Healthwatch Devon Privacy Statement
Healthwatch Devon is the independent champion for people using local health and social care services. We listen to what people like about services and what could be improved. We share their views with those with the power to make change happen. People can also speak to us to find information about health and social care services available locally.
We have the power to make sure that people’s voices are heard by the government and those running services. As well as seeking the public’s views ourselves, we also encourage services to involve people in decisions that affect them. Our sole purpose is to help make care better for people.
Our Relationship with Healthwatch England
We are required to share information with Healthwatch England to ensure that your views are considered at a national level. This enables them to analyse service provision across the country and supply the Department of Health and national commissioners with the information you provide.
The information we provide to Healthwatch England contains no personally identifiable data. Any information that is used for national publications is anonymised and will only be used with the consent of a local Healthwatch.
This Privacy Statement
This Privacy Statement sets out the data processing practices carried out by Healthwatch Devon. We retain and use personal data (information that relates to and identifies living people) to help us carry out our role as the local independent champion for people who use health and social care services.
We will always make sure that your information is protected and treated securely. Any information that you give will be held in accordance with:
- Data Protection Act 2018
- As of 25 May 2018, the new data protection legislation introduced under the General Data Protection Regulation (GDPR) and Data Protection Bill.
Information we collect
We collect personal information from visitors to this website using online forms and every time you email us your details. We also collect feedback and views from people about the health and social care services that they access. In addition, we receive information about our own staff and people who apply to work for us. See below for more information about:
- People who use our website: This is personal data in order to help us get in contact with the person, such as name and email address. These contacts can be kept anonymously by using a case number. Often these contacts are from someone asking us for help or information about services. We will record a short summary of the request, so that we can respond to them properly. We may also collect the area they are from. This is so that we can monitor where we are getting contacts from. We will record what services we signposted to, so that we can monitor how we are doing in responding to requests.
- People who share their experiences with us by other means: This includes information we collect on “enter and view” visits to services. We collect this because we were set up by the government to do this. We will use this information to understand to improve the quality and safety of health and social care services by sharing the information with our partners. When we share this information, we make it anonymous (in a form that no one can recognise the individual), or we will get the clear consent of the person to share that specific information.
- Information collected during research projects: The information we collate when conducting research may vary for a number of reasons that might include the type of research conducted or the subject matter. We might ask for your name and contact details (in case we need to get in touch about your participation in the research), anonymised demographical information (e.g. your age, gender and ethnicity) and other details if relevant. Healthwatch Devon will only collate information that is relevant to the research and we will never publish your name, or other information about you, without your explicit and informed consent (e.g. case studies). You will have the right to withdraw your consent at any time. Any personal data will be erased once the research project is complete.
- On occasion we will receive information from the families, friends and carers of people who access health and social care services: This can inform providers and commissioners to help them deliver services that work for local people. Where it is practically possible, we will make sure that we have the consent of the person who received the care.
- We sometimes receive information about someone who is at risk of harm: In these cases, we are required by law to share this information with a statutory service that will keep that person safe, in accordance with Healthwatch Devon’s safekeeping procedures.
- Children’s Privacy: Healthwatch Devon will not knowingly process the personal information of people under the age of 16 without the consent of a parent or guardian. We will always make an assessment as to whether sharing or processing such information may put a child or young person at risk. Healthwatch Devon has a safeguarding policy that is applicable to children and young people
- Sign up to Healthwatch Devon’s Publications We use a third-party supplier to provide a service that helps Healthwatch Devon distribute their publications. By subscribing to this service you will be agreeing to them handling your data. The third-party provider handles the data only to provide this service on our behalf. This supplier follows the requirements of the Data Protection Act 2018 in how they obtain, handle and process your information and will not make your data available to anyone other than Healthwatch Devon.
How we will use your personal information
Personal information about you can be used for the following purposes:
- in our day-to-day work;
- to send you our newsletter where you have requested it;
- to respond to any queries you may have;
- to improve the quality and safety of care.
This may include any personal information that you choose to share with us, but we will treat this as confidential and protect it accordingly.We will never include your personal information in survey reports.
Information about our own staff and people applying to work with us
- We need to process personal data about our own staff (and people applying to work for us) so that we can carry out our role and meet our legal and contractual responsibilities as an employer.
- The personal data that we process includes information about racial or ethnic origin, religion, disability, gender and sexuality. We use this information to check we are promoting and ensuring diversity in our workforce and to make sure we are complying with equalities legislation.
- Our employees decide whether or not to share this monitoring data with us, and can choose to withdraw their consent for this at any time. Employees who wish to withdraw their consent for us to process this data can let us know.
- Other personal data that we are required to process includes information on qualifications and experience, pay and performance, contact details and bank details.
- We check that people who work for us are fit and suitable for their roles. This may include asking people to undertake Disclosure and Barring Service (DBS) checks.
- We have a legal obligation to comply with the Freedom of Information Act 2000 and this may include the requirement to disclose some information about our employees – especially those in senior or public facing roles. We also publish some information about our staff, including the names and work contact details of people in some roles.
- We are strongly committed to data security and we take reasonable and appropriate steps to protect your personal information from unauthorised access, loss, misuse, alteration or corruption.
- We have put in place physical, electronic, and managerial procedures to safeguard and secure the information you provide to us.
- Only authorised employees, volunteers and contractors under strict controls will have access to your personal information.
Retention and disposal of personal data
We publish a retention and disposal schedule which explains how long we keep different types of records and documents for, including records and documents containing personal data. Personal data is deleted or securely destroyed at the end of its retention period.
How we share information with other organisations
We only share personal information with other organisations where it is lawful to so and in accordance with our Information Governance Policy. Information is shared in order to fulfil our remit which is to pass on your experiences of care to help improve them on your behalf.
We work with Healthwatch England, the Care Quality Commission (CQC), local commissioners, NHS Improvement, our local authorities and other organisations involved in health and social care to make this happen. We can also engage external suppliers to process personal information on our behalf.
Click on the links below to find out more about the:
- Care Quality Commission CQC
- NHS England
- NHS Improvement
- South Devon & Torbay CCG
- NEW Devon CCG
- Devon County Council
- Healthcare Safety Investigation Branch
We will only disclose your personal information where we have your consent to do so, or where there is another very good reason to make the disclosure – for example, we may disclose information to the CQC (click here to find out more about the CQC) or a local authority where we think it is necessary to do so in order to protect a vulnerable person from abuse or harm. Any such disclosure will be made in accordance with the requirements of the current data protection legislation.
Wherever possible, we will ensure that any information that we share or disclose is anonymised, to ensure that you cannot be identified from it.
We sometimes use other organisations to process personal data on our behalf. Where we do this, those companies are required to follow the same rules and information security requirements as us, outlined in a Data Processing Contract. They are not permitted to use reuse the data for other purposes.
We use a third-party supplier called MailChimp to provide our newsletter service. By signing up to receive our newsletter, you will be agreeing to them handling your data. You can unsubscribe from our mailings (electronic or hard copy) at any time. Simply hit “unsubscribe” at the bottom of the email, contact us by telephone (0800 500 0640) or email (firstname.lastname@example.org). We may use technologies to collect information regarding interaction with email messages, such as whether you have opened, clicked on, or forwarded our electronic messages. This information is gathered from all addressees.
Business Transfer, Sale or Bankruptcy
We are not responsible for the actions of third parties with whom you share personal or sensitive data, and we have no authority to manage or control third-party solicitations. If you no longer wish to receive correspondence, emails or other communications from third parties, you are responsible for contacting the third party directly.
In the event of a business transfer, Healthwatch Devon will provide notice of the changes and the opportunity to opt out if applicable.
In most circumstances, we will make every effort to anonymise our data to ensure that a person cannot be identified, unless this has been otherwise agreed and consent has been given.
Data Protection beyond our remit
This statement does not cover links within this website to other websites. Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.
Our Data Systems
Healthwatch England provides a secure digital system (Customer Relationship Management (CRM) database) for Healthwatch Devon to manage their data.
Information about people who contact our Information and Signposting Service is recorded on this system, to allow us to contact people to offer them information about services that can help them (see how we can help here).
It is possible to remain anonymous on our systems through use of a case number. By sharing your email address with us, we will not add you to our mailing list or contact you for any other purpose than where there is a legitimate interest to share information about local and national sources of support appropriate to your needs (related to your signposting request). Your telephone number will be used only in connection with your particular query and not for any other purpose. We might contact you with further suggestions or to clarify details about why you are contacting our service.
In relation to your privacy you have these rights:
- You have the right to be told how we are dealing with your data
- You have the right to have access to your data and to be told how it is being used in detail
- You have the right to challenge the accuracy of the data and ask to have it corrected
- You have the right to ask us to have your data deleted
- You have the right to limit or restrict how the data is used
- You have the right to have the data given to you in an accessible way
- You have the right to object to how your data is being used
- You have the right to have decisions about your data made by humans, not computers
- You have the right to ask for information from public bodies
- You have the right to raise a concern about how organisations use your data
Your right to access information about you
If you think we may hold personal data relating to you and want to see it please write to email@example.com
Correcting or deleting your personal data
If you know that we are holding your personal data and believe that it may be wrong, or if you want it to be deleted or for us to stop using it, you have a right to request that it can be deleted or amended.
Please make your objection in writing to firstname.lastname@example.org
Or send it by post to: First Floor, 3 & 4 Cranmere Court, Lustleigh Close, Matford Business Park, Exeter, EX2 8PW
Complaints about how we look after or use your information
If you feel that we have not met our responsibilities under data protection legislation, you have a right to request an independent assessment from the Information Commissioner’s Office (ICO). You can find details Click here to be directed to it.
Our contact details and key roles
Healthwatch Devon is data controller for all of the personal data that you provide us with. Any issues relating to the processing of personal data by or on behalf of Healthwatch Devon may be addressed to:
Postal: First Floor, 3 & 4 Cranmere Court, Lustleigh Close, Matford Business Park, Exeter, EX2 8PW
Telephone: 0800 520 0640
Healthwatch Devon has appointed Kevin Atkins as the Data Protection Officer under Article 37 of the GDPR. Contact Kevin.Atkins@healthwatchdevon.co.uk