We will always make sure that your personal data is protected and treated securely. Any information that you give will be held in accordance with the General Data Protection Regulation (GDPR) and the Data Protection Act 2018.

We also make our Information Asset Register available for people to read to give further clarity about how data relating to them is managed and kept secure. This includes our retention schedule and clear details about the lawful basis for storing and keeping personal data.

Find out more about our Information Governance Policy and our Retention and Disposal Schedule.

Find out more


Information we collect

We collect personal data from visitors to this website through the use of online forms and every time you email us your details. We collect feedback and views from people about the health and social care services that they access. In addition, we receive information about our own staff and people who apply to work for us.

We also collect information about:

  • People who use our website – visit our cookies policy for more information.
  • People who share their experiences with us by other means, including experiences shared with your local Healthwatch
  • Information about our own staff and people applying to work for us 

Security

We are strongly committed to data security and we take reasonable and appropriate steps to protect your personal data from unauthorised access, loss, misuse, alteration or corruption.

We have put in place physical, electronic, and managerial procedures to safeguard and secure the information you provide to us.

Only authorised employees and contractors under strict controls will have access to your personal data.

How we share information with other organisations

We only share personal data with other organisations where it is lawful to do so, and in accordance with our Information Governance Policy. Information is shared in order to fulfil our remit which is to pass on your experiences of care to help improve them on your behalf and people like you.

We are a statutory committee of the independent regulator the Care Quality Commission (CQC). One of our main statutory functions is to escalate concerns about health and social care services which we have collected, or that has been raised by local Healthwatch, to CQC. CQC are required to respond to advice from the Healthwatch England Committee.

We work together with local Healthwatch to share information, expertise and learning to improve health and social care services in England. By working together we can ensure that leaders of health and social care are aware of people’s experiences, and can make a difference to the care people receive now and in the future.

Among others we work with health and social care commissioners, NHS England and Improvement and the Department of Health and Social Care to make this happen. We can also engage external suppliers to process personal data on our behalf.

We will only disclose your personal data where we have your consent to do so, or where there is another very good reason to make the disclosure – for example, we may disclose information to CQC or a local authority where we think it is necessary to do so in order to protect a vulnerable person from abuse or harm. Any such disclosure will be made in accordance with the requirements of the current data protection legislation.

We sometimes use other organisations to process personal data on our behalf. Where we do this, those companies are required to follow the same rules and information security requirements as us, outlined in a Data Processing Agreement. They are not permitted to use reuse the data for other purposes.


Retention and disposal of personal data

We publish a retention and disposal schedule which explains how long we keep different types of records and documents for, including records and documents containing personal data. Personal data is deleted or securely destroyed at the end of its retention period.

Your rights

  • Your right to access information about you - If you think we may hold personal data relating to you and want to see it please email enquiries@healthwatch.co.uk  or write to Healthwatch England, National Customer Service Centre, Citygate, Gallowgate, Newcastle upon Tyne, NE1 4PA. 

    You have a right to receive a copy of this personal data, or to ask us to forward it to a person or organisation of your choice. Wherever possible, we will provide the personal data to you in your preferred format.

  • Correcting or deleting your personal data - If you know that we are holding your personal data and believe that it may be wrong, or if you want it to be deleted or for us to stop using it, you have a right to request that it can be deleted or amended. Please make your objection in writing to enquiries@healthwatch.co.uk, or send it by post to Healthwatch England, National Customer Service Centre, Citygate, Gallowgate, Newcastle upon Tyne, NE1 4PA
  • Complaints about how we look after or use your information - If you feel that we have not met our responsibilities under data protection legislation, you have a right to request an independent assessment from the Information Commissioner’s Office. You can find details on their website.

Our contact details and key roles

Healthwatch England is an independent consumer champion and is a statutory committee of the Care Quality Commission. The data controller of personal data collected via this website is the Care Quality Commission.  Any issues relating to the processing of personal data by or on behalf of Healthwatch England may be addressed to Healthwatch England, National Customer Service Centre, Citygate, Gallowgate, Newcastle upon Tyne, NE1 4PA.

Call us on 03000 683 000 between the hours of 08:30 – 17:30 Monday to Friday. Alternatively you can email us on enquiries@healthwatch.co.uk.

Nimali De Silva is the designated Data Protection Officer for Healthwatch England under Article 37 of the GDPR. She can be contacted using the details above. CQC’s privacy statement is available here.

 

Information about people who use our website

Please note that this statement does not cover links within this website to other websites.

When you browse this website, we collect personal data provided by you, such as:

  • feedback from surveys and online forms
  • email addresses
  • preferred means of communication.

We will tell you why we need your personal information and how we'll use it.

a. Information that you give us

We might ask for your name and contact details, depending on what you're doing.

The personal data that we process includes information about racial or ethnic origin, religion, disability, gender and sexuality. We use this information to check we are promoting and ensuring diversity in our workforce and to make sure we are complying with equalities legislation. As we are subject to the Public Sector Equality Duty which requires public bodies to have due regard to the need to eliminate discrimination, advance equality of opportunity and foster good relations between different people when carrying out their activities, we need to collect data on equality issues.

When you give us any personal information we'll let you know how long we'll hold it for. We only hold your information for as long as we have a valid reason to keep it.

b. Device information

Devices are lots of things like:

  • your computer
  • your mobile
  • your TV
  • your tablet
  • your voice-enabled device

We automatically collect some technical information from these devices and web browsers. This might include:

  • IP (internet protocol) address
  • device ID
  • app ID

Cookies

Cookies are small text files which are transferred to your computer or mobile when you visit a website or app. We use them to help us understand how people are using our services, so we can make them better.

Please be aware that some systems on our website require the use of cookies, however where non-essential cookies are in use, we will only collect the information with your permission.

Find out more about our use of Cookies 

How we will use your personal information

Personal information about you can be used for the following purposes:

  • in our day-to-day work;
  • to send you our newsletter where you have requested it;
  • to respond to any queries you may have;
  • to improve the quality and safety of care.

We do these things as part of the statutory role of Healthwatch England, established under the Health and Social Care Act 2008 (as amended by the Health and Social Care Act 2012).

This may include any personal data that you choose to share with us, but we will treat this as confidential and protect it accordingly.

We will never include your personal data in survey reports unless you have specifically given us consent to do so.

Signing up to our newsletter

We use a third-party supplier to provide our newsletter service. By subscribing to this service, you will be agreeing to them handling your data.

The third-party supplier handles the data purely to provide this service on our behalf. This supplier follows the requirements of the GDPR and Data Protection Act 2018 in how they obtain, handle and process your personal data and will not make your data available to anyone other than Healthwatch England. 

Information about people who share their experiences with us by other means

There are a number of ways that we collect feedback from people about their experiences of using health and social care services day to day. The main way is through the collection of data from the local Healthwatch network; where possible, we ask for this to be anonymised and therefore contain no personally identifiable information. Sometimes we also receive phone calls and requests for information directly from members of the public as part of the Healthwatch England signposting service. 

Where personal data is collected we will ensure that we have your consent to keep it and we will be clear on how we intend to use your information. We will aim to anonymise information where we can but there may be instances where this is not possible in order to make change happen on your behalf. There may be exceptional circumstances where we can and will keep the data without consent but we must have a lawful basis for doing so, such as for safeguarding purposes.

We ensure that where consent is required it will be freely given, used only for agreed specific and unambiguous purposes and that you are well informed about how the personal data will be kept. This includes where it will be stored, details on security and for how long it will be kept. We will comply with GDPR and the Data Protection Act 2018 at all times. Where we rely upon your consent to process personal data, you have the right to withdraw that consent at any time.

Personal data may be collected with your consent when we receive feedback by phone or through research.

Personal data received from other sources

On occasion we will receive information from the families, friends and carers of people who access health and social care services. We use this personal data to inform providers and commissioners to help them deliver services that work for you.

We will only process your personal data where we have your permission, or there is another lawful basis, to do so under current data protection legislation.

Publishing information

We anonymise our data to ensure that a person cannot be identified, unless this has been otherwise agreed and consent has been given.

Our data systems

We use a secure digital system to manage our data and the data sent to us by local Healthwatch. We employ other specialist organisations to process the data contained within the system and we have Data Processing Agreements in place with these organisations to ensure that this is held securely and according to current data protection legislation.

These organisations must comply with all legal requirements and, under our agreements with them, are not permitted to reuse any data for any other reason or make it available to others.

Information about our own staff and people applying to work with us

We need to process personal data about our own staff (and people applying to work for us) so that we can carry out our role and meet our legal and contractual responsibilities as an employer.

The personal data that we process includes information about racial or ethnic origin, religion, disability, gender and sexuality. We use this information to check we are promoting and ensuring diversity in our workforce and to make sure we are complying with equalities legislation.

Our employees decide whether or not to share this monitoring data with us, and can choose to withdraw their consent for this at any time. Employees who wish to withdraw their consent for us to process this data can let us know.

Other personal data that we are required to process includes information on qualifications and experience, pay and performance, contact details and bank details.

We check that people who work for us are fit and suitable for their roles. This may include asking people to undertake Disclosure and Barring Service (DBS) checks.

People joining Healthwatch England will be asked to complete a ‘declaration of interests’ form to identify any services with which they have close links (for example, because they have previously worked there or because the service is run by a close relative) or any other issues which could cause a perceived conflict of interest. Staff are regularly asked to update these forms.

We have a legal obligation to comply with the Freedom of Information Act 2000 and this may include the requirement to disclose some information about our employees – especially those in senior or public facing roles. We also publish some information about our staff, including the names and work contact details of people in some roles.