Privacy Statement

This Privacy Statement sets out the data processing practices carried out by Healthwatch Worcestershire.

Healthwatch Worcestershire (HWW) provides an independent voice for people who use publicly funded health & social care services; Our role is to ensure that people’s views are listened to and fed back to service providers and commissioners to improve services. We use personal data to do this.

Find out more about our purpose and what we do by clicking here What we do | Healthwatch Worcestershire

[In our Privacy Statement, wherever you see the words ‘we’, ‘us’, ‘our’, we are referring to Healthwatch Worcestershire]

We are a ‘Public Body’ for the purposes of the General Data Protection Regulations [GDPR] and this Privacy Statement sets out our data processing practices.

We retain and use personal data to help us carry out our role. We are registered with the Information Commissioners Office [Registration Number ZA025996] and have appointed a Data Protection Officer who reports to our Board of Directors.

If you have any questions in relation to our Privacy Statement, or how we use your personal data they should be sent to dpo@healthwatchworcestershire.co.uk, or addressed to the Data Protection Officer, Healthwatch Worcestershire, Civic Centre, Queen Elizabeth Drive, Pershore, Worcestershire, WR10 1PT.

 

Information we collect in our role as the local independent champion for people who use publicly funded health and social care services

We collect and process personal data from the following sources:

  • Online web forms or surveys
  • Paper surveys/forms
  • Providing information and signposting to people who contact us for help with health and social care.
  • Research projects
  • Visits to health and social care providers
  • Meetings and events.  
  • Other means of obtaining views from people about the health and social care services they access.

The type of personal information we collect 

We currently collect and process the following information:

  • Personal identifiers, contacts and characteristics (for example, name and contact details)
  • Health conditions, including details of healthcare; ethnicity; sexual orientation and religion
  • Other demographic data, including age, gender identity, ethnicity and disability.

We automatically collect some technical information from devices and web browsers that you use. This might include your IP (internet protocol) address.

We use the information you share with us in line with our main statutory functions. These are inclusive of, but not limited to:

  • Obtain people's views about their needs and experience of local health and social care services. Healthwatch Worcestershire make these views known to those involved in the commissioning and scrutiny of care services.
  • Make reports and make recommendations about how those services could or should be improved.
  • Promote and support the involvement of people in the monitoring, commissioning and provision of local health and social care services.
  • Provide information and advice to the public about accessing health and social care services and their options.
  • Make the views and experiences of people known to Healthwatch England, helping them carry out their national champion role.
  • Make recommendations to Healthwatch England to advise the CQC to carry out special reviews or investigations into areas of concern.

We are allowed to collect sensitive information because it is connected with the provision of and management of health and social care services.

We collect this data to help us understand whom we are speaking to and to understand how different groups experience health and social care. We anonymise our data to the best of our ability to ensure that you can't be identified unless you have given permission for us to do so.

We will only use and store your information for as long as it is required for the purposes that it was collected for. How long it will be stored depends on the information in question, what it is being used for and, sometimes statutory and legal requirements. More information is available in our ‘Retention and Disposal Policy which is available on our websitewww.healthwatchworcestershire.co.uk) or from our office (email:dpo@healthwatchworcestershire.co.uk) or telephone: 01386- 550264

Personal data received from other sources

On occasion, we will receive information from the families, friends and carers of people who access health and social care services. We might also receive information from health, social care and other professionals. We use this personal data to inform providers and commissioners to help them deliver services that work for everyone.

We will only process your personal data where we have your permission, or there is another lawful basis to do so under current data protection legislation.

Publishing information

We anonymise our data to the best of our ability to ensure that you can't be identified unless you have given permission for us to do so. However, your identifiable details are required to provide the service or meet our legal obligations in certain situations.

Sharing your data with Healthwatch England 

We share anonymised information with Healthwatch England to ensure that your views feed into our national work. Healthwatch England uses it to assess the quality of care across the country and influence service provision. By working together, we can ensure that health and social care leaders are aware of people's experiences and can make a difference to the care people receive now and in the future.

Find out more about Healthwatch England’s purpose and what they do. 

Healthwatch England will anonymise any information they use for national publications to the best of their ability. 

How we share information with other organisations

Wherever possible, we will ensure that any information that we share or disclose is wholly or partly anonymised so that you cannot be identified from it. 

We only share personal data with other organisations where it is lawful to do so in accordance with our data protection policy. 

We work with Healthwatch England, the Care Quality Commission (CQC), local commissioners, NHS Improvement and our local authority to make this happen. We can also engage external suppliers to process personal information on our behalf. 

We will only disclose your personal information where there is a compelling reason to make the disclosure – for example, we may disclose information to CQC or a local authority where we think it is necessary to protect a vulnerable person from abuse or harm. We'll only make such a disclosure in accordance with the requirements of the current data protection legislation. 

We sometimes use other organisations to process personal data on our behalf. Where we do this, those companies must follow the same rules and information security requirements as us, outlined in a Data Processing Agreement. They are not allowed to use the data for other purposes.

 

Information we collect about people who apply to work or volunteer with us 

We need to process personal data about our staff (and people applying to work for us) to meet our legal and contractual responsibilities as an employer. 

The personal data that we process includes name and contact details and information about racial or ethnic origin, religion, disability, gender and sexuality. We use this information to check that we are promoting and ensuring diversity in our workforce and ensuring that we are complying with equalities legislation. 

We ask for explicit consent to share this data with us. Our employees decide whether to share this monitoring data with us. They can choose to withdraw their consent for this at any time. Employees who wish to withdraw their consent for us to process this data can let us know. 

Other personal data that we must process includes information on all employment-related matters, qualifications and experience, pay and performance, health and welfare, contact details and bank details. We also process data about monitoring ICT systems to ensure security, 

 

including monitoring and keeping logs of web pages visited and screening emails for phishing attacks. 

We check that people who work for us are fit and suitable for their roles. This may include asking people to undertake Disclosure and Barring Service (DBS) checks, copies of documents that prove job applicants' right to work in the UK and references. 

We will ask people joining Healthwatch Worcestershire to complete a 'declaration of interests' form. This will identify any services with which they have close links (for example, because they have previously worked there or because a close relative runs the service) or any other issues which could cause a perceived conflict of interest. 

We process information directly, as necessary, about employment and safeguarding under our legal obligations. Information which is not strictly necessary is only processed with the individual's consent.

How long we keep your data for

We retain personal data about employees and volunteers for six years after the duration of their employment with the following exceptions:

   
Application form  Duration of employment 
References received  Duration of employment 
Records relating to an injury or accident at work  12 years 
Statutory maternity pay records, calculations and certificates  Retain while employed and for seven years after employment has ended 
Redundancy details, calculation of payments and refunds  Seven years from the date of redundancy  

If you are not successful at getting a job or volunteering with us, we will keep your data for six months after finalising recruitment.

We have a legal obligation to comply with the Freedom of Information Act 2000. This may include the requirement to disclose some information about our employees – especially those in senior or public-facing roles. We also publish some information about our staff, including the names and work contact details of people in some positions. We also publish photographs of our staff on our website.

Information we collect for other purposes

We use personal information about you for the following purposes: 

  • to send you our bulletin where you have requested it (registered for information); 
  • Reference & Engagement Group
  • Company Membership Scheme
  • Because you have agreed to be a case study for us 

This may include any personal information that you choose to share with us, but we will treat this as confidential and protect it accordingly. We will ask for your consent to collect and use this data.

‘Registered For Information’

If you opt-in to ‘register for information’ and to receive our bulletins(which is sent via email), the email address that you submit to us will be stored in Mailchimp, which we use for our email marketing.

We consider Mailchimp to be a third-party data processor. The email address that you submit will be stored within this website’s own database but not in any of our internal computer systems.

Mailchimp handles the data purely to provide this service on our behalf. Mailchimp follows the requirements of data protection legislation in obtaining, handling, and processing your information and will not make your data available to anyone other than Healthwatch Worcestershire

Your email address will remain within the Mailchimp database on our website for as long as we continue to use this platform for email marketing or until you specifically request removal from the list. You can do this by unsubscribing using the unsubscribe links contained in any email bulletins that we send you or by requesting removal via email. (info@healthwatchworcestershire.co.uk) When requesting removal via email, please send your email to us using the email account that is subscribed to the mailing list.

Reference & Engagement Group:

Our reference and Engagement Group has been established as a network of Community & Voluntary Sector Organisations and ‘Experts by Experience’ to support us in our work. If you are a member of our Reference and Engagement Group we will collect the information that we need to contact you which may include personal data. The contact details that you submit will be stored in Mailchimp which we use for our email marketing.

Company Membership Scheme: 

Healthwatch Worcestershire is a ‘not for profit’ organisation and is constituted as a private company limited by guarantee. In accordance with the company’s Articles of Association we have a Company Membership Scheme. If you are a member of the scheme, we will collect the information about you that we need to administer the scheme. This will include your personal data eg name and contact details. These will be stored in Mailchimp.

Security 

We are strongly committed to data security, and we take reasonable and appropriate steps to protect your personal information from unauthorised access, loss, misuse, alteration or corruption. 

We operate a robust and thorough process for assessing, managing and protecting new and existing systems which ensures that they are up to date and secure against the ever-changing threat landscape. In addition to this, we follow a defence in depth security model, which means that your data is protected by multiple layers of security. 

Healthwatch Worcestershire takes cyber security seriously and has achieved the Cyber Essentials accreditation, and is registered in the national database which can be found by clicking here https://iasme.co.uk/certified-organisations/

Our staff complete mandatory information security and data protection training on employment and every two years thereafter to reinforce responsibilities and requirements set out in our information security policies.

When you trust us with your data we will always keep your information secure to maintain your confidentiality. By utilizing strong encryption when your information is stored or in transit we minimize the risk of unauthorized access or disclosure; when entering information on our website, you can check this by right clicking on the padlock icon in the address bar.

Where possible all data is stored in the UK, and due diligence is carried out to make sure any services have the correct information security in place such as ISO 27001 and at least Cyber Essentials.

We may transfer your personal information outside of the European Economic Area.  Where we do so we ensure appropriate safeguards are in place. 

We use ‘Mailchimp’ to carryout email marketing, your data may be transferred to Data Centres located in the USA. To comply with GDPR regulations Mailchimp incorporates the EU's Standard Contractual Clauses in their Data Processing Addendum which automatically forms part of their Standard Terms of Use and applies to customer data protected by EU laws.

Only authorised employees, volunteers and contractors under strict controls will access your personal information. 

Survey Monkey:

If you choose to submit an experience of a health or social care service using Survey Monkey your data will be protected by Smart Survey’s *high standard of data security.

(*All Survey Monkey’s content is encrypted at rest as per industry standards. Data that is passed between users via their web browser and the Smart Survey systems are fully encrypted over HTTPS connections via the latest TLS security).

Data submitted to Survey Monkey will be downloaded on a regular basis. Data will only be used for the aggregate analysis of trends unless you expressly consent to us sharing your data with partner organisations (see Section 4). All data submitted to Survey Monkey will be permanently deleted no longer than five years after receipt.

Retention and disposal of personal data 

We publish a retention and disposal schedule Retention& Disposal Policy, which explains how long we keep different types of records and documents, including those containing personal data. Personal data is deleted or securely destroyed at the end of its retention period. 

We will only use and store your information for as long as it is required for the purposes that it was collected for. How long it will be stored depends on the information in question, what it is being used for and, sometimes statutory and legal requirements. More information is available in our ‘Retention and Disposal Policy which is available on our website ( www.healthwatchworcestershire.co.uk) or from our office (email:dpo@healthwatchworcestershire.co.uk) or telephone: 01386- 5502640

 

Information about people who use our website

Our websites use cookies to help them work well and to track information about how people are using them. More information on cookies can be found below.

For all areas of our website which collect personal information, we use a secure server. Although we cannot 100% guarantee the security of any information you transmit to us, we enforce strict procedures and security features to protect your information and prevent unauthorised access.

Our website contains links to other websites belonging to third parties and we sometimes choose to participate in social networking sites including but not limited to Twitter (X), You Tube and Facebook. We may also include content from sites such as these on our website however, would advise that we do not have any control over the privacy practices of these other sites. You should make sure when you leave our site that you have read and understood that site’s privacy policy in addition to our own.

 

Cookies

Cookies are small text files transferred to your computer or mobile when you visit a website or app. We use them to help us understand how people are using our services so that we can make them better.

Please be aware that some systems on our website require cookies. However, where non-essential cookies are in use, we will only use those cookies and collect the information with your permission.

Find out more about our use of Cookies by clicking here

Your rights 

Your right to access information about you 

If you think we may hold personal data relating to you and want to see it, please email dpo@healthwatchworcestershire.co.uk Or write to Healthwatch Worcestershire, Civic Centre, Queen Elizabeth Drive, Pershore. WR10 1PT

You have a right to receive a copy of this personal data or to ask us to forward it to a person or organisation of your choice. We will provide the personal data to you in your preferred format wherever possible. We may need to ask you to verify your identity before we proceed.

Correcting or deleting your personal data 

If you know that we are holding your personal data and believe that it may be wrong, or if you want it to be deleted or for us to stop using it, you have a right to request that it can be deleted or amended. There may be some occasions when, for legal reasons, we are unable to comply fully with your request.

Please make your request in writing to dpo@healthwatch worcestershire.co.uk

Or send it by post to:  Data Protection Officer, Healthwatch Worcestershire, Civic Centre, Queen Elizabeth Drive, Pershore, Worcestershire, WR10 1PT.

Complaints about how we look after or use your information

In the first instance, please talk to us directly so we can resolve any problem or query (see contact details above). You also have the right to contact the Information Commissioner’s Office (ICO) if you have any questions about Data Protection. You can contact them using their help line 0303 123 113 or at www.ico.org.uk.

 

Downloads

File download
Easy Read Version - Privacy Statement
Download (PDF 336 KB)