In the UK GDPR, Article 6, we are able to process your personal information if one of the following conditions have been met:
a) Consent – you have given clear consent (this can be withdrawn at any time).
b) Contract – the processing is necessary for a contract we have with you.
c) Legal obligation – the processing is necessary to comply with the law.
d) Vital interests – the processing is necessary to protect someone’s life.
e) Public task – the processing is necessary to perform a task in the public interest or for official functions that have a clear basis in law. In short, this would be for our core business - providing emergency and urgent care.
f) Legitimate interests – this can only be used by public authorities, like the NHS, if it is not part of the core business but there is a legitimate reason to process the information. This would have to be clearly documented.
In order to process your sensitive information, we would have to meet one of the following conditions (Article 9 of the UK GDPR) as well as one of those stated above. These are:
a) You have given your explicit consent (this can be withdrawn at any time).
b) Processing is necessary for the purposes of carrying out obligations in the area of employment and social security law.
c) Processing is necessary to protect the vital interests of an individual or another person where the individual is physically or legally incapable of giving consent.
d) Processing is carried out in the course of the legitimate activities of not for profit organisations with a political religious or trade union interest.
e) Processing relates to personal data which has been made public by the data subject.
f) Processing is necessary for the establishment, exercise or defence of legal claims.
g) Processing is necessary for the reasons of substantial public interest.
h) Processing is necessary for the purposes of preventative or occupational medicine, medical diagnosis, the provision of health or social care treatment or the management of health or social care systems.
I) Processing is necessary for reasons of public interest in the area of public health.
j) Processing is necessary for archiving purposes in the public interest.
The circumstances of the sharing would dictate which legal basis would be relied upon. However, the vast majority of sensitive information is processed in accordance with (h).