This Privacy Statement sets out the data processing practices carried out by Healthwatch Telford & Wrekin. We retain and use personal data (information that relates to and identifies living people) to help us carry out our role as the local independent champion for people who use health and social care services.
Find out more about our purpose and what we do on our website.
We will always make sure that your information is protected and treated securely. Any information that you give will be held in accordance with:
- Data Protection Act 1998
- The General Data Protection Regulation (GDPR) and Data Protection Bill.
Read about our Information Governance Policy on our website.
We also make our Information Asset Register available for people to read to give further clarity about how data relating to them is managed and kept secure. This includes clear details about the lawful basis for storing and keeping personally identifiable information and our retention schedule.
Read about our Information Asset Register on our website.
Legal basis for processing personal data
Healthwatch Telford & Wrekin is an independent statutory organisation. We exist by law and are classified as a ‘public authority’. We process personal data to meet the duties described under Section 221 (2) of the Local Government and Public Involvement in Health Act 2007. Healthwatch Telford & Wrekin uses ‘public task’, ‘contract’, ‘consent’, and ‘legitimate interest’ as its legal basis for the collection and processing of data. These are described as follows by the Information Commissioners Office. Public Task is when “the processing is necessary for you to perform a task in the public interest or the function has a clear basis in law”. Contract is when “the processing is necessary for a contract you have with an individual”. Consent is when “a person has given clear consent to the processing of his/her personal data for one or more specific purposes”. Legitimate Interest is when “the processing is necessary for your legitimate interests or those of a third party”.
We are strongly committed to data security and we take reasonable and appropriate steps to protect your personal information from unauthorised access, loss, misuse, alteration or corruption.
We have put in place physical, electronic, and managerial procedures to safeguard and secure the information you provide to us.
Only authorised employees, contractors, and other authorised personnel under strict controls will have access to your personal information.
How we will use your personal information
Personal information about you can be used for one or more of the following purposes:
- in our day-to-day work;
- to send you our newsletter where you have requested it;
- to respond to any queries you may have;
- to improve the quality and safety of care.
This may include any personal information that you choose to share with us, but we will treat this as confidential and protect it accordingly.
We will never include your personal information in survey reports without your express permission.
Information we collect
We collect personal information from visitors to this website through the use of online forms and every time you email us your details. We also collect feedback and views from people about the health and social care services that they access in different ways. In addition, we receive information about our own staff, volunteers and people who apply to work for us.
To learn more about how we process information see below.
- Information about people who use our website
- Information about people who share their experiences with us by other means
- Information about our own staff, volunteers and people, volunteers and people applying to work for us
Information about people who use our website
We will never collect and store information about you without your permission. We will only collect personal information provided by you, such as:
- feedback from surveys and online forms
- email addresses
- preferred means of communication
- contributions to our online Feedback Centre.
Information about people who share their experiences with us
There are a number of ways that we collect feedback from people about their experiences of using health and social care services day to day. Our staff will visit different health and social care settings as part of their role to evaluate how services are being delivered. We also receive phone calls and requests for information directly from members of the public as part of our signposting service.
Where personally identifiable information is collected we will ensure that we have your consent to keep it and we will be clear on how we intend to use your information. We will aim to anonymise information where we can, but there may be instances where this is not possible in order to make change happen on your behalf. There may be exceptional circumstances where we can and will keep the data without consent, but we must have a lawful basis for doing so, such as for safeguarding purposes. We will only process your personal data where there is a lawful basis to do so under current data protection legislation.
We ensure that where consent is required it will be freely given, used only for agreed specific and unambiguous purposes and that you are well informed about how the information will be kept. This includes where it will be stored, details on security and for how long it will be kept. We will comply with current data protection legislation at all times.
Personal information may be collected through:
- Our signposting and advice service
- When we receive feedback by phone, outreach work or through surveys
- Through our online Feedback Centre service
- Enter and View activity
When we carry out health and care surveys online we do not collect personal data, we store and use anonymous information from what is contributed. Some demographic details may be requested and collected as part of the survey data that we process. This may include information about racial or ethnic origin, religion, disability, gender and sexuality, but this data is not associated with any personal information. We use this information to check our survey sample, while we ensure promotion of diversity and equality legislation. We only collect personal information for surveys with your consent.
Personal data received from other sources
On occasion we will receive information from the families, friends and carers of people who access health and social care services. We use this data to inform providers and commissioners to help them deliver services that work for you.
Where it is practically possible, we will make sure that we have your consent to use information that is about you. We will only process your personal data where there is a lawful basis to do so under current data protection legislation.
Signing up to our newsletter
Healthwatch Telford & Wrekin is a statutory organisation carrying out public tasks. We process personal data to meet our duties described under Section 221(2) of The Local Government and Public Involvement in Health Act 2007. A key part of these duties is to keep you informed of local developments in health and care so that you can scrutinise. We provide a newsletter service to support this. By subscribing to our newsletter, you will be agreeing to us handling your contact details – personal data, and tracking performance of newsletters by tracking web-selections and email opens. The storage of data to provide this service (contact details and preferences/interests) is handled by a third-party supplier on our behalf. This supplier is GDPR compliant and follows the requirements of the Data Protection Act 1998 in how they handle and process your information and will not make your data available to anyone other than Healthwatch Telford & Wrekin.
Information about our own staff and people applying to work with us
We need to process personal data about our own staff (and people applying to work for us), volunteers and Board directors so that we can carry out our role and meet our legal and contractual responsibilities.
The personal data that we process includes information about racial or ethnic origin, religion, disability, gender and sexuality. We use this information to check we are promoting and ensuring diversity and to make sure we are complying with equalities legislation.
Our employees and volunteers decide whether to share this monitoring data with us and can choose to withdraw their consent for this at any time. Employees who wish to withdraw their consent for us to process this data can let us know.
Other personal data that we are required to process includes information on qualifications and experience, pay and performance, contact details and bank details.
We check that people who work for us are fit and suitable for their roles. This may include asking people to undertake Disclosure and Barring Service (DBS) checks.
People joining Healthwatch Telford & Wrekin will be asked to complete a ‘declaration of interests’ form to identify any health, care or other services with which they have close links (for example, because they have previously worked there or because the service is run by a close relative) or any other issues which could cause a perceived conflict of interest. Staff, volunteers and Board directors are regularly asked to update these forms and declarations.
We have a legal obligation to comply with the Freedom of Information Act 2000 and this may include the requirement to disclose some information about our employees – especially those in senior or public facing roles. We also publish some information about our staff, including the names and work contact details of people in some roles.
We use third-party contractors to provide support services, including payroll services, administer payments of expenses to staff, Board members and volunteers, and some HR services. These suppliers are GDPR compliant and follow the requirements of the Data Protection Act 1998 in how they obtain, handle and process your information on our behalf, and will not make your data available to anyone other than Healthwatch.
Sharing your data with Healthwatch England
We are required to share information with Healthwatch England to ensure that your views are considered at a national level. This enables them to analyse service provision across the country and supply the Department of Health and national commissioners with the information you provide. Healthwatch England provides a secure digital system for local Healthwatch to manage this data.
The information we provide to Healthwatch England contains no personally identifiable data. Any information that is used for national publications is anonymised and will only be used with the consent of a local Healthwatch.
Healthwatch England is a committee of the Care Quality Commission (CQC) but acts independently. These organisations must comply with all legal data protection requirements and do not reuse any data for any other reason or make it available to others.
Look at their website to learn more about the purpose of Healthwatch England, and what they do.
To the best of our ability, Healthwatch Telford & Wrekin anonymise our data to ensure that a person cannot be identified, unless this has been otherwise agreed and consent has been given.
Our data systems
Our local IT system is provided and supported by a third-party contractor. This supplier is GDPR compliant and follows the requirements of the Data Protection Act 1998. The supplier provides for Healthwatch Telford & Wrekin data including your information to be held securely and handles and stores data purely to provide this service for us. They will not make your data available to anyone other than Healthwatch Telford & Wrekin.
Healthwatch Telford & Wrekin uses another third-party supplier service to host our Website and Feedback Centre Service. This supplier is GDPR compliant and follows the requirements of the Data Protection Act 1998 in how they handle and store the data purely to provide this service on our behalf. The supplier will not make your data available to anyone other than Healthwatch Telford & Wrekin.
Healthwatch England provides a third-party service to Healthwatch Telford & Wrekin to securely and separately host our local digital system for Healthwatch to manage our data. As the support service supplier, Healthwatch England is GDPR compliant and follows the requirements of the Data Protection Act 1998.
How we share information with other organisations
We only share personal information with other organisations where it is lawful to so and in accordance with our Information Governance Policy. Information is shared in order to fulfil our remit which is to pass on your experiences of health and care services to help improve them on your behalf.
We work with Healthwatch England, the Care Quality Commission (CQC), local commissioners, NHS Improvement and our local authority to make this happen. We can also engage external suppliers to process personal information on our behalf.
We will only disclose your personal information where we have your consent to do so, or where there is another very good reason to make the disclosure – for example, we may disclose information to CQC or a local authority where we think it is necessary to do so to protect a vulnerable person from abuse or harm. Any such disclosure will be made in accordance with the requirements of the current data protection legislation.
Wherever possible, we will ensure that any information that we share or disclose is anonymised to ensure that you cannot be identified from it.
We sometimes use other organisations to process personal data on our behalf. Where we do this, those companies or organisations are required to follow the same rules and information security requirements as us, outlined in a Data Processing Contract. They are not permitted to use reuse the data for other purposes.
Retention and disposal of personal data
A Retention and Disposal Schedule Policy is available on our website which explains how long we keep different types of records and documents for, including those containing personal data. Personal data is deleted or securely destroyed at the end of its retention period.
Your right to access information about you: if you think we may hold personal data relating to you and want to see it, please write to email@example.com or by post to the address below.
Correcting or deleting your personal data: if you know that we are holding your personal data and believe that it may be wrong, or if you want it to be deleted or for us to stop using it, you have a right to request that it can be deleted or amended.
Please make your objection in writing to Healthwatch Telford & Wrekin to: firstname.lastname@example.org
Or send it by post to:
Healthwatch Telford & Wrekin
Meeting Point House,
Complaint about how we look after or use your information: if you feel that we have not met our responsibilities under data protection legislation, you have a right to request an independent assessment from the Information Commissioner’s Office (ICO). You can find details on their website.
Our contact details and key roles
Healthwatch Telford and Wrekin is data controller for all of the personal data that you provide us with. Any issues relating to the processing of personal data by or on behalf of Healthwatch Telford and Wrekin may be addressed to:
The Managing Director.
Healthwatch Telford & Wrekin
Southwater Square, Meeting Point House, Telford, TF3 4HS
Telephone: 01952 739540
The Data Protection Officer for Healthwatch Telford & Wrekin as designated under Article 37 of the GDPR is to be confirmed.
Information about using information on our site
When you browse through the information on this website, it does not store or capture your personal information. We do log your IP address (as it is automatically recognised by the web server).
We will always take necessary steps to ensure that your information is protected and treated securely. Any details you give us will be held in accordance with the Data Protection Act 1998 and our data protection policy (part of our overall Information Governance Policy) and code of practice on confidential and personal information.
We will only collect personal information volunteered by you, such as:
- feedback from surveys and online forms
- email addresses
- preferred means of communication
All personal information about you will be used in our day to day work and to improve the quality and safety of care. This may include any personal information that you choose to share with us, but we will treat this as confidential and protect it accordingly.
We will never include your personal information in survey reports.
This privacy statement covers the Healthwatch Telford and Wrekin website. This does not cover links within this site to other websites.