Privacy Policy




EMS Response & Ambulance services Ltd (EMS Services) provides a range of clinical services throughout England, from first aid provision at events to emergency and urgent care delivered by our ambulance services. In addition, we provide healthcare and support in the community. This document explains what and why we record information about you and the ways we use this information, including:

The Data Protection Act 1998.

What types of information will you record about me?

How long will you keep my records?

What happens to my clinical data?

How else is information about me used?

When is my information shared with others?

How we use Data Processors.

How do I know my records will be kept confidential?

My rights over my information and how I can obtain personal information or request further details about the use of my information.

Raising concerns about how my personal data has been managed.

The Data Protection Act 1998

The Data Protection Act 1998 is underpinned by eight Data Protection Principles with which we comply. It also governs the use, storage and retention of all personal data.

Organisations that manage and store personal data must register as a ‘data controller’, and notify the Information Commissioner (ICO) why they need to use the data. EMS Services is registered with the Information Commissioner our registration number is ZA326396.

The types of information will you record about me?

When you contact us as a patient, we will collect information about you to help us identify and treat you. This will be recorded on a Patient report form, details may include:

  • basic details about you such as your address, date of birth, gender and next of kin
  • the contact we have had with you, such as date and time you attended one of our treatment centres
  • your symptoms and condition
  • notes about your medical history, such as any allergies
  • results of physiological observations and tests, such as body temperature
  • details and records about your treatment and care
  • relevant information from people who care for you and know you well such as health professionals and relatives.

If you give us feedback or make an enquiry about the service we have provided, or have contact with us on another matter, we will keep a record of all the relevant details in a file for reference purposes. On some occasions, we may collect additional equality information to monitor how our services are delivered to different communities.

How long will you keep my record?

We retain your clinical records for 8 years (25 years in relation to children’s records or a maternity case) after your contact with us. Other records that may contain information about you are kept for varying lengths of time. We do not keep your records any longer than necessary.

All records are destroyed confidentially once their retention period has been met and there is no further contact.

What happens to my clinical data? 

If we transfer your care to another healthcare provider for example a hospital or the statutory ambulance service, we will give them a copy of your Patient report form so that they have details of your condition and the treatment we have provided. We retain the original copy and store this electronically.

In some circumstances and with your agreement we may need to share some health information about you with other health and social care professionals in order to provide you with further appropriate care and support. Most commonly, this will be to your GP, but we may also pass your details to other specialist health or social care teams.  If you do not wish information about you to be shared we will give you the opportunity to say so, however this may impact on the services and support that can be provided to you.

In some circumstances we are commissioned by another healthcare provider for example the statutory ambulance services and our contract will specify that we use their systems to record your personal data. In these situations that provider is the data controller and will manage and store your personal data.

How else is information about me used? 

Information helps us to improve our services. We use relevant information about you to:

  • review the care and advice our personnel provide, to ensure it meets our standards
  • help us to develop our learning programmes for our personnel
  • provide statistics, performance and planning information to help us design and deliver future services
  • investigate incidents

respond to complaints and legal claims.

When information is used to manage and review our services as opposed to reviewing a specific episode of care we are careful to ensure that individual patients cannot be identified. Your name, address and other information that identifies you is always removed.

From time to time we may contact you and ask you to tell us about your experience of our services. We do this as part of our commitment to providing patient services. You can choose whether or not you want to take part in these surveys, and if you decide that you do not want to then this will not affect your care in any way.

When is my information shared with others?

As a general rule your personal health information will not be shared with anyone who is not authorised to receive it, unless you agree.  Sometimes the law allows us to share your personal health information without your permission, for example, when a serious crime is being investigated or where there are safeguarding concerns. There are other occasions when there is a statutory requirement to report, for example, to meet Reporting of Injuries, Diseases and Dangerous Occurrences Regulations (RIDDOR).

Where we are working for a healthcare organisation who has commissioned us to deliver services on their behalf your personal data will be retained by that organisation.

Sometimes we will be required to allow regulators confidential access to our records as part of their inspection programme.

How we use Data Processors

We use a number of contractors to carry out specific business functions on our behalf which involve the processing of personal data. EMS Services as the ‘data controller’ remains responsible for ensuring that these arrangements comply with the Data Protection Act 1998, and the GDPR. Our contractors who process information in this way are known as the ‘data processor’. We will only use an approved data processor where:

  • we have a written contract in place which outlines that the data processor are not able to do anything with that data except act in accordance with our instructions
  • the contract also creates a legal requirement for the data processor to take appropriate measure against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data
  • we are satisfied that the data processor has provided sufficient guarantees in respect of the technical and organisational security measure governing the processing to be carried out.

How do I know my records will be kept confidential?

We have a legal duty of confidence to our patients and the Data Protection Act 1998 further defines how we collect and handle personal information. We have appointed a Caldicott guardian to ensure that our arrangements for handling patient information are in accordance with the legal requirements.

We will seek your permission before we release information that identifies you to any third party for any other reason than those set out in this document. We will not pass information that identifies you to another person or organisation (including friends or relatives) without your knowledge or permission unless we have an overriding legal duty to do so.

My rights over my information and how I can obtain personal information or request further details about the use of my information.

The full extent of your rights is detailed within the Data Protection Act 1998.

You have a right to see all personal information we hold about you to exercise this right you need to make a subject access request. To do so for personal data held by EMS Services you would make a written request to our Data Protection Officer as detailed below. In line with the GDPR regulations, there is no cost for this service.

If you believe any of the information we hold about you may not be accurate, or if you have any concerns about us collecting and using information about you as outlined here, you should contact our Data Protection Officer as detailed below.

How to obtain personal information of someone who has died 

We will always seek to treat information about deceased patients in the same way as if they are living. When someone has died their personal representatives, executors and anyone with a claim arising out of their death may apply to see their records, or part of them, under the Access to Health Records Act (1990).

To access such data held by EMS services, you need to make a written request to our Data Protection Officer as detailed below.

Please be aware that we are not obliged to disclose anything from before November 1991.

Data Protection Officer contact details

Mr George Pewsey

EMS Response & Ambulance Services Ltd

21 Victoria Court

2 Victoria Drive

Bognor Regis

West Sussex

PO21 2PS

T: 0844 351 0479


Raising concerns about how my personal data has been managed.

If you have a concern about how your patient records have been managed by us please tell us about it by giving us feedback, at the above address.

You have a right to complain to the Information Commissioner if you are ever unsatisfied with the way we have handled or shared your personal information:

Information Commissioner’s Office

Wycliffe House Water Lane






T: 0303 123 1113



Stay connected with us in your favorite flavor!