Privacy & accessibility policy

This Privacy policy sets out the data processing practices carried out by Involving People. We retain and use personal data (information that relates to and identifies living people) to help us improve health and care outcomes by involving people in the design, delivery and transformation of health services.

Find out more about our purpose and what we do under the our work section of our website.

We will always make sure that your personal data is protected and treated securely. Any information that you give will be held in accordance with the UK General Data Protection Regulations (UK GDPR) and the Data Protection Act 2018.

We also make our Information Asset Register available for people to read to give further clarity about how data relating to them is managed and kept secure. This includes our retention schedule and clear details about the lawful basis for storing and keeping personal data.

Information we collect

We collect personal data from visitors to this website through the use of online forms and every time you email us your details. We also collect feedback and views from people about the health and social care services that they access. In addition, we receive information about our own employees, volunteers and people who apply to work for us.

We also collect information about:

  • people who use our website.
  • people who share their experiences with us by other means.
  • our employees and people applying to work for us.

Security

We are strongly committed to data security, and we take reasonable and appropriate steps to protect your personal data from unauthorised access, loss, misuse, alteration or corruption.

We have put in place physical, electronic and managerial procedures to safeguard and secure the information you provide to us.

Only authorised employees under strict controls will have access to your personal data.

Information about people who use our website

Please note that this statement does not cover links within this website to other websites.

When you browse through the information on this website, it does not store or capture your personal information. We do log your IP address (as it is automatically recognised by the web server) but this is only so you can download this website onto your device rather than for any tracking purpose; it is not used for any other purpose.

We will only collect personal information provided by you, such as:

  • feedback from surveys and online forms
  • email addresses
  • preferred means of communication

We will tell you why we need your personal information and how we’ll use it.

Information provided by you

When you use our website, as a user or visitor, you may provide, and we may collect personal data. Examples of personal data include your name and email address. Personal also includes other information, such as geographic area or your preferences, when any such information data is linked to information that identifies a specific individual. We will only collect personal information provided by you.

Visiting our website

Please be aware that some systems on our website require the use of cookies, but we will always state if this is the case if these are not necessary cookies. We will never collect and store information about you without your permission.

List of cookies:

  • _GRECAPTCHA — A necessary cookie set by Google’s reCAPTCHA service to protect our website from fraud and abuse. This is set when reCAPTCHA is executed for the purpose of providing its risk analysis.

How we will use your personal information

Personal information about you can be used for the following purposes:

  • in our day-to-day work;
  • to send you our newsletter where you have requested it;
  • to respond to any queries, you may have;
  • to improve health and care outcomes.

This may include any personal information that you have chosen to share with us, but we will treat this as confidential and protect it accordingly.

We will never include your personal information in survey reports and publications.

Information about people who share their experiences with us by other means

There are a number of ways that we collect feedback from people about their experiences of using health and care services day to day. Our employees will visit different health and care settings as part of their role to evaluate how services are being delivered. We also receive phone calls and requests for information directly from members of public.

Where personally identifiable information is collected, we will ensure that we have your consent to keep it and we will be clear on how we intend to use your information.

We will aim to anonymise information where we can but there may be instances where this is not possible in order to make changes on your behalf. There may be exceptional circumstances where we can and will keep the data without consent, but we must have a lawful basis for doing so, such as for safeguarding purposes

We must ensure that where consent is freely given, data is used only for agreed specific and unambiguous purposes and that you are well informed about how the information will be kept. This includes where it will be stored, details on security and for how long it will be kept. We will comply with current data protection legislation at all times.

Personal information may be collected with your consent through:

  • Website enquiries
  • When we receive feedback by phone, project work, public engagement or through surveys.

Personal data received from other sources

On occasion we will receive information from the families, friends and carers of people who access health and care services.

Where it is practically possible, we will make sure that we have your consent to use information that is about you. We will only process your personal data where there is a lawful basis to do so under current data protection legislation.

Publishing information

In most cases we anonymise our data to ensure that a person cannot be identified unless this has been otherwise agreed and consent has been given.

Our data systems

Involving People uses a secure, cloud-based Salesforce Customer Relationship system that enables us to collect, store and analyse data. Salesforce meets internationally recognised security standards and holds ISO27001 accreditation.

How we share information with other organisations

We only share personal information with other organisations where it is lawful to do so and in accordance with our data protection policy. Information is shared in order to fulfil our remit which is to pass on your experiences of health and care services to help improve services on your behalf.

We will only disclose your personal information where we have your consent to do so, or where there is another good reason. Any such disclosure will be made in accordance with the requirements of the current data protection legislation.

We sometimes use other organisations to process personal data on our behalf. Where we do this, those companies are required to follow the same rules and information security requirements as us, outlined in a Data Processing Agreement. They are not permitted to use or reuse the data for other purposes.

Retention and disposal of personal data

We have a retention and disposal schedule, which explains how long we keep different types of records and documents for, including records and documents containing personal data. Personal data is deleted or securely destroyed at the end of its retention period.

Your rights

  • Your right to access information about you

If you think we may hold personal data relating to you and want to see it please email governance@helpandcare.co.uk or write to Involving People c/o Data Protection Officer, Unit A49, Aerodrome Studios, 2-8 Airfield Way, Christchurch, Dorset, BH23 3TS

  • Correcting or deleting your personal data

If you know that we are holding your personal data and believe that it may be wrong, or if you want it to be deleted or for us to stop using it, you have a right to request that it can be deleted or amended. Please make your objection in writing to governance@helpandcare.co.uk, or send it by post to H c/o Data Protection Officer, Unit A49, Aerodrome Studios, 2-8 Airfield Way, Christchurch, Dorset, BH23 3TS

  • Complaints about how we look after or use your information

If you feel that we have not met our responsibilities under data protection legislation, you have a right to request an independent assessment from the Information Commissioner’s Office (ICO). You can find details on their website

Our contact details and key roles

Involving People is data controller for all of the personal data that you provide us with. Any issues relating to the processing of personal data by or on behalf of Involving People may be addressed to:

C/O Help & Care, Unit A49, Aerodrome Studios, Christchurch, Dorset, BH23 3TS

involvingpeople@helpandcare.org.uk

Involving People Data Protection Officer under Article 37 GDPR is Lisa Hovey. You can contact her at governance@helpandcare.co.uk