Privacy Policy

St Joseph’s Hospital Ltd is committed to protecting and respecting your privacy. This Privacy Notice explains how we collect, use, and protect your personal data when you use our services, whether as a private patient, NHS patient, insured patient, or visitor.

We process personal data in accordance with the UK General Data Protection Regulation and the Data Protection Act 2018.

St Joseph’s Hospital Ltd is the data controller for the personal data we process.

Contact details:
Address: Harding Avenue, Malpas, Newport Gwent NP20 6ZE
Email: GDPR@stjosephshospital.co.uk
Telephone: 01633 820300

Data Protection Officer (DPO):

Data Privacy Simplified Ltd

Address: 31 Rooksmead Bedford, MK41 7QX
Email: Tania@dataprivacysimplified.co.uk

We may collect and process the following types of personal data:

• Personal details (e.g. name, address, date of birth, contact details)
• Health and medical information (including diagnosis, treatment, test results)
• NHS number (where applicable)
• Financial and billing information
• Insurance details
• Correspondence and communications
• Information received from GPs, NHS organisations, or other healthcare providers

This includes special category data, such as health information.

We process your personal data for the following purposes:

a) Provision of Healthcare

To assess, diagnose, treat, and manage your care, including coordination with clinicians, GPs, NHS organisations, and other providers.

b) Patient Safety and Clinical Governance

To monitor and improve the quality and safety of our services, including audits, incident reporting, investigations, and outcome monitoring.

c) Safeguarding

To protect patients and others from harm and share information with appropriate authorities where required.

d) Legal and Regulatory Compliance

To comply with legal obligations and regulatory requirements, including those of the Care Quality Commission and other authorities.

e) Administration and Service Management

To manage appointments, admissions, discharges, waiting lists, and operational services.

f) Financial Management and Billing

To process payments, manage private patient billing, and liaise with insurers and third-party payers.

g) Information Governance and Records Management

To ensure appropriate storage, security, retention, and disposal of records in line with the Records Management Code of Practice for Health and Social Care.

h) Training and Education

To support staff training and professional development (using anonymised or minimised data where possible).

i) Research and Service Improvement

To support clinical research, audits, and service development, subject to appropriate approvals.

j) Public Health and Reporting

To report notifiable conditions and support public health initiatives where required.

We process personal data under the lawful bases set out in Articles 6 and 9 of the UK GDPR. As a private hospital delivering services to private, insured, and NHS patients, the lawful basis may vary depending on the context of care.

We may share your information with:

• Healthcare professionals involved in your care
• NHS organisations and GP practices
• Private medical insurers and third-party payers
• Regulators and statutory bodies
• External service providers acting on our behalf

We ensure that information is shared securely and only where necessary.

We do not routinely transfer personal data outside the UK. Where this is necessary, appropriate safeguards will be in place.

We retain personal data in accordance with the Records Management Code of Practice for Health and Social Care. Retention periods vary depending on the type of record.

Under the UK GDPR, you have the right to:

• Access your personal data (Subject Access Request)
• Request correction of inaccurate data
• Request erasure (where applicable)
• Restrict or object to processing
• Data portability (where applicable)

To exercise your rights, please contact us using the details above.

If you have concerns about how your data is handled, please contact us in the first instance.

You also have the right to complain to the Information Commissioner's Office (ICO):
Website: www.ico.org.uk

We implement appropriate technical and organisational measures to protect personal data from unauthorised access, loss, or misuse.

We may update this Privacy Notice from time to time. The latest version will always be available on our website.