This privacy notice sets out the data processing practices carried out by Healthwatch County Durham. We retain and use personal data (information that relates to and identifies living people) to help us carry out our role as the local independent champion for people who use health and social care services.
Click here to find out more about what we do.
We will always make sure that your information is protected and treated securely. Any information that you give will be held in accordance with the United Kingdom Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 (DPA).
We use the information you share with us in line with our main statutory functions.
People First and Healthwatch County Durham are joint data controllers for all personal data processed by Healthwatch County Durham. Any issues relating to the processing of personal data by or on behalf of Healthwatch County Durham may be addressed to: The Business Manager, People First, Milbourne Street, Carlisle, Cumbria, CA2 5XB
Our Data Protection Officer is Catherine Hunt and she can be contacted via the Business Manager or by emailing gdpr@wearepeoplefirst.co.uk
Information we collect
We collect personal information through the use of online forms and every time you send an email to us and from people who share their experiences with us by email, phone, in person or by other means. We also collect feedback and views from people about the health and social care services that they access and when other organisations make referrals to us. For people who use our website – visit our cookies policy for more information
How we will use your personal information
Personal information about you can be used for the following purposes:
to deliver our services which are to:
- Obtain the views of people about their needs and experience of local health and social care services. Make reports and recommendations about how those services could or should be improved.
- Promote and support the involvement of people in the monitoring, commissioning and provision of local health and social care
- Provide information and advice to the public about accessing health and social care services and the options available to them.
- Make the views and experiences of people known to Healthwatch England, helping us to carry out our role as national champion.
- Make recommendations to Healthwatch England to advise the Care Quality Commission (CQC) to carry out special reviews or investigations into areas of concern.
to keep you informed about our activities;
to respond to any queries you may have;
to improve the quality and safety of care;
to keep internal records.
This may include any personal information that you choose to share with us, but we will treat this as confidential and protect it accordingly.
We will never include your personal information in survey reports.
How we ensure that the processing we do is lawful
Healthwatch County Durham cannot use your personal data for any reason unless we have a lawful basis to do so. Those that we use are:
To deliver our services
- The processing is necessary to undertake a public task
- The data subject has given consent to the processing
- The processing is necessary- for the performance of a contract to which the data subject is a party, or for the taking of steps at the request of the data subject with a view to entering into a contract
- The processing is necessary for compliance with any legal obligations to which the data controller is subject, other than an obligation imposed by contract
- The processing is necessary in order to protect the vital interests of the data subject
- The processing is necessary for the purposes of legitimate interests pursued by the data controller or by the third party or parties to whom the data are disclosed, except where the processing is unwarranted in any particular case by reason of prejudice to the rights and freedoms or legitimate interests of the data subject
Where we have asked for your consent to process your personal data for any purpose, you have the right to withdraw your consent. If you wish to do this please contact us using the details given in this privacy notice. If withdrawal of your consent will affect the service that we give you, we will tell you at the time.
To keep you informed about our activities
- We have a legitimate interest in using your information. If we already have a relationship with you we may not ask for your consent to send you a newsletter or informative email – we may just send it
To respond to any queries you may have
- We have a legitimate interest in using your information. This information allows us to process queries effectively and tailor the ways in which we communicate with you.
To improve the quality and safety of care
- The processing is necessary to undertake a public task
To keep internal records
- The processing is necessary for compliance with any legal obligations to which the data controller is subject, other than an obligation imposed by contract.
Special category and sensitive types of data
Data protection law considers some types of personal data as special category. This includes information about race, ethnic origin, religion, health, sex life and sexual orientation.
These types of personal data require additional protection. This is because use of this data could create significant risks to the individual’s fundamental rights and freedoms.
The presumption is that this type of data needs to be treated with greater care because collecting and using it is more likely to interfere with these fundamental rights or open someone up to discrimination.
Where we process special category data we do so because:
- the data subject has given explicit consent to the processing of the personal data for one or more specified purposes.
- processing is necessary to protect the vital interests of the data subject or another natural person where the data subject is physically or legally incapable of giving consent
- processing is necessary for the purpose of preventative or occupational medicine, the provision of health or social care or treatment or the management of health or social care systems and services.
- processing is necessary for reasons of public interest in the area of public health, such as protecting against serious cross-border threats to health or ensuring high standards of quality and safety of healthcare and of medicinal products or medical devices.
Security
We are strongly committed to data security and we take reasonable and appropriate steps to protect your personal information from unauthorised access, loss, misuse, alteration or corruption.
We have put in place physical, electronic, and managerial procedures to safeguard and secure the information you provide to us.
Only authorised employees and contractors under strict controls will have access to your personal information.
Transferring personal data outside the European Economic Area
Some of your personal data may be transferred outside the EEA.
We make sure that it is protected in the same way as if it was being used in the EEA. To do this we will:
- Only transfer it to a non-EEA country with privacy laws that give the same protection as the EEA as specified by the European Commission and which has been determined as adequate by the EEA or the UK;
- When transferring to the USA or any other country that has not been assessed as adequate we will ensure that there is a safeguard in place that is recognised by the representative supervisory authority of the United Kingdom. This is the Information Commissioner’s Office (ICO). The safeguard is to use one of the ICO’s standard contractual clauses.
National Data Opt-Out
Healthwatch County Durham is one of many organisations working in the health and care system to improve care for patients and the public.
Whenever you use a health or care service, such as one of the services that we offer, important information about you is collected in a client record for that service. Collecting this information helps to ensure you get the best possible support.
The information collected about you when you use these services can also be used and provided to other organisations for purposes beyond your individual care, for instance to help with:
- improving the quality and standards of care provided
- research into the development of new treatments
- preventing illness and diseases
- monitoring safety
- planning services
This may only take place when there is a clear legal basis to use this information. All these uses help to provide better health and care for you, your family and future generations. Confidential patient information about your health and care is only used like this where allowed by law.
Most of the time, anonymised data is used for research and planning so that you cannot be identified in which case your confidential patient information isn’t needed.
You have a choice about whether you want your confidential patient information to be used in this way. If you are happy with this use of information you do not need to do anything. If you do choose to opt out your confidential patient information will still be used to support your individual care.
To find out more or to register your choice to opt out, please visit www.nhs.uk/your-nhs-data-matters. On this web page you will:
- See what is meant by confidential patient information
- Find examples of when confidential patient information is used for individual care and examples of when it is used for purposes beyond individual care
- Find out more about the benefits of sharing data
- Understand more about who uses the data
- Find out how your data is protected
- Be able to access the system to view, set or change your opt-out setting
- Find the contact telephone number if you want to know any more or to set/change your opt-out by phone
- See the situations where the opt-out will not apply
You can also find out more about how patient information is used at:
https://www.hra.nhs.uk/information-about-patients/ (which covers health and care research); and
https://understandingpatientdata.org.uk/what-you-need-know (which covers how and why patient information is used, the safeguards and how decisions are made)
You can change your mind about your choice at any time.
Data being used or shared for purposes beyond individual care does not include your data being shared with insurance companies or used for marketing purposes and data would only be used in this way with your specific agreement.
Our organisation is currently compliant with the national data opt-out policy.
Sharing your data with Healthwatch England
We are required to share information with Healthwatch England to ensure that your views are considered at a national level. This enables them to analyse service provision across the country and supply the Department of Health and national commissioners with the information you provide.
Find out more about Healthwatch England and what they do.
Unless specified below, the information we provide to Healthwatch England contains no personally identifiable data. Any information that is used for national publications is anonymised.
How we share information with other organisations
We only share personal information with other organisations where it is lawful to do so and in accordance with our Information Governance Policy. Information is shared in order to fulfil our remit which is to pass on your experiences of care to help improve them on your behalf.
We work with Healthwatch England, the Care Quality Commission (CQC), local commissioners, NHS Improvement and our local authority to make this happen. We can also engage external suppliers to process personal information on our behalf.
We will only disclose your personal information where we have your consent to do so, or where there is another very good reason to make the disclosure – for example, we may disclose information to CQC or a local authority where we think it is necessary to do so in order to protect a vulnerable person from abuse or harm.
Any such disclosure will be made in accordance with the requirements of the current data protection legislation.
Wherever possible, we will ensure that any information that we share or disclose is anonymised, so as to ensure that you cannot be identified from it.
We sometimes use other organisations to process personal data on our behalf. Where we do this, those companies are required to follow the same rules and information security requirements as us, outlined in a Data Processing Agreement. They are not permitted to use reuse the data for other purposes.
The organisations that we use are as follows:
| Name of company/organisation | The service they perform for us, or their function |
| David Allen IT | IT hosting |
| David Allen IT | IT maintenance |
| Whitebear | Website maintenance |
| Breathe HR | HR Function |
| David Allen Accountants | Accountants |
| Unity Bank | Banking |
| David Allen IT | Telephone (land line) |
| N/A | Mobiles |
| N/A | Confidential waste disposal |
| N/A | Fundraising |
| Sage | Payment platforms |
| Facebook, Instagram, X, BlueSky, LinkedIn, YouTube | Social media |
| Smart Survey | Deliver our e-newsletter |
*Please be aware that these organisations are data controllers in their own right and we encourage you to read their privacy notices
Retention and disposal of personal data
We have a retention and disposal schedule which explains how long we keep different types of records and documents for, including records and documents containing personal data. Personal data is deleted or securely destroyed at the end of its retention period. If you would like more information about this then please contact us at gdpr@wearepeoplefirst.co.uk
Your rights
Under data protection law, you have rights we need to make you aware of.
The rights available to you depend on our reason for processing your information. You can exercise these rights by making either a written or a verbal request unless it is stated otherwise.
- Your right of access
You have the right to ask us for copies of your personal information. This right always applies.
- Your right to rectification
You have the right to ask us to correct information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete. This right always applies.
- Your right to erasure
You have the right to ask us to erase your personal information in certain circumstances, for example where we have asked for your consent to use it.
- Your right to restriction of processing
You have the right to ask us to restrict the processing of your information in certain circumstances.
- Your right to object to processing
You can object to processing when we are using your data:
- for a task carried out in the public interest;
- for the exercise of official authority;
- for their legitimate interests;
- for scientific or historical research, or statistical purposes; or
- for direct marketing purposes.
- Your right to data portability
This only applies to information you have given us. You have the right to ask that we transfer the information you gave us from one organisation to another, or give it to you. Requests should be made in writing.
- Your right in relation to automated decision making and profiling.
Healthwatch County Durham does not use any of your personal data to make automated decisions. We may create profiles of our clients and supporters in order to ensure that they only receive information that is appropriate for them. You have the right to stop us doing this and can do so by contacting us in writing at the address given.
For more information about your rights you can visit the ICO website
Requests in writing should be made to gdpr@wearepeoplefirst.co.uk or send it by post to:
The Business Manager, People First, Milbourne Street, Carlisle, Cumbria, CA2 5XB.
Complaints about how we look after or use your information
If you are unhappy about the way we handle your personal information please let us know verbally or in writing by contacting us at the address given below.
We will explain how we have processed your personal information and if we have made a mistake will tell you how we will put this right.
If you are still dissatisfied, you may report your concern to the Information Commissioner’s Office (ICO) by contacting:
Wycliffe House, Water Lane, Wilmslow SK9 5AF
Tel. 0303 123 1113
https://ico.org.uk/global/contact-us/
Our contact details and key roles
Healthwatch County Durham is hosted by People First. Any issues relating to the processing of personal data by or on behalf of Healthwatch County Durham may be addressed to:
The Business Manager, People First, Milbourne Street, Carlisle, Cumbria, CA2 5XB.
Other information for people who use our website
Please note that this privacy notice does not cover links within our website to other websites.
We collect your IP (internet protocol) address when you browse this website.
Cookies
Cookies are small text files which are transferred to your computer or mobile when you visit a website or app. We use them to help us understand how people are using our services, so we can make them better.
Please be aware that some systems on our website require the use of cookies, but we will always state if this is the case. We will never collect and store information about you without your permission.
Find out about our use of cookies
To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit www.aboutcookies.org or www.allaboutcookies.org.
Our e-newsletter
Healthwatch County Durham uses a third party provider, Smart Survey, to deliver our e-newsletters. Healthwatch County Durham gathers statistics around email opening and clicks using industry standard technologies to help us monitor and improve our e-newsletter. To enable us to send our newsletter your name and email address is logged with Smart Survey. For more information, please see Smart Survey’s privacy notice. You can unsubscribe at any time, using the unsubscribe link on the bottom of the e-newsletter.
Information about people who share their experiences with us by other means
There are a number of ways that we collect feedback from people about their experiences of using health and social care services day to day. Our staff will visit different health and social care settings as part of their role to evaluate how services are being delivered. We also receive phone calls and requests for information directly from members of the public as part of our signposting service.
Where personally identifiable information is collected we will ensure that we have your consent to keep it if applicable and we will be clear on how we intend to use your information. We will aim to anonymise information where we can but there may be instances where this is not possible in order to make change happen on your behalf. There may be exceptional circumstances where we can and will keep the data without consent but we must have a lawful basis for doing so, such as for safeguarding purposes.
We ensure that where consent is required it will be freely given, used only for agreed specific and unambiguous purposes and that you are well informed about how the information will be kept. This includes where it will be stored, details on security and for how long it will be kept. We will comply with current data protection legislation at all times.
Personal information may be collected with your consent through:
- Our signposting and advice service
- When we receive feedback by phone, outreach work or through surveys
- Enter and View activity
Personal data received from other sources
On occasion we will receive information from the families, friends and carers of people who access health and social care services. We use this data to inform providers and commissioners to help them deliver services that work for you.
Where it is practically possible, we will make sure that we have your consent to use information that is about you. We will only process your personal data where there is a lawful basis to do so under current data protection legislation.
Publishing information
In most circumstances we anonymise data to ensure that a person cannot be identified, unless this has been otherwise agreed and consent has been given.
Our data systems
Healthwatch England provides a secure digital system for local Healthwatch to manage their data. Other organisations process the data contained within it on behalf of local Healthwatch and a Data Processing Agreement is in place to ensure that this is held securely and according to current data protection legislation.
Healthwatch England is a committee of the Care Quality Commission (CQC) but acts independently. These organisations must comply with all legal requirements and do not reuse any data for any other reason or make it available to others.
Data policy
Please find our full Data Policy document below. This includes detailed information on:
- Data protection
- Subject access requests (SARs)
- Physical security
The policy has been updated and approved by our Data Protection Officer, Catherine Hunt.