Data Controller

NHS West Yorkshire Integrated Care Board

Purpose

As we are a public authority, we have a duty to respond to requests made under the Freedom of Information Act 2000 (FOIA), Environmental Information Regulations 2004 (EIR), and the Re-Use of Public Sector Information Regulations 2015 (RPSI).

Lawful basis

The ICB’s lawful basis for processing personal data under the UK GDPR is Article 6(1) c - Legal Obligation.

Relevant legislation: FOIA, EIR and RPSI.

Type of information used

Personal: name and either email or postal address only.

Any other information provided is additional to our requirements and may include job title or occupation, telephone numbers and reason for interest. Telephone numbers may occasionally be used when we need to contact the applicant. In cases of re-use requests, we need the organisations’ names and re-use purposes.

Who we will share the information with (recipients)

We will not share your information outside of the ICB.

Do we use any processors

The Health Informatics Service (THIS), our IT supplier who store all our information securely on their servers.

Microsoft Azure, supported by IT staff, host our data.

How we collect (the source) and use the information

We will only collect identifiable information such as name and contact details which are provided by the individual making requests under the Freedom of Information Act 2000 (FOIA), Environmental Information Regulations 2004 (EIR) and the Re-Use of Public Sector Information Regulations 2015 (RPSI).

We will only use this information to respond to requests and in correspondence with you following appeals.

The personal information we process is freely provided by you, should you wish to exercise your right to use the above legislation in order to access information held by or on behalf of the ICB.

Where the individual is making a request under the Re-Use of Public Sector Regulations 2015, by law we also require the name of the organisation and the re-use purpose.

Subject to duty to disclose in the public interest, information could identify individuals or include sensitive information for example executive pay.

How long we will keep the information

FOI requests and associated responses will be kept for 3 years following the closure of the request except in cases where there has been a subsequent appeal. For those cases, information will be kept for 6 years following the closure of the appeal.

Your Rights

With regards to Freedom of Information Requests under the UK GDPR you have the following rights: