Cookies

We use essential cookies to make our site work. We'd also like to set analytics cookies that help us make improvements by measuring how you use the site. These will be set only if you accept.

For more detailed information about the cookies we use, see our cookies page.

Essential Cookies

Essential cookies enable core functionality such as security, network management, and accessibility. For example, the selections you make here about which cookies to accept are stored in a cookie.

You may disable these by changing your browser settings, but this may affect how the website functions.

Analytics Cookies

We'd like to set Google Analytics cookies to help us improve our website by collecting and reporting information on how you use it. The cookies collect information in a way that does not directly identify you.

Third Party Cookies

Third party cookies are ones planted by other websites while using this site. This may occur (for example) where a Twitter or Facebook feed is embedded with a page. Selecting to turn these off will hide such content.

Data Protection/Freedom of Information

The Data Protection Act

The Data Protection Act 2018 controls how your personal information is used by organisations, businesses or the government.

The Data Protection Act 2018 is the UK’s implementation of the General Data Protection Regulation (GDPR).

Everyone responsible for using personal data has to follow strict rules called ‘data protection principles’. They must make sure the information is:

  • used fairly, lawfully and transparently
  • used for specified, explicit purposes
  • used in a way that is adequate, relevant and limited to only what is necessary
  • accurate and, where necessary, kept up to date
  • kept for no longer than is necessary
  • handled in a way that ensures appropriate security, including protection against unlawful or unauthorised processing, access, loss, destruction or damage

There is stronger legal protection for more sensitive information, such as:

  • race
  • ethnic background
  • political opinions
  • religious beliefs
  • trade union membership
  • genetics
  • biometrics (where used for identification)
  • health
  • sex life or orientation

There are separate safeguards for personal data relating to criminal convictions and offences.

Your rights

Under the Data Protection Act 2018, you have the right to find out what information the government and other organisations store about you. These include the right to:

  • be informed about how your data is being used
  • access personal data
  • have incorrect data updated
  • have data erased
  • stop or restrict the processing of your data
  • data portability (allowing you to get and reuse your data for different services)
  • object to how your data is processed in certain circumstances

You also have rights when an organisation is using your personal data for:

  • automated decision-making processes (without human involvement)
  • profiling, for example to predict your behaviour or interests
  •  

The Freedom of Information Act 2000

The Freedom of Information Act 2000 provides public access to information held by public authorities.

It does this in two ways:

  • public authorities are obliged to publish certain information about their activities; and
  • members of the public are entitled to request information from public authorities.

The Act covers any recorded information that is held by a public authority in England, Wales and Northern Ireland, and by UK-wide public authorities based in Scotland. Information held by Scottish public authorities is covered by Scotland’s own Freedom of Information (Scotland) Act 2002.

Public authorities include government departments, local authorities, the NHS, state schools and police forces. However, the Act does not necessarily cover every organisation that receives public money. For example, it does not cover some charities that receive grants and certain private sector organisations that perform public functions.

Recorded information includes printed documents, computer files, letters, emails, photographs, and sound or video recordings.

The Act does not give people access to their own personal data (information about themselves) such as their health records or credit reference file. If a member of the public wants to see information that a public authority holds about them, they should make a data protection subject access request.

Further information is available in the documents below.

Page last updated, 10th June 2024. 

 

 

HPC Privacy Statement May 2024 File Uploaded: 17 June 2024 42.2 KB ICO Registration Certificate 2023-2025 File Uploaded: 17 June 2024 185.7 KB FOI Model Policy 2023 File Uploaded: 12 June 2023 293 KB Freedom of Information and Data Protection Procedures (February 2017) File Uploaded: 28 March 2017 842.1 KB Data Protection Registration Certificate (Nov 2017) File Uploaded: 28 March 2017 96.5 KB Data Protection Registration Details File Uploaded: 28 March 2017 133.9 KB