Privacy notice

This privacy notice sets out your rights under UK data protection legislation and tells you what to expect when NHS Dorset collects, uses, retains and discloses your personal information.

Personal information is information that (on its own or together with other information) identifies you and is about you.

Who we are

NHS Dorset is responsible for planning, buying and monitoring (also known as commissioning) health services from healthcare providers such as hospitals and GP practices for our local Dorset population to ensure the highest quality of healthcare. We also have a performance monitoring role of these services, which includes responding to any concerns from our patients on services offered.

Within this notice we describe instances where NHS Dorset is the ‘data controller’ under data protection legislation (the organisation who decides what personal information is collected and how it is used), and where we direct or commission the processing of personal information by third parties on our behalf to provide services or improve our offering to you.

All data controllers must notify the Information Commissioner’s Office (ICO) of all personal information processing activities. Our ICO Data Protection Registration number is: ZB344651.

Our head office address is:

NHS Dorset
County Hall
Colliton Park
Dorchester
Dorset
DT1 1XJ

To ensure that we process your personal information fairly and lawfully, this notice informs you:

  • Why we need your personal information

  • How it will be used

  • How it will be kept confidential and secure

  • What rights you have in relation to the personal information we collect

Keeping your information confidential and secure

Using your personal information

Sharing your personal information

Your rights

Research

Contact us

Identity checks

When you contact us, we will need to verify your identity for your security. This is an important way of safeguarding you against criminal activities, including the prevention of unlawful access to your information.

If we are unable to validate your identity, we may ask you to provide further evidence so that we can access your information.

The Freedom of Information Act 2000 (FOIA) gives you a general right of access to information held by or on behalf of public authorities, promoting a culture of openness and accountability across the public sector.  This means that you can ask for any information that NHS Dorset holds, that does not fall under an exemption.  You cannot ask for personal and/or sensitive information under the Freedom of Information Act 2000, as this is covered by data protection legislation.

To make a request for information, you can contact us by emailing FOI.requests@nhsdorset.nhs.uk, or by writing to us at: NHS Dorset, County Hall, Colliton Park, Dorchester, Dorset DT1 1XJ

If you have any questions about this privacy notice or our processing of information, if you wish to raise a complaint on how we have handled your personal information, or if you wish to exercise any of the rights set out  in this privacy notice, please contact our Data Protection Officer by emailing dataprotection.requests@nhsdorset.nhs.uk or by writing to: Data Protection Officer, County Hall, Colliton Park, Dorchester, Dorset DT1 1XJ

Further information

NHS Digital takes the responsibility for looking after care information very seriously.

NHS England recognises the importance of protecting personal and confidential information in all that we do, all we direct or commission, and takes care to meet its legal duties.

Working together across Integrated Care Board (ICB) cluster

From April 2026, Dorset Integrated Care Board is working more closely with Bath and North East Somerset, Swindon and Wiltshire ICB and Somerset ICB as part of an “ICB cluster” arrangement. This is a preparatory step towards a proposed merger in April 2027 and is intended to support joint planning and improvement of health and care services across our populations.

As part of this arrangement, the three ICBs act as joint controllers for certain processing activities. This means we jointly determine the purposes and means of using personal information where we are working together.

How we use and share your information

To support this collaborative working, we may share personal information between the ICBs where this is:

  • Necessary to carry out our functions

  • Lawful under data protection legislation, and

  • Proportionate. Helping us to plan, commission and improve services for our communities.

We only share the minimum information required for these purposes and ensure appropriate safeguards are in place.

Keeping your information safe

Although we are working jointly in some areas, each ICB remains responsible for protecting the personal information it processes. We are committed to:

  • Handling your data securely and confidentially,

  • Applying appropriate technical and organisational measures, and

  • Complying with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Research

We are part of the Wessex Subnational Secure Data Environment (SSDE). Data sharing into the SSDE will unlock the potential of NHS data to support research, create life-saving new treatments and medicines, and bring wider benefits to patients and our NHS. NHS England have published a simple explainer on Secure Data Environments in general. Please also access the Wessex SSDE website for more detailed information.