How your personal information is used by NHS Sheffield CCG

Who we are and what we do

Data Controller:   NHS Sheffield Clinical Commissioning Group

Address:     722 Prince of Wales Road


                   S9 4EU


Data Protection Officer (DPO):                   Caroline Million

DPO Contact Details:                       


NHS Sheffield Clinical Commissioning Group is responsible for planning and designing local health services in and around Sheffield. We do this by ‘commissioning’ or buying health and care services including:

  • Planned hospital care
  • Unplanned care (urgent care)
  • Rehabilitation care
  • Community Health Services
  • Mental Health and learning disability services

We are also responsible for arranging unplanned care services for our registered patients and for commissioning services for any unregistered patients who live in Sheffield. All General Practices in Sheffield belong to our Clinical Commissioning Group.We manage the performance of services that we commission to make sure that they are safe, provide high quality care and meet the needs of local people. Part of this performance management role includes responding to any concerns from our patients about these services.

How we use your personal information

The purpose of this notice is to inform you of the type of information (including personal information) that the CCG holds as a Data Controller, how that information is used, the legal basis for using the information, who we may share that information with, and how we keep it secure and confidential.

It covers information we collect directly from you or collect indirectly from other individuals or organisations for the CCG’s registered population.

This notice applies to all information held by the CCG relating to individuals, whether you are a patient, service user or a member of staff. This notice was last reviewed in Sep 2018.

Types of information we hold

We need to use information about you in various forms and will only use the minimum amount of information necessary for that purpose. Where possible we will use information that does not identify you.

The CCG uses and processes several different types of information, (details below for more information):

  1. Anonymised - data which is about you but from which you cannot be personally identified.
  2. Pseudonymised - individual level information where individuals can be distinguished by using a coded reference, which does not reveal their ‘real world’ identity
  3. Identifiable - information which contains personal details that identify individuals such as name, address, email address, NHS Number, full postcode, date of birth.
  4. Aggregated – grouped information about individuals that has been combined to show general trends or values without identifying individualsThroughout this Notice you will see reference to an organisation called NHS Digital. They are the national body responsible for information, data and information processing in health and social care. NHS Digital has legal responsibility for identifiable data to be passed securely to them by Primary and Secondary Care Providers who are legally obliged to provide this information.

This is a printable version of