Privacy Notice

Your personal information and what we do with it

Why do you collect my information?  

One You East Sussex collects your information for the marketing and programme delivery of an integrated healthy lifestyle service. Our service is commissioned by East Sussex County Council. Your data will be used for marketing purposes and to enable us to deliver effective healthy lifestyle programmes.  

Who do you get my data from? 

We get your information from the following sources: 

  • Self-Referrals from outreach, telephone, website and social media 
  • GP referrals and secondary care 
  • Stakeholder referrals including pharmacies  

How does data protection law allow you to use my data? 

If you have referred yourself into our service, we would be using your data on the basis that you have initially given us consent to do so, and from there that we are providing you with a healthcare service, which by itself gives us a basis for using your data. If you have been referred by a healthcare professional, we work on the understanding that they have discussed the initial referral with you and you agree with it being made, and once it is received by us similarly, that we are providing you with a healthcare service. 

What information of mine do you use? 

The personal data we use for you includes name, NHS number, address, telephone number, email, GP surgery, gender, language spoken, marital status 

We also use more sensitive special category data including health records, race/ethnicity, sexual orientation, genetics/biometrics 

Do you share my information with anyone? 

We share you information with GP surgeries for our NHS Health Checks programme. Anonymised data is sent to GP surgeries and East Sussex County Council for our other programmes.

Does any of my information get sent outside of the UK? 

YES. We use a system which is based in the United States (Zendesk) to process self-referrals only.  Zendesk has Standard Contractual Clauses in place for data transfer with the UK.  

How long do you keep my information? 

We keep your information for in line with the NHS Records Management Code of Practice 2021. We retain children’s records until 25th birthday, or 26th if the patient was 17 when treatment ended. 

What about my rights under Data Protection law, how can I activate them? 

Under Data Protection law you have the right to: 

  • Be informed how your data is used (which is what this leaflet is doing).  
  • Access to your information. 
  • Rectification of errors. 
  • Erasure (in certain circumstances). 
  • Restriction of processing (in certain circumstances) 
  • Objection to processing. 
  • Data Portability. 
  • Understand whether profiling or automated decision-making is being used (see Section 9). 

If you would like to request or discuss any of these, please contact our Data Asset Owner using the details at the end of this leaflet.  

Do you use any automated decision-making or profiling on my information? 

We use the data you provide to calculate Body Mass Index for our Weight Management programmes. We also profile your glucose and cholesterol levels for our Health Checks.  

What do I do if I am concerned about how you are using my information? 

In the first instance we would be grateful for the opportunity to respond to your concerns ourselves and hopefully sort out any issues for you. To help with this, please write to our Data Asset Owner at the following address: [email protected] 

If you are not satisfied with the outcome of our support, you may take your complaint to the Information Commissioner’s Office, which regulates Data Protection. Its address is Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF. It can be contacted by telephone on 0303 123 1113 or by email on [email protected].