Working together, working with you

Privacy Policy

Privacy Policy

What is a privacy notice?

A privacy notice is a notice which communicates our commitment to ensuring that we process personal information and any data we collect and hold about you or your family fairly, lawfully, openly and responsibly. It is a statement by the Community Children’s Health Partnership describing how we ‘process’ data.

We take great care to meet our legal and other duties, including compliance with the following:

  • General Data Protection Regulations (GDPR) and Data Protection Act 2018
  • Human Rights Act 1998
  • Access to Health Records Act 1990
  • Health and Social Care Act 2012, 2015
  • Public Records Act 1958
  • Copyright Design and Patents Act 1988
  • Re-Use of Public Sector Information Regs 2004
  • Computer Misuse Act 1990
  • Common Law Duty of Confidentiality
  • NHS Care Records Guarantee for England
  • Social Care Records Guarantee for England
  • International information Security Standards
  • Information Security Code of Practice
  • Records Management Code of Practice for Health & Social Care 2016
  • Accessible Information Standard

Why we collect information about you or your family

A partnership called the Community Children’s Health Partnership (CCHP) exists between Sirona care & health CIC, Avon and Wiltshire Mental Health Partnership NHS Trust and Barnardo’s. Its purpose is to provide healthcare to children and young people and child and adolescent mental health services across Bristol, North Somerset and South Gloucestershire. For the purposes of the UK Data Protection Act 2018 and EU General Data Protection Regulations 2018, the partner organisations are all Data Controllers of information they are individually responsible for.
Our aim is to provide you and your family with the highest quality care. To do this we must keep records about you and family members, the health and the care we have provided or plan to provide. It is important for us to have a complete picture as this information enables us to provide the right care to meet individual’s needs.

Within this Partnership and in relation to our healthcare services, any personal information we hold about you or your family is processed for the purposes of ‘provision of health or social care or treatment or the management of health or social care systems’ and services under chapter 2, section 9 of the Data Protection Act 2018.

What information we collect about you or your family?

Who is collecting it?
Why the information is needed?
Sources of information we use?
Who we may share it with?

Although we provide health care services for children and young people, our website is not intended for children directly. This privacy notice covers how we process data of our children and young people and of their guardians/ families. It is aimed at the parents and other legal guardians of the children and young people in our care, as it covers their data as well as the data of the child/young person (who may find it difficult to understand this policy and privacy notice either by virtue of their young age or lack of mental capacity).

What information is collected and by whom

The records we keep could be recorded in paper form or electronically (or both) and may include:

  • Data about your child/young person including forename, surname, date of birth, address, age, gender, NHS number, next of kin
  • Data about you including title, marital status, email addresses, telephone numbers, ethnicity, religion and name and age of any siblings.
  • Contact we have had with you or your child, such as appointments, attendances and home visits
  • Notes and reports about you or health of a child/young person including any allergies or health conditions
  • Details and records about treatment and care, such as advice given or referrals made
  • Results of investigations including x-rays, scans, blood tests etc
  • Relevant information from people who care for you or your child and know you well, for example, health and social care professionals and relatives, schools etc.
  • Data about you, your child or your family disclosed to us from you or from third party sources in relation to criminal records and convictions

Why is the information needed?

Your records will be used to plan the care and/or treatment by doctors, nurses or any other professionals, such as social care staff, as well as administrative staff and clinicians or therapists in other health care settings. All staff are here to ensure we provide you and your family with the best possible care. All staff are bound by the Common Law Duty of Confidentiality as well as organisational Policy and Procedures which comply with professional guidance, best practice and the law.

The Partnership may also use information to:

  • Carry out clinical audits to monitor and improve the quality of care and treatment provided
  • Train new doctors and nurses and other relevant staff
  • Undertake patient/service user satisfaction surveys
  • Investigate complaints, legal claims or incidents
  • Manage and plan services, make improvements, public health purposes – information is anonymised when used for this purpose.

You may be asked if you would be willing to take part in an approved research project but you do not have to agree if you do not want to.

Sources of information we use

Information will be collected by those who support the provision of our services. It could be collected in a number of different ways. This might be from a referral made by a GP or another healthcare professional or perhaps directly from you - in person, over the telephone or on a form you have completed.

Use of Email:

Some of our services provide the option to correspond with you via email. Please be aware that we cannot guarantee the security of this information whilst in transit, and by requesting this service you are accepting this risk. Please discuss with a member of staff.

Who will information be shared with?

Information will be accessed by clinical and administrative staff to provide child/young person’s healthcare and child and adolescent mental health services. This could include health care professionals based in any of the locations in which we work. The Community Children’s Health Partnership works in partnership with the NHS and with other NHS-related organisations. Clinical staff employed by these organisations may be consulted for an expert opinion relating to your care.

Information about ‘treatment’ may be shared with other organisations to enable the continuation and/or support of care eg. NHS Trusts, your GP, clinical networks, such as cancer care, etc. We may also share some information, subject to strict agreement on how it will be used, with local authorities, education services, voluntary or private care providers. If it’s necessary to be referred to another service for further treatment, relevant information about medical conditions and care will be sent to that service. Information may be shared to provide out-of-hours clinical support, or other support services, such as transport. All such services are bound by the Common Law of Confidentiality and local agreements. There are occasions where the organisation has a legal duty to pass patient/service user information to relevant authorities. This may include reporting a serious crime or identification of an infectious disease that may endanger the safety of others.
We do not routinely share personal data outside of the European Economic Area (EEC).

Withdraw consent to the sharing of your health records:

Under the Data Protection Act 2018, we are authorised to share health records ‘for the management of healthcare systems and services’. Your consent will only be required if we intend to share your health records beyond these purposes, as explained above (for example for research). Any consent form you will be asked to sign will give you the option to ‘refuse’ consent and will explain how you can remove any given consent at a later time. The consent form will also warn you about the possible consequences of such refusal.

You have the right to refuse (or withdraw) consent to information sharing at any time. This is also referred to as ‘opting out’. There are several forms of opt-outs available at different levels:

Type 1 opt-out. If you do not want personal confidential information that identifies you to be shared outside your GP practice you can register a ‘Type 1 opt-out’ with your GP practice. This prevents your personal confidential information from being used except for your direct health care needs and in particular circumstances required by law, such as a public health emergency like an outbreak of a pandemic disease. Patients are only able to register the opt-out at their GP practice and your records will be identified using a particular code that will stop your records from being shared outside of your GP practice.

National data opt-out. The national data opt-out was introduced on 25 May 2018 and replaces the previous ‘type 2’ opt-out. NHS Digital collects information from a range of places where people receive care, such as hospitals and community services. This programme provides a facility for individuals to opt-out from the use of their data for research or planning purposes. The national data opt-out choice can be viewed or changed at any time by using the online service at

There are some circumstances where there is a legal obligation for us to process your personal confidential information and you will not be able to opt-out. These include:

  • to protect children and vulnerable adults
  • when a formal court order has been served upon us
  • when we are lawfully required to report certain information to the appropriate authorities e.g. to prevent fraud or a serious crime
  • emergency planning reasons such as for protecting the health and safety of others
  • when permission is given by the Secretary of State or the Health Research Authority to process confidential information without the explicit consent of individuals

to protect children and vulnerable adults

  • when a formal court order has been served upon us
  • when we are lawfully required to report certain information to the appropriate authorities e.g. to prevent fraud or a serious crime
  • emergency planning reasons such as for protecting the health and safety of others
  • when permission is given by the Secretary of State or the Health Research Authority to process confidential information without the explicit consent of individuals

Connecting Care

Connecting Care is a digital care record system for sharing information in Bristol, North Somerset and South Gloucestershire.  It allows instant, secure access to your health and social care records for the professionals involved in your care. Relevant information from your digital records is shared with people who look after you. This gives them up-to-date information making your care safer and more efficient.

Further information about ‘Connecting Care’ can be found on the Connecting Care website. This includes details about how you can ‘opt out’ of having your information being accessed by appropriate staff.

Your contact with local Connecting Care NHS Partner Organisations may result in them seeking your consent to participate in a research study. Where you have consented to participate in such a study, the research team may access the information held by GPs and Hospital Trusts through Connecting Care to ensure that your participation (or those that you are responsible for) will not put you at risk of increased harm, and is suitable for the aims of the study. If you later choose to withdraw from the study, the research team will discuss the use of your information with you.  As part of the consent process, the research team will inform you of the information they would seek access to.

Protecting your information

Everyone working within the Community Children’s Health Partnership has a legal duty to keep personal data secure and confidential at all times. Staff are trained on the UK Data Protection Act 2018, EU General Data Protection Regulations 2016 and the Common Law of Confidentiality. Robust technical measures are in place to keep information secure when stored electronically. Information will only be disclosed where we have a lawful basis to do so and in accordance with this privacy notice.

Our Medical Director (Kate Rush) is our Caldicott Guardian. She is responsible at Board level for protecting the confidentiality of your information and enabling appropriate sharing. We also have a Data Protection Officer in post to ensure processes and systems are secure (contact details below).

How long do we retain records for?

All our records are stored in accordance with the Information Governance Alliance Records Management Code of Practice for Health and Social Care 2021 which sets out the appropriate length of time each type of NHS record is retained. We do not keep records for longer than is necessary. All records are appropriately reviewed once their retention period has been met, and the Partners will decide whether the record still requires retention or should be confidentially destroyed. All decisions and destructions are documented. Sirona care & health as lead provider within the Partnership is responsible for the permanent storage of records created.

What choices do you have?

If we think we should share information with anyone other than those involved in your or your child’s care we will normally tell you first.

If you wish to limit the sharing of information, we will discuss with you how this may affect the care or treatment provided. We will respect your wishes as far as we are legally able.
We may use different communication methods to keep you informed of appointments, eg. text reminders, or leaving reminder messages on your answerphone. If you do not wish us to contact you in this way, please inform a member of staff.

Your Rights

Data protection laws give individuals rights in respect of the personal information that we hold. These are:

1.To be informed why, where and how we use your information.
2.To request access to your information.
3.To request information to be corrected if inaccurate or incomplete.
4.To request for your information to be deleted or removed where there is no need for us to continue processing it.
5.To request us to restrict the use of your information.
6.To request us to copy or transfer your information from one IT system to another in a safe and secure way, without impacting the quality of the information.
7.To object to how your information is used.
8.To challenge any decisions made without human intervention (automated decision making).

How can you access information that is held?

Records are retained by one of the organisations within the Partnership who is delivering services to you/your family. Under the UK Data Protection Act 2018/EU General Data Protection Regulations 2018 you have the right to request a copy of records that are held. Sirona care & health as the lead provider within the Partnership is responsible for ensuring that individuals can access information in accordance with data protection legislation. Contact the Data Protection Officer at Sirona care & health on how to access records.

Sirona care & health, Kingswood Civic Centre (2nd floor), High Street, Kingswood, South Gloucestershire, BS15 9TR or emailing We may ask for additional ID as proof of identity.

What we ask of you


  • Let us know when you change address or name
  • Tell us if any information is incorrect
  • Tell us if you change your mind about how we share information
  • How can you make a complaint?

You have the right to make a complaint if you feel unhappy about how we hold, use or share your information. We would recommend contacting our Data Protection Officer (contact details above) in the first instance to talk through any concerns that you have. Alternatively, you can contact our Customer Care Team (Tel: 0300 124 5400).

If you remain dissatisfied following the outcome of your enquiry, then you may wish to contact the Information Commissioner's Office at the following address:

The Information Commissioner’s Office
Wycliffe House

Helpline: 0303 123 1113 (local rate) or 01625 545 745

Staff within the Community Children’s Health Partnership takes the handling of your and your family’s information extremely seriously. This includes any information provided via this website. We will retain any information submitted online, in digital and/or hard copy form, in order to respond or deal with any request, enquiry, feedback or other submission you may have made.

While we take every precaution to protect the information supplied to us, we cannot guarantee the safety of emails sent in. All information sent via this website or email is done so at the owner’s risk, therefore you may wish to call us if you need to pass on sensitive or confidential information. Any personal information submitted in the form of a job application will be used only for the purpose of processing that application. You mind find links to third party websites on our website. These websites should have their own privacy policies which you should check. We do not accept any responsibility or liability for their policies whatsoever as we have no control over them.

If this privacy policy is updated or amended in any way, the most recent version will be made available on this web page. Cookies By using this Website you may receive certain third party Cookies on your computer. Third party cookies may be used on this Website for improvement of our products or services. These cookies are not integral to the services provided by the Website. All Cookies used by this Website are used in accordance with current UK and EU Cookie Law. Certain features of the Website may depend upon Cookies to function. UK and EU Cookie Law deems these Cookies to be strictly necessary.

This Website uses analytics services provided by Google Analytics. Website analytics refers to a set of tools used to collect and analyse usage statistics, enabling us to better understand how Users use the Website. This, in turn, enables us to improve the Website and the products services offered through it. Whilst our use of them does not pose any risk to your privacy or your safe use of the Website, it does enable us to continually improve our business. You can choose to enable or disable Cookies in your internet browser. Most internet browsers also enable you to choose whether you wish to disable all cookies or only third party cookies. By default, most internet browsers accept Cookies but this can be changed. For further details, please consult the help menu in your internet browser. You can choose to delete Cookies at any time however you may lose any information that enables you to access the Website more quickly and efficiently including, but not limited to, personalisation settings.

Changes to this Policy

The Community Children’s Health Partnership reserves the right to change this Policy as we may deem necessary from time to time or as may be required by law. Any changes will be immediately posted on the Website and you are deemed to have accepted the terms of the Policy on your first use of the Website following the alterations.

Covid 19 and Your Information

The health and social care system is facing significant pressures due to the Covid-19 outbreak. Health and care information is essential to deliver care to individuals, to support health and social care services and to protect public health. Information will also be vital for researching, monitoring, tracking and managing the outbreak. In the current emergency it has become even more important to share health and care information across relevant organisations. Existing law which allows confidential patient information to be used and shared appropriately and lawfully in a public health emergency is being used during this outbreak. Using this law the Secretary of State has required health organisations and GPs to share confidential patient information to respond to the Covid-19 outbreak. During this period we may offer you a consultation via telephone or video conferencing. By accepting this invitation and entering the consultation you are consenting to this.

Contact Information and Further Advice

If you would like to know more about how we use your information, require information in any accessible format or language or if (for any reason) you do not wish to have your information used in any of the ways described, please contact:

Data Protection Officer
Sirona care & health
Kingswood Civic Centre (2nd Floor)
High Street
South Gloucestershire
BS15 9TR


Privacy policy reviewed and updated December 2021.


Privacy notice for ChatHealth

What is a privacy notice?

We are the Community Children’s Health Partnership (that is part of Sirona care & health) and we provide healthcare services to children and young people. We collect information from you in order to care for you in the best way. This document is called a privacy notice and it tells you why we collect information about you, how we use that information, how we keep it safe and who we sometimes share it with.

About ChatHealth

ChatHealth is a safe and secure messaging platform which helps you get confidential help and advice from the school nursing team that are employed by us. Your privacy and the safety of your personal information is extremely important to us.

Your confidentiality

Our school nursing team that use ChatHealth messaging usually offer the opportunity for you to ask for help and advice anonymously, without giving your name. Your conversation is also confidential. Except for in some exceptional circumstances, a school nurse will not normally inform anyone that you have been in touch or tell them what you have been speaking about.

Information that is seen when you send text messages

When you send SMS text messages to speak with a school nurse through ChatHealth, the person you are speaking with will only be able to see your mobile phone number, unless you give any further personal details, such as your name or date of birth, as part of the conversation.

Opting out

You can end a messaging conversation at any time by sending the word STOP in a message. This would normally prevent a school nurse from sending any further messages to you.

Supporting you in exceptional circumstances

In some exceptional circumstances, like if something you tell your school nurse gives them reason to believe your safety or someone else’s safety is at significant risk, their duty of care requires further action to be taken. For example, they might notify other healthcare, welfare or emergency services which can help to ensure you are safe and well. If they do need to tell someone else about something you have said, they will usually try to speak with you first.

In exceptional circumstances, information relating to your mobile phone number may be used to try to locate you. If you have sent a STOP message, the school nurse you are speaking with may ask us to over-ride it so they can try and check that you are safe from harm.

Information that is recorded and who can see it

When you speak with a school nurse using ChatHealth messaging, they will keep a copy of the conversation as an electronic record that may be seen by other healthcare staff who follow the same confidentiality rules. The record will include your phone number and any other details you mentioned in your conversation, plus other information, like times that messages were sent and any additional notes made by the school nurse during the conversation. Alternatively, the conversation may be recorded onto an electronic patient record system that we use that can also be seen by your family doctor (GP). However, this will only be the case, if you have given us personal details such as your name or date of birth as part of the conversation.

How records of conversations are used

Keeping records of conversations also enables the school nursing team to fulfil their responsibilities. It makes it possible for us to provide you with the best possible healthcare and advice, including keeping you safe from harm and making decisions with you, about you.

How long information is kept for

Once your school nurse has taken a copy of a messaging conversation, it can be kept for a substantial period of time by Sirona care & health (specifically if you have given use your personal details); for children, this can be until they are well into adulthood. You can ask your school nurse for more information on how your records are managed during a conversation.

We work in partnership with Leicestershire Partnership NHS Trust – who provide the ChatHealth application to us. No information is kept long term by this organisation. Within a few days of your messaging conversation being concluded, it will no longer be seen by staff using ChatHealth. It will be deleted from servers within a month. In the long term, staff only save anonymous statistical information relating to conversations.

Information security

Our technical systems and partners are subject to the same strict information security regulations that apply to all NHS systems and organisations. All information we handle is encrypted whilst being transmitted and whilst being stored. All data storage facilities, including cloud services in the EU and physical data centres in the UK, meet up to the very highest information security standards. All ChatHealth technical staff and partners are bound by strict confidentiality rules which prevent them from sharing, disclosing or onwardly processing information about you.

How you can help

When you send messages to speak with a school nurse through ChatHealth, it is important that you consider the security of the device you send the message from.
Remember to lock your smartphone and any other linked devices if you do not want other people to be able to be able to see your confidential messaging conversations. Please also remember that, when you send SMS text messages to speak with a school nurse through ChatHealth, your chosen mobile network provider also has to act responsibly to ensure the safety of your personal information.

Your feedback

At the end of a conversation with a school nurse, you may be asked for feedback about your experience along the lines of: “Has this conversation helped you today? Please reply back YES or NO with any comments you may have.” Any feedback you give will be collected anonymously and used for reporting purposes and it may be also be used for marketing purposes, for example at a conference, in a journal paper, on our websites or in promotional materials. Please indicate if you would like to be opted out of your feedback being used in this way in your reply.

Your rights

Data protection law gives you rights in relation to the way your personal information is being used. These include the right to access any information which is held about you, the right to change or restrict any information which is being held about you if you think that something is factually incorrect and the right to contact us formally and object to us processing or storing data.

You have a right to erasure, in other words, a right to “be forgotten”, but this does not apply to your use of ChatHealth because we have to store information to ensure we can provide you with safe healthcare.

There are also other rights which aren’t relevant to your use of ChatHealth, such as those relating to ‘data portability’ and ‘automated processing’. See contact details of our Data Protection Officer who can provide further information about your rights.

Legal basis for processing and keeping information

Under the terms of current data protection legislation, we are required to notify you of the legal reasons we are handling your information.


Personal data provided for the purpose of healthcare delivery, management and treatment

6(1)(e) Necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

Special Category Personal Data provided for the purpose of healthcare delivery, management and treatment:

9(2)(h) Necessary for the reasons of preventative or occupational medicine, for assessing the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or management of health or social care systems and services on the basis of Union or Member State law or a contract with a health professional.

School nurses using ChatHealth will normally speak with you about how they are using your personal data. Because they have a statutory duty to care for you, there is no legal requirement for them to ask your permission before making a record of the messaging conversations you have with them. Similarly, when speaking with children and young people, school nursing staff using ChatHealth, do not need to ask permission from a parent or guardian. This even applies when they are messaging with younger children, under the age of 13. The UK data privacy laws make this possible so that school nurses can fulfil their responsibilities. There are particular special provisions in law for digital services like ChatHealth which prevent ill-health or offer counselling.

Further questions or comments

If you would like to know more about how we use your information, require information in any accessible format or language or if (for any reason) you do not wish to have your information used in any of the ways described, please contact:

Data Protection Officer
Sirona care & health
Kingswood Civic Centre (2nd Floor)
High Street
South Gloucestershire BS15 9TR


Privacy policy reviewed and updated March 2022