Description of processing
The following is a broad description of the way this organisation/data controller processes personal information. To understand how your own personal information is processed you may need to refer to any personal communications you have received, check any privacy notices we have provided or contact us to ask about your personal circumstances.


Legal basis for processing information
The legal basis for the processing of data for these purposes is that HMAS has a public duty to care for its patients. The current data protection legislation (GDPR) states it is appropriate to do so for health and social care treatment of patients and the management of health and social care systems and services.  


Type/classes of information processed
We process information relating to the above reasons/purposes. This information may include:

  • personal details

  • family, lifestyle and social circumstances

  • employment details

  • education details


We also process sensitive classes of information that may include:

  • physical or mental health details

  • trade union membership

  • racial or ethnic origin

  • religious or other beliefs

  • sexual life

  • offences alleged offences

  • criminal proceedings, outcomes and sentences

  • visual images, personal appearance and behaviour


Who the information is processed about
We process personal information about:

  • patients

  • customers and clients

  • offenders and suspected offenders

  • suppliers and employees


Who the information may be shared with
We sometimes need to share the personal information we process with the individual themself and also with other organisations. Where this is necessary we are required to comply with all aspects of the Data Protection Act (DPA). What follows is a description of the types of organisations we may need to share some of the personal information we process with for one or more reasons. Where necessary or required we share information with:

  • healthcare professionals

  • social and welfare organisations

  • central government

  • service providers

  • financial organisations

  • business associates and professional advisers

  • complainants and enquirers

  • police forces and security organisations

  • current, past or prospective employers

  • education and examining bodies

  • family, associates and representatives of the person whose personal data we are processing