Healthwatch Bristol, North Somerset and South Gloucestershire Privacy Policy

Healthwatch Bristol North Somerset and South Gloucestershire (HW BNSSG) are fully compliant with the 2018 GDPR Act and 2018 UK Data Protection Act which protect public rights under the law. We are registered with the Information Commissioners Office and have a Data Controller (Chief officer) and Data Protection Officer (our Volunteer Coordinator). Click here to visit the ICO website.

This Privacy Statement sets out the data processing practices conducted by Healthwatch BNSSG. We retain and process personal data (information that relates to and identifies living people) as it is essential in our role as the local independent champion for people who use health and social care services.

Find out more here: www.healthwatchnorthsomerset.co.uk/what-we-do

We make sure that personal information is protected and treated securely. Any information that the public give will be held in accordance with UK General Data Protection Regulation (GDPR) 2018 and the Data Protection Act 2018. Our Information Asset Register is available for people to read to give further clarity about how data relating to them is managed and kept secure. This includes our retention schedule (details of how long we will retain specific types of information) and details about the lawful basis for storing and keeping personally identifiable information. Our asset register details are available by contacting our administration officer on 01275 851400 or emailing admin@healthwatchbnssg.co.uk

Security  

We are committed to data security and take reasonable and appropriate steps to protect your personal information from unauthorised access, loss, misuse, alteration, or corruption. 

We have put in place physical, electronic, and managerial procedures to safeguard and secure the information the public provide to us. 

Only authorised employees and contractors under strict controls will have access to your personal information.

Information we collect  

We collect personal information from visitors to each Healthwatch website in our contract across Bristol, North Somerset and South Gloucestershire using online forms such as ‘Share Your Views.’ We also collect feedback and views from people about the health and social care services that they access. In addition, we receive information about our staff, board members, volunteers and people who apply to work for us.

Examples of the information we collect include: 

  • Information submitted when people contact us by mail, phone, email, or via social media. 
  • Information people share when feeding back about local health and social care services on our ‘Share Your Views’ or directly with our staff in a community setting.
  • Emails people send to our contact@ email addresses in the three Healthwatch areas in our contract, or those of staff members or volunteers. 
  • Information we log when people contact our Information and Signposting service.

Information obtained in surveys either online via SurveyMonkey, SmartSurvey or on paper. 

How we will use personal information  

Personal information about may be used for the following purposes: 

  • in our day-to-day work
  • to identify members or volunteers of Healthwatch BNSSG
  • to send our newsletter by email to update the public about the work of relevant health and social care organisations
  • to respond to any queries the public may have
  • to share with services and commissioners to improve the quality and safety of health and social care services in accordance with our statutory purpose and functions

This may include any personal information that the public choose to share with us, but we will treat this as confidential and protect it accordingly. We will never include identifiable personal information in published reports without a clear and recorded positive indication of your consent. 

Healthwatch BNSSG will never share information that includes personal information with a third party unless we have permission, or we believe somebody may be at risk of harm. We might, for example, raise an issue for safeguarding based on the information that is shared. 

How we share information with other organisations  

We share personal information with other organisations lawfully under article 6 or article 9 of the General Data Protection Regulation in accordance with our Privacy policy. Information is shared to fulfil our remit which is to pass on experiences of health and social care to help bring insights that improve services. 

We work with Healthwatch England, the Care Quality Commission (CQC), NHS England, the Integrated Care System, local service providers, and our local authorities to make this happen. We may also engage external suppliers to process personal information on our behalf if they are GDPR compliant. Where we do this, with Healthwatch England and others, are required to follow the same rules and information security requirements as us. We will seek assurances in a Data Sharing Agreement which sets out the terms for the use of the data. 

We will only disclose the publics personal information where we have your consent to do so, or where there is a valid reason to make the disclosure. Such a disclosure will be made in accordance with the requirements of the current data protection legislation. Wherever possible, we will ensure that any information that we share or disclose is anonymised so that you cannot be identified from it. 

Signing up to our newsletter  

The following paragraphs set out why the data processing required for our newsletter distribution is necessary for us to perform a task in the public interest. 

We are required under the GDPR to identify a clear basis in either statute or common law for the relevant task, function, or power for which we are using personal data. We have several statutory duties under The Local Government and Public Involvement in Health Act 2007. 

These include (amongst others): 

  • Promoting and supporting the involvement of local people in the commissioning, the provision and scrutiny of local care services. 
  • Enabling local people to monitor the standard of provision of local care services and whether and how local care services could be improved. 

Promoting HW BNSSG work through the newsletter is an important part of meeting these requirements in law. This is because it encourages people and other stakeholders to share stories about local care services. It also keeps the public informed about key developments in health and care locally so that they can critically assess changes and help us monitor those changes. This is central to our role as the consumer champion for health and social care services in BNSSG.

It is in the interests of the public to hear about any opportunities through which they may influence, shape, challenge or improve their local NHS and social care service provision. Personal details have been provided to us by recipients and recipients have chosen to participate in this list. Participation in no way negatively impacts your rights. 

Healthwatch England has a duty to monitor services at a national level and stories shared anonymously by us enable this to take place. We have a duty under The Local Government and Public Involvement in Health Act 2007 to do this. These are public tasks and meet the requirements of statutory duties. These activities then are important to both the data controller and Healthwatch England. 

In our capacity as the consumer champion for health and social care services in BNSSG, we have specific interests, and this is reflected in our members and stakeholders who share the same interests and have enrolled voluntarily to participate in our agenda locally.

Our mailing list is not used for profiling or other marketing activity. Email clicks and opens may be tracked to help us monitor performance. Participants can unsubscribe at any time and are reminded how to do so as well as being provided with this privacy notice. 

Certain safeguards and measures are also taken to protect the rights of data subjects: 

  • Recipients will be informed about GDPR and reminded how to unsubscribe. 
  • Recipients can unsubscribe at any time by clicking on links within emails sent to them. 
  • Recipients can unsubscribe at any time by contacting our office number. 
  • Emails are processed and sent via a system that ensures that recipients cannot be identified by each other. 
  • Staff work in accordance with the requirements of the GDPR and the Data Protection Act. 
  • Contact data is held within the European Economic Area (EEA). 

Information about people who use our websites 

Please note that this statement relates to links within this website and those of Healthwatch Bristol and Healthwatch South Gloucestershire.

When the public browse through the information on this website, it does not store or capture personal data. It does log your IP address (as it is automatically recognised by the web server) but this is only so the website can be downloaded onto a device rather than for any tracking purpose.

We will only collect personal data provided, such as:

  • feedback from surveys and online forms

email addresses All data is stored securely and protected using cyber protections and security system and network protection. This is monitored 24 hours a day, seven days a week for security incidents and ensures operational continuity.

Healthwatch BNSSG follows accepted industry standards to protect the information submitted to us, both during transmission and once we receive it.

This includes, for example, password protection and other access and authentication controls.

Information we collect through our websites 

User provided information 

We may collect Personal Data including name and email address or geographic area provided by the public.

Automatically Collected Information 

Technology, including cookies may collect: 

  • IP address or other device address or ID 
  • Web browser and/or device type 
  • The web pages or sites visited just before or just after using our service 
  • The pages or other content viewed or interacted with 
  • The dates and times of a visit, access, or use of a communication platform 

We also may use these technologies to collect information regarding a visitor or users email This information is gathered from all users and visitors.

Analytics 

We use Google Analytics to measure and evaluate access to and traffic on the Public Area of the three websites and create user navigation reports.

Google operates independently from us and has its own privacy policy, which we strongly suggest you review. Google may use the information collected through Google Analytics to evaluate Users’ and Visitors’ activity on our Site (including the number of people who have spent time on our websites and other such statistics).

The data collected will only be used on a need-to-know basis to resolve technical issues, administer the sites, and identify visitor preferences; but in this case, the data will be in non-identifiable form. We do not use any of this information to identify Visitors or Users. 

Cookies  

Cookies allow web applications to respond to each user as an individual. The web application can tailor its operations to specific needs, likes and dislikes by gathering and remembering information about preferences. 

We only use this information for statistical analysis purposes and then the data is removed from the system. 

Overall, cookies help us provide you with a better website by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us. 

You can choose to accept, decline, or specify the level of data taken by cookies.

Information about people who share their experiences with us by other means

There are several ways that we collect feedback from people about their experiences of using health and social care services day to day. 

This includes: 

  • When people complete and submit information about providers of NHS and social care services on our websites Share Your Views pages of our websites 
  • Our staff will visit different health and social care settings as part of their role to evaluate how services are being delivered. 
  • When people submit information in response to one of our surveys or projects 
  • In conversation with our staff and volunteers completing Enter and View visits on our behalf. 
  • When people share their experience with us by post (we have a Freepost address) 
  • People may share their experiences electronically direct to our staff, at our Engagement Hub.
  • Via phone calls and through requests for information directly from members of the public as part of our Information and Guidance service. 
  • Personal data received from other sources. 

Where personally identifiable information is collected, we ask the public for their consent to keep it and we are clear on how we intend to use the information. We anonymise information in almost every instance. There may be exceptional circumstances where we can and will keep the data without consent using our lawful basis for doing so. 

Consent may be requested verbally, or in written form, and used only for agreed specific and unambiguous purposes and that you are well informed about how the information will be kept. This includes where it will be stored, details on security and for how long it will be kept. We will always comply with current data protection legislation. 

Personal data received from other sources

We receive information from the families, friends and carers of people who access health and social care services. We use this data to inform providers and commissioners to help them deliver services that work for you. 

Where it is possible, we will make sure that we have your consent to use information that is about you. We will only process your personal data where there is a lawful basis to do so under current data protection legislation. 

Publishing information

In most circumstances we anonymise our data to ensure that a person cannot be identified unless this has been otherwise agreed and consent has been given.

Sharing your data with Healthwatch England

We are required to share information with Healthwatch England under our statutory duty and this is set out in a data sharing agreement. This ensures that your views are considered at a national level. This supplies the Department of Health and Social Care with the information you provide. 

Find out more about Healthwatch England’s purpose at.www.healthwatch.co.uk 

The information we provide to Healthwatch England used for national publications is anonymised.

Our data systems  

Healthwatch BNSSG inputs data on a Google Form and shares collated data on an Excel spreadsheet a Data Processing Agreement is in place to ensure that this is held securely and according to current data protection legislation. 

Healthwatch England is a committee of the Care Quality Commission (CQC) but acts independently. These organisations must comply with all legal requirements and do not reuse any data for any other reason or make it available to others.

Information about people who contact HW BNSSG for Information and Guidance

We provide an information and guidance service to the public about accessing health and social care services. This includes: 

  • A free, friendly, and confidential service that is independent from the NHS and social care services. 
  • We signpost members of the public by supplying the contact details for a range of services that best supports their request. They then need to contact those organisations themselves. 
  • We give information about choices regarding where the public might get help in relation to their health, social care, and wellbeing needs. 
  • We can put the public in touch with sources of information on local NHS and social care services. 
  • We give information about how to make a complaint. 

We may process the following information when people contact our service: 

  • Name –used only in connection with the query and not for any other purpose. 
  • Email address – for the purpose of sharing information about local and national sources of support appropriate to the public’s needs (related to the signposting request). 
  • A telephone number used only in connection with the query and not for any other purpose.
  • A summary of the circumstances surrounding the purpose of the call –We may share this information with our commissioners and other stakeholders about the types of queries we receive. 
  • A record of where we signposted (names of organisations and groups) – This information is recorded in order that we can demonstrate the breadth of signposting delivered by our service to our commissioner and to the public to which we are accountable. 

If contact with our service is made by telephone, people will be asked to verbally indicate their consent for us to store information about them and a record of this consent will be maintained. 

Information about our own staff and people applying to work with us  

We process personal data about our staff (and people applying to work for us), so that we can conduct our role and meet our legal and contractual responsibilities as an employer.

An annual Equality and Diversity survey by Healthwatch England collects equalities data on LHW staff. The anonymous personal data that we pass on includes information about age, racial or ethnic origin, religion, disability, gender, sexuality, housing status and health. Healthwatch England use this information to check we are promoting and ensuring diversity in our recruitment and to make sure we are complying with equalities legislation.

Other personal data that we are required to process includes information on qualifications and experience, pay and performance, family and individual contact details and bank details.

We check that staff who work for us are fit and suitable for their roles. This may include asking people to undertake a standard Disclosure and Barring Service (DBS) check.

On joining Healthwatch staff, are asked to complete a ‘’Register of interests’ form to identify any services with which they have close links (for example, because they have previously worked there or because the service is run by a close relative) or any other issues which could cause a perceived conflict of interest. Our staff, declare any ‘conflict of interest’ at Prioritisation Panel meetings. These can be found in ‘What we do’ on our websites.

We have a legal obligation to comply with the Freedom of Information Act 2000 and this may include the requirement to disclose some information about our employees. We also publish biographical information about our staff including their names and their work contact details.

Information about people who volunteer for us, including our Board of Trustees 

We need to process personal data about our volunteers including our Board of Directors, so that we can conduct our role and meet our legal and contractual responsibilities. 

The personal data that we process includes information about age, racial or ethnic origin, religion, disability, gender, and sexuality. We use this information to check we are promoting and ensuring diversity in our workforce and to make sure we are complying with equalities legislation. 

sharing this monitoring data with us is not an obligation and they can choose to withdraw their consent for this at any time.

Other personal data that we may process includes information on qualifications and experience, contact details and bank details for the payment of expenses. 

We check that people who volunteer for us are fit and suitable for their roles. This includes asking people to declare unspent convictions if they are applying to volunteer in an engagement role. Authorised representatives for Enter and View work will have a standard Disclosure and Barring Service (DBS) check.

Volunteers and Board members joining Healthwatch BNSSG will be asked to complete a ‘Register of interests’ form to identify any services with which they have close links (for example, because they have previously worked there or because the service is run by a close relative) At Board meetings they are asked to disclose issues which could cause a perceived conflict of interest.   These forms can be found in ‘What we do’ on our websites.

We have a legal obligation to comply with the Freedom of Information Act 2000 and this may include the requirement to disclose some information about our Board of Directors, Prioritisation Panel and Enter and View volunteers.

Information about people that take part in our research projects  

The information we collate when conducting research may vary for several reasons that might include the type of research conducted or the subject matter. We aim to coproduce our research wherever possible, and names and contact details will help us support participation in the research. Other anonymised demographical information will be collected from research participants and other details if relevant. 

Healthwatch BNSSG will only collate information that is relevant to the research, and we will never publish names, or other information, without consent (e.g. case studies). The public have the right to withdraw consent at any time.

Children’s Privacy  

Healthwatch BNSSG will not knowingly process the personal information of people under the age of thirteen without the consent of a parent or guardian under GDPR guidelines. We will always make an assessment as to whether sharing or processing such information may put a child or young person at risk. Healthwatch BNSSG has a Safeguarding Policy that is applicable to individuals under the age of 18 years.

Retention and disposal of personal data

Our Information Asset Register includes a retention and disposal schedule which explains how long we keep several types of records and documents for, including records and documents containing personal data. Personal data is deleted or securely destroyed at the end of its retention period. 

The Public's rights to access information about them

If the public think we hold personal data relating to them and want to see it, they can email to admin@healthwatchbnssg.co.uk call 01275 851400.

Correcting or deleting your personal data

If the public know that we are holding their personal data and believe that it may be wrong, or if they want it to be deleted or for us to stop using it, they have a right to request that it can be deleted or amended by using the above contact details.

Complaints about how we look after or use the public's information

If anyone feels that we have not met our responsibilities under GDPR and data protection legislation, they have a right to request an independent assessment from the Information Commissioner’s Office (ICO) with whom we are registered. You can find details about them on their website

Our key roles

Healthwatch BNSSG has a designated data controller under Article 37 of the GDPR: This is the Chief Officer of HW BNSSG, Unit 21, Unions Gallery (middle floor) The Galleries BS1 3DX.

This policy will be reviewed every two years by the Healthwatch Bristol, North Somerset and South Gloucestershire Board of Trustees.

Signed 

Georgie Bigg, Chair of Healthwatch Bristol, North Somerset and South Gloucestershire Board of Directors. 

Date of policy refresh: 9th January 2024