General information

This Privacy Statement sets out the data processing practices carried out by Healthwatch Norfolk.

We retain and use personal data (information that relates to and identifies living people) to help us carry out our role as the local independent champion for people who use health and social care services.

We will always make sure that your information is protected and treated securely. Any information that you give will be held in accordance with:

• Data Protection Act 2018
• General Data Protection Regulation (GDPR) 2016

Please contact us to request a copy of our Data Protection Policy.

We also make our Information Asset Register available for people to read to give further clarity about how data relating to them is managed and kept secure. This includes our retention schedule and clear details about the lawful basis for storing and keeping personally identifiable information. Please contact us to request a copy of our Information Asset Register.

Controller’s contact details

Healthwatch Norfolk is the data controller for all the personal data that you enter onto https://www.healthwatchnorfolk.co.uk/. Any issues relating to the processing of personal data by or on behalf of Healthwatch Norfolk should be addressed to:

Healthwatch Norfolk
Suite 6
Elm Farm
Norwich Common
Wymondham
NR18 0SW

Telephone: 01953 856029

Email: [email protected]

 

How do Healthwatch Norfolk collect information

Most of the personal information we process is provided to us directly from you for one of the following purposes:

• You are filling out an online form or survey providing feedback on health and social care
• You are sending an enquiry to us
• You have requested information from us
• You have subscribed to our newsletter
• You wish to attend, or have attended, one of our events
• You have applied to work for us

We also receive personal information indirectly, in the following situations:

• We have contacted an organisation about an enquiry you have made and they give us your personal information in their response
• From other public authorities, regulators or bodies
• An employee of ours gives your contact details as an emergency contact or a referee

On occasion we will receive information from the families, friends and carers of people who access health and social care services. 

Where it is practically possible, we will make sure that we have your consent to use information that is about you. We will only process your personal data where there is a lawful basis to do so under current data protection legislation.

The information we collect and why

Purpose and legal basis for processing

Our purpose as Healthwatch Norfolk is to collect feedback from the local community about health and social care services in Norfolk.

We collect personal information from visitors to this website through the use of online forms, emails and at face-to face engagement events. In addition, we receive information about our own staff, people who apply to work for us and people who use our website.

What information we need

In our day-to-day work we collect your experiences of health and social care services in Norfolk to help providers and commissioners shape service delivery. This may include details of treatment, waiting times, level of service provided etc.

Alongside your experience we collect some personal data, this includes: 

• The first half of your postcode
• Name (optional – reviews can be left anonymously)
• Email (only used to communicate with users regarding their feedback)
• Consent
• Confirmation that you are over 16 years of age
• Option to subscribe to our newsletter

We also get involved in a number of projects alongside our day-to-day engagement and the type of personal data we collect may vary within our project work.

Information about people who share their experiences with us by other means

There are a number of ways that we collect feedback from people about their experiences of using health and social care services. Our staff will visit different health and social care settings as part of their role to evaluate how services are being delivered. We also receive phone calls and requests for information directly from members of the public as part of our signposting service.

Where personally identifiable information is collected, we will ensure that we have your consent to keep it and we will be clear on how we intend to use your information. We will aim to anonymise information where we can but there may be instances where this is not possible in order to make change happen on your behalf. There may be exceptional circumstances where we can and will keep the data without consent, but we must have a lawful basis for doing so, such as for safeguarding purposes.

We ensure that where consent is required it will be freely given, used only for agreed specific and unambiguous purposes and that you are well informed about how the information will be kept. This includes where it will be stored, details on security and for how long it will be kept. We will comply with current data protection legislation at all times.

Personal information may be collected with your consent through:

• Our signposting and advice service
• When we receive feedback by phone, outreach work or through surveys
• Enter and View activity

Information about our own staff and people applying to work for us

We need to process personal data about our own staff (and people applying to work for us) so that we can carry out our role and meet our legal and contractual responsibilities as an employer.

The personal data that we process includes information about racial or ethnic origin, religion, disability, gender and sexuality. We use this information to check we are promoting and ensuring diversity in our workforce and to make sure we are complying with equalities legislation.

Our employees decide whether or not to share this monitoring data with us, and can choose to withdraw their consent for this at any time. Employees who wish to withdraw their consent for us to process this data can let us know.

Other personal data that we are required to process includes information on qualifications and experience, pay and performance, contact details and bank details.

We check that people who work for us are fit and suitable for their roles. This may include asking people to undertake Disclosure and Barring Service (DBS) checks.

People joining Healthwatch Norfolk will be asked to complete a ‘declaration of interests’ form to identify any services with which they have close links (for example, because they have previously worked there or because the service is run by a close relative) or any other issues which could cause a perceived conflict of interest. Staff are regularly asked to update these forms.

We have a legal obligation to comply with the Freedom of Information Act 2000 and this may include the requirement to disclose some information about our employees – especially those in senior or public facing roles. We also publish some information about our staff, including the names and work contact details of people in some roles.

Information about children

We do not proactively collect personal information directly from children. However, we are sometimes given information about children while working on a project. Therefore some information in the relevant parts of this notice applies to children as well as adults.

Categories of personal data we may collect

The type of personal data we collect will vary depending on the purpose for collecting the data. These are some of the categories of personal data we may collect. (Please note we will state the purpose for collecting the data at time of collection and it will only be stored for this purpose.)

• Personal details
  – Name
  – Date of Birth/Age
  – Gender
  – Marital status
• Contact details
  – Name
  – Phone number
  – Email address
• Special category data
  – Racial or ethnic origin
  – Religion or philosophical beliefs
  – Sexual orientation
  – Health data including disabilities
• Employment history
  – Job/Profession
  – Former employers/ work history
  – References
• Locational data
  – First half of postcode
• Preferences
  – Preferred contact method
• Consent
  – Any permissions or consents relating to collecting and processing individual’s data
  – Consent for who we might share individual’s data with

Why we need the data and what we do with it

The personal information you provide us with can be used for the following purposes:

• To send you our newsletter when requested
• To respond to any queries you may have
• To assist in improving the quality and safety of care
• To provide a high quality service to patients and the public
• To ensure that feedback can be provided
• To ensure good support and supervision to volunteers 
• To comply with all employment, charity and company legal requirements
• To comply with quality assurance systems

We do some of these things are part of the statutory role as a local Healthwatch, established under the Health and Social Care Act 2008 (as amended by the Health and Social Care Act 2012).

Any personal data that you choose to share with us will be treated as confidential and we will protect it accordingly.

We will always make sure that your information is protected and treated securely. Any information that you give us will be held in accordance with:

• Data Protection Act 1998 
• General Data Protection Regulation (GDPR)

Please contact us to request a copy of our Information Governance Policy.

We will never include your personal data in our reports. In most circumstances we anonymise our data to ensure that a person cannot be identified, unless this has been otherwise agreed and consent has been given.

How long we keep data

We publish a retention and disposal schedule which explains how long we keep different types of records and documents for, including records and documents containing personal data. Personal data is deleted or securely destroyed at the end of its retention period.

We also make our Information Asset Register available for people to read to give further clarity about how data relating to them is managed and kept secure. This includes our retention schedule and clear details about the lawful basis for storing and keeping personally identifiable information. Please contact us to request a copy of our Information Asset Register.

Your data protection rights

Under data protection law, you have rights which we need to make you aware of. Your rights will depend on our reason for processing your information.

• Right to access your information – You have the right to ask us to see the personal information we hold relating to you. This right always applies
• Right to rectification – You have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete. This right always applies
• Right to erasure – You have the right to ask us to erase your personal information in certain circumstances
• Right to restriction of processing – You have the right to ask us to restrict the processing of your information in certain circumstances
• Right to object to processing – You have the right to object to processing (use) of your personal data in some circumstances
• Right to data portability – This only applies to information you have given us. You have the right to get your personal data from us in a way that is accessible and machine-readable, for example as a CSV file. You also have the right to ask us to transfer your data to another organisation. We must do this if the transfer is, as the regulation says, “technically feasible”

You are not required to pay any charge for exercising your rights. We have one month to respond to you.

Please contact us if you wish to make a request by:

Emailing: [email protected]

OR

Sending your request in the post to: Healthwatch Norfolk, Suite 6, Elm Farm, Norwich Common, NR18 0SW.

Our data systems

Whitebear provide a secure digital system for Healthwatch Norfolk to manage the data you enter into your feedback centre. The data contained within it is processed on behalf of local Healthwatch and a Data Processing Agreement is in place to ensure that this is held securely and according to current data protection legislation. 

We also use a third-party supplier to provide our newsletter service. By subscribing to this service you will be agreeing to them handling your data. This supplier follows the requirements of the Data Protection Act 1998 in how they obtain, handle and process your information and will not make your data available to anyone other than Healthwatch.

Data from your local Healthwatch is shared with Healthwatch England. Healthwatch England is a committee of Care Quality Commission (CQC) but acts independently. These organisations must comply with all legal requirements and do not reuse any data for any other reason and will not make it available to others.

Security

We are strongly committed to data security. We take reasonable and appropriate steps to protect your personal information from unauthorised access, loss, misuse, alteration or corruption.

We have put in place physical, electronic and managerial procedures to safeguard and secure the information you provide to us.

Only authorised employees and contractors under strict controls will have access to your personal information.

Personal data will not be transferred to any third countries or international organisations.

Sharing your information

We only share personal information with other organisations where it is lawful to so and in accordance with our Information Governance Policy. Information is shared in order to fulfil our remit which is to pass on your experiences of care to help improve them on your behalf.

Posting your feedback publicly on our website allows others to see it. It also allows us to feature it in our reports to help make changes to local services. When you submit your review to us you have the option to remain anonymous – this means you do not need to include your name alongside your review.

If we see any trends or themes in the feedback we receive, we may send this information directly to relevant health and social care organisations. Below are some organisations we may send feedback to:

Norfolk organisations

Norfolk County Council
The Council run lots of health and social care services in Norfolk including care homes, domiciliary care, and children’s services.
Website: https://www.norfolk.gov.uk/care-support-and-health    

Carers organisations
There are several carers organisations which operate in Norfolk, including Carers Matter Norfolk, Norfolk Family Carers, and Caring Together. For a full list of organisations who can help support carers, see this page of our website: https://healthwatchnorfolk.co.uk/information-and-advice/information-and-advice-services/carers/ 

Norfolk and Suffolk Foundation Trust (NSFT)
NSFT provide mental health and learning disability services across the two counties.
Website: https://www.nsft.nhs.uk/Pages/Home.aspx

Norfolk and Norwich University Hospital
The hospital is based in Norwich and provides nearly 1 million outpatient appointments each year, as well as looking after people as inpatients. They also run Cromer Hospital in North Norfolk.
Website: https://www.nnuh.nhs.uk/

James Paget University Hospital
The James Paget is situated in Gorleston and provides care to Great Yarmouth, Lowestoft and Waveney’s 250,000 population.
Website: https://www.jpaget.nhs.uk/

Queen Elizabeth Hospital King’s Lynn
The Queen Elizabeth Hospital serves around 280,000 people in West Norfolk as well as parts of Lincolnshire and Cambridgeshire.
Website: http://www.qehkl.nhs.uk/


National organisations
Care Quality Commission (CQC)
The CQC are the independent regulator of health and adult social care in England – they make sure services are safe and effective.
Website: https://www.cqc.org.uk/

NHS England and NHS Improvement (NHSE&I) – East of England
Norfolk sits within the NHSE&I East of England, one of seven NHS regions across the country. The East of England region supports the commissioning of health services within the region.
Website: https://www.england.nhs.uk/east-of-england/

Healthwatch England
Healthwatch is a national organisation, with local branches overseen by Healthwatch England. We share our feedback with Healthwatch England so that they can factor it into any patterns or themes that are emerging across the country.
Website: https://www.healthwatch.co.uk/

We will only disclose your personal information where we have your consent to do so, or where there is another very good reason to make the disclosure ­– for example, we may disclose information to CQC or a local authority where we think it is necessary to do so in order to protect a vulnerable person from abuse or harm. Any such disclosure will be made in accordance with the requirements of the current data protection legislation.

Wherever possible, we will ensure that any information that we share or disclose is anonymised, so as to ensure that you cannot be identified from it.

We sometimes use other organisations to process personal data on our behalf. Where we do this, those companies are required to follow the same rules and information security requirements as us, outlined in a Data Processing Contract. They are not permitted to use or reuse the data for other purposes.

We are required to share information with Healthwatch England to ensure that your views are considered at a national level. This enables them to analyse service provision across the country and supply the Department of Health and national commissioners with the information you provide.

Find out more about Healthwatch England’s purpose and what they do.

The information we provide to Healthwatch England contains no personally identifiable data. Any information that is used for national publications is anonymised and will only be used with the consent of a local Healthwatch.

Your right to complain

We believe it is very important to keep your personal information secure and we work to high standards to do so. If you feel that we have not met our responsibilities under data protection legislation, please contact us at [email protected] and we would be happy to help.

If you remain dissatisfied, you can request an independent assessment from the Information Commissioner’s Office (ICO).

Information about people who use our website and cookies

When you browse our website, it does not collect or store your personal data. It does make a log of your IP address much like other websites do (as it is automatically recognised by the website server) but this will not identify you personally.

We will only collect personal data knowingly provided by you, such as:

• feedback provided to us on surveys and online forms
• information sent to email addresses
• preferred means of communication

Please be aware that our website requires the use of cookies, which is a string of information that a website stores on your computer and your browser provides to our website each time you return. WordPress.org (our website provider) uses cookies to help Healthwatch Norfolk identify and track visitors and your website access preferences. If you do not wish to have cookies placed on your computers, you should set your browsers to refuse cookies before using the Healthwatch Norfolk website. Read our cookie policy here.

Links to other websites

If we are linking to other organisations and their website, this privacy notice does not cover how they may process personal information. Please take a moment to read their privacy notice when you visit their website to make sure you are confident with how they process personal information.

Signing up to our newsletter

We use a third-party supplier to provide our newsletter service. By subscribing to this service you will be agreeing to them handling your data.

The third-party supplier handles the data purely to provide this service on our behalf. This supplier follows the requirements of the Data Protection Act 1998 and GDPR in how they obtain, handle and process your information. They will not make your data available to anyone other than Healthwatch Norfolk.