This privacy statement sets out the data processing practices carried out by Connected Together Community Interest Company (CIC) and all contracts held by it, including Healthwatch North Northamptonshire and West Northamptonshire and Healthwatch Rutland. Connected CIC is committed to ensuring that your privacy is protected. Should we ask you to provide certain information by which you can be identified when using our websites, then you can be assured that it will only be used in accordance with this privacy statement. We retain and use personal data (information that relates to and identifies living people) to help us carry out our role and the role of Healthwatch as the local independent champion for people who use health and social care services. Find out more about our purpose and what we do – Connected Together CIC, Healthwatch North Northamptonshire and West Northamptonshire. We will always make sure that your information is protected and treated securely. Any information that you give will be held in accordance with:
• Data Protection Act 1998
• As of 25 May 2018, the new data protection legislation introduced under the General Data Protection Regulation (GDPR) and Data Protection Bill.
Read our Data Protection Policy We also make our Information Asset Register available for people to read to give further clarity about how data relating to them is managed and kept secure. This includes our retention schedule and clear details about the lawful basis for storing and keeping personally identifiable information. Read our Information Asset Register. Legal basis for processing personal data for Healthwatch North Northamptonshire and West Northamptonshire and Healthwatch Rutland are statutory services, they exist by law. For the purposes of complying with the Freedom of Information Act 2000 they are classified as a public authority. They process personal data to meet the duties described under Section 221(2) of The Local Government and Public Involvement in Health Act 2007. Healthwatch North Northamptonshire and West Northamptonshire and Healthwatch Rutland rely upon ‘public task’, in addition to direct consent from people, as the legal basis for the collection and processing of data. The Information Commissioners Office describes ‘public task’ as being when “the processing is necessary for you to perform a task in the public interest or for your official functions and the task or the function has a clear basis in law”.
Information we collect
We collect personal information from visitors to our websites using online forms and every time you email us your details. We also collect feedback and views from people about the health and social care services that they access. In addition, we receive information about our own staff and people who apply to work for us.
• Information about people who use our websites
• Information about people who share their experiences with us by other means
• Information about our own staff, volunteers and people applying to work for us
Security We are strongly committed to data security, and we take reasonable and appropriate steps to protect your personal information from unauthorised access, loss, misuse, alteration, or corruption. We have put in place physical, electronic, and managerial procedures to safeguard and secure the information you provide to us. Only authorised employees and contractors under strict controls will have access to your personal information. Information about people who use our websites Please note that this statement does not cover links within our websites to other websites. When you browse through the information on our websites, it does not store or capture your personal information. We do log your IP address (as it is automatically recognised by the web server) but this is only so you can download our websites onto your device rather than for any tracking purpose; it is not used for any other purpose. We will only collect personal information provided by you, such as:
• feedback from surveys and online forms
• email addresses
• preferred means of communication.
We use traffic log cookies to identify which pages are being used. This helps us analyse data about web page traffic and improve our website to tailor it to users’ needs. We only use this information for statistical analysis purposes and then the data is removed from the system.
Overall, cookies help us provide you with a better website, by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.
You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website.
Information about people who share their experiences with us by other means
There are several ways that we collect feedback from people about their experiences of using health and social care services day to day. Our Healthwatch staff will visit different health and social care settings as part of their role to evaluate how services are being delivered. We also receive phone calls and requests for information directly from members of the public as part of our signposting service. Where personally identifiable information is collected, we will ensure that we have your consent to keep it and we will be clear on how we intend to use your information. We will aim to anonymise information where we can but there may be instances where this is not possible to make change happen on your behalf. There may be exceptional circumstances where we can and will keep the data without consent, but we must have a lawful basis for doing so, such as for safeguarding purposes. We ensure that where consent is required it will be freely given, used only for agreed specific and unambiguous purposes and that you are well informed about how the information will be kept. This includes where it will be stored, details on security and for how long it will be kept.
We will always comply with current data protection legislation.
Personal information may be collected with your consent through:
• Our signposting and advice service
• When we receive feedback by phone, outreach work or through surveys
• Enter and View activity Sometimes we carry out surveys online.
A third-party supplier Survey Monkey, handles the data purely to provide this service on our behalf. This supplier follows the requirements of the Data Protection Act 1998 in how they obtain, handle, and process your information and will not make your data available to anyone other than Connected Together CIC and the organisations it is contracted to manage. SurveyMonkey have a certified agreement with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework.
Personal data received from other sources
On occasion we will receive information from the families, friends and carers of people who access health and social care services. We use this data to inform providers and commissioners to help them deliver services that work for you. Where it is practically possible, we will make sure that we have your consent to use information that is about you. We will only process your personal data where there is a lawful basis to do so under current data protection legislation.
How we will use your personal information
Personal information about you can be used for the following purposes:
• in our day-to-day work:
• to send you our newsletter where you have requested it.
• to respond to any queries, you may have.
• to improve the quality and safety of care. This may include any personal information that you choose to share with us, but we will treat this as confidential and protect it accordingly. We will never include your personal information in survey reports
Signing up to our newsletters
We use a third-party supplier (Mailchimp) to provide some of our newsletter services. By subscribing to this service, you will be agreeing to them handling your data. The third-party supplier handles the data purely to provide this service on our behalf. This supplier follows the requirements of the Data Protection Act 1998 in how they obtain, handle, and process your information and will not make your data available to anyone other than Connected Together CIC. MailChimp have a certified agreement with the EU-U.S. Privacy Shield Framework and the Swiss-U.S.
Registering for events
In most circumstances we anonymise our data to ensure that a person cannot be identified unless this has been otherwise agreed and consent has been given.
Sharing your data with Healthwatch England
We are required to share information with Healthwatch England to ensure that your views are considered at a national level. This enables them to analyse service provision across the country and supply the Department of Health and national commissioners with the information you provide. Find out more about Healthwatch England’s purpose and what they do. The information we provide to Healthwatch England contains no personally identifiable data. Any information that is used for national publications is anonymised and will only be used with the consent of a local Healthwatch.
Our Healthwatch data system
Healthwatch England provides a secure digital system for local Healthwatch to manage their data. Other organisations process the data contained within it on behalf of local Healthwatch and a Data Processing Agreement is in place to ensure that this is held securely and according to current data protection legislation. Healthwatch England is a committee of the Care Quality Commission (CQC) but acts independently. These organisations must comply with all legal requirements and do not reuse any data for any other reason or make it available to others.
Information about our own staff, volunteers and people applying to work with us
We need to process personal data about our own staff, volunteers and people applying to work for us so that we can conduct our role and meet our legal and contractual responsibilities as an employer. The personal data that we process includes information about racial or ethnic origin, religion, disability, gender, and sexuality. We use this information to check we are promoting and ensuring diversity in our workforce and to make sure we are complying with equalities legislation. Our employees and volunteers decide whether to share this monitoring data with us and can choose to withdraw their consent for this at any time. Employees and volunteers who wish to withdraw their consent for us to process this data can let us know. Other personal data that we are required to process includes information on qualifications and experience, pay and performance, contact details and bank details. We check that people who work and volunteer for us are fit and suitable for their roles. This may include asking people to undertake Disclosure and Barring Service (DBS) checks. People joining Healthwatch North Northamptonshire and West Northamptonshire will be asked to complete a ‘declaration of interests’ form to identify any services with which they have close links (for example, because they have previously worked there or because the service is run by a close relative) or any other issues which could cause a perceived conflict of interest. We have a legal obligation to comply with the Freedom of Information Act 2000 and this may include the requirement to disclose some information about our employees– especially those in senior or public facing roles. We also publish some information about our staff and board members, including the names and work contact details of people in some roles.
How we share information with other organisations
We only share personal information with other organisations where it is lawful to so and in accordance with our Information Governance Policy. Information is shared to fulfil our remit which is to pass on your experiences of care to help improve them on your behalf. We work with Healthwatch England, the Care Quality Commission (CQC), local commissioners and providers, NHS Improvement/England, and our local authority to make this happen. We can also engage external suppliers to process personal information on our behalf. We will only disclose your personal information where we have your consent to do so, or where there is another very good reason to make the disclosure – for example, we may disclose information to CQC or a local authority where we think it is necessary to do so to protect a vulnerable person from abuse or harm. Any such disclosure will be made in accordance with the requirements of the current data protection legislation. Wherever possible, we will ensure that any information that we share or disclose is anonymised, to ensure that you cannot be identified from it. We sometimes use other organisations to process personal data on our behalf. Where we do this, those companies are required to follow the same rules and information security requirements as us, outlined in a Data Processing Contract. They are not permitted to use reuse the data for other purposes.
Retention and disposal of personal data
We publish a retention and disposal schedule (this link will need updating to new schedule when agreed) which explains how long we keep different types of records and documents for, including records and documents containing personal data. Personal data is deleted or securely destroyed at the end of its retention period.
Your right to access information about you
Correcting or deleting your personal data
If you know that we are holding your personal data and believe that it may be wrong, or if you want it to be deleted or for us to stop using it, you have a right to request that it can be deleted or amended.
Please make your objection in writing to firstname.lastname@example.org
Or send it by post to:
Connected Together CIC
Moulton Park Business Centre
Complaints about how we look after or use your information
Our contact details and key roles
Connected Together is data controller for all of the personal data that you provide us
with. Any issues relating to the processing of personal data by or on behalf of
Connected Together may be addressed to:
Moulton Park Business Centre
Telephone: 0300 002 0010
Our designated external Data Protection Officers are Dean Odell at Healthwatch
Lincolnshire and Helen Henderson-Spoors at Healthwatch Derbyshire. If you would
like to make an objection to someone independent you can write to them at
Unit 12, 1-2 North End,
Suite 14, Riverside Business Centre