National Infected Blood Psychology Support Service
(Date created: 28/05/2025)
This privacy notice explains how your personal data will be collected, used, stored and shared when you use the national Infected Blood Psychological Service (IBPS). It provides information around your rights, such as can access your records (Subject Access request).
Newcastle Hospitals NHS Foundation Trust is the commissioned national IBPS Provider Trust and custodian of the Infected Blood Psychological Service systems. Newcastle Hospitals is a registered Data Controller with the Information Commissioners Officer (ICO) under Registration number Z6173332.
All other IBPS Provider Trusts are registered Data Controllers with the ICO.
Who is collecting your data?
Everyone working to deliver the Infected Blood Psychological Service has a legal duty to keep information about you confidential. A full list of IBPS Provider Trusts has been set out in Annex 1 of this Privacy Notice. Your personal data will be collected when you engage with our services, for instance:
- If you submit a self-referral via the National Telephony line or website
- If you have been referred to IBPS
- If you engage with an IBPS care navigator or psychologist
- Using Goal Based Outcome Questionnaires
What data do we collect?
We collect and process the following data:
- Identifiable details (e.g. your name, date of birth, title)
- Contact details (e.g. address, phone number, email)
- Health and wellbeing information relevant to your psychological needs (e.g. session notes, peer support offered)
- Information about your preferences for service location and provider (e.g. venue
- Any accessibility or support needs (e.g. preferred language)
Why do we collect your data?
We collect your data for the following purposes:
- To assess your eligibility and clinical need
- To provide you with psychological support services
- To manage your referral to your chosen or most appropriate NHS provider
The records collected will also help ensure you receive the best possible care from us. If we do not have accurate up to date information, this may impact on the services that we provide to you. There may also be some legal requirements where it is necessary to hold information about you. Where we have not collected your information directly ourselves, this will be clearly documented and/or stated to you.
What is our lawful basis?
The Data Protection Act 2018 incorporates the UK General Data Protection Regulation (GDPR), which sets out the conditions for lawful processing of personal data. All IBPS Provider Trusts operate and process personal data under the following lawful basis conditions:
Personal data:
- UK GDPR Article 6(1)(e): Performance of a task in the public interest
Special Category (Sensitive) data:
- UK GDPR Article 9(2)(h): Provision of health or social care
Who do we share your data with?
We may share your data with:
- Other NHS Trusts providing your care (as Joint Data Controllers)
- Our commissioned service providers
All data sharing is:
- For direct care only
- Limited to what is necessary and proportionate
- Governed by appropriate information governance and data protection agreements
How is your data stored?
Newcastle Hospitals as National Provider has rigorously assessed the chosen suppliers and their systems on behalf of all Provider Trusts.
All personal data collected is stored securely within dedicated, externally hosted NHS-approved systems. All systems meet NHS and UK data security standards (e.g., ISO 27001, Cyber Essentials, DSP Toolkit compliance). No data will be stored outside of the UK.
Access to stored data within the chosen systems is subject to robust access controls, managed by Newcastle Hospitals.
How long will we keep your data?
Your records will be retained in accordance with the NHS Records Management Code of Practice. Typically, psychological care records are retained for 20 years from the last point of contact unless a longer period is justified.
Your rights under UK GDPR
You have the right to:
- Access your personal data
- Request correction of inaccurate data
- Request removal or deletion (in some circumstances)
- Object to processing (in limited cases)
To exercise any of your rights, please contact the relevant Trust providing your episode of care or their Data Protection Officer (DPO). If you’re unsure who to contact or who your provider is, you can contact the National Provider using the contact information below.
Contact information
The Newcastle upon Tyne Hospitals NHS Foundation Trust
Royal Victoria Infirmary,
Queen Victoria Road,
Newcastle upon Tyne,
NE1 4LP
Julia Scott, Data Protection Officer