Our Privacy Notice

The Health Hub is committed to protecting and respecting your privacy. This notice explains when and why personal information is used, how it is used, the circumstances in which it may be shared, and how it is kept secure. The Health Hub is delivered as part of the Primary Care Network (PCN), which supports nine GP practices.

Working With Local NHS Organisations

We work with local NHS organisations, including Hospital Trusts, Sussex Partnership NHS Foundation Trust (SPFT), Sussex Community NHS Foundation Trust (SCFT), and approved community partners to provide specialist clinics in the community.

To do this safely, we use limited information from your GP record to:

· identify eligible patients;

· invite you to attend clinics; and

· allow clinicians to update your GP record following your appointment.

Only staff involved in your care can access this information. All data remains within secure NHS systems. Any information shared with non-NHS support services is only done with your agreement.

Taking part is optional. If you prefer not to be included, you can tell your GP practice or the Health Hub team.

For questions about how your information is used, please contact: Sxicb-bh.ecb-pcn-team@nhs.net

Our Commitment to Data Privacy

We are committed to protecting your privacy and process personal confidential data in accordance with UK General Data Protection Regulation (UK GDPR) and data protection legislation.

The Primary Care Network operates as a Community Interest Company (CIC) and acts as a data controller, and in some circumstances as a joint data controller with its member GP practices, in line with NHS arrangements. We are legally responsible for ensuring that any personal information we process is handled lawfully, fairly, and securely.

Everyone working for the PCN has a legal duty to keep information confidential. Staff receive appropriate training and have contractual obligations relating to confidentiality and data protection.

National Data Opt-Out

The National Data Opt-Out allows you to choose whether your confidential patient information is used for research and planning purposes beyond your individual care.

This does not affect the care you receive.

Where personal confidential information is used for purposes beyond direct care, national data opt-out preferences are applied through NHS systems in line with national policy.

You can find out more or set your preference at: https://www.nhs.uk/your-nhs-data-matters/

Information We Hold About You

We only collect and use the information necessary to provide the services we offer.

Information you give us

We may use information you provide to:

· provide services and respond to enquiries;

· send publications or updates you have requested;

· administer user accounts where applicable;

· conduct surveys for service evaluation and statistical purposes;

· maintain accurate and up-to-date records;

· respect communication preferences.

How Your Information Is Used

Personal information is used only for the purposes for which it was collected and in line with applicable lawful bases under UK GDPR.

Your information will not be used for marketing, profiling, or research outside direct care unless a lawful basis applies.

Your Rights

You have legal rights under data protection legislation, including:

· the right to be informed;

· the right of access;

· the right to rectification;

· the right to restriction of processing;

· the right to object;

· the right to erasure in certain circumstances.

You also have the right to be informed of a personal data breach where it may result in a high risk to your rights and freedoms.

We do not use automated decision-making or profiling.

How to Make a Request

Requests should be made in writing or by email. We may need to verify your identity before responding.

We will respond within one calendar month.

Third Parties

We may use third-party data processors, such as IT or communication service providers, to support the delivery of our services. All processors are subject to contractual and legal obligations to protect personal data.

We do not sell personal information to third parties.

Processing Outside the UK

Where personal data is processed outside the UK, appropriate safeguards are in place to ensure compliance with data protection legislation.

Data Retention

Personal information is retained only for as long as necessary to meet legal, regulatory, and operational requirements, in line with NHS retention guidance. Data is securely deleted when no longer required. https://transform.england.nhs.uk/information-governance/guidance/records-management-code/

Data Backups

Data is backed up securely and protected against unauthorised access.

Updates to This Notice

This privacy notice may be updated from time to time. Please review it periodically to stay informed of any changes.

Last updated: 24.04.2026