GDPR – Privacy Notice

Information security

Who are we?

Western Counselling Services Ltd is a business (SME) providing treatment, support and accommodation to clients who are affected by, or are at the risk of being affected by substance misuse, and may be involved in or at risk of becoming involved in the criminal justice system.

 

What is a Privacy Notice?

A Privacy Notice is a statement by the Directors to all stakeholders that describes how we collect, process, retain and disclose personal information which we hold. It is sometimes also referred to as a Privacy Statement, Fair Processing Statement or Privacy Policy. This Privacy Notice is part of our commitment to ensuring that we process your personal information/data fairly and lawfully.

 

Why issue a privacy notice?

Western Counselling recognises the importance of protecting personal and confidential information in all that we do and takes care to meet its legal and regulatory duties. This notice is one of the ways in which we can demonstrate our commitment to our values of being transparent and open, and commitment to our values of Respecting Diversity, Acting with Integrity, Demonstrating Compassion, Striving for Excellence and to Listening and Supporting Others.

This document clearly expresses the policies of Western Counselling’s management of personal information and is accessible to anyone upon request.

  • This Notice also explains what rights you have to control how we use your information.
  • What are we governed by?
  • The key pieces of legislation/guidance we are governed by are:
  • Data Protection Act 2018
  • Human Rights Act 1998 (Article 8)
  • Access to Health Records Act 1990
  • Freedom of Information Act 2000
  • Health and Social Care Act 2012, 2015
  • Public Records Act 1958
  • Copyright Design and Patents Act 1988
  • The Re-Use of Public Sector Information Regulations 2015
  • The Environmental Information Regulations 2004
  • Computer Misuse Act 1990
  • The Common Law Duty of Confidentiality
  • The Care Record Guarantee for England
  • The Social Care Record Guarantee for England
  • International Organisation for Standardisation (ISO) – Information Security Management Standards (ISMS)
  • Information Security Management
  • Records Management – Code of Practice for Health and Social Care 2016
  • Accessible Information Standards (AIS)
  • General Data Protection Regulations (GDPR) – post 25th May 2018
  • How is policy to be disseminated?
  • NETconsent, Website, Email
  • Who are we governed by?
  • Information Commissioner’s Office – https://ico.org.uk/
  • Care Quality Commission – http://www.cqc.org.uk/

 

Why and how we collect information:

We may ask for or hold personal confidential information about you which will be used to support delivery of appropriate care and treatment. This is to support and help meet our purpose of ensuring the provision of safe, effective and compassionate high-quality care.

Data is lawfully processed using legitimate interests and consent obtained under article 6 1(f) and 1(a) and special category data obtained under article 9.2(d), stored and processed solely to assist staff and volunteers in the efficient running and monitoring of the service and service improvement.

Personal details supplied by all stakeholders are only used to send material that is considered potentially useful. This data is stored securely on the Western Counselling database with access restricted to appropriate identified personnel.

The trust commits to only processing necessary data that is targeted and proportionate to achieve its lawful and legitimate purpose of providing services that benefit society. Accordingly, the service employs technical, contractual and administrative steps to ensure information is protected against unauthorised access and disclosure. Western Counselling employees undertake training in handling information with particular emphasis on preserving the privacy and interests of individuals.

 

Information collected may include:

  • Basic details, such as name, address, date of birth, next of kin.
  • Contact we have had, such as phone conversations, emails and appointments.
  • Details and records of treatment and care, including notes and reports about your health
  • Information from people who care for you and know you well, such as health professionals and relatives.
  • Criminal offences and convictions

 

It may also include personal sensitive information such as sexuality, race, your religion or beliefs, and whether you have a disability, allergies or health conditions. It is important for us to have a complete picture, as this information assists staff involved in your care to deliver and provide improved health and wellbeing, deliver appropriate treatment and care plans tailored to meet individual’s needs.

Information is collected in a number of ways, via Admissions Liaison, Counselling and Support staff, Recovery Workers, Administrative staff and other Western Counselling staff.

 

How we use information

  • To help inform decisions that we make about service users care.
  • To ensure that treatment is safe and effective.
  • To work effectively with other organisations who may be involved in individuals care.
  • To support the health of the general public.
  • To ensure our services can meet future needs.
  • To review care provided to ensure it is of the highest standard possible.
  • To train our staff.
  • For audit purposes.
  • To prepare statistical data on Western Counselling’s performance.
  • To monitor how we spend public money.

 

There is huge potential to use the information to deliver care and improve health and care services across Western Counselling associated services. The information can be used to help:

  • Improve individual care.
  • Develop new treatments and prevent addiction.
  • Plan services.
  • Improve client safety.
  • Evaluate Government Contacts.
  • It helps you because:
  • The accurate and up-to-date information assists us in providing the best possible care for our service users.
  • All appropriately identified staff members can readily access the information they need to provide the best possible care.
  • Where possible, when using the information to inform future services and provision, only identifiable information will be used.

 

Western Counselling will not use personal information about an individual for the purposes of direct marketing.

Information about our own staff and people applying to work for or with us:

We need to process personal data about our own staff (and people applying to work for us) so that we can carry out our role (for example, by ensuring that we have the right staff to support individuals accessing services) and so we can meet our legal and contractual responsibilities as an employer.

The personal data that we process includes information about the racial or ethnic origin, religion, disability, gender and sexuality. We use this information to check we are promoting and ensuring diversity in our workforce and to make sure we are complying with equalities legislation.

Our employees decide whether or not to share this monitoring data with us, and can choose to withdraw their consent for this at any time. Employees who wish to withdraw their consent for us to process this data can contact the Directors.

If you apply for a job with us, we will have a legitimate interest to process the personal data supplied. Processing this data is necessary in order to ensure a proper application process.

Your personal data will be retained for 6 months after the vacancy has been filled.

We share information about our employees as required to meet our contractual obligations to them – for example, by sharing relevant information with our payroll bureau and pension service administrators.

Other personal data that we are required to process includes information on qualifications and experience, pay and performance, contact details, bank details, and service records (including records of continuous service and pension contributions/entitlements).

We check that people who work for us are fit and suitable for their roles. This may include asking people to undertake Disclosure and Barring Service (DBS) checks.

 

How is information retained and kept safe?

Information is retained in secure electronic and paper records in accordance with the requirements of GDPR and access is restricted to only those who need to know.

It is important that information is kept safe and secure, to protect your confidentiality. There are a number of ways in which your privacy is shielded; by removing your identifying information, using an independent review process, adhering to strict contractual conditions and ensuring strict sharing or processing agreements are in place.

GDPR regulates the processing of personal information. Strict principles govern our use of information and our duty to ensure it is kept safe and secure.

Western Counselling Services Ltd is registered with the Information Commissioners Office (ICO). Details of our registration can be found on https://ico.org.uk/esdwebpages/search enter our registration number (Z8463837) and click ‘search register’ Z8463837

Technology allows us to protect information in a number of ways, in the main by restricting access.  Our guiding principle is that we are holding your information in strict confidence.

We have a Retention and Disposal Schedule which explains how long we keep different types of records and documents for, including records and documents containing personal data. Personal data is deleted or securely destroyed at the end of its retention period.

How do we keep information confidential?

Everyone working for Western Counselling is subject to the Common Law Duty of Confidentiality and GDPR.

Information provided in confidence will only be used for the purposes necessary for which it has been collected unless there are other circumstances covered by the law.

Under Western Counselling’s Policy re Confidentiality and Staff Code of Conduct, all staff are required to protect information, inform you of how your information will be used and allow you to decide if and how your information can be shared. This will be noted in your records.

All staff attend annual training in GDPR, data protection, confidentiality, ISMS Policy, with additional training for specific staff members.

Who will information be shared with?

  • To provide the best care possible, sometimes we will need to share information about you with others. We may share your information with a range regulatory bodies. You may be contacted by any one of these organisations for a specific reason; they will have a duty to tell you why they have contacted you. Information sharing is governed by specific rules and law.
  • When the health or safety of others is at risk or where the law requires the disclosure of information.
  • We may also be asked to share basic information about you, such as your name and parts of your address, which does not include sensitive information from your records. Generally, we would only do this to assist them to carry out their statutory duties. In these circumstances, where it is not practical to obtain your explicit consent, we are informing you through this notice, which is referred to as a Privacy Notice, under the GDPR
  • Where client information is shared with other organisations, an information sharing agreement is drawn up to ensure information is shared in a way that complies with relevant legislation.
  • Other organisations we share information with may include but are not restricted to social services, local authorities, the probation service, education services, the police, voluntary sector providers and private sector providers.
  • You have the right to refuse/withdraw consent to information sharing at any time. We will fully explain the possible consequences to you, which could include delays in you receiving treatment and care.

 

We may use a third-party supplier to print our invitations to events and other literature. If you subscribe to this service, your name and email address may be shared with them. The third-party supplier handles the data purely to provide this service on our behalf. This supplier observes the requirements of the Data Protection Act 1998 in how they obtain, handle and process your information. They will not make your data available to anyone other than Western Counselling without your permission.

 

Your Rights

Access to your personal data. You may ask us whether we process personal data for you. If that is the case we will explain what personal data about you is processed by us, in what way and for what purposes we do this. You may also request from us a copy of your personal data that we process;

  • Rectification of your personal data. In case it is your opinion that your personal data that we process, is incorrect or incomplete, you can make a request for to have inaccurate data rectified, or completed if it is incomplete.
  • Erasure of your personal data. You may request erasure of your personal data that we process.

 

After receipt of a request to that effect, we will erase your personal data without undue delay if:

  • The data is no longer necessary for the purpose for which it has been processed by us
  • You do not give us your consent to process your personal data any longer
  • You object to the processing of the personal data and there is no reason why we may process the data any longer
  • The personal data should not have been processed by us ( ‘unlawful processing’)
  • The law requires us to erase the personal data.

 

Restriction of processing of your personal data – In some cases you may wish that the processing of your personal data is restricted. In that case, you may request from us restriction of processing. We will comply with such a request in the following cases:

  • It is your opinion that your personal data which we process is incorrect. We will not use this personal data until the data has been verified and possibly modified or completed
  • The data has been unlawfully processed (i.e. in breach of the lawfulness requirement of the first principle of the GDPR) but you are opposed to erasure and request restriction instead
  • We do not need your personal data any longer but you wish to be able to use this data in order to establish a claim or instigate legal proceedings
  • You object to our processing of your personal data and we have not yet evaluated your objection. If processing of your personal data is subject to a restriction, we will process this data only with your consent. Before the restriction is lifted, we will inform you of that.

 

Right to data portability

In some circumstances, you may request from us a copy of your personal data which we process. We will provide you with a copy in a commonly used format which can be used for instance, if you wish to transfer the data to a different service provider, in the case where this is technically possible for us and if you wish, we can directly transmit the personal data to your new service provider.

You also have the right to object in writing to the processing of your personal data. In the case you do object, you must provide the grounds relating to your particular situation to why you do not agree with processing of your personal data.

 

Contacting us about your information

Each organisation has a senior person responsible for protecting the confidentiality of your information and enabling appropriate sharing.

If you have any questions or concerns regarding the information we hold about you, the use of your information or would like to discuss further, please contact the Data Controller:

Debbie Smith, 2-3 Ellenborough Park Road, Weston-Super-Mare, BS23 1XJ. 01934 627600 – debbiesmith@westerncounselling.com

 

Can I access my information?

Under GDPR a person may request access to information (with some exemptions) that is held about them by an organisation. For more information on how to access the information we hold about you please refer to https://ico.org.uk/for-organisations/guide-to-the-general-data-protectionregulation-gdpr/

 

Contacting us if you have a complaint or concern

We try to meet the highest standards when collecting, processing, storing and using personal information. We encourage people to bring concerns to our attention and we take any complaints we receive very seriously. You can submit a complaint as directed in the organisation’s Complaints Procedure, or you can write to the Data Controller (Debbie Smith, 2-3 Ellenborough Park Road, Weston-Super-Mare, BS23 1XJ. 01934 627550 – debbiesmith@westerncounselling.com

If you remain dissatisfied with the Trust’s decision following your complaint, you may wish to contact:

Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

Their website is at www.ico.gov.uk
The Information Commissioner will not normally consider an appeal until you have exhausted your rights of redress and complaint with Western Counselling.

If you need further clarification, please contact Debbie Smith on 01934 627550

We suggest consulting the Help section of your browser or taking a look at the About Cookies website which offers guidance for all modern browsers