Registration Number: ZA075462
Date Registered: 12 September 2014 Registration Expires: 11 September 2018
Data Controller: Meditrends Ltd
27 Broad Street
This register entry describes, in very general terms, the personal data being processed by:
Nature of work - Consultant
Description of processing
The following is a broad description of the way this organisation/data controller processes personal information. To understand how your own personal information is processed you may need to refer to any personal communications you have received, check any privacy notices the organisation has provided or contact the organisation to ask about your personal circumstances.
Reasons/purposes for processing information
We process personal information to enable us to provide consultancy, analytical and advisory services, to promote our services, to maintain our own accounts and records and to support and manage our employees.
Type/classes of information processed
We process information relating to the above reasons/purposes. This information may include:
Pseudonymised NHS patient data from Health and Social Care Information Centre (HSCIC) including, but not limited to data from the Hospital Episode Statistics (HES) database. Pseudonymised data excludes personal identifiers such as names, dates of birth or addresses.
Personal contact details of clients.
We also process sensitive classes of information that are included in pseudonymised form in HSCIC data which that may include:
physical or mental health details
racial or ethnic origin
Who the information is processed about
We process personal pseudonymised information on all NHS patients using hospital services in England.
Who the information may be shared with
Information that may lead to identification of an individual is not shared outside of the organisation. Aggregated data may be shared with our clients and included in software applications. We follow the HES Analysis Guidance (2014) published by HSCIC to prevent identification of any individual.Transfers
It may sometimes be necessary to transfer personal information overseas. When this is needed information is only shared within the European Economic Area (EEA). Any transfers made will be in full compliance with all aspects of the data protection act.