Your information and what we do with it

Why do you collect my information?

One You East Sussex collects your information for your inclusion on our Healthy Lifestyle Programmes. Our service is commissioned by East Sussex County Council to improve your health and wellbeing. Our programmes include Health and Wellbeing Coaching, Stop Smoking, Adult Weight Management and NHS Health Checks.  

Who do you get my data from?

We get your information from Self-Referrals, Healthcare Professionals and Community Services.   

How does data protection law allow you to use my data? 

If you have referred yourself into our service, we would be using your data on the basis that you have initially given us consent to do so, and from there that we are providing you with a healthcare service, which by itself gives us a basis for using your data.If you have been referred by a healthcare professional, we work on the understanding that they have discussed the initial referral with you and you agree with it being made, and once it is received by us similarly, that we are providing you with a healthcare service.  

What information of mine do you use?

The personal data we collect includes name, address, postcode, date of birth, gender, telephone number, email, GP surgery and marital status.  

We also use more sensitive special category data including ethnicity, mental and physical health, religion, sexual orientation. 

Do you share my information with anyone?

If you select one of our partner’s programmes (MAN v FAT or Active Hastings) then we will share your data to enable them to contact you and deliver their programmes.

If you are a Stop Smoking client who opts for Nicotine Replacement Therapy direct supply, we will share your contact information (name, address, email and telephone number) with our partner distributors Direct Supply Solutions Limited.  

We will ask for your consent to feedback your programme outcome to your healthcare professionals when you sign up.

Does any of my information get sent outside of the UK?

YES. We use software which has servers based in the U.S. to process referrals.

How long do you keep my information?

We keep your information for in line with the NHS Records Management Code of Practice 2021. We retain children’s records until 25th birthday, or 26th if the patient was 17 when treatment ended.

What about my rights under Data Protection law, how can I activate them?

Under Data Protection law you have the right to:  

  • Be informed how your data is used (which is what this notice is doing).   
  • Access to your information.  
  • Rectification of errors.  
  • Erasure (in certain circumstances).  
  • Restriction of processing (in certain circumstances)  
  • Objection to processing.  
  • Data Portability.  
  • Understand whether profiling or automated decision-making is being used (see Section 9).  

If you would like to request or discuss any of these, please contact our Data Asset Owner using the details at the end of this leaflet.  

Do you use any automated decision-making or profiling on my information?


What do I do if I am concerned about how you are using my information?

In the first instance we would be grateful for the opportunity to respond to your concerns ourselves and hopefully sort out any issues for you. To help with this, please write to our Data Asset Owner at the following address: [email protected] 

If you are not satisfied with the outcome of our support, you may take your complaint to the Information Commissioner’s Office, which regulates Data Protection. Its address is Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF. It can be contacted by telephone on 0303 123 1113 or by email on [email protected].