North West Community Services Training Ltd (NWCST) recognises the importance of protecting personal and confidential information in all that we do and takes care to meet our legal and regulatory duties. This notice is one of the ways in which we can demonstrate our commitment to our values, and to being transparent and open.
This notice also explains what rights you have to control how we use your information.
What are we governed by?
The key pieces of legislation/guidance we are governed by are:
- The Data Protection Act 2018 and the General Data Protection Regulation (GDPR)
- Human Rights Act 1998 (Article 8)
- Access to Health Records Act 1990
- Health and Social Care Act 2012, 2015
- Public Records Act 1958
Why and how we collect information?
We may ask for or hold personal confidential information about you which will be used to support delivery of appropriate services. These records may include:
- Basic details, such as name, address, date of birth, next of kin.
- They may also include personal sensitive information such as sexuality, race, your religion or beliefs, like and dislikes and whether you have a disability, allergies or health conditions.
It is important for us to have a complete picture, as this information assists staff to meet your needs.
How your information will be used?
- To help inform decisions that we make about your education or requirements.
- To ensure that your treatment is safe and effective.
- To work effectively with other organisations who may be involved in your education or requirements.
- To ensure our services can meet future needs.
- To review service provided to ensure it is of the highest standard possible.
- To inform healthcare professionals and the local authority.
- To share best practice within our company to deliver care and improve health and care across our company.
- To understand more about care risks and the causes of those and how to prevent risks occurring elsewhere.
- To improve your safety.
It helps you because accurate and up-to-date information assists us in providing you with the best possible service.
Where possible, when using information to plan future services and provision, information that does not identify an individual will be used.
How information is retained and kept safe?
Information is retained in secure electronic and paper records and access is restricted to only those who need to know. It is important that information is kept safe and secure, to protect your confidentiality. The Data Protection Act 2018 regulates the processing of personal information. Strict principles govern our use of information and our duty to ensure it is kept safe and secure.
Our guiding principle is that we are holding your information in strict confidence. Everyone working for the company is subject to the Common Law Duty of Confidentiality and the Data Protection Act 2018.
Under the Confidentiality Code of Conduct, all staff are required to protect information, inform you of how your information will be used and allow you to decide if and how your information can be shared. This will be noted in your records.
How long do we keep your personal data?
We will only retain your information for as long as we need to support the purposes for which it was collected. Records are maintained in line with our retention schedule which determines the length of time records should be kept. At the end of this period the information is destroyed or deleted in line with our confidential destruction procedures.
We retain de-personalised statistical information to help inform our work, but no individuals are identifiable from that data.
Who will the information be shared with?
To provide the best service possible, sometimes we will need to share information about you with others. We may share your information with a range of education related organisations and regulatory bodies including your local authority. You may be contacted by any one of these organisations for a specific reason; they will have a duty to tell you why they have contacted you.
Information sharing is governed by specific rules and law. However, we will not disclose any identifiable and personal information to third parties without your explicit consent, unless there are exceptional circumstances, such as when the health or safety of others is at risk or where the law requires the disclosure of information.
We may also be asked to share basic information about you, such as your name and parts of your address. This does not include sensitive information from your records. In these circumstances, where it is not practical to obtain your explicit consent, we are informing you through this notice, which is referred to as a Privacy Notice, under the Data Protection Act. Where your information is shared with other organisations and agencies, an information sharing agreement is drawn up to ensure information is shared in a way that complies with relevant legislation.
You have the right to refuse/withdraw consent to information sharing at any time. We will fully explain the possible consequences to you, which could include delays in you receiving care. Under the General Data Protection Regulation (GDPR) which has been enacted as part of The Data Protection Act 2018 (DPA) you have a number of rights with regard to your personal data. You have the rights to:
- be informed about how your data is being used
- access your personal data
- have incorrect data updated
- have data erased
- stop or restrict the processing of your data
- data portability (allowing you to get and reuse your data for different services)
- object to how your data is processed in certain circumstances.
If you have provided consent for the processing of your data you have the right (in certain circumstances) to withdraw that consent at any time. This will not affect the lawfulness of the processing before your consent was withdrawn.
Can I access my information?
Under the Data Protection Act 2018 a person may request access to information (with some exemptions) that is held about them by an organisation. This is known as a “subject access request.”
Identity and contact details of data controller and data protection officer
North West Community Services Training is the controller and processor of data for the purposes of the DPA 2018 and GDPR. If you have any concerns as to how your data is processed, you can contact: Paul Sheron, NWCST’s Data Protection Officer at email@example.com
Or you can write using the address:
North West Community Services Training Ltd
The Maggie O’Neill Community Resource Centre
433 Liverpool Rd
You have the right to lodge a complaint to the Information Commissioner’s Office if you believe that we have not complied with the requirements of the GDPR or DPA 2018 with regard to your personal data.