Who we are
NHSBT is a special health authority that provides blood and transplantation services to the NHS, looking after blood donation services in England and transplant services across the UK. This includes managing the donation, storage and transplantation of blood, organs, tissues, bone marrow and stems cells, and researching new treatments and processes.
The personal data we collect to support our services
The information NHSBT needs to collect is largely dependent on which service you are using. As a minimum, all services require NHSBT to collect your:
- date of birth
- next of kin details (not required for blood donation)
- relevant clinical and lifestyle history.
This information will be used to support your direct care, and may be shared with other NHS organisations and professionals involved in your care.
Your data may be used by NHSBT staff outside your clinical team, to audit and improve services or investigate complaints and incidents. Anonymised and pseudonymised data (which does not identify you) is used to conduct research. Your identifiable data will not be used for research without your consent.
The General Data Protection Regulation (GDPR) and the legal basis for processing your data
The GDPR replaced the Data Protection Act 1998 on 25th May 2018. The principles of the 1998 Act remain but GDPR requires all organisations processing data to have a legal basis for doing so.
The majority of NHSBT’s data processing is necessary under Article 6(e) and 9(h) of GDPR, which allows NHSBT (a public authority) to process personal data for the performance of our task or in the public interest and for the provision of health care.
Registration to the Organ Donor Register is based on your explicit consent. This means you can remove your consent at any time should you change your mind.
NHSBT also has obligations under the Blood Safety & Quality Regulations 2005, Tissue and Cells Quality and Safety Regulations 2007 and Organ Quality and Safety Regulations 2012, to ensure that all blood donations and organ transplants are fully traceable from donor to recipient. This is an essential requirement to deliver safe clinical care.
Why it is important for us to collect your information
NHSBT needs to obtain accurate and complete information from all those who use our services; this is used to support the delivery of safe healthcare and ensure our services are equitable (fair).
We also use data to continuously improve the quality of our service and advance scientific and clinical understanding and study through audit, inspections and research.
Communications and marketing
If you are a blood donor we will ask you to provide us with additional contact information such as your email address and mobile phone number so that we can provide you with timely communications relating to when donation appointments are available, preparing for your donation and letting you know where your donation was issued.
For all services we’d like to keep in touch with you to inform you of the valuable work and services NHSBT does and inform you of other ways to support NHSBT. You are in full control of the messages you receive.
If you want us to change the way we contact you, please let us know by contacting our helpline on 0300 123 23 23, or email email@example.com.
How the NHS and care services use your information
NHSBT is one of many organisations working in the health and care system to improve care for patients and the public.
Whenever you use a health or care service, such as attending Accident & Emergency or using Community Care services, important information about you is collected to help ensure you get the best possible care and treatment.
The information collected about you when you use these services can also be provided to other approved organisations, where there is a legal basis, to help with planning services, improving care provided, research into developing new treatments and preventing illness. All of these help to provide better health and care for you, your family and future generations. Confidential personal information about your health and care is only used in this way where allowed by law and would never be used for insurance or marketing purposes without your explicit consent.
You have a choice about whether you want your confidential patient information to be used in this way.
To find out more about the wider use of confidential personal information and to register your choice to opt out if you do not want your data to be used in this way, visit www.nhs.uk/my-data-choice. If you do choose to opt out you can still consent to your data being used for specific purposes.
If you are happy with this use of information you do not need to do anything. You can change your choice at any time.
Who we share data with
Depending on what service you use, your personal data may be shared with other NHS organisations.
When you donate blood, your donation is given a unique reference number and all personal data such as your name and address are removed before being sent to the hospital.
For our organ transplant services, it is essential that NHSBT shares and receives data from the Transplant Centre to support your care. This information is shared securely between NHS professionals.
You can find out information on the UK and international transplant registries and how these are used on the Organ Donation and Transplantation website: www.odt.nhs.uk.
NHSBT will only share your data outside the organisation if there is a legal reason to do so, in which case you will usually be informed of this disclosure.
NHSBT works with third parties to provide services to support our work, such as telecommunications, ICT support and communications. All companies that have access to NHSBT data go through a series of strict data protection and privacy checks and are held to the same high standard of data protection and regulation as NHSBT under the General Data Protection Regulation.
You can request to know which organisations your data has been shared with by making a subject access request via Customer Services by emailing firstname.lastname@example.org.
How long we keep your data
NHSBT will hold your data for the time period stated in the Blood Safety & Quality Regulations 2005, Tissue and Cells Quality and Safety Regulations 2007, the Organ Quality and Safety Regulations 2012 and the Records Management Code of Practice for Health and Social Care. These set out minimum retention periods. For example, for blood donation we must retain records for a period of not less than 30 years for the identification of each single blood donation and each single blood unit and its components (including blood and blood components which are imported into the European Community) and to ensure full traceability to the point of delivery to a hospital.
All organ transplant records are also retained for a minimum period of 30 years. NHSBT can retain records for longer than the minimum period so long as there is a justifiable reason. Your information will always be stored securely with access restricted to only those staff with appropriate and justifiable reason to access them. You can request a copy of your data free of charge by emailing Customer Services at email@example.com.
Your right to access and control how your data is used
You have a right:
- to be informed about how your data is used. It is the intention of this page to give you an overview of how NHSBT uses your data. However, everyone’s journey through NHSBT services is different and you can obtain more information or ask specific questions about your data by contacting customer services at firstname.lastname@example.org or the Data Protection Officer at email@example.com
- to request a copy of the information we hold about you
- to update or amend the information we hold about you if it is wrong
- to change your communication or marketing preferences at any time
- to erasure (also called the right to be forgotten). Applications to apply this right will be considered by NHSBT on a case by case basis due to our obligations under the Human Tissues Act and Blood Safety and Quality Regulations 2005
- to restrict how your data is processed
- to raise a concern or complaint about the way in which your information is being used.
The Data Protection Officer
Under GDPR, all NHS organisations are legally required to appoint a Data Protection Officer (DPO). The DPO for NHSBT is Aaron Powell, the Chief Digital Officer, who is responsible for ensuring that all practices and processes within NHSBT are designed to support people’s privacy and data rights and making sure data protection is represented at a board level.
You can contact the Data Protection Officer if you have any questions or concerns about your privacy rights within NHSBT via: firstname.lastname@example.org
The Information Commissioners Office (ICO)
The ICO are the UK’s independent authority set up to uphold information rights in the public interest and promote openness in public bodies and data privacy for individuals. The ICO provide free and independent advice to citizens on their privacy rights.
You can contact the ICO for advice or log a complaint via:
- Website: www.ico.org.uk
- Helpline :0303 123 1113 (local rate – calls to this number cost the same as calls to 01 or 02 numbers). If you're calling from outside the UK, you may not be able to use the 03 number, so please call +44 1625 545 700.
- Welsh speaking service: 029 2067 8400. Rydym yn croesawu galwadau yn Gymraeg ar 029 2067 8400.
- Normal opening hours are Monday to Friday between 9am and 5pm.
Information Commissioner's Office
The website and cookies
Cookies may also be used to help speed up your future activities on our websites. For example, a site can recognise that you have provided personal information to us and refrain from requesting the same information a second time.
For further information on 'cookies' please consult the ‘elp’ section of your browser. Learn more at our cookie information page.