Table of Contents Page
Document details and review
Organisation Healthwatch Newcastle
Date reviewed March 2023
Next review March 2024
This policy will be reviewed annually or whenever regulations or guidance are updated.
Healthwatch Newcastle, is committed to protecting the privacy and security of your personal information. Healthwatch Newcastle is the “controller”. This means that we are responsible for deciding how we hold and use personal information about you. We are required under data protection legislation to notify you of the information contained in this privacy notice. It is important that you read and retain this notice so that you are aware of how and why we are using such information and what your rights are under the data protection legislation. We will always make sure that your information is protected and treated securely. Any information that you give us will be held in accordance with:
- Data Protection Act 2018
- General Data Protection Regulation (GDPR)
In order to help us fulfil our legal obligations under the Data Protection Act and GDPR, we have a Data Protection Policy. If you wish to see a copy, please contact us.
Tel: 0191 3385721
We will only keep your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. We publish a retention policy and retention and disposal schedule which explains how long we keep different types of records and documents, including records and documents containing personal data. Personal data is deleted or securely destroyed at the end of its retention period. In some circumstances, we may anonymise your personal information so that it can no longer be associated with you, in which case we may use such information without further notice to you. If you wish to see a copy of our retention policy or retention schedule please contact us at the contact details above.
It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes.
You have the right to:
- Request access to your personal information. You have a right to receive a copy of the personal information we hold about you and to check that we are lawfully processing it. This is known as a ‘Subject Access Request’ (SAR) where possible we will provide the information in your requested format, and we can forward it to a person or organisation of your choice.
- Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
- Request the erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us to continue to use and process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing.
- Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.
- Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you.
- Request the transfer of personal information to another party.
- Request an independent assessment. If you feel that we have not met our responsibilities under data protection legislation, you have the right to request an independent assessment from the Information Commissioners Office. You can find details on their website www.ico.org.uk.
If you want to review any of the personal data we hold about you and would like to exercise your rights, please contact our Data Protection Officer in writing by emailing: firstname.lastname@example.org or writing to Healthwatch Newcastle, MEA House, Ellison Place, Newcastle-Upon-Tyne NE1 8XS. You will not have to pay a fee to access your personal information (or to exercise any of your rights). However, we may charge a reasonable fee if your access request is clearly unfounded or excessive. Alternatively, we may refuse to comply with the requests in such circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.
Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data). Certain types of more sensitive data require a higher level of protection, such as information about a person’s health or criminal convictions. We collect personal information from visitors to our website through the use of online forms and every time you email us your details. We also collect feedback and views from people about the Health and Social care services that they access. In addition, we receive information about our Staff, Associates, Volunteers, Committee Members and Directors, and people who apply to work with us.
We will only use your personal information when the law allows us to. Most commonly, we will use your information in the following circumstances:
- In our day-to-day work
- To send you, our newsletter. In signing up for our newsletter, you have given consent for us to send you it, we use a third-party supplier to distribute our newsletter service and by subscribing to this service you are agreeing to them handling your personal information. The third-party supplier handles your personal information purely to fulfil the service on our behalf and follows the requirements of the data protection Act 2018, in how they obtain, handle, and process your information and will not make your personal information available to anyone other than us.
- To respond to surveys, feedback, and queries. All personal information that you share with us in surveys and feedback is treated as confidential and is protected accordingly. We will never include your personal information in survey reports.
- To improve the quality and safety of care. There are a number of ways that we collect feedback from people about their experiences of using health and social care services. Our staff will visit different community health and social care settings as part of their role to evaluate how services are being delivered. We also receive phone calls and requests for information directly from members of the public as part of our signposting service. Where personally identifiable information is collected, we will ensure that we have your consent to keep it and we will be clear on how we intend to use your information. We will aim to anonymise this information where we can but there may be instances where this is not possible in order to make change happen on your behalf.
- Where we need to perform the contract. We collect personal information about Employees, Directors, Committee Members, Associates, and Volunteers through application and recruitment processes, either directly from candidates or agencies or a background check provider. We may sometimes collect additional information from third parties including former employers, credit reference agencies, and other background check agencies. We will collect additional personal information in the course of job-related activities throughout the period you are working for us. In general, we will not process sensitive personal information about you unless it is necessary for performing or exercising obligations or rights in connection with employment. We may only use information relating to criminal convictions where the law allows us to do so. This will usually be where such processing is necessary to carry out our obligations and provided, we do so in line with our data protection policy. We do not hold information about criminal convictions, other than for relevant motoring offences. We require information about relevant motoring offences to comply with our contractual obligations to insurers.
- Where we need to comply with a legal obligation or to protect your or someone else’s interests. There may be exceptional circumstances where we can and will keep the data without consent but we must have a lawful basis for doing so, such as for safeguarding purposes.
- Where it is necessary for legitimate interests pursued by us or a third party and your interests and fundamental rights do not override those interests
- Where it is needed in the public interest or for official purposes.
On occasion, we will receive information from the families, friends, and carers of people who access Health and Social Care Services. We use this data to inform providers and commissioners to help them deliver services that work for you. Where it is practically possible, we will make sure that we have your consent to use information that is about you. We will only process your personal data where there is a lawful basis to do so under current data protection legislation.
We need to process personal data about our Staff, Associates, Committee Members, Directors, and Volunteers so that we can carry out our role and meet our legal and contractual responsibilities as an employer. And contractual responsibilities as a provider. The personal data that we process may include sensitive types of personal data such as racial or ethnic origin, religion, disability, gender, and sexual orientation. We use this information to check we are promoting and ensuring diversity in our workforce and to make sure we are complying with equalities legislation. Our employees decide whether to share this monitoring data with us and can choose to withdraw their consent for this at any time. Other personal data that we are required to process includes information on qualifications and experience, pay and performance, contact details, and bank details. We check that people who work for us are fit and suitable for their roles. This may include asking people to undertake Disclosure and Barring Service (DBS) checks. People joining Healthwatch Newcastle will be asked to complete a ‘declaration of interests form to identify any services with which they have close links (for example, because they have previously worked there or because the service is run by a close relative) or any other issues which could cause a perceived conflict of interest. Staff, Directors, and Committee Members are regularly asked to update these forms. We have a legal obligation to comply with the Freedom of Information Act 2000 and this may include the requirement to disclose some information about our employees – especially those in senior or public-facing roles. We also publish some information about our staff, including the names and work contact details of people in some roles.
We are strongly committed to data security, and we take reasonable and appropriate steps to protect your personal information from unauthorised access, loss, misuse, alteration, disclosure, or corruption We have put in place physical, electronic, and managerial procedures to safeguard and secure the information you provide us. Only authorised staff, volunteers, Directors, and contracted specialist organisations under strict controls and on a need-to-know basis will have access to your personal information. They will only process your personal information on our instructions, and they are subject to a duty of confidentiality. We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so, through a data breach reporting procedure.
We only share personal data with other organisations where it is lawful to do so and in accordance with our data protection policy. If you would like to see a copy of our data protection policy, please contact us. Information is shared to fulfil our remit which is to pass on your experience of health and social care to help improve them. We will only disclose your personal data where we have consent to do so, or where there is another very good reason to make the disclosure. We are required to share information with Healthwatch England, the Care Quality Commission (CQC), local commissioners, NHS Foundation Trusts, NHS England and local authorities to ensure your views are considered at a local, regional, and national level. This enables them to analyse service provision across the areas and improve Health and Social Care Services. The information we provide contains no personally identifiable data. Any information that is used for national publications is anonymised and will only be used with our consent. A Data Processing Contract is in place with all third parties to ensure that any data is held securely and according to current data protection legislation. They are not permitted to reuse any data for any other reason or make it available to others.
We ensure that where consent is required it is freely given and used only for agreed specific and unambiguous purposes. We will always comply with current data protection legislation. You have the right to withdraw your consent for that specific processing at any time. To withdraw your consent, please contact the Data Protection Officer, as stated in section 4. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.
When you browse through the information on our website www.healthwatchnewcastle.org.uk, it does not store or capture your personal information. We do log your IP address (as it is automatically recognised by our server) but this is only so you can download our website onto your device.
We reserve the right to update this privacy notice at any time, and we will provide you with a new privacy notice when we make any substantial updates. We may also notify you in other ways from time to time about the processing of your personal information. If you have any questions about this privacy notice, please contact the Data Protection Officer.
Data Protection Officer