare sign a confidentiality agreement that explicitly makes clear their duties in relation to personal health information and the consequences of breaching that duty.

    We will only keep information for as long as is necessary and in accordance with the retention periods set out in the Records Management Code of Practice for Health and Social Care 2016.

    When the retention period has expired and the information is no longer necessary for the stated purpose, the information will be destroyed. Personal confidential data held on paper are securely destroyed by Kobusch Aktenvernichtung (

    Please be aware that your information will be accessed, when necessary, by non-clinical practice staff in order to share information as outlined above.

    Overseas Transfers

    Your information will not be sent outside of the EU unless we are sure that your privacy will be protected in the same way as it would be in the EU. We will never sell any information about you.

    Right of Access to your Health Information

    The Data Protection Act 2018 allows you to find out what information about you is held on computer and in manual records. This is known as “right of subject access” and applies to personal information held about you. If you want to see the information about you which is held.

    • you will need to make a written request to GSTT Data Protection Officer’s representative in Germany (see Privacy Information Contact details below);
    • we are required to respond to you within 30 days;
    • you will need to give adequate information (for example full name, address, date of birth, NHS number etc.);
    • you will be required to provide ID before any information is released to you.

    Right to change the data we use

    In certain circumstances, you may have the right to request that we erase, update or cease the processing of any or all of your information. If you wish to make a request of this nature, please contact the Data Protection Officer’s representative in Germany (see address below for Privacy Information Contact).

    Changes to this privacy notice

    Our privacy notice is kept under regular review and, where necessary, updated. A separate privacy notice is available for staff.


    If you wish to request further specific information or clarification in respect of this privacy statement, or have any concerns, or you do not wish us to share your information, we will be very pleased to help you. Please contact the Privacy Information Contact in the first instance. If your request cannot be satisfactorily concluded in this way, the Data Protection Officer can be contacted on the address below.

    Data Controller

    The Data Controller for GSTT (Germany) is Guy’s & St Thomas’ NHS Foundation Trust, London.

    Privacy Information Contact in British Forces Germany

    Director of Medicine & Clinical Governance
    Guy’s & St Thomas’ Trust
    Haus Burgblick
    BFPO 39

    Data Protection Officer

    Ms Yinka Williams Director of Information Governance and Management Data,
    Technology and Information Directorate
    First Floor, South Wing (near Chapel),
    St Thomas' Hospital
    Westminster Bridge Road,
    London SE1 7EH

    Right to lodge a complaint with a supervisory body

    You have a right to make a complaint if you feel that the processing of your personal data infringes the Data Protection Act 2018.

    We are part of Guy’s & St Thomas’ NHS Foundation Trust in London, where the local supervisory authority is the Information Commissioner’s Office (ICO). For further information on your rights and how to complain to the ICO, please refer to the ICO Website.

    You can also lodge a complaint with another supervisory authority based in the country or territory where you are living, where you work or where the alleged infringement took place.

    konyaalti escort