This Privacy Statement sets out the data processing practices carried out by Healthwatch Greenwich.
The data controller is Healthwatch Greenwich, a limited company registered in England. Registered address: Gunnery House, 9-11 Gunnery Terrace, Royal Arsenal, London SE18 6SW. Registered number: 9891557
In this document Healthwatch Greenwich may be referred to as “we”, “us”, or “our”.
Find out more about our purpose and what we do: https://healthwatchgreenwich.co.uk/what-we-do
Information we collect in our role as the local independent champion for people who use health and social care services
We collect and process personal data from the following sources:
- Online web forms or surveys
- Paper surveys/forms
- Providing information and signposting to people who contact us for help with health and social care
- Research projects
- Visits to health and social care providers
- Meetings
- Other means of obtaining views from people about the health and social care services they access.
The type of personal information we collect
We currently collect and process the following information:
- Personal identifiers, contacts and characteristics (for example, name and contact details)
- Health conditions, including details of healthcare; ethnicity; sexual orientation and religion
- Other demographic data including age and gender
We automatically collect some technical information from devices and web browsers that you use. This might include your IP (internet protocol) address.
We use the information you share with us in line with our main statutory functions. These are inclusive of, but not limited to:
- Obtain people's views about their needs and experience of local health and social care services. Local Healthwatch make these views known to those involved in the commissioning and scrutiny of care services.
- Make reports and make recommendations about how those services could or should be improved.
- Promote and support the involvement of people in the monitoring, commissioning and provision of local health and social care services.
- Provide information and advice to the public about accessing health and social care services and their options.
- Make the views and experiences of people known to Healthwatch England, helping us carry out our national champion role.
- Make recommendations to Healthwatch England to advise the CQC to carry out special reviews or investigations into areas of concern.
We also collect information about your age, ethnicity, gender and health. Depending on the needs of each project, we may collect information about your religion or belief or your sexual orientation.
We’re allowed to collect sensitive information like this because it is connected with the provision of and management of health and social care services.
We collect this data to help us understand whom we are speaking to and to understand how different groups experience health and social care.
We keep this data for as long as it is needed.
Personal data received from other sources
On occasion, we will receive information from the families, friends and carers of people who access health and social care services. We might also receive information from health, social care and other professionals. We use this personal data to inform providers and commissioners to help them deliver services that work for everyone.
We will only process your personal data where we have your permission, or there is another lawful basis to do so under current data protection legislation.
Publishing information
We anonymise our data to the best of our ability to ensure that you can't be identified unless you have given permission for us to do so. However, your identifiable details are required to provide the service or meet our legal obligations in certain situations.
Sharing your data with Healthwatch England
We must share information with Healthwatch England to ensure that your views feed into our national work. Healthwatch England uses it to assess the quality of care across the country and influence service provision. By working together, we can ensure that health and social care leaders are aware of people's experiences and can make a difference to the care people receive now and in the future.
Find out more about Healthwatch England’s purpose and what they do.
Healthwatch England will anonymise any information they use for national publications to the best of their ability.
How we share information with other organisations
We only share personal data with other organisations where it is lawful to do so in accordance with our data protection policy. We will share your information to fulfil our remit, which is to pass on your care experiences to help improve them on your behalf and people like you.
We work with Healthwatch England, the Care Quality Commission (CQC), local commissioners, NHS Improvement and our local authority to make this happen. We can also engage external suppliers to process personal information on our behalf.
We will only disclose your personal information where there is another excellent reason to make the disclosure – for example, we may disclose information to CQC or a local authority where we think it is necessary to protect a vulnerable person from abuse or harm. We'll only make such a disclosure in accordance with the requirements of the current data protection legislation.
Wherever possible, we will ensure that any information that we share or disclose is wholly or partly anonymised so that you cannot be identified from it.
We sometimes use other organisations to process personal data on our behalf. Where we do this, those companies must follow the same rules and information security requirements as us, outlined in a Data Processing Agreement. They are not allowed to use the data for other purposes.
We use Survey Monkey, Civi CRM, SmartSurvey and Microsoft suite (Sharepoint) to store data
Information we collect about people who apply to work or volunteer with us
We need to process personal data about our staff (and people applying to work for us) to meet our legal and contractual responsibilities as an employer.
The personal data that we process includes name and contact details and information about racial or ethnic origin, religion, disability, gender and sexuality. We use this information to check that we are promoting and ensuring diversity in our workforce and ensuring that we are complying with equalities legislation.
We'll ask for your explicit consent to share this data with us. Our employees decide whether to share this monitoring data with us. They can choose to withdraw their consent for this at any time. Employees who wish to withdraw their consent for us to process this data can let us know.
Other personal data that we must process includes information on all employment-related matters, qualifications and experience, pay and performance, health and welfare, contact details and bank details. We also process data about monitoring ICT systems to ensure security, including monitoring and keeping logs of web pages visited and screening emails for phishing attacks.
We check that people who work for us are fit and suitable for their roles. This may include asking people to undertake Disclosure and Barring Service (DBS) checks, copies of documents that prove job applicants' right to work in the UK and references.
We will ask people joining Healthwatch Greenwich to complete a 'declaration of interests' form. This will identify any services with which they have close links (for example, because they have previously worked there or because a close relative runs the service) or any other issues which could cause a perceived conflict of interest. We regularly ask staff asked to update these forms. [insert/delete this section if relevant]
We process information directly necessary about employment and safeguarding under our legal obligations, information which is not strictly necessary with the individual's consent.
How long we keep your data for
We retain personal data about employees and volunteers for six years after the duration of their employment with the following exceptions:
Application form
Duration of employment
References received
Duration of employment
Records relating to an injury or accident at work
12 years
Statutory maternity pay records, calculations and certificates
Retain while employed and for seven years after employment has ended
Redundancy details, calculation of payments and refunds
Seven years from the date of redundancy
If you are not successful at getting a job or volunteering with us, we will keep your data for six months after finalising recruitment.
We have a legal obligation to comply with the Freedom of Information Act 2000. This may include the requirement to disclose some information about our employees – especially those in senior or public-facing roles. We also publish some information about our staff, including the names and work contact details of people in some positions. We also publish photographs of our staff on our website.
Information we collect for other purposes
We use personal information about you for the following purposes:
- to send you our newsletter where you have requested it;
- Because you have agreed to be a case study for us
This may include any personal information that you choose to share with us, but we will treat this as confidential and protect it accordingly. We will ask for your consent to collect and use this data.
Signing up for our newsletter
We use a third-party supplier to provide our newsletter service. By subscribing to this service, you will agree to them handling your data. You can unsubscribe at any time by following the instructions in the newsletter or by contacting us.
The third-party supplier handles the data purely to provide this service on our behalf. This supplier follows the requirements of data protection legislation in obtaining, handling, and processing your information and will not make your data available to anyone other than Healthwatch.
We will keep your data until you tell us you no longer want to receive our newsletter.
Security
We are strongly committed to data security, and we take reasonable and appropriate steps to protect your personal information from unauthorised access, loss, misuse, alteration or corruption.
How we keep people’s data safe
We have rigorous technical and organisational measures to keep people’s data safe.
We use the following systems to store data:
- Microsoft Outlook and Sharepoint
- Civi CRM
- Mailchimp
- Survey Monkey
We store this information in the UK.
We manage remote working to minimise the possibility of a data breach:
- Staff shred personal information on paper records as soon as it is recorded digitally.
- Staff lock their screens when away from their desks.
- Passwords are changed as soon as Staff leave their employment.
We follow organisational measures that you are taking to keep your data safe, including:
- Encryption of local devices, anti-virus software, automatic system patching
Only authorised employees, volunteers and contractors under strict controls will access your personal information.
Retention and disposal of personal data
Personal data is deleted or securely destroyed at the end of its retention period.
Information about people who use our website
Cookies
Cookies are small text files transferred to your computer or mobile when you visit a website or app. We use them to help us understand how people are using our services so that we can make them better.
Please be aware that some systems on our website require cookies. However, where non-essential cookies are in use, we will only use those cookies and collect the information with your permission.
Your rights
Your right to access information about you
If you think we may hold personal data relating to you and want to see it, please email: info@healthwatchgreenwich.co.uk Or write to Healthwatch Greenwich, 9-11 Gunnery Terrace, SE18 6SW
You have a right to receive a copy of this personal data or to ask us to forward it to a person or organisation of your choice. We will provide the personal data to you in your preferred format wherever possible. We may need to ask you to verify your identity before we proceed.
Correcting or deleting your personal data
If you know that we are holding your personal data and believe that it may be wrong, or if you want it to be deleted or for us to stop using it, you have a right to request that it can be deleted or amended. There may be some occasions when, for legal reasons, we are unable to comply fully with your request.
Please make your objection in writing to our Data Protection Officer: dpo@ametrosgroup.com
Complaints about how we look after or use your information
If you feel that we have not met our responsibilities under data protection legislation, you have a right to request an independent assessment from the Information Commissioner’s Office (ICO). You can find details on their website.