About this notice
The Privacy Notice below explains how Healthwatch Kent uses information about you and the ways in which we protect your privacy. We retain and use personal data (information that relates to and identifies living people) to help us carry out our role as the local independent champion for people who use health and social care services in Kent.
Click here to find out more about our purpose and what we do.
We will always make sure that your information is protected and treated securely. Any information that you give will be held in accordance with:
Data Protection Act 1998
As of 25 May 2018, the new data protection legislation introduced under the General Data Protection Regulation (GDPR) and Data Protection Bill.
Our Information Asset Register will be available for people to read to give further clarity about how data relating to them is managed and kept secure. This includes our retention schedule (details of how long we will retain specific types of information) and clear details about the lawful basis for storing and keeping personally identifiable information. Our data protection policy and asset register documents are available on request (call 0808 801 0102 or email firstname.lastname@example.org ).
What information do we collect?
We collect personal information from visitors to this website through the use of online forms and every time you email us your details. We also collect feedback and views from people about the health and social care services that they access. In addition, we receive information about our own staff and people who apply to work for us.
Personal information about you may be used for the following purposes:
in our day-to-day work, such as research, engagement and information and signposting;
to send you our newsletter, or other relevant information where you have requested it;
to respond to any queries you may have;
to improve the quality and safety of services;
to train staff.
We have included much more detail about each of the above and other various types of information we process under each of the headings listed within this statement. They are:
Information about people who use our website;
Information about people who share their experiences with us by other means;
Information about people who contact our Information and Signposting Service;
Information about our own staff, volunteers and anybody applying to work for us.
How do we keep information secure?
We are strongly committed to data security and we take reasonable and appropriate steps to protect your personal information from unauthorised access, loss, misuse, alteration or corruption.
We have put in place physical, electronic, and managerial procedures to safeguard and secure the information you provide to us.
Only authorised employees and contractors under strict controls will have access to your personal information. Our security includes:
Access controls on systems
Security training for all staff
How do we share information with other organisations?
We only share personal information with other organisations where it is lawful to so and in accordance with our Data Protection Policy. Information is shared in order to fulfil our remit which is to pass on your experiences of care to help improve them on your behalf.
We work with Healthwatch England, the Care Quality Commission (CQC), local commissioners, NHS Improvement and Kent County Council to make this happen. We can also engage external suppliers to process personal information on our behalf.
We will only disclose your personal information where we have your consent to do so, or where there is another very good reason to make the disclosure – for example, we may disclose information to CQC or a local authority where we think it is necessary to do so in order to protect a vulnerable person from abuse or harm. Any such disclosure will be made in accordance with the requirements of the current data protection legislation.
Wherever possible, we will ensure that any information that we share or disclose is anonymised, so as to ensure that you cannot be identified from it.
We sometimes use other organisations to process personal data on our behalf. Where we do this, those companies are required to follow the same rules and information security requirements as us. They are not permitted to use reuse the data for other purposes
We do not sell personal information to any other organisation for the purposes of direct marketing.
We have our own system for sending our newsletters to you so we don’t need to share your details with any third party organisations.
How do we share information with other organisations?
Please note that this statement does not cover links within this website to other websites.
We collect personal information from visitors to our website through the use of online forms and every time you email us your details. When you simply browse through the information on this website, it does not store or capture your personal information. We do log your IP address (as it is automatically recognised by the web server) but this is so you can download this website onto your device rather than for any tracking purpose.
User provided information
When you use our website, as a user or as a visitor, you may provide, and we may collect Personal Data. Examples of Personal Data include your name and email address. Personal Data also includes other information, such as geographic area or your preferences, when any such information is linked to information that identifies a specific individual. We will only collect personal information provided by you. We will only collect personal information volunteered by you, such as:
feedback from surveys and online forms
preferred means of communication
Measuring website usage
We use Google Analytics to collect information about how people use this site. We do this to make sure it’s meeting your needs and to understand how we could do it better.
Google Analytics stores information about what pages you visit, how long you are on the site, how you got here and what you click on. We do not collect or store your personal information (e.g. your name or address) so this information cannot be used to identify who you are.
We also collect information on the number of times particular search terms are used and the number of failed searches. We use this information to improve access to the site and to identify gaps in the information content so we can plan appropriate expansion of the system.
Unless the law allows us to, we do not:
share any of the information we collect about you with others
use this information to identify individuals.
A cookie is a small file, typically of letters and numbers, downloaded on to a device when the user accesses certain websites.
Overall, cookies help us provide you with a better website by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.
Third party cookies
We use videos from YouTube and feeds from other websites such as Facebook and Twitter. These third-party websites place cookies on your device when watching or viewing these pages.
Below are links to their cookie policies:
Information about people who share their experiences with us by other means
There are a number of ways that we collect feedback from people about their experiences of using health and social care services day to day. This includes:
When people submit information in response to one of our research or engagement projects;
When people share their experience with us by post;
We also receive phone calls and requests for information directly from members of the public as part of our Information and Signposting service (see below).
Personal data received from other sources
Where personally identifiable information is collected we will ensure that we have your consent to keep it and we will be clear on how we intend to use your information. We will aim to anonymise information where we can but there may be instances where this is not possible in order to make change happen on your behalf. There may be exceptional circumstances where we can and will keep the data without consent but we must have a lawful basis for doing so, such as for safeguarding purposes.
We ensure that where consent is required it will be freely given, used only for agreed specific and unambiguous purposes and that you are well informed about how the information will be kept. This includes where it will be stored, details on security and for how long it will be kept. We will comply with current data protection legislation at all times.
In some cases, for example focus groups, we audio record discussions which are occasionally transcribed by us. We will always seek your permission to record a conversation before we do it.
In most circumstances we anonymise our data to ensure that a person cannot be identified, unless this has been otherwise agreed and consent has been given.
Information about people who contact our Information and Signposting Service
In addition to ensuring that the voices of service users, patients and the public are heard by decision makers within health and social care, we also provide an Information Service to help people access, understand, and navigate the health and care in Kent. Our trained staff can help people to find out about:
Health and care services near them
How to access support and advice
What to do if they have a concern or complaint
How to share feedback about services
You do not have to tell the helpline worker anything you don’t want to, and you do not have to give your name or location. Any personal information you do give to the helpline will not be shared with any other organisations without your permission.
We record the details of all enquiries securely and use this information to capture trends and help improve people’s experiences of health and care in Kent. The records of all enquiries are stored and destroyed in line with our data retention policy.
If contact with our service is made by telephone, people will be asked to verbally indicate their consent for us to store information about them and a record of this consent will be maintained on our Customer Relationship Management (CRM) database.
It is recognised that there may be times when it is appropriate to breach confidentiality for legitimate reasons without permission. The law does not allow us to share your information without your permission, unless there is proof that someone is at risk. This risk must be identified as being serious before we can go against your right to confidentiality. When we are worried about your physical safety or we feel that we need to take action to protect you from being harmed in other ways, we will discuss this with you and, if possible, get your permission to tell others about your situation.
We may still share your information if we believe the risk to others is serious enough to do so. There may also be rare occasions when the risk to others is so great that we need to share the information straight away. If this is the case, we will make sure that we record the information we share and our reasons for doing so. We will let you know what we have done and why as soon as or if we think it is safe to do so.
Sharing your data with Healthwatch England
We are required to share information with Healthwatch England to ensure that your views are considered at a national level. This enables them to analyse service provision across the country and supply the Department of Health and national commissioners with the information you provide.
Find out more about Healthwatch England’s purpose and what they do.
The information we provide to Healthwatch England contains no personally identifiable data. Any information that is used for national publications is anonymised and will only be used with the consent of a local Healthwatch.
Our data systems
Our parent company, EK360 provides a secure digital system for Healthwatch Kent to manage our data which is held securely and according to current data protection legislation. Our sister organisations, Healthwatch Medway and the Kent & Medway User Forums also use this digital system to manage their own data. Your data is not shared with our sister organisations without your consent.
Information about our own staff, volunteers and people applying to work with us
We need to process personal data about our own staff (and people applying to work for us) so that we can carry out our role and meet our legal and contractual responsibilities as an employer. The personal data that we process includes information about racial or ethnic origin, religion, disability, gender and sexuality. We use this information to check we are promoting and ensuring diversity in our workforce and to make sure we are complying with equalities legislation.
Our employees decide whether or not to share this monitoring data with us and can choose to withdraw their consent for this at any time. Employees who wish to withdraw their consent for us to process this data can let us know.
Other personal data that we are required to process includes information on qualifications and experience, pay and performance, contact details and bank details.
We check that people who work for us are fit and suitable for their roles. This includes asking people to undertake Disclosure and Barring Service (DBS) checks.
We have a legal obligation to comply with the Freedom of Information Act 2000 and this may include the requirement to disclose some information about our employees – especially those in senior or public facing roles. We also publish some information about our staff, including the names and work contact details of people in some roles.
Retention and disposal of personal data
We publish a retention and disposal schedule which explains how long we keep different types of records and documents for, including records and documents containing personal data. Personal data is deleted or securely destroyed at the end of its retention period.
Your right to access information about you: If you think we may hold personal data relating to you and want to see it please write to email@example.com
When we receive a request from you in writing, we must normally give you access to everything we have recorded about you. However, we will not let you see any parts of your record which contain:
Confidential information about other people; or
Information a care professional thinks will cause serious harm to your or someone else’s physical or mental wellbeing; or
If we think that a crime may be prevented or found out by disclosing information to you.
This applies to paper and electronic records. If you cannot ask for your records in writing, we will make sure there are other ways you can apply.
Correcting or deleting your personal data: If you know that we are holding your personal data and believe that it may be wrong, or if you want it to be deleted or for us to stop using it, you have a right to request that it can be deleted or amended.
Please make your objection in writing to firstname.lastname@example.org. Or send it by post to: Healthwatch Kent, Seabrooke House, Church Rd, Ashford, TN3 1RD
Complaints about how we look after or use your information: If you feel that we have not met our responsibilities under data protection legislation, you have a right to request an independent assessment from the Information Commissioner’s Office (ICO). You can find details on their website: https://ico.org.uk/
Our contact details and key roles
Healthwatch Kent is data controller for all of the personal data that you provide us with. Any issues relating to the processing of personal data by or on behalf of Healthwatch Kent may be addressed to:
Healthwatch Kent, Seabrooke House, Church Rd, Ashford, TN3 1RD
Telephone: Freephone 0808 801 0102
Healthwatch Kent has appointed a designated a Data Protection Officer under Article 37 of the GDPR.