Updated April 2021.
This Privacy Statement sets out the data processing practices carried out by Healthwatch Rochdale. It details how we retain and use personal data (information that relates to and identifies living people) to help us carry out our role as the local independent champion for people who use health and social care services.
We will always make sure that your information is protected and treated securely. Any information that you give will be held in accordance with the Data Protection Act 2018, the UK General Data Protection Regulations (UK GDPR) and all other relevant legislation.
Our Contact Details
104-106 Drake St
Telephone: 01706 249 575
Our ICO Registration is ZA181394. We renew this registration annually or as required by the ICO.
Information we collect
We collect and process the following information:
- Personal details, contact details and preferences, family details, date of birth.
- Images captured at our events.
- Details of any support received.
- Records of discussions with members of staff.
- Location Data, Email Address, Cookies arising from use of our website.
- Files, messages, documents that our staff produce.
- Records of staff use of our IT systems.
- Character Traits, Educational/Biographical Information, Welfare, NI Number, Tax Information, Disclosure and Barring Service checks, declarations of interests and Photographs (for staff including trustees).
We process the following special categories of data:
- Racial/Ethnicity, Sexual Orientation, Health, Criminal records (if disclosed to us).
- Staff Sickness.
How we get your personal information and why we have it
Most of the personal information that we process is provided to us directly by you for one of the following reasons:
- You have visited our website.
- You have used an online form or emailed us.
- You have shared your experiences with us (telephone, email, face to face).
- You have attended one of our events.
- You are a member of our staff or applied to work for us
We also receive personal information indirectly from the following sources:
- A Family Member.
- Healthwatch England.
- Health and social care practitioners.
- Our IT and HR providers.
There are a number of ways that we collect feedback from people about their experiences of using health and social care services day to day. Our staff will visit different health and social care settings as part of their role to evaluate how services are being delivered. We also receive phone calls and requests for information directly from members of the public as part of our signposting service. Where personally identifiable information is collected we will be clear on how we intend to use your information and where appropriate, we will get your consent before we publish or share your personal data. We will aim to anonymise information where we can but there may be instances where this is not possible in order to make change happen on your behalf. We ensure that where consent is required it will be freely given, used only for agreed specific and unambiguous purposes and that you are well informed about how the information will be kept. This includes where it will be stored, details on security and for how long it will be kept. We will comply with current data protection legislation at all times.
Our Lawful Basis
Under the UK General Data Protection Regulation(UK GDPR), the lawful bases we rely on for processing this information are:
- We have your consent. You are able to withdraw your consent at any time by contacting email@example.com or calling 01706 249 575.
- We have a contractual obligation.
- We have a legal obligation.
- We have a vital interest.
- We have a legitimate interest.
Personal information may be collected with your consent through:
- Our signposting and advice service.
- When we receive feedback by phone, outreach work or through surveys.
- Enter and View activity.
How we store your information
Healthwatch England provides a secure digital system on which we manage their data. We store data in both paper and electronic form. We are strongly committed to data security and we take reasonable and appropriate steps to protect your personal information from unauthorised access, loss, misuse, alteration or corruption. We have put in place physical, electronic, and managerial procedures to safeguard and secure the information you provide to us. Only authorised employees and contractors under strict controls have access to your personal information on our IT systems and to physical copies of personal data that we hold. You can read our Information Governance Policy on our website www.healthwatchrochdale.org.uk.
We use several online systems for facilities such as mailouts and survey hosting. We undertake to ensure the security of their systems meet GDPR requirements and that the information we allow them to hold is relevant and not in excess of that needed for the function involved. Our Information Asset Register is available online.
We keep personal data that you give us while we are dealing with your case. We have a retention and disposal schedule which explains how long we keep different types of records and documents for, including records and documents containing personal data. You can ask to view our retention and disposal schedule at any time by contacting firstname.lastname@example.org.
Personal data is deleted or securely destroyed at the end of its retention period.
Sharing your information
We may share your information within our team, with Healthwatch England or other Health and Social Care practitioners, our IT and HR providers and our consultants (Atlantic Data, Action Together).
We work with Rochdale Council, Healthwatch England, the Care Quality Commission (CQC), local commissioners, NHS Improvement and our local authority and can also engage external suppliers to process personal information on our behalf. Wherever possible, we ensure that any information that we share or disclose is anonymised, so as to ensure that you cannot be identified from it.
We are strongly committed to data security and we take reasonable and appropriate steps to protect your personal information from unauthorised access, loss, misuse, alteration or corruption. We have appropriate physical, electronic, and managerial procedures in place to safeguard and secure the information you provide to us. Only authorised employees and contractors under strict controls will have access to your personal information on our IT systems and to physical copies of personal data that we hold. Where appropriate we ensure that a Data Processing Agreement is in place so that companies are required to follow the same rules and information security requirements as us. They are not permitted to use the data for other purposes.
We sometimes work on joint initiatives with other organisations (for example other local Healthwatch organisations who are covered by the same health or care provider). This is so that we can get a better understanding of how local services can improve. Any joint working with other organisations will be covered by clear data sharing agreements which will state which organisation’s policies and procedures apply to the data processed in the joint working. If you are asked to be involved in of these joint projects we will make this clear to you at the time and ensure that you are aware of how you can access all the relevant notices and policies.
In most circumstances we anonymise our data to ensure that a person cannot be identified. This forms part of our analysis and report writing processes. We may very rarely feel that your specific experience is a good illustration of a point we are trying to make in our reports and in these circumstances we may ask you for consent to include it in our publication. We will not share the information unless this has been otherwise agreed and consent has been given.
Sharing your data with Healthwatch England
We are required to share information with Healthwatch England to ensure that your views are considered at a national level. The information we share contains no personally identifiable data. This enables them to analyse service provision across the country and supply the Department of Health and national commissioners with the information you provide. Any information that is used for national publications is anonymised and will only be used with the consent of a local Healthwatch. You can use this link to find out more about Healthwatch England’s purpose and what they do (https://www.healthwatch.co.uk/what-we-do).
Under data protection law, you have the following rights:
- Your right of access - You have the right to ask us for copies of your personal information.
- Your right to rectification - You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
- Your right to erasure - You have the right to ask us to erase your personal information in certain circumstances.
- Your right to restriction of processing - You have the right to ask us to restrict the processing of your personal information in certain circumstances.
- Your right to object to processing - You have the right to object to the processing of your personal information in certain circumstances.
- Your right to data portability - You have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances.
You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you.
Freedom of Information Act
We have a legal obligation to comply with the Freedom of Information Act 2000 and this may include the requirement to disclose some information about our employees – especially those in senior or public facing roles. We also publish some information about our staff, including the names, photographs and work contact details of people in some roles.
If you want to exercise any of your rights please contact us at:
104-106 Drake St
Telephone: 01706 249 575
How to complain
If you have any concerns about our use of your personal information, you can make a complaint to us please contact Kate Jones.
104-106 Drake St
You can also complain to the ICO if you are unhappy with how we have used your data.
Information Commissioner’s Office
Helpline number: 0303 123 1113
ICO website: https://www.ico.org.uk