Close Button

Privacy Policy

The materials contained on this site except as where identified as being the copyright of any other person are copyright to us and may be subject to other intellectual property rights. Whilst the pages may be downloaded or copied for the purposes for which the site is intended, such copies may only be used by you and within your organisation, and not for any commercial use without our express consent.

All copyrights and trademark notices, marks, disclaimers and other such elements must be preserved and upheld at all times.

For the purposes of the Data Protection Act we confirm that the proprietors of this site are The Benenden Hospital Trust of Benenden, Cranbrook Kent TN17 4AX which is a Company limited by guarantee, Registered in England and Wales, number 3454120, and is also a registered charity, Registered charity number 1065995. The Benenden Hospital Trust is registered with the Office of the Information Commissioner under registration number Z729839X.

Privacy Notice

What is a Privacy Notice?

This privacy notice is effective from 2 November 2022

A privacy notice is a statement of how Benenden Hospital Trust collects, uses, retains and discloses your personal information. Personal information is information that identifies you and is about you.

To ensure that we process your personal data fairly and lawfully we are required to inform you:

  • Why we need your data,
  • How it will be used and,
  • Who it will be shared with,
  • What rights you have in relation to the personal data we collect from you.

The law determines how organisations can use personal information. The key laws are: the Data Protection Act, EU General Data Protection Regulation, the Human Rights Act, relevant health service legislation, and the common law duty of confidentiality.

Within these pages we describe instances where Benenden Hospital Trust is the “Data Controller” (the organisation who decides what data we collect and how it is used), and where we direct or commission the processing of patient data to help deliver better healthcare, or to assist the management of healthcare services.
Benenden Hospital Trust recognises the importance of protecting personal and confidential information in all that we do, all we direct or commission, and takes care to meet its legal duties.

This notice applies to Patients, Visitors, Staff Members, Clinicians, Consultants, Contractors, Vendors and Suppliers to Benenden Hospital.

Benenden Health Society Members please note for clarification this notice applies to Benenden Hospital and not The Benenden Healthcare Society Limited, who will issue a separate notice.

Link to Supplementary COVID-19 Privacy Notice

Your information

What information do we collect about you?

We only collect and use your personal information where at least one of the legal basis applies and for the lawful purposes of administering the business of Benenden Hospital Trust. The legal basis are as follows;

  • Under consent – where you have given your ‘consent’ to the processing of your personal data
  • Performance of a contract – where the processing of your data is necessary for the fulfilment of a contract, for example e-referrals of NHS patients is subject to a contract
  • Compliance with a legal obligation – processing of your data is required by law and the hospital is required to comply,
  • In the vital interest – we may process your personal data in order to protect your vital interests, for example in providing emergency treatment or care should it be required
  • Public interest – we may process personal data in order to complete a task carried out in the public interest
  • Legitimate interest – we may process your personal data as we hold a legitimate ‘business’ interest in processing that information.

The table below shows the purposes and the associated legal basis under which we process your personal data;

Purpose of processing

Legal basis for processing

Accounting and Auditing

In compliance with a legal obligation and legitimate interest

Accounts and Records

In compliance with a legal obligation and legitimate interest

Advertising and Public Relations

Under consent and legitimate interest

Consultancy and Advisory Services

In performance of a contract and legitimate interest

Crime Prevention and Prosecution of Offenders

In compliance with a legal obligation


Under a legitimate interest

Healthcare Administration and Services

In performance of a contract and legitimate interest

Information and Databank Administration

In performance of a contract and legitimate interest


Under consent and legitimate interest

Sharing and matching of personal information for national fraud initiative

In compliance with a legal obligation

Employment and Staff administration

In compliance with a legal obligation and legitimate interest

What types of personal data do we handle?

We process personal information to enable us to support the provision of healthcare services to patients, maintain our own accounts, promote our services and to support and manage our employees. We also process personal information about healthcare professionals that deliver services within Benenden Hospital Trust.

The types of personal information we use include:

  • Personal identity - such as title, name, marital status, date of birth, National Insurance number
  • Contact details - such as addresses, telephone & mobile numbers, email address
  • Family details – such as next of kin details, relationships to next of kin
  • Financial details – such as bank sort code/ account number, Payment card number, payroll, tax information
  • Employment details – such as salary, annual leave, pension, benefits, discipline and grievance, performance data, occupational health data and security clearance data
  • Education and training details of staff and consultants - such as Training records, Qualification verification
  • Details held in the patient’s record, where we hold or manage the patient’s record – such as NHS Number, GP Details
  • Lifestyle and social circumstances – such as questions about smoking, drinking and general lifestyle
  • CCTV images – for providing security monitoring of the grounds and hospital, internal employment processes and training
  • Responses to surveys where individuals have responded to surveys about issues
  • IP address and Browser settings collected in order to better serve advertising to individuals.

We also process special category of information for patients, staff and consultants, that may include:

  • Racial and ethnic origin
  • Religious or philosophical beliefs
  • Trade union membership
  • Data concerning health
  • Genetic data
  • Biometric data
  • Data concerning a person’s sex life or sexual orientation
  • Offences (including alleged offences), criminal proceedings, outcomes and sentences
  • Employment tribunal applications, complaints, accidents, and incident details.

How will we use information about you?

Your information is used to run and improve Benenden Hospital Trust. In respect of our patients, their data may be used to:

  • Register anyone who may be interested in our treatments and services onto our Customer Relationship Management system
  • Register all patients onto our Patient Administration System
  • Register new referrals for existing patients on our systems, update demographic details and health records with new referral details
  • Return or report on a phone call made to us via the online call-back system via our website
  • Book a private GP appointment through our website using our online booking tool
  • Record telephone calls made to the hospital patient appointments department in relation to appointment enquiries
  • Allow the preparation of health record folder (notes) for the patient
  • Investigate complaints, legal claims or important incidents
  • Make sure services are planned to meet patients’ needs in the future
  • Check and report on how effective Benenden Hospital Trust and the services it commissions has been
  • Display on LCD TV screens within patient waiting areas, as a means to notify you, your name and the consultant you are visiting
  • Display on LCD TV screens in nurse stations within the Inpatient Wards
  • Undertake virtual consultations, via video conferencing or telephone. Your discussions with the consultant or recordings of any consultations will form a part of your health record and will afford the same protection as a physical health record
  • Create operation notes and letters for communicating outcomes with your GP
  • Ensure correct patient information at all times by using your name on identity bracelets, if you are admitted as an inpatient. If you are unable to clearly identify yourself a band maybe used in cases of outpatients
  • Ordering medical devices, such as hip and knee prosthetics for surgical procedures
  • Help patients to make informed choices for treatment by processing anonymised statistical information on private hospital performance
  • To address customer service enquiries made via the website
  • If you request to meet with a chaplain, we may share your name with them.

We may keep your information in a written form or on a computer. Whenever possible all information that identifies you will be removed.

For our staff, contractors, consultants, clinical agency staff, vendors and suppliers personal data may be used to:

  • Verify employment history, qualifications and experience
  • Validate ‘right to work’
  • Assess suitability for employment during selection process
  • Personal development of employees
  • Payroll
  • NI and tax accounting
  • Disciplinary and grievances
  • Undertake due diligence and risk assessment of supply chain

Our platforms

Compucare Patient Administration System

Benenden Hospital Trust is the data controller for the Compucare Patient Administration System. This system holds personal details of all patients that have been either referred by Benenden Health Society, referred by a GP via the NHS e-Referrals system or as a private patient that has attended and subsequently discharged.

The information held on this system is used primarily for the purpose of administering healthcare services, it may however be used for other non-health related purposes and shared with statutory bodies/organisations to enable them to fulfil their statutory obligations. ‘Non-health related purposes’ relate to processing such as contracted reporting to the Private Hospitals Information Network (PHIN) using pseudonymised data which allows patients to make informed choices of where they may want accept treatment. We may also use the information within the administration system for statistical analysis to see how the hospital itself is performing with respect to business targets and objectives.

The information will only be shared with other organisations where there is a statutory obligation to do so, or with the agreement of the Benenden Hospital Trust, Caldicott Guardian and the Data Protection Officer. A Caldicott Guardian is a senior person responsible for protecting the confidentiality of patient and service user information and enabling appropriate information-sharing.

My Benenden Hospital Rewards

Benenden Hospital Trust is the administrator of the My Benenden Hospital Rewards loyalty scheme, provided by the platform.

By enrolling in the Scheme, Participants agree to the collection, use and disclosure of their personal data by Benenden Hospital, My Benenden Hospital Rewards and It is recommended that Participants read the privacy information.

The information held on the platform is used for the purpose of administering My Benenden Hospital Rewards, including sending emails relating to a participant’s loyalty scheme account (Transactional emails). Participants can consent to receive promotional offers (Marketing emails) by ticking the Marketing opt-in box on the Join Form and may opt out of Marketing emails at any time by clicking the Unsubscribe link in any Scheme email.

We collect the following information from you:

  • Personal identity – your first name and last name
  • Contact details – your email address

Sharing your information

We may disclose your personal information for a number of reasons (to the extent necessary). This can be due to:

  • Our obligation to comply with current UK legislation
  • Our duty to comply with a court order
  • A contractual commitment to report statutory information
  • Providing us with your consent to the disclosure of your data

In fulfilling our obligation to provide healthcare services we may share your data with the following organisations:

  • Benenden Healthcare Society
  • National Health Service (NHS)
  • NHS General Practitioners (your Doctor)
  • Specialist consultants
  • Imaging Exchange Portal (IEP - a web-based portal used to allow sharing of scan images between healthcare trusts/organisations)
  • National Joint Registry(NJR)
  • PHIN (Private Healthcare Information Network)
  • Contracted 3rd parties providing medical services or devices
  • Healthcare insurance providers
  • Pathology laboratories
  • Where we are required to do so by law
  • In the event that sharing your data will ultimately benefit you as the data subject.

National Data Opt-out Policy

Benenden Hospital fully complies with the NHS National Data Opt-out policy. National Data opt-out allows NHS Patients to opt-out of their personal sensitive data to be processed (used) for purposes beyond their direct care, namely research.

Sharing your information outside of the EEA

We may from time to time be required to share your information with other service providers who are outside of UK and the EU. The sharing of your information with these providers is necessary in order to provide the necessary medical device or service. The transfer of personal data internationally will be conducted with the appropriate legal mechanisms in place.

How long will we keep your data for?

We will keep your personal information in accordance with our Retention Policy and for as long as is lawfully necessary to conduct our business with you, and/ or in accordance with our legal obligations for data retention.

If you are treated at this hospital, we will create an adult patient health record for you. This Patient health record is kept for 8 years following the last treatment provided.

If you make a query via the hospital website, we ask for your name, email address and if you are a member of Benenden Healthcare Society. We will retain this information for a period of no longer than 1 year. It will be kept for this period in case of any further enquiries and/or complaints.

What rights do I have regarding your use of my information?

You have the following rights in relation to the personal data that we hold on you:

  • You have a right to make a subject access request
  • You have the right to rectify/amend your personal information if it is incorrectly recorded. Accounting for the purposes of processing you have the right to have incomplete personal data completed, including by means of providing a supplementary statement
  • You may have the right for your personal data to be deleted
  • You have the right to restrict the processing of your data, if you believe that the personal data being processed is inaccurate or is being processed unlawfully
  • You may have the right to data portability. This is the transfer of your data to another data controller, where you have provided your consent and the processing is carried out by automatic means
  • You have the right to make an objection to the processing of your personal data relating to your particular situation, at any time, based on processing of data in the public interest or for the purposes of legitimate interests pursued by Benenden Hospital Trust
  • Where personal data is processed for marketing purposes you have the right to object to the processing of your personal data and to withdraw your consent, at any time, to direct marketing.

How to make a Subject Access Request (SAR)

If you would like to make a SAR, please contact us on You'll be required to complete a SAR consent form which will be sent to you on your request.

Do I have a choice?

Providing Benenden Hospital with your personal data helps us to fulfil our contract to provide you with relevant healthcare services. When providing our services, we will have entered into a contractual agreement with either Benenden Health, the NHS, Health Insurance Providers or directly with you.

Failure to provide Benenden Hospital with your personal data may impact on the level of healthcare we can provide, it may even result in non-acceptance for healthcare treatment at Benenden Hospital. 

For staff, consultants, contractors, vendors and suppliers the restriction on processing of personal data may impact any contractual agreements in place between either party, that may result in failure to meet the contractual obligation.

Data Protection Notification

Benenden Hospital Trust is a ‘data controller’ under the DPA. Our registration Number is: Z729839X. We have notified the Information Commissioner’s Office that we process personal data and the details are publicly available from the:

Information Commissioner’s Office

Wycliffe House

Water Lane,



Changes to our privacy notice

We keep our privacy notice under regular review and we will place any updates on the Benenden Hospital webpage.

Complaints about how we process your personal information.

In the first instance, you should contact the Data Protection Officer on the details below:

Telephone: 01580 240333


Office hours are from 9am to 5pm.

You may also refer any complaints directly to the ICO on the contact details provided above.

Cookie Policy

About cookies

Benenden Hospital's website uses cookies. Cookies are pieces of code that allow small amounts of information to be passed from your internet browser to our web server.

Benenden Hospital use our own cookies, as well as those from third parties, serving several purposes. They allow us to remember whether you are logged in to the site and to serve you with content tailored specifically for you and to help us learn about how you like to use our website and where we can make it better. 

We will never disclose your personal details to any third parties. All data passed by cookies is anonymous and will never contain your name, address, telephone number, email address, IP address or payment details.

What is a cookie?

Cookies, also known as browser cookies or tracking cookies are small text files that are created by your browser and placed on your computer or browsing device, at the request of websites that you visit. Cookies allow websites to recognise your computer or web browser. They can help to analyse which products or parts of a website you looked at, and how long for.

Why does Benenden Hospital use cookies?

Cookies allow us to present you with relevant products and services that are based on the way that you want to use our website. Cookies allow us to work alongside our web analytics partner, to see how our customers like to use our websites and which pages or special functions they prefer. This helps us to continually improve our service.

Third party cookies are also used with our marketing partners to present you with appropriate offers and advertising as you browse other sites on the internet, based on the products you looked at while on our site. Note: Benenden Hospital's cookies and those of our third party partners will never be used to collect any personal data. This includes your name, address, telephone number, email address, credit card information or any other payment details.

Session cookies

Session cookies are deleted after each 'session'. For example, when you are browsing Benenden Hospital website, it will remember you for the duration of your visit, but the cookie will be removed from your computer as soon as you close down your internet browser. Without a session cookie, every time you open a new web page the web server where that page is stored will treat you like a completely new visitor.

Persistent cookies

Persistent cookies remember you for a set period of time. (Unless you delete your cookies within this period) On your first visit, the website is presented in default mode. During your visit, you select your preferences and these preferences are remembered, through the use of the persistent cookie, the next time you visit the site.

Turning off and deleting cookies

Most web browsers will provide the option to disallow cookies and web beacons. How you do this depends on the web browser you're using. Instructions for disallowing cookies can usually be found in the browser's 'Help' menu. Cookies can also be deleted using your internet browser. However, unless they are disallowed they will be re-applied the next time you visit a website. Note: In common with most websites, refusing cookies via your web browser you may find that the functionality of websites and services will be affected. You will also find that you are unable to make a transactional purchase on websites. However, Benenden Hospital's website does not currently have transactional functionality so this will not be applicable.

For more information about cookies please visit

Third party advertising and cookies

Benenden Hospital uses Google, Microsoft, Meta, X (formerly Twitter), Reddit and Outbrain who serve advertisements on our behalf. These platforms use session and persistent cookies across their advertising products, and cookies are used by their partners across their third party advertising network.

These advertisers use cookies to serve you relevant advertisements based on your recent searches. Anyone can opt out of this and these platforms also offer a number of options to permanently save your opt-out settings in your browser. Benenden Hospital uses advertising platform cookies to track on-site conversions.

Other platforms which set cookies

Piggy loyalty platform

We use to administer our loyalty scheme, My Benenden Hospital Rewards. This allows you to collect reward points each time you book and pay for a qualifying treatment or service, diagnostic test or scan as set our in our Reward Scheme Terms and Conditions. Piggy uses cookies to maintain your portal session, understand visitor and user preferences, improve your experience, and track and analyse usage, navigational, and other statistical information. For further details, please visit the Piggy website.

Zendesk Livechat

We use Zendesk to provide a self-service Chatbot and our Livechat platform. This allows you to communicate via chat with our Private Patient team, request a service or more information. Zendesk uses cookies to understand visitor and user preferences, improve your experience, and track and analyse usage, navigational, and other statistical information. For further details, please visit the Zendesk website.

SimplyBook online booking

We use to allow you to book an initial consultation online for selected treatments. They avoid tracking and profiling visitors of their clients booking websites and use a minimal number of cookies at all times. Find out more on the SimplyBook website.


We use Hotjar in order to better understand our users’ needs and to optimise this service and experience. Hotjar is a technology service that helps us better understand our users’ experience (e.g. how much time they spend on which pages, which links they choose to click, what users do and don’t like, etc.) and this enables us to build and maintain our service with user feedback. Hotjar uses cookies and other technologies to collect data on our users’ behaviour and their devices. This includes a device's IP address (processed during your session and stored in a de-identified form), device screen size, device type (unique device identifiers), browser information, geographic location (country only), and the preferred language used to display our website. Hotjar stores this information on our behalf in a pseudonymised user profile. Hotjar is contractually forbidden to sell any of the data collected on our behalf.

For further details, please see the ‘about Hotjar’ section of Hotjar’s support site.