Privacy Statement 2018
At Healthwatch Windsor, Ascot and Maidenhead we are committed to protecting and respecting your privacy.
This Privacy Statement sets out the data processing practices carried out by Healthwatch Windsor, Ascot and Maidenhead. The Healthwatch Windsor, Ascot and Maidenhead service is run by The Ark Trust Ltd, Charity Number 1098204, Company Registration Number 04504955, Information Commissioner's Office Registration Reference Z7741334.
We retain and use personal data (information that relates to and identifies people) to help us carry out our role as the local independent champion for people who use health and social care services.
Find out more about our purpose and what we do at www.healthwatchwam.co.uk
We will always make sure that your information is protected and treated securely. Any information that you give will be held in accordance with:
- The Data Protection Act 1998
- As of 25 May 2018, the new data protection legislation introduced under the General Data Protection Regulation (GDPR) and Data Protection Bill.
Information we collect
We collect personal information from visitors to our website through the use of online forms and every time you email us your details. We also collect feedback and views from people about the health and social care services that they access. In addition, we receive information about our own staff and people who apply to work for us, including volunteers.
We are strongly committed to data security and we take reasonable and appropriate steps to protect your personal information from unauthorised access, loss, misuse, alteration or corruption. We have put in place physical, electronic, and managerial procedures to safeguard and secure the information you provide to us. Only authorised employees and contractors under strict controls will have access to your personal information.
Information about people who use our website
Please note that this statement does not cover links within this website to other websites.
When you browse through the information on this website, it does not store or capture your personal information. We do log your IP address (as it is automatically recognised by the web server) but this is only so you can download this website onto your device. We also use Google Analytics, Google Analytics is used by us to monitor the usage of our website. This tracks the number of people who use the site, what pages they visit, their gender and their age band. This information does not identify an individual. Find out more about how Google plans to continue to protect information.
How we will use your personal information
Personal information about you can be used for the following purposes:
- in our day-to-day work
- to send you our newsletter or bulletin where you have requested it
- to respond to any queries, you may have
- to improve the quality and safety of care
This may include any personal information that you choose to share with us, but we will treat this as confidential and protect it accordingly. We will never include personal information in survey reports that could identify you.
Information about people who share their experiences with us by other means
There are a number of ways that we collect feedback from people about their experiences of using health and social care services day to day.
Our staff and volunteers will visit different health and social care settings as part of their role to evaluate how services are being delivered. We also receive phone calls and requests for information directly from members of the public as part of our signposting service.
Where personally identifiable information is collected we will ensure that we have your consent to keep it and we will be clear on how we intend to use your information. We will aim to anonymise information where we can but there may be instances where this is not possible in order to make change happen on your behalf.
There may be exceptional circumstances where we can and will keep the data without consent but we must have a lawful basis for doing so, such as for safeguarding purposes. We ensure that where consent is required it will be freely given, used only for agreed specific and unambiguous purposes and that you are well informed about how the information will be kept. This includes where it will be stored, details on security and for how long it will be kept. We will comply with current data protection legislation at all times. Personal information may be collected with your consent through:
- Our signposting and advice service
- When we receive feedback by phone, outreach work or through surveys
- Enter and View activity
- Personal data received from other sources
On occasion we will receive information from the families, friends and carers of people who access health and social care services. We use this data to inform providers and commissioners to help them deliver services that work for you. Where it is practically possible, we will make sure that we have your consent to use information that is about you.
We will only process your personal data where there is a lawful basis to do so under current data protection legislation.
In most circumstances we anonymise our data to ensure that a person cannot be identified, unless this has been otherwise agreed and consent has been given. For example, this could be a case study directly related to an individual.
Sharing your data with Healthwatch England
Healthwatch England is a committee of the Care Quality Commission (CQC) but acts independently.
We are required to share information with Healthwatch England to ensure that your views are considered at a national level. This enables them to analyse service provision across the country and supply the Department of Health and national commissioners with the information you provide.
The information we provide to Healthwatch England contains no personally identifiable data. Any information that is used for national publications is anonymised and will only be used with the consent of a local Healthwatch.
Our data systems
We use a central electronic system to record and store your personal information; this is only accessible to people who work for us and only if they have a legitimate reason to have access to it. Once the collection form, be it via our website or a paper based form has been processed, it will be scanned and stored within this system and any other electronic or paper based copies will be destroyed. We also use mailchimp to send mass mails, we only store email address' here for the purpose of sending emails, Mailchimps policy.
Information about our own staff and people applying to work with us
We need to process personal data about our own staff and volunteers (and people applying to work/volunteer for us) so that we can carry out our role and meet our legal and contractual responsibilities as an employer. The personal data that we process includes information about racial or ethnic origin, religion, disability, gender and sexuality. We use this information to check we are promoting and ensuring diversity in our workforce and to make sure we are complying with equalities legislation. Our employees decide whether or not to share this monitoring data with us, and can choose to withdraw their consent for this at any time. Employees who wish to withdraw their consent for us to process this data can let us know. Other personal data that we are required to process includes information on qualifications and experience, pay and performance, contact details and bank details. We check that people who work for us are fit and suitable for their roles. This includes asking people to undertake Enhanced Disclosure and Barring Service (DBS) checks.
People joining Healthwatch Windsor, Ascot and Maidenhead will be asked if they have any declarations of interests and to identify any services with which they have close links (for example, because they have previously worked there or because the service is run by a close relative) or any other issues which could cause a perceived conflict of interest.
We also publish some information about our staff and volunteers, including the names and work contact details of people in some roles.
How we share information with other organisations
We only share personal information with other organisations where it is lawful to do so. Information is shared in order to fulfil our remit which is to pass on people's experiences of care to help improve them.
We work with Healthwatch England, the Care Quality Commission (CQC), local Commissioners, Providers, the Local Authority and others to make this happen.
We will only disclose your personal information where we have your consent to do so, or where there is another very good reason to make the disclosure – for example, we may disclose information to CQC or a local authority where we think it is necessary to do so in order to protect a vulnerable person from abuse or harm. Any such disclosure will be made in accordance with the requirements of the current data protection legislation and where possible we will always seek to obtain your consent to do this.
Wherever possible, we will ensure that any information that we share or disclose is anonymised, so as to ensure that you cannot be identified from it.
If we use other organisations to process personal data on our behalf
Where we do this, those companies are required to follow the same rules and information security requirements as us and they are not permitted to use or reuse the data for any other purposes.
At the end of our contract only the contact information you provided us will be made available to our successor via the local authority.
Retention and disposal of personal data
We publish a retention and disposal schedule which explains how long we keep different types of records and documents for, including records and documents containing personal data. Personal data is deleted or securely destroyed at the end of its retention period.
You have the right to access information about you If you think we may hold personal data relating to you and want to see it; please write to firstname.lastname@example.org
Correcting or deleting your personal data
If you know that we are holding your personal data and believe that it may be wrong, or if you want it to be deleted or for us to stop using it, you have a right to request that it be deleted or amended. Please write to email@example.com or send it by post to: Healthwatch Windsor, Ascot and Maidenhead, 20-21 Market Street, Bracknell, Berkshire, RG12 1JG.
Complaints about how we look after or use your information
If you feel that we have not met our responsibilities under data protection legislation, you have a right to request an independent assessment from the Information Commissioner's Office (ICO). You can find details on their website.
Our contact details and key roles
Healthwatch Windsor, Ascot and Maidenhead is the data controller for all of the personal data that you provide us with.
Healthwatch Windsor, Ascot and Maidenhead has designated Chris Taylor, firstname.lastname@example.org Data Protection Officer under Article 37 of the GDPR.