We use personal data (information that relates to and identifies living people) and other information to help us to carry out our role as the independent champion of people who use health and social care services.

For more information about our purpose and role, see this page.

We will always make sure that your information is protected and treated securely. Any information about you that we hold, or details you give us, will be held in accordance with:

  • Data protection law - the General Data Protection Regulation (GDPR) and the Data Protection Act 2018
  • CQC's Information Governance Policies
  • CQC's Code of Practice on Confidential Personal Information.

Information about people who share their experience of health and social care with us

We collect feedback and views from people via forms on this website, via surveys, interviews and focus groups about the health and social care services that they access. We analyse the data to identify issues of concern which we’ll take up with government or the NHS.

We’ll tell you what information we are asking for and how we’ll use it before we start collecting it. We will not usually collect your personal data or use it in ways that you have not agreed to.

Our role in being the public champion for people who use health and social care is set out in law. This gives us a lawful basis to process personal data under Article 6(1)(e) of GDPR.

We may also ask for sensitive details about yourself. This helps us understand how different groups experience local health and social care services and supports our focus on improving equality, diversity and inclusion. This may include your:

  • Health conditions and treatment
  • Ethnic origin
  • Religion or belief
  • Sexual orientation

These details are completely voluntary.

This information is called special category personal data under GDPR. We have a lawful basis to collect and use this information under Article 9(2)(h) of GDPR. This is because:

  • of our role in speaking up for all people who use health or social care services in England for the purpose of improving those services
  • as a public body, we must ensure we consider the needs and disadvantages faced by people with protected characteristics, and
  • there are safeguards under sections 76 and 77 of the Health and Social Care Act 2008 which ensure that we can only share this information in specified circumstances.

We only ask for the information we need for the relevant purpose.

We also ask whether you are happy for us to contact you to use your experience to promote our campaigns, for example being a case study in our promotional or social media material or to speak to newspapers, TV or radio about your experience. We won’t pass on your name and contact details to the media without speaking to you first about what it involves.

We may use quotes in our reports, but we will not use any information that will identify people.

When you share your experience of health and care with the Healthwatch in your area

The law requires Healthwatch across the country to share insight with Healthwatch England so that we can carry out our statutory duty. We analyse the data to look for trends and to provide insight about people’s views and experiences of health and social care to the Department of Health and Social Care; NHS England and local authorities.

We collect your information under a legal basis called 'public task'. This lets us carry out a task which is in the public interest or part of our official functions, and which has a clear basis in law. We usually receive this data in a way which does not identify you, but in circumstances where it may identify you, we will remove any information that could identify you.

This data may also include sensitive details about people. This helps us understand how different groups experience local health and social care services and supports our focus on improving equality, diversity and inclusion. This may include people’s:

  • Health conditions and treatment
  • Ethnic origin
  • Religion or belief
  • Sexual orientation

We’re allowed to collect and use sensitive information under a legal basis called ‘health or social care (with a basis in law)’. This is because:

  • of our role in speaking up for all people who use health or social care services in England
  • As a public body, we must ensure we consider the needs and disadvantages faced by people with protected characteristics

We may use quotes in our reports, but we will not use any information that will identify people.

Information about members of our network who use the services we provide, including Facebook Workplace, sign up for webinars, e-learning or other events

We process the names, email addresses and phone numbers of people who work or volunteer for the Healthwatch network who use our online community platform, Facebook Workplace, sign up for our webinars, e-learning or other events or for our internal newsletter and other communications.

The law requires us to provide support services for Healthwatch across England. This gives us a lawful basis to process personal data under Article 6(1)(e) of GDPR.

We only ask for sensitive details about your health if you tell us that you need us to take them into account when providing a service, e.g. by providing a BSL interpreter.

Information about funders and providers of Healthwatch services

We collect the names, email addresses and phone numbers of people who commission or provide Healthwatch services. We use this information in connection with our official functions to support commissioners and providers when commissioning and running Healthwatch services.

This gives us a lawful basis to process personal data under Article 6(1)(e) of GDPR.

Information about people who sign up for our newsletters

When you sign up to our newsletters, we collect personal information from you so we can:

  • send you the information you've asked for
  • let you know when and how we'll be contacting you in the future

When you subscribe, you give us permission to process your information and contact you. You might do this by:

  • ticking a consent box on a sign-up form
  • completing a form or survey on our website
  • asking Healthwatch England staff to add you to a mailing list

You can unsubscribe at any time - click on the 'unsubscribe' link in your newsletter or email.

What information we collect

We'll ask for your first and last name and your email address.

Our newsletters may also ask for:

  • The name of the organisation you work for
  • Your role in the organisation

Information about our own staff, committee members and people applying to work for or with us

The Care Quality Commission is the employer for Healthwatch England staff.  Please see their privacy notice to see how we process information about our staff, committee and people applying to work for us.

We also hold personal information about staff and Committee members for business continuity purposes.

In the case of Committee members, we will also process their personal information to send them Committee papers and other documents relating to Committee.

This gives us a lawful basis to process personal data under Article 6(1)(b) and 6(1)(e) of GDPR.

Information about people who use our website

We use Google Analytics to monitor use of our website. Google Analytics uses cookies to help analyse how people use our site.

We collect your IP address and the pages you visit. We seek your consent to use non-essential cookies when you first visit our website.

For further details about our cookie settings, see this page on our website.

What we do to keep your data safe

We are strongly committed to data security and we take all possible steps to protect your personal data from unauthorised access, loss, misuse, alteration or corruption.

We have put in place physical, electronic, and managerial procedures to safeguard and secure the information you provide to us.

Only authorised employees and contractors under strict controls will have access to your personal data. We also require our staff to undertake training on data protection when they join the organisation and refresher training every year to make sure your information is handled sensitively and securely.

How we share information with other organisations

We only share personal data with other organisations where it is lawful to do so and in accordance with CQC’s Code of Practice on Confidential Personal Information. There are strict legal controls in sections 76 and 77 of the Health and Social Care Act 2008 on when and why we can share confidential personal information. Usually we will share anonymised data. We do not use personal data for direct marketing (promoting or selling goods, services etc.) or share information with anyone else who will use it for direct marketing, unless you have specifically consented to this.

We work together with local Healthwatch to share information, expertise and learning to improve health and social care services in England. By working together, we can ensure that leaders of health and social care are aware of people’s experiences and can make a difference to the care people receive now and in the future. Amongst others we work with health and social care commissioners, NHS England and Improvement and the Department of Health and Social Care to make this happen.

We’ll access the information people share with us via our web-form or online surveys and share it with Healthwatch in their local area. This helps us spot trends both nationally and locally to identify areas for improvement.

We will only disclose your personal data where there is another very good reason to make the disclosure – for example, we may disclose information to CQC or a local authority where we think it is necessary to do so in order to protect a vulnerable person from abuse or harm.

We sometimes use other organisations to process personal data on our behalf. Where we do this, those companies are required to follow the same rules and information security requirements as us, and are not permitted to reuse the data for other purposes.

Retention and disposal of personal data

We publish a retention and disposal schedule which explains how long we keep different types of records and documents for, including records and documents containing personal data. Personal data is deleted or securely destroyed at the end of its retention period.

This document also shows the legal basis under Article 6 of GDPR for processing each type of record and document. Where records and documents contain ‘special category’ personal data (such as health information, or information about a person’s racial or ethnic origin, religious or philosophical beliefs, or sex life or sexuality), the document also shows the legal basis under Article 9 for Healthwatch’s processing of that information.

Your rights

Your right to access information about you

If you think we may hold personal data relating to you and want to see it please email enquiries@healthwatch.co.uk or write to Healthwatch England, National Customer Service Centre, Citygate, Gallowgate, Newcastle upon Tyne, NE1 4PA.

You have a right to receive a copy of this personal data, or to ask us to forward it to a person or organisation of your choice. Wherever possible, we will provide the personal data to you in your preferred format.

Correcting or deleting your personal data

If you know that we are holding your personal data and believe that it may be wrong, or if you want it to be deleted or for us to stop using it, you have a right to request that it can be deleted or amended. Please make your request in writing to enquiries@healthwatch.co.uk, or send it by post to Healthwatch England, National Customer Service Centre, Citygate, Gallowgate, Newcastle upon Tyne, NE1 4PA

Complaints about how we look after or use your information

If you feel that we have not met our responsibilities under data protection legislation, you have a right to request an independent assessment from the Information Commissioner’s Office. You can find details on their website.

Our contact details and key roles

Healthwatch England is an independent patient champion and is a statutory committee of the Care Quality Commission. The data controller of personal data all personal data processed by Healthwatch England is the Care Quality Commission. Any issues relating to the processing of personal data by or on behalf of Healthwatch England may be addressed to Healthwatch England, National Customer Service Centre, Citygate, Gallowgate, Newcastle upon Tyne, NE1 4PA.

Call us on 03000 683 000 between the hours of 08:30 – 17:30 Monday to Friday. Alternatively you can email us on enquiries@healthwatch.co.uk.

Nimali De Silva is the designated Data Protection Officer for Healthwatch England under Article 37 of the GDPR. She can be contacted using the details above. CQC’s privacy statement is available here.

 

Downloads

Retention and disposal schedule 2023-24