Membership and Stakeholder Engagement

What data do we collect?

We collect the following information:

  • Internal survey responders: age, gender, term of employment, department, name, email address, opinions of employment
  • External survey responders: Name, job tile, organisation name, email address, telephone number, opinions about, and quality of previous interaction with, NHS Resolution, type of organisation
  • Training and event delegates: name, email address, payment details, special needs including dietary requirements, organisation name, job title, area of interest, type of organisation
  • Staff from NHS and other organisations: contact details (telephone number, email, address), job title, place of employment, type of organisation, organisation name, area of interest
  • General enquiries: name, job tile, organisation name, email address, telephone number, opinions, previous interaction with NHS Resolution, claimant medical details
  • Media enquiries: information provided as part of a press enquiry, name, information about individual claims in the public domain, legal judgements
  • Suppliers: contact name, job title, contact details, organisation details, contract details, bank details, invoices, purchase order numbers, previous commercial interaction
  • Third party – Wilmington Healthcare: Quarterly updated contact list with name, job title, organisation, email address and telephone number

How we use personal data

We use this information for the following purposes:

  • Internal survey responders: this data is shared internally with our Human Resource and Organisational Development team for organisational purposes such as workforce planning
  • Internally within the MSE team to understand the opinions of employees and to formulate our internal communications
  • External survey responders: understand perceptions of us and what we are like to do business with
  • Training and event delegates: manage logistical delivery of training courses and events. In certain circumstances it is also to receive payment from delegates.
  • Staff from NHS and other organisations: provide service updates and canvass opinions
  • General enquiries: respond to the enquiry. The enquiry will be passed to the relevant team within NHS Resolution to deal with
  • Media enquiries: to respond to enquiries from media which sometimes contain information about individuals and their cases. We act on this information in line with data protection and any other relevant legal restrictions and considerations
  • Suppliers: to make sure that suppliers are set up on our systems such as finance for payment and procurement for the management of contracts.
  • Third party – Wilmington Healthcare: We receive quarterly contact updates from Wilmington Healthcare the data is used to share information about the activities of NHS Resolution, such as learning from claims and initiatives with our broad NHS audiences.

How we collect your data

Where we do not collect the data directly from you (the data subject) the data will have been obtained from:

  • Internal teams that send us their contact list for use in the customer survey and publicising our events and services
  • Third party organisations such as Wilmington Healthcare for up to date contact lists

How long we keep your personal data

In order to determine how long we keep your personal data, we follow the NHS Records Management Code of Practice. You can find information about our retention schedules in our Records Management Policy – this document will outline the duration that we keep specific information for.

Who we share your personal data with

We share information with third parties such as our legal panel in order to organise training and event activities.

We do compile and publish research and statistics relating to the annual report and accounts, the business plan, our five year strategy, and reports on claims related harm and learning we want to share across healthcare. Where we use personal date we anonymise the data in line with the Information Commissioner’s Anonymisation Code of Practice or use illustrative examples which are drawn from multiple cases.

The lawful basis for processing your data

For all of the processing of personal data undertaken, the lawful basis for processing is:

  • Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller, and
  • Consent

Where we have to process special categories of personal data, the lawful basis for processing is:

  • Explicit consent

Page last updated on: