Families, Health and Wellbeing Consortium
Families, Health and Wellbeing Consortium is committed to ensuring that we are transparent about the ways in which we use your personal information and that we have the right controls in place to ensure it is used responsibly and is kept safe from inappropriate access, theft or misuse.
Under some of our projects we are directly commissioned to handle personal and confidential information as well as that of our Consortium employees. This notice explains how we use your personal information and tells you about your privacy rights and how the law protects you.
What is personal information?
Personal information can be anything that identifies and relates to a living person. This can include information that when linked with other information, allows a person to be uniquely identified. For example, this could be your name and contact details.
The law treats some types of personal information as ‘special’ because the information requires more protection due to its sensitivity. This information consists of:
· Racial or ethnic origin
· Sexuality and sexual life
· Religious or philosophical beliefs
· Trade union membership
· Political opinions
· Genetic and bio-metric data
· Physical or mental health
· Criminal convictions and offences
Your personal information may be collected and used for one or more of the Consortium’s services, regulatory functions and/or administrative activities depending on your relationship with the Consortium and nature of your contact with us.
Generally, we may need to use some information about you:
· in delivering services and ensuring other statutory or voluntary agencies with whom the consortium is working, are able to deliver ‘joined up’ services
· in planning future services;
· for managing and checking the quality of our local public services;
· if you apply for a job or become employed by us;
· for ensuring the health and safety of our staff
· to help investigate any concerns or complaints you have about our services and for answering enquiries under access legislation;
· in carrying out our regulatory activities, such as safeguarding, information governance etc.
· for archiving, research, or statistical purposes (including research and evaluation undertaken by any of our teams or in combination with neighbouring authorities to inform future service planning where the use of fully anonymised information would frustrate the purpose of the research).
Generally, we collect personal information where:
· you, or your legal representative, have given consent
· you have entered into a contract with us
· it is required by law (such as where this is mandated by statute or under a court order)
· it is necessary for employment related purposes
· it is necessary to deliver health or social care services
· it is necessary to protect you or others from harm (e.g.in an emergency or civil disaster)
· it is necessary to protect public health
· it is necessary for exercising or defending legal rights
· you have made your information publicly available
· it is necessary for archiving, research, or statistical purposes
· is necessary in the substantial public interest for wider societal benefits and is authorised by law
These practical arrangements and the laws governing the sharing and disclosure of personal information often differ from one service to another.
In the majority of our Commissions, personal information is consented to with one of our subcontracted partners (the data processor), in which case the relevant Commissioning body is the Data Controller.
We have developed a Service specific privacy notice for any commission where we are directly in receipt of personal information and have sole responsibility for its handling and storage. We have a duty in such cases to provide additional information about how we collect and use your information, including;
· why we need your information
· who else we obtain or receive it from
· the legal basis for collection and the choices you have
· who we share it with and why
· how long we keep your information
· how to exercise your rights
Service specific privacy notice
Service area: Community Genetics Project
Purpose: we collect the data in order to fulfil our role as support / advocate / referrer into Health service and our Commissioner(s) use statistics from this data (non-client identifiable) to inform Service Delivery Improvement and Service Planning/Research
Categories of data we collect: Name, Address, Postcode, NHS number, Date of Birth, Gender, Place of birth, Other family member(s) including children(s) NHS number and Date of Birth; disabilities and Pedigree chart based on Genetic data given
Lawful basis for processing: Information collected and stored by our Community Genetics team is for the legitimate interest of responding to and acting upon the task for which it was provided, namely provision of a Genetics support, awareness raising, advice and support service.
Who we share the information with: Manchester Centre for Genomic Medicine – Manchester Foundation Trust, the relevant Commissioning Authority, Health and Social Care Information Centre Public Health England
How long we hold the data: FHWB will hold service user information for a period of 8 years, and only in an archived electronic format after 2 years unless a request from the service user is received asking for the destruction / return of personal data.
Your rights under the General Data Protection Regulation (GDPR) are:
1. The right to be informed
2. The right of access
3. The right to rectification
4. The right to erasure
5. The right to restrict processing
6. The right to data portability
7. The right to object
8. Rights in relation to automated decision making and profiling.
Where applicable, consent is requested before processing information.
We do our upmost to ensure that all reasonable steps are taken to make sure that your data is treated and stored securely. Whilst we hold it, your information is safely stored within the UK
Access to information
To request access / change / removal / restriction of information we may hold, please use one of the following methods to contact our nominated data protection lead: Alysia Moorhouse. Telephone: 01254 503205 or email email@example.com
Data transfers beyond EEA
We will only send your data outside the European Economic Area (‘EEA’):
· with your consent, or
· to comply with a lawful and legitimate request, or
· if we use service providers or contractors in non-EEA countries.
If we do transfer your information beyond the EEA, we will make sure that it is protected in the same way as if it was being used in the EEA. We will use one of these safeguards:
· Transfer it to a non EEA country with privacy laws that give the same protection as the EEA. Learn more on the European Commission Justice website.
· Put in place a contract with the recipient that means they must protect it to the same standards as the EEA. More information is available on the European Commission Justice website.
· Transfer it to organisations that are part of the Privacy Shield. This is a framework that sets privacy standards for data sent between the US and EU countries. It makes sure those standards are similar to what is used within the EEA. You can find out more about the Privacy Shield on the European Commission Justice website.
If we propose to make a transfer in response to a lawful and legitimate request we will normally tell you in advance unless there are compelling reasons, such as law enforcement or, reasons of safety which justify not doing so.
We will only keep your personal information for as long as the law specifies in reference to Records Management: NHS Code of Practice.