Cookie Policy

Privacy Policy

Who we are?
Royal Devon and Exeter NHS Foundation Trust (RD&E) is one of the highest performing healthcare organisations in Europe with a proven international reputation for its quality of care, information technology, clinical education and training and research. The Trust employs more than 9,500 staff. Our Trust is registered with the Information Commissioner’s Office (ICO) to process personal and special categories of information under the Data Protection Act 2018 (subject to parliamentary approval) and our registration number is Z5368894 For further information please refer to the ‘Information Governance’ page on our corporate website,

What is our legal basis for processing your personal information? Why we collect your personal data.
In the exercise of official authority as a Foundation Trust within the NHS we are obliged to maintain a membership; to run elections, and ensure the membership is representative of the locality, therefore the legal basis for all the processing of the personal data for the said purpose is the Trust has a statutory requirement to do so within the exercise of our function as a public body.

What personal information do we need to collect about you and how do we obtain it?
We keep to a minimum information we hold about you, basically data you provided as per the application form, which is; your name, address, telephone number (if given) and email address (if given). We have reviewed the so called ‘special category personal data’ under this legislation and have deleted records of ethnicity, which we held for members who had provided this data through our old version of the application form.

What information is gathered via our members’ website (
Information on this site is gathered in two ways: indirectly (for example, through our website’s technology); and directly (for example through information that you enter). Examples of information we collect indirectly are your internet (IP) address which is automatically collected and is placed in our internet access logs, and the date and time of when you access the site. Examples of information collected directly are the details you may enter in order for us to be able to communicate with you. We may also use Cookies, which are small text files stored on your computer or device when you visit a website, these allow us to determine how visitors use a website, for instance which pages visitors go to most often, and if they get error messages from web pages. These cookies don’t collect any information that identifies a visitor. All the information that these cookies collect is anonymous and will only be used to improve how the Website works. For more information about the cookies we use, please read our Cookie policy. We may also analyse information gathered to determine what is most effective about our website, to help us identify ways to improve it. If data is used for any other purposes, we will describe these to you at the point we collect the information.

How we hold, maintain and share your records?
Our membership database is managed by MES ( who fully comply with GDPR legislation and are also ISO 9001 and ISO 27001 compliant, MES’ privacy statement can be found on their website. We rely on you to let the Trust (RD&E) know if your contact details change. We will not share your data with third parties, apart from with MES, who holds your data, as per information outlined above.

What do we do with your personal information?
We use the data to send regular news updates to members by email and a chairman’s annual message. We report the total number of public members to NHS Improvement annually. Members are invited to vote in the Governors’ election annually.

How long will we keep this information?
We will only keep information for as long as it is needed for the purposes described when it was collected. The information will not be kept for longer than legislation permits.

What are your rights?
You may request that your information is removed or forgotten, that processing is restricted or withdrawn by emailing the Engagement Team on or our Data Controller’s Data Processing Officer or writing to them.

Data Protection Officer
Please contact the Information Governance Manager:
Information Governance Team
Wonford Hospital
Barrack Road

Or via

Information Commissioner’s Office
The Information Commissioner’s Office (ICO) is the body that regulates the Trust under Data Protection and Freedom of Information legislation. If you are not satisfied with our response or believe we are processing your personal data not in accordance with the law you can complain to the. ICO.