Privacy Policy | Healthwatch Sefton Feedback Centre

This Privacy Policy sets out the data processing practices carried out by all Healthwatch Sefton activities, this includes this Healthwatch website.

If you have any requests concerning your personal information or any queries with regard to these practices, please contact us

Who we are

Healthwatch was established under the Health and Social Care Act 2012 to understand the needs, experiences and concerns of people who use health and social care services and to speak out on their behalf.

Healthwatch Sefton is the local independent health and social care champion. If you use GP’s and hospitals, dentists, pharmacies, care homes or other support services, we are here to listen to your experiences. We have the power to make sure NHS leaders and other decision makers listen to your feedback and improve standards of care. We also help people to find reliable and trustworthy information and advice.

Healthwatch England is the national body and has a statutory committee which is part of the independent regulator the Care Quality Commission (CQC). There main statutory functions are to provide leadership, guidance, support and advice to local Healthwatch organisations (which includes us), escalate concerns about health and social care services which have been raised by local Healthwatch to CQC. CQC are required to respond to advice from the Healthwatch England Committee. Provide advice to the Secretary of State for Health and Social Care, NHS England and English local authorities, especially where we are of the view that the quality of services provided are not adequate. Bodies to whom advice is given are required to respond in writing. The Secretary of State for Health and Social Care is also required to consult Healthwatch England on the NHS mandate, which sets the objectives for the NHS.

This privacy statement/ notice covers all Healthwatch Sefton activities including this website. This statement does not cover links within this website to other websites.

Information we Collect

We collect personal information from visitors to this website through the use of online forms and every time you email us your details.

When you simply browse through the information on this website, it does not store or capture your personal information. We do log your IP address (as it is automatically recognised by the web server) but this is so you can download this website onto your device rather than for any tracking purpose.

We will only collect personal information volunteered by you, such as:

feedback from surveys and online forms
email address
your preferred means of communication.

General Data Protection Regulations

At Healthwatch Sefton, the protection of your personal data is very important to us. We adhere to the General Data Protection Regulation (GDPR), which took effect on May 25, 2018.

What is GDPR?

In 2016, the European Union (EU) approved a new privacy regulation called the General Data Protection Regulation commonly known as the GDPR. It’s a mandatory ruling that applies to all companies that collect the data and information of EU individuals and meet certain territorial requirements. The GDPR is designed to strengthen the security and protection of personal data in the EU, as well as provide businesses with a structured framework on how to collect, process, use, and share personal data. Under the GDPR, the concept of “personal data” is very broad, and covers almost any information relating to a specific individual.

When are these regulations starting to be enforced?

All companies collecting or processing the personal data of EU individuals must be GDPR compliant by May 25, 2018.

Is Healthwatch Sefton compliant with GDPR?

Yes. We are compliant to the extent required and will continue to comply on an on-going basis. At Healthwatch Knowsley, we store our data collected online with Amazon Web Services (AWS), which is based in the EU via our data processor White Bear Digital Ltd (formerly EKKO). White Bear Digital Ltd and AWS also comply with the GDPR.

How did Healthwatch Sefton prepare for GDPR compliance?

We welcomed the arrival of GDPR and view the regulations as raising the bar for data protection, security, and compliance. We have closely analysed the requirements of the GDPR and made enhancements to our site, databases and internal documentation. We approached this process with our staff and suppliers, to implement the necessary procedures and practices.

Where can I learn more about GDPR?

Additional information is available from the Information Commissioners Office: https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/

Who should I contact? If you have any additional questions about the GDPR you are welcome to contact us at Healthwatch Sefton by email info@healthwatchsefton.co.uk or telephone 0800 206 1304

Cookies

Please be aware that some systems on our website require the use of cookies, but we will always state if this is the case. We will never collect and store information about you without your permission.

Follow this link to find out more about our national body’s cookie policy http://www.healthwatch.co.uk/cookies

We will always take necessary steps to ensure that your information is protected and treated securely. Any details you give us will be held in accordance with the Data Protection Act 1998 and our data protection policy (part of our overall Information Governance Policy) and code of practice on confidential and personal information.

Purposes for which we use the Information Collected

Personal information about you will be used for the following purposes:

in our day-to-day work;
to send you our newsletter where you have requested it;
to send out emails or newsletters which you have requested
to respond to any queries you may have
to improve the quality and safety of care

This may include any personal information that you choose to share with us, but we will treat this as confidential and protect it accordingly.

We will never include your personal information in survey reports.

Signing up to our Newsletter

We use our database software to provide our newsletter service. By subscribing to this service, you will be agreeing to us handling your data.

Healthwatch Sefton follow the requirements of the General Data Protection Regulations (GDPR) in how we obtain, handle and process your information and will not make your data available to any other party.

Information about people who share their experiences with us by other means

There are a number of ways that we collect feedback from people about their experiences of using health and social care services day to day. Our staff will visit different health and social care settings as part of their role to evaluate how services are being delivered. We also receive phone calls and requests for information directly from members of the public as part of our signposting service.

Where personally identifiable information is collected we will ensure that we have your consent to keep it and we will be clear on how we intend to use your information. We will aim to anonymise information where we can but there may be instances where this is not possible in order to make change happen on your behalf. There may be exceptional circumstances where we can and will keep the data without consent but we must have a lawful basis for doing so, such as for safeguarding purposes.

We ensure that where consent is required it will be freely given, used only for agreed specific and unambiguous purposes and that you are well informed about how the information will be kept. This includes where it will be stored, details on security and for how long it will be kept. We will comply with current data protection legislation at all times.

Personal information may be collected with your consent through:

Our signposting and advice service
- When we receive feedback by phone, outreach work or through surveys
- Enter and View activity

Personal data received from other sources

On occasion we will receive information from the families, friends and carers of people who access health and social care services. We use this data to inform providers and commissioners to help them deliver services that work for you.

Where it is practically possible, we will make sure that we have your consent to use information that is about you. We will only process your personal data where there is a lawful basis to do so under current data protection legislation.

Publishing information

In most circumstances we anonymise our data to ensure that a person cannot be identified unless this has been otherwise agreed and consent has been given.

Sharing your data with Healthwatch England

We are required to share information with Healthwatch England to ensure that your views are considered at a national level. This enables them to analyse service provision across the country and supply the Department of Health and national commissioners with the information you provide.

Find out more about Healthwatch England’s purpose and what they do.

The information we provide to Healthwatch England contains no personally identifiable data. Any information that is used for national publications is anonymised and will only be used with the consent of a local Healthwatch.

Our data systems

Healthwatch Sefton uses a secure digital system to manage data. A Data Processing Agreement is in place to ensure that this is held securely and according to current data protection legislation.

Information about our own staff and people applying to work with us

We need to process personal data about our own staff (and people applying to work for us) so that we can carry out our role and meet our legal and contractual responsibilities as an employer.

The personal data that we process includes information about racial or ethnic origin, religion, disability, gender and sexuality. We use this information to check we are promoting and ensuring diversity in our workforce and to make sure we are complying with equalities legislation.

Our employees decide whether or not to share this monitoring data with us and can choose to withdraw their consent for this at any time. Employees who wish to withdraw their consent for us to process this data can let us know.

Other personal data that we are required to process includes information on qualifications and experience, pay and performance, contact details and bank details.

We check that people who work for us are fit and suitable for their roles. This may include asking people to undertake Disclosure and Barring Service (DBS) checks.

We have a legal obligation to comply with the Freedom of Information Act 2000 and this may include the requirement to disclose some information about our employees – especially those in senior or public facing roles. We also publish some information about our staff, including the names and work contact details of people in some roles.

How we share information with other organisations

We only share personal information with other organisations where it is lawful to so and in accordance with our Information Governance Policy. Information is shared in order to fulfil our remit which is to pass on your experiences of care to help improve them on your behalf.

We work with Healthwatch England, the Care Quality Commission (CQC), local commissioners, NHS Improvement and our local authority to make this happen. We can also engage external suppliers to process personal information on our behalf.

We will only disclose your personal information where we have your consent to do so, or where there is another very good reason to make the disclosure – for example, we may disclose information to CQC or a local authority where we think it is necessary to do so in order to protect a vulnerable person from abuse or harm. Any such disclosure will be made in accordance with the requirements of the current data protection legislation.

Wherever possible, we will ensure that any information that we share or disclose is anonymised, so as to ensure that you cannot be identified from it.

We sometimes use other organisations to process personal data on our behalf. Where we do this, those companies are required to follow the same rules and information security requirements as us, outlined in a Data Processing Contract. They are not permitted to use reuse the data for other purposes.

Retention and disposal of personal data

We publish a retention and disposal schedule within our Information Asset Register which explains how long we keep different types of records and documents for, including records and documents containing personal data. Personal data is deleted or securely destroyed at the end of its retention period.

Your rights

Your right to access information about you

If you think we may hold personal data relating to you and want to see it please write to us. You also have the right to ask for a copy of all records we hold about you via a Subject Access Request (SAR). Your request must be made in writing and you will need to give adequate information (for example full name, date of birth, etc.). We will generally provide this information free of charge and are required to respond to you within one month. You will be required to provide identification before any information is released to you.

Correcting or deleting your personal data

You have the right to rectify your information; if you think anything in your record is inaccurate, please get in touch with us. You have the right to restrict how we process your information and you can also request that we remove your information altogether.

You have the right to be informed, Healthwatch Sefton will tell you what data of yours is being collected, how it’s being used, how long it will be kept and whether it will be shared with any third parties as outlined in this privacy notice.

You have the right of portability, you can request that Healthwatch Sefton transfer any data this it holds on you to another company.

You have the right to object, you may challenge certain types of processing, such as direct marketing.

Who should I contact if I have a query?

Please make your objection in writing to info@healthwatchsefton.co.uk

Or send it by post to: Healthwatch Sefton. Sefton Council for Voluntary Service. 3rd Floor, Suite 3B, North Wing, Burlington House, Crosby Road North, Waterloo, L22 0LG

Complaints about how we look after or use your information

Data Protection is regulated in the UK by the Information Commissioners Office (ICO). You have the right to lodge a complaint with the ICO if you are unhappy with the way Healthwatch Sefton has treated your information.

The Information Commissioner, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF. You can find details at www.ico.org.uk.

Our contact details and key roles

Sefton Council for Voluntary Service is data controller for all of the personal data that you provide us with. Any issues relating to the processing of personal data by or on behalf of Healthwatch Sefton may be addressed to:

Address: Healthwatch Sefton. Sefton Council for Voluntary Service. 3rd Floor, Suite 3B, North Wing, Burlington House, Crosby Road North, Waterloo, L22 0LG

Telephone: 0800 206 1304
Email: info@healthwatchsefton.co.uk