How your data is used, when accessing our services
When you use our support services, we are usually required to collect and store some information about you
You can be assured that information obtained whilst you use our services will only be used in accordance with this privacy notice and the consent form you will be asked to complete when you are first assessed by us.
What we collect
We collect and hold personal data (data which can identify you) and special categories of data (personal data that needs more protection because it is sensitive).
If you are a service user engaging with our services, we will only contact you while you are a service user, and we will only contact you in the ways and for the purposes that you have agreed to.
You have the right to change your mind, please see our section below on your rights.
We will not sell, distribute or lease your personal information to third parties unless you have told us to do so.
We will not use your data for direct marketing unless you explicitly consent to this.
How we collect your data and why we use it
We have a wide range of services and referrals can be received from a range of partners (for example, your GP, the local authority or probation services).
Most of our services also offer self-referral.
We may collect more personal data from you at your first assessment and we will explain our consent form at that time too.
We only collect personal data that we actually need, for our specified purposes and to ensure we properly fulfil those purposes. You will always be informed about the data we hold for you and we review the data we hold and delete anything we don’t need in line with our retention policy.
The lawful bases for processing are set out in General Data Protection Regulation (GDPR). At least one of these must apply whenever we process personal data.
We mainly process your data using consent as the lawful basis for processing. This means you have given clear consent for us to process your personal data for a specific purpose. You are asked to provide consent during your first assessment using our consent form.
You can find out more about the lawful bases on the Information Commissioner’s Office website.
If you are receiving a service from us, we will ask you to complete a consent form which lets us know whom we can and cannot share your information with.
In most instances, we will never share information if it goes against your consent.
However, there are some instances when we are allowed to do this, including:
- Safeguarding: If we believe that you or another adult or child is it risk of (or is experiencing) abuse and/or neglect
- If we believe a crime is about to be committed or to assist with the prevention and detection of serious crimes (including prevention of terrorism)
- Under court or police order
- In reference to certain infectious diseases
We will make you aware of who we might share information with. As an example, many of the services we run are drug and alcohol recovery services. If you use these services and we provide clinical care (such as prescription services) we will need to share your details with your GP and pharmacy. We will make you aware of this through our consent form.
We have different consent processes for children/young people and adult service users, and we will explain this to you at your initial assessment.
Keeping your information safe
We have a range of systems, policies and processes in place which keep your information safe. This includes (but is not limited to):
- We only request the minimum information needed to deliver our service.
- We store all personal information with the appropriate level of physical and electronic security
- All our staff are data protection trained and this training is updated annually
- We use secure processes for data transfer and data storage (whether paper or electronic)
- Everyone in the Humankind workforce follows our policies and procedures
- Only those that need to access your data will have access; and we are able to limit access to those who do not need to have it.
- We audit and monitor internal issues and incidents
- We comply with legislative requirements to report any serious issues to the Information Commissioner’s Office
- We have an Information Governance team (including a Data Protection Officer and Caldicott Guardian who work to ensure data is processed legally and ethically)
We have a duty of candour to let you know and issue and apology, in the unlikely event that we share your data improperly
How long we keep your information for
We only keep your information for as long as is reasonable and necessary for the purpose it was collected.
We have a data retention policy which details the retention periods for a variety of different data types.
We will tell you how long we keep your data for when you first start using our service. You can also ask your support worker or email email@example.com to ask for this information.
When you have left our service, we only keep what we need and for the time stated in our retention policy.
Your data rights
Under the Data Protection Act 2018 and GDPR, you have the following rights:
- to be informed about the collection and use of your personal data.
- to access your personal data (known as Subject Access Request)
- to have inaccurate personal data rectified; or completed if it is incomplete.
- to have personal data erased (known as the right to be forgotten)
- to request the restriction or suppression of your personal data
- to data portability, which allows individuals to obtain and reuse their personal data for their own purposes across different services.
- to object to the processing of your personal data in certain circumstances.
- rights in relation to automated decision making and profiling.
Please note that some of these rights only apply in certain circumstances and we may not be able to fulfil every request. Where a request is declined, we will always explain our decision in full.
To request access to your data or to contact us about any of the rights we have listed, you can email firstname.lastname@example.org
Withdrawing your consent
To withdraw consent, you can request this through the service you attend, or you can email email@example.com
You can write to: Consent Withdrawal, Caldicott Guardian, Head Office Humankind, Inspiration House, Unit 22 Bowburn North Industrial Estate DH6 5PF.
How to complain
If you are unhappy about an issue relating to your data you can complain to us through the service you attend or if you would feel more comfortable, you can contact the Humankind Caldicott Guardian at:
Caldicot Guardian, Head Office Humankind, Inspiration House, Bowburn North Industrial Estate, Durham, DH6 5PF
01325 731 160
To make a formal complaint about the way we have processed your data you can take this to the UK’s independent body set up to uphold information rights:
0303 123 1113