We will always make sure that your information is protected and treated securely.

Any information that you give will be held in accordance with the Data Protection Act 1998 and the UK General Data Protection Regulation (GDPR) and Data Protection Bill.

In addition to this privacy statement, you might also find the following documents useful:

Confidentiality Policy

Managing Information & Privacy Policy

Information we collect

We collect personal information from visitors to this website through the use of online forms and every time you email us your details. We also collect feedback and views from you about the health and social care services that you access. In addition we receive information about our own staff and people who apply to work for us.

Security

We are strongly committed to data security and we take reasonable and appropriate steps to protect your personal information from unauthorised access, loss, misuse, alteration or corruption.

We have put in place physical, electronic, and managerial procedures to safeguard and secure the information you provide to us.

Laptops and electronic equipment are password protected. Electronic data is stored on secure servers that are regulated to industry standards and compliant with the UK GDPR. Most of our data is stored on servers based in the UK. Data is only stored in the US with companies who have signed up to the EU/Swiss Privacy Shield.

Only authorised employees, volunteers and contractors under strict controls will have access to your personal information.

How we share information with other organisations

We only share personal information with other organisations where it is lawful to do so and in accordance with our Information Governance Policy. Information is shared in order to fulfil our remit which is to pass on your experiences of care to help improve them on your behalf.

We work with Healthwatch England, the Care Quality Commission (CQC), local commissioners, NHS and social care providers and public health locally to make this happen. We can also engage external suppliers to process personal information on our behalf.

We will only disclose your personal information where we have your consent to do so, or where there is another lawful basis to make the disclosure – for example in cases of safeguarding. Any such disclosure will be made in accordance with the requirements of the current data protection legislation.

Wherever possible, we will ensure that any information that we share or disclose is anonymised, so as to ensure that you cannot be identified from it.

We sometimes use other organisations to process personal data on your behalf. Where we do this, those companies are required to follow the same rules and information security requirements as us, outlined in a Data Processing Contract. They are not permitted to reuse the data for other purposes.

Retention and disposal of personal data

Our data retention and disposal schedule is available to members of the public on request, however the general principles are outlined in our Managing Information & Privacy Policy (link provided above). This explains how long we keep different types of records and documents for, including records and documents containing personal data. Personal data is deleted or securely destroyed at the end of its retention period.

Your rights

  • Your right to access information about you - If you think we may hold personal data relating to you and want to see it, please complete our subject access request form or write to us at Healthwatch Hertfordshire, Kings Court, London Road, Stevenage, Hertfordshire, SG1 2NG. Wherever possible, we will provide the personal data to you in your preferred format.
  • Correcting or deleting your personal data - If you know that we are holding your personal data and believe that it may be wrong, or if you want it to be deleted or for us to stop using it, you have a right to request that it be deleted or amended. Please make your objection in writing via email or send it by post to Healthwatch Hertfordshire, Kings Court, London Road, Stevenage, Hertfordshire, SG1 2NG.
  • Complaints about how we look after or use your information - Healthwatch Hertfordshire is data controller for all of the personal data that you give us. If you feel that we have not met our responsibilities under data protection legislation, you have a right to complain to Healthwatch Hertfordshire's Data Protection Officer.

01707 275978

dpo@taproot.org.uk

Healthwatch Hertfordshire FAO the DPO, Kings Court, London Road, Stevenage, Hertfordshire, SG1 2NG

Or request an independent assessment from the Information Commissioner’s Office. You can find details on their website.

Information about people who use our website

Please note that this statement does not cover links within this website to other websites.

When you browse through the information on this website, it does not store or capture your personal information. We do log your IP address (as it is automatically recognised by the web server) but this is only so you can download this website onto your device rather than for any tracking purpose; it is not used for any other purpose.

We will only collect personal information provided by you, such as:

  • feedback from surveys and online forms
  • email addresses
  • preferred means of communication.

We will only use your contact details for the purpose you have given them to us. We will anonymise any feedback you have given us about local services unless you give us permission to store this in more detail. This means we will take out any information that could identify you.

Cookies

Please be aware that some systems on our website require the use of cookies, but we will always state if this is the case. We will never collect and store information about you without your permission.

Find out how we use cookies on this site.

How we will use your personal information

Personal information about you can be used for the following purposes:

  • in our day-to-day work;
  • to send you our newsletter if you have asked for it;
  • to respond to any questions that you have asked us;
  • to improve the quality and safety of care.

This may include any personal information that you choose to share with us, but we will treat this as confidential and protect it accordingly.

We will never include your personal information in survey reports.

Signing up to our newsletter

Hard-copy newsletter:

We use a third-party supplier to provide our newsletter service. By subscribing to this service you will be agreeing to them handling your data.

The third-party supplier handles the data purely to provide this service on our behalf. This supplier follows the requirements of the GDPR and Data Protection Act 2018 in how they obtain, handle and process your personal data and will not make your data available to anyone other than Healthwatch Hertfordshire. 

Electronic newsletter:

We use a third-party supplier called MailChimp to provide our electronic newsletter service. By signing up to receive our e-newsletter, you will be agreeing to them handling your data. You can unsubscribe from our mailings (electronic or hard copy) at any time. Simply hit “unsubscribe” at the bottom of the email, or contact us. We may use technologies to collect information regarding interaction with email messages, such as whether you have opened, clicked on, or forwarded our electronic messages. This information is gathered from all addressees.

Better understanding our visitors

We use Hotjar to better understand our users’ needs and to optimise this service and experience (e.g. how much time they spend on which pages, which links they choose to click, what users do and don’t like.) This enables us to build and maintain our service with user feedback. Hotjar uses cookies and other technologies to collect data on our users’ behaviour and their devices. This includes a device's IP address (processed during your session and stored in a de-identified form), device screen size, device type (unique device identifiers), browser information, geographic location (country only), and the preferred language used to display our website. Hotjar stores this information on our behalf in a pseudonymised user profile. Hotjar is contractually forbidden to sell any of the data collected on our behalf.

Information about people who share their experiences with us by other means

There are a number of ways that we collect feedback from people about their experiences of using health and social care services day to day. Our staff will visit different health and social care settings as part of their role to evaluate how services are being delivered. We also receive phone calls and requests for information directly from members of the public as part of our signposting service.

Where personally identifiable information is collected we will ensure that we have your consent to keep it and we will be clear on how we intend to use your information. We will aim to anonymise information where we can but there may be instances where this is not possible. There may be exceptional circumstances where we can and will keep the data without consent, but we must have a lawful basis for doing so, such as for safeguarding purposes.

We make sure that where consent is required it will be freely given, used only for agreed specific and unambiguous purposes and that you are well informed about how the information will be kept. This includes where it will be stored, details on security and for how long it will be kept. We will comply with current data protection legislation at all times.

Personal information may be collected with your consent through:

  • Our information service;
  • When we receive feedback by phone;
  • Outreach work or through surveys;
  • Enter and view activity.

Personal data received from other sources

On occasion we will receive information from the families, friends and carers of people who access health and social care services. We use this data to inform providers and commissioners to help them deliver services that work for you.

Where it is practically possible, we will make sure that we have your consent to use information that is about you. We will only process your personal data where there is a lawful basis to do so under current data protection legislation.

Publishing information

In most circumstances we anonymise our data to ensure that a person cannot be identified, unless this has been otherwise agreed and consent has been given. 

Sharing your data with Healthwatch England

We are required to share information with Healthwatch England to ensure that your views are considered at a national level. This enables them to analyse service provision across the country and supply the Department of Health and national commissioners with the information you provide.

Find out more about Healthwatch England’s purpose and what they do.

The information we provide to Healthwatch England contains no personally identifiable data. Any information that is used for national publications is anonymised and will only be used with the consent of a local Healthwatch.

Our data systems

Healthwatch England provides a secure digital system for local Healthwatch to manage their data. Other organisations process the data contained within it on behalf of local Healthwatch and a Data Processing Agreement is in place to ensure that this is held securely and according to current data protection legislation.

Healthwatch England is a committee of the Care Quality Commission (CQC) but acts independently. These organisations must comply with all legal requirements and do not reuse any data for any other reason or make it available to others.

Information about our staff and people applying to work with us

We need to process personal data about our own staff (and people applying to work for us) so that we can carry out our role and meet our legal and contractual responsibilities as an employer.

The personal data that we process includes information about racial or ethnic origin, religion, disability, gender and sexuality. We use this information to check we are promoting and ensuring diversity in our workforce and to make sure we are complying with equalities legislation.

Our employees decide whether or not to share this monitoring data with us and can choose to withdraw their consent for this at any time. Employees who wish to withdraw their consent for us to process this data can let us know.

Other personal data that we are required to process includes information on qualifications and experience, pay and performance, contact details and bank details.

We check that people who work for us are fit and suitable for their roles. This may include asking people to undertake Disclosure and Barring Service (DBS) checks.

We have a legal obligation to comply with the Freedom of Information Act 2000 and this may include the requirement to disclose some information about our employees – especially those in senior or public facing roles. We also publish some information about our staff, including the names and work contact details of people in some roles.