Privacy Policy

Who we are?

The Royal Devon University Healthcare NHS Foundation Trust was established in April 2022, bringing together the expertise of both the Royal Devon and Exeter NHS Foundation Trust and Northern Devon Healthcare NHS Trust.

We provide acute and community health and care services across North Devon, Torridge, East and Mid Devon, including Exeter and the surrounding areas.

Stretching across this wide geographical location, our 17,000 staff serve a population of almost one million people through our acute hospitals in Exeter and Barnstaple, in our community sites and in people’s homes.

Our hospitals are both renowned for their research, innovation and links to universities. Some of our specialist services reach as far as Cornwall and the Isles of Scilly.

Our Trust is registered with the Information Commissioner’s Office (ICO) to process personal and special categories of information under the Data Protection Act 2018 (subject to parliamentary approval) and our registration number is Z5368894 For further information please refer to the ‘Information Governance’ page on our corporate website,

What is our legal basis for processing your personal information? Why we collect your personal data.
In the exercise of official authority as a Foundation Trust within the NHS we are obliged to maintain a membership; to run elections, and ensure the membership is representative of the locality, therefore the legal basis for all the processing of the personal data for the said purpose is the Trust has a statutory requirement to do so within the exercise of our function as a public body.

What personal information do we need to collect about you and how do we obtain it?
We keep to a minimum information we hold about you, basically data you provided as per the application form, which is; your name, address, telephone number (if given) and email address (if given). We have reviewed the so called ‘special category personal data’ under this legislation and have deleted records of ethnicity, which we held for members who had provided this data through our old version of the application form.

What information is gathered via our members’ website (www.rdemembers.co.uk)
Information on this site is gathered in two ways: indirectly (for example, through our website’s technology); and directly (for example through information that you enter). Examples of information we collect indirectly are your internet (IP) address which is automatically collected and is placed in our internet access logs, and the date and time of when you access the site. Examples of information collected directly are the details you may enter in order for us to be able to communicate with you. We may also use Cookies, which are small text files stored on your computer or device when you visit a website, these allow us to determine how visitors use a website, for instance which pages visitors go to most often, and if they get error messages from web pages. These cookies don’t collect any information that identifies a visitor. All the information that these cookies collect is anonymous and will only be used to improve how the Website works. For more information about the cookies we use, please read our Cookie policy. We may also analyse information gathered to determine what is most effective about our website, to help us identify ways to improve it. If data is used for any other purposes, we will describe these to you at the point we collect the information.

How we hold, maintain and share your records?
Our membership database is managed by MES (membra.co.uk) who fully comply with GDPR legislation and are also ISO 9001 and ISO 27001 compliant, MES’ privacy statement can be found on their website. We rely on you to let the Trust know if your contact details change. We will not share your data with third parties, apart from with MES, who holds your data, as per information outlined above.

What do we do with your personal information?
We use the data to send regular news updates to members by email and a chairman’s annual message. We report the total number of public members to NHS Improvement annually. Members are invited to vote in the Governors’ election annually.

How long will we keep this information?
We will only keep information for as long as it is needed for the purposes described when it was collected. The information will not be kept for longer than legislation permits.

What are your rights?
You may request that your information is removed or forgotten, that processing is restricted or withdrawn by emailing the Engagement Office on rde-tr.royaldevonmembers@nhs.net or our Data Controller’s Data Processing Officer or writing to them.

Data Protection Officer
Please contact the Information Governance Manager:
Information Governance Team
Wonford Hospital
Barrack Road
Exeter
EX2 5DW

Or via rde-tr.dataprotectionofficer@nhs.net

Information Commissioner’s Office
The Information Commissioner’s Office (ICO) is the body that regulates the Trust under Data Protection and Freedom of Information legislation. If you are not satisfied with our response or believe we are processing your personal data not in accordance with the law you can complain to the ICO. Visit their website for more information: ico.org.uk.