Home
0800 090 2309
0800 090 2309

0800 090 2309

Patients and Families Privacy Notice

Published: 10 Sept 2025
Updated: 10 Sept 2025
Share
X
Facebook
LinkedIn
WhatsApp

What is the purpose of this document?

If you or a family member are receiving care or support from one of our services, the information we hold about you will be used only for the purpose of providing care and support and information about our services.
Marie Curie is committed to being transparent about how it collects and uses that data to meet its data protection obligations. Personal information will be held in compliance with the UK General Data Protection Regulation (EU) 2016/679 and the Data Protection Act 2018.

The information we collect about you

The personal data we collect, store, and process could include:
  • details which identify you, such as your name, address, contact numbers, date of birth, NHS number and next of kin
  • relevant information from your relatives or those who care for you and know you well
  • details of services received
  • notes and reports about your/your relative’s health and treatment which may include information from other healthcare providers
  • notes and reports regarding services provided to you, your relative or other family members
  • information provided by your family or those who care for you and know you well
  • information about your story and your experience of our care.
As part of our Lone Worker Policy, Marie Curie staff may carry SOS devices. These devices have an Audio Recording capability that could be activated in the event of an emergency (patient or staff member in distress).

Special category data

The UK General Data Protection Regulation (“GDPR”) and the Data Protection Act 2018 (DPA2018) recognises certain categories of personal information as sensitive and therefore requiring more protection.
  • personal data revealing racial or ethnic origin
  • personal data revealing political opinions
  • personal data revealing religious or philosophical beliefs
  • personal data revealing trade union membership
  • genetic data
  • biometric data (where used for identification purposes)
  • data concerning health
  • data concerning a person’s sex life
  • data concerning a person’s sexual orientation.
In the course of providing care to our patients, Marie Curie routinely processes sensitive personal data. In other limited cases, we may collect and/or use your sensitive personal information, in each case, we will only do so if we have a valid reason and the UK GDPR/DPA2018 permits it.
Marie Curie may process special category data where the processing is necessary for scientific research. Marie Curie may also process special category data as part of the services we provide to you or a member of your family.

How do we collect this information?

We collect your information from the following:
  • directly from you, verbally, on paper or digitally or via the use of our website
  • from your GP, hospital doctor or other healthcare professional either by telephone, paper notes or through the referral systems or shared access to medical records
  • from discussions with your carers, friends or members of your family.
Read more about how we keep your information safe by downloading our leaflet in English or Welsh.

Why do we need this information?

Having up-to-date information about your health and your treatment is essential to provide high quality, safe and appropriate care to you and your carers, friends and family members.

What is the legal basis for collecting and processing your personal information?

We are allowed to process your information for one or more of these reasons:
  • Consent: You have given clear consent for us to process your personal data for a specific purpose.
  • Vital interests: The processing is necessary to protect someone’s life.
  • Legitimate interests: The processing is necessary for our legitimate interests.

Conditions for processing special category data

Where we process special category data, we are also required to have a condition for processing such data. We rely on the following conditions for processing special category data about our patients and their family:
  • with your explicit consent
  • to protect the vital interests of you or another living individual
  • in the delivery of health or social care with a basis in UK law as the provision of healthcare or treatment
  • for the reason of public interest in public health with a basis in UK law that the processing is carried out by, or under the responsibility of, a health professional.

How we use this information

We use this information to:
  • inform, plan and carry out your care and treatment and provide advice
  • make sure that your wishes are considered where we provide treatment or advice
  • ensure that all treatment is safe and effective, and that advice is appropriate for you
  • provide all health and social care professionals involved in your care, which may include GPs, hospital-based clinicians, nurses in the community and health visitors, with up-to-date and accurate information about your health and care needs
  • ensure that all professionals involved in your care have up-to-date and accurate information so that we can work effectively together to care for you
  • help us improve our services or investigate concerns or complaints, either about your care or the standards of any health or social care professionals looking after you
  • investigate any concerns or complaints you may have, either about your care or the standards of any health or social care professionals looking after you
  • sometimes we will ask your permission to share your story and experience of our care for the purposes of publicising the work we do and for fundraising
  • provide you with online care services; such as video consultations, if you are unable to attend in person
  • use anonymised data (where identifying personal information has been removed) for clinical audit or research purposes and help us improve the quality of our services.

Where we store your information

We use electronic systems, which include EMIS and SystmOne to process patient information (medical notes). EMIS and SystmOne are currently used by a wide range of healthcare providers and the NHS, which enables the sharing of your health information with other clinicians and organisations involved in your care. All patient data will be stored within the United Kingdom or the European Economic Area (EEA).

Who we share information with

We never share, sell, or rent your information to third parties for marketing purposes.
However, we may disclose your personal information to selected third parties in order to achieve the other purposes set out in this policy.
These may include (among others):
  • healthcare professionals, medical researchers and organisations involved in the provision of care and/or medical research
  • the Health and Social Care Network (HSCN), a data network for health and care organisations to access and share information. The HSCN is provided by the Health and Social Care Information Centre (also known as NHS Digital). For further details on how NHS Digital may use your personal information, please see their privacy notice
  • as part of providing comprehensive shared care records, which is a way of sharing information with healthcare professionals and organisations, Marie Curie is a member of multiple sharing agreements throughout the United Kingdom
  • business partners, suppliers and sub-contractors (for direct care purposes only)
  • other beneficiaries, executors and legal advisers, when administering a legacy.
In particular, we reserve the right to disclose your personal information to third parties:
  • in the event that we sell or buy any business or assets, in which case we will disclose your personal information to the prospective seller or buyer of such business or assets
  • if substantially all of our assets are acquired by a third party, personal information held by us may be one of the transferred assets
  • if we are under any legal or regulatory duty to do so
  • to protect the rights, property or safety of Marie Curie, its personnel, users, visitors or others
  • healthcare professionals, medical researchers and organisations involved in the provision of care and/or medical research
  • other healthcare organisations and clinicians involved in your care.

National Data Opt- Out

Marie Curie is one of many organisations working in the health and care system to improve care for patients and the public.
Whenever you use a health or care service, such as attending Accident and Emergency or using Community Care services, important information about you is collected in a patient record for that service. Collecting this information helps to ensure you get the best possible care and treatment.
The information collected about you when you use these services can also be used and provided to other organisations for purposes beyond your individual care, for instance to help with:
  • improving the quality and standards of care provided
  • research into the development of new treatments
  • preventing illness and diseases
  • monitoring safety
  • planning services.
This may only take place when there is a clear legal basis to use this information. All these uses help to provide better health and care for you, your family and future generations. Confidential patient information about your health and care is only used like this where it is allowed by law.
Most of the time, anonymised data is used for research and planning so that you cannot be identified in which case your confidential patient information isn’t needed.
You have a choice about whether you want your confidential patient information to be used in this way. If you are happy with this use of information you do not need to do anything. If you do choose to opt out, your confidential patient information will still be used to support your individual care.
To find out more or to register your choice to opt out, please visit nhs.uk/your-nhs-data-matters.
On this web page you will:
  • see what is meant by confidential patient information
  • find examples of when confidential patient information is used for individual care and examples of when it is used for purposes beyond individual care
  • find out more about the benefits of sharing data
  • understand more about who uses the data
  • find out how your data is protected
  • be able to access the system to view, set or change your setting
  • find the contact telephone number if you want to know any more or to opt-out by phone
  • see the situations where the opt-out will not apply.
You can also find out more about how patient information is used at: understandingpatientdata.org.uk/what-you-need-know (which covers how and why patient information is used, the safeguards and how decisions are made).
You can change your mind about your choice at any time.
Data being used or shared for purposes beyond individual care does not include your data being shared with insurance companies or used for marketing purposes and data would only be used in this way with your specific agreement.
Our organisation is currently compliant with the National Data Opt Out Policy.

How we keep patient information safe

In accordance with NHS guidance, Marie Curie has appointed its Chief Nursing Officer as a Caldicott Guardian. Our Caldicott Guardian is responsible for protecting patient confidentiality and enabling the appropriate sharing of information. The sharing of sensitive personal information is strictly controlled by law. We will outline how we share information and ask for your consent and give you the opportunity to opt-out. If you are unable to consent for any reason, we will only share information where it is in your best interests to do so.
Measures that we use to protect your information include:
  • access to our electronic patient records is restricted and users are required to use a smartcard or multi-factor authentication to access the system
  • our organisation undergoes annual audited cyber security accreditation which is carried out by a third-party cyber security consultancy
  • we annually complete the NHS Data Security and Protection Toolkit (DSPT) which measures our performance against the National Data Guardian’s 10 data security standards
  • staff and volunteers are appropriately trained in data protection and information security
  • access to our systems by staff and volunteers is provided based on the principles of ‘least-privilege’ and ‘need to know’
  • we use a range of dedicated cyber security technologies including endpoint security, network firewalls and security monitoring services
  • physical security controls such as door access and CCTV are in operation at our sites
  • third parties contracted by Marie Curie to provide technical support will only have access to personal data if necessary to perform their role and will be bound by contractual confidentiality and data processing agreements
  • all staff have a duty to record your personal information and information about your care accurately and to keep it secure and confidential.
  • We ensure that your data is encrypted both in-transit and at-rest.

Retention

Your data is kept in accordance with the statutory NHS retention periods.

Change of purpose

We will use your personal information for the purposes for which it is collected. If we need to use your personal information for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

Your duty to inform us of changes

We want to make sure that your personal information is accurate and up to date. If any of the information that you have provided us with changes, for example if you change your email address, please do contact us so that we can keep our records up to date. We will update your records as soon as possible and in any event within one month.

Your Personal Information Rights:

What rights do I have over my personal data?
You can:
  • access your data by making a Subject Access Request
  • rectify, erase or restrict your data where this is justified
  • request transfer on your data where this is justified
  • object to the processing of your data where this is justified
  • object to how your information is used.

Concerns about your records

If you have questions about this Privacy Notice, or if you would like to exercise any of your privacy rights, please contact us by email at infogov@mariecurie.org.uk.
If you are dissatisfied with our response, or if you have any further queries regarding how your personal data is processed, you should contact Marie Curie’s Data Protection Officer at DPO@mariecurie.org.uk.
If you are still unhappy with the outcome of your enquiry, you have the right to object to data processing in certain circumstances, which you can do by contacting the Information Commissioner’s Office.
The Information Commissioner
Wycliffe House, Water Lane
Wilmslow, Cheshire SK9 5AF

Changes to this Privacy Notice

We reserve the right to update this Privacy Notice at any time, and we will provide you with a new Privacy Notice when we make any substantial updates. We may also notify you in other ways from time to time about the processing of your personal information.
Published: 10 Sept 2025
Updated: 10 Sept 2025
Share
X
Facebook
LinkedIn
WhatsApp
Share this page
X
Facebook
LinkedIn
WhatsApp
Our policies
Useful links
Follow us
Facebook
YouTube
X
Instagram

©2025 Marie Curie. Registered Charity, England and Wales (207994), Scotland (SC038731). Registered company limited by guarantee, England & Wales (507597). Registered Office: One Embassy Gardens, 8 Viaduct Gardens, London SW11 7BW
online