Why we collect information about you
A partnership called the Community Children’s Health Partnership (CCHP) exists between Sirona care & health CIC, Avon and Wiltshire Mental Health Partnership NHS Trust and Barnardo’s. Its purpose is to provide child healthcare and child and adolescent mental health services across Bristol, North Somerset and South Gloucestershire. To do this we must keep records. For the purposes of the UK Data Protection Act 2018 and EU General Data Protection Regulations 2018, the partner organisations are all Data Controllers of information they are individually responsible for. We take great care to meet our legal and other duties, including compliance with the following:
- UK Data Protection Act 2018/EU General Data Protection Regulations 2018
- Human Rights Act 1998
- Health and Social Care Act 2012, 2015
- Public Records Act 1958
- Copyright Design and Patents Act 1988
- Re-Use of Public Sector Information Regs 2004
- Computer Misuse Act 1990
- Common Law Duty of Confidentiality
- NHS Care Records Guarantee for England
- Social Care Records Guarantee for England
- International Information Security Standards
- Information Security Code of Practice
- Records Management Code of Practice for Health and Social Care 2016
- The Accessible Information Standard
What is a privacy notice?
A privacy notice is a notice which communicates our commitment to ensuring that we process your personal information and any data we collect and hold about you or your family fairly, lawfully, openly and responsibly. It is a statement by the Community Children’s Health Partnership describing how we ‘process’ data, which means:
- What information we collect about you or your family
- Who is collecting it
- Why the information is needed
- Sources of information we use
- Who we may share it with
Although we provide health care services for children and young people, our website is not intended for children directly. This privacy notice covers how we process data of our children and young people and of their guardians/ families. It is aimed at the parents and other legal guardians of the children and young people in our care, as it covers their data as well as the data of the child (who may find it difficult to understand this policy and privacy notice either by virtue of their young age or lack of mental capacity.
What information is collected and by whom:
The records we keep could be stored in paper form or electronically (or both) and may include:
- Data about your child: forename, surname, date of birth, address, age, gender, NHS number, next of kin
- Data about you including title, marital status, email addresses, telephone numbers, ethnicity, religion and name and age of any siblings your child has.
- Contact we have had with you or your child, such as appointments, attendances and home visits
- Notes and reports about you or child’s health including any allergies or health conditions
- Details and records about your child’s treatment and care, such as advice given or referrals made
- Results of investigations including x-rays, scans, blood tests etc
- Relevant information from people who care for you or your child and know you well, for example, health and social care professionals and relatives, schools
- Data about you, your child or your family disclosed to us from you or from third party sources in relation to criminal records and convictions
Why is the information needed?
Your records will be used to plan your child’s care and/or treatment by doctors, nurses or any other professionals, such as social care staff, as well as administrative staff and clinicians or therapists in other health care settings. All staff are here to ensure we provide you and your family with the best possible care. All staff are bound by the Common Law Duty of Confidentiality as well as organisational Policy and Procedures which comply with professional guidance, best practice and the law.
The Partnership may also use your or your child’s information to:
- Carry out clinical audits to monitor and improve the quality of care and treatment provided
- Train new doctors and nurses and other relevant staff
- Undertake patient/service user satisfaction surveys
- Investigate complaints, legal claims or incidents
- Manage and plan services, make improvements, public health purposes – information is anonymised when used for this purpose.
You may be asked if you would be willing to take part in an approved research project but you do not have to agree if you do not want to.
Sources of information we use
Information will be collected by those who support the provision of our services. It could be collected in a number of different ways. This might be from a referral made by a GP or another healthcare professional or perhaps directly from you - in person, over the telephone or on a form you have completed.
Who will your information be shared with?
You and your child’s information will be accessed by clinical and administrative staff to provide child healthcare and child and adolescent mental health services. This could include health care professionals based in any of the locations in which we work. The Community Children’s Health Partnership works in partnership with the NHS and with other NHS-related organisations. Clinical staff employed by these organisations may be consulted for an expert opinion relating to your care.
Information about ‘treatment’ may be shared with other organisations to enable the continuation and/or support of care eg. NHS Trusts, your GP, clinical networks, such as cancer care, etc. We may also share some information, subject to strict agreement on how it will be used, with local authorities, education services, voluntary or private care providers. If its necessary to be referred to another service for further treatment, information about medical conditions and care will be sent to that service. Information may be shared to provide out-of-hours clinical support, or other support services, such as transport. All such services are bound by the Common Law of Confidentiality and local agreements. There are occasions where the organisation has a legal duty to pass patient/service user information to relevant authorities. This may include reporting a serious crime or identification of an infectious disease that may endanger the safety of others.
We do not routinely share personal data outside of the European Economic Area (EEC).
Protecting your information
Everyone working within the Community Children’s Health Partnership has a legal duty to keep personal data secure and confidential at all times. Staff are trained on the UK Data Protection Act 2018, EU General Data Protection Regulations 2016 and the Common Law of Confidentiality. Robust technical measures are in place to keep information secure when stored electronically. Information will only be disclosed where we have a lawful basis to do so and in accordance with this privacy notice.
Lawful basis for processing personal and special category data
We will only use personal data and so-called ‘special category’ data in a way permitted by law and this means that as from 25 May 2018 we will only process data in accordance with GDPR, common law and the lawful bases set out in UK Data Protection Law. Processing personal data is deemed legal as defined in Article 6 of the GDPR, so long as at least one of the following applies:
- purposes of the legitimate interests pursued by the organisation or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of their personal data, in particular where the data subject is a child;
- to protect the vital interests of the data subject or of another person;
- to perform a task carried out in the public interest or in the exercise of official authority given to the organisation;
- to comply with legal requirements for the discharge of an organisation's tasks or functions;
- because the processing is necessary for the purposes of a contract with the individual [for example, the person has an employment contract ];
- the data subject has given consent to the processing of his or her personal data for one or more specific purposes.
Most commonly we will use your/or your child’s personal data for circumstances where it is necessary for the purpose of our legitimate interests or those of a third party.
In addition to the lawful bases set out above, when we process special categories of personal data, we must identify an additional lawful basis for processing. Within our Partnership and in relation to our healthcare services, we rely on the following legal basis: The processing is necessary for the provision of health or social care or treatment or the management of health or social care systems and services.
Please note that we may process your personal data for more than one lawful bases depending on the specific purpose for which we are using your data. Please contact us if you want further details about the specific legal bases we are relying on to process your personal data.
We are required by law to report certain information to appropriate authorities. This might include:
- Notification of new births
- Where we encounter infectious diseases which may endanger the safety of others, such as meningitis or measles (but not HIV/AIDS)
- When a court order instructs us to do so
- When a serious crime has been committed
- If there is a serious risk to the public or staff
- To protect children or vulnerable adults
We will only breach confidentiality after careful consideration and our reasons and actions will be documented fully.
Each partner organisation has a Caldicott Guardian who is a senior member of staff, responsible for protecting the confidentiality of individual’s information and enabling appropriate sharing.
How long do we retain records for?
All our records are stored in accordance with the Information Governance Alliance Records Management Code of Practice for Health and Social Care 2016 which sets out the appropriate length of time each type of NHS record is retained. We do not keep records for longer than is necessary. All records are appropriately reviewed once their retention period has been met, and the Partners will decide whether the record still requires retention or should be confidentially destroyed. All decisions and destructions are documented. Sirona care & health as lead provider within the Partnership is responsible for the permanent storage of records created.
What choices do you have?
If we think we should share information with anyone other than those involved in your or your child’s care we will normally tell you first.
If you wish to limit the sharing of information, we will discuss with you how this may affect the care or treatment provided. We will respect your wishes as far as we are legally able.
We may use different communication methods to keep you informed of appointments, eg. text reminders, or leaving reminder messages on your answerphone. If you do not wish us to contact you in this way, please inform a member of staff.
Data protection laws give individuals rights in respect of the personal information that we hold. These are:
- To be informed why, where and how we use your information.
- To request access to your information.
- To request information to be corrected if inaccurate or incomplete.
- To request for your information to be deleted or removed where there is no need for us to continue processing it.
- To request us to restrict the use of your information.
- To request us to copy or transfer your information from one IT system to another in a safe and secure way, without impacting the quality of the information.
- To object to how your information is used.
- To challenge any decisions made without human intervention (automated decision making).
How can you access information that is held ?
Records are retained by one of the organisations within the Partnership who is delivering services to you/your family. Under the UK Data Protection Act 2018/EU General Data Protection Regulations 2018 you have the right to request a copy of records that are held. Sirona care & health as the lead provider within the Partnership is responsible for ensuring that individuals can access information in accordance with data protection legislation. Contact the Data Protection Officer at Sirona care & health (contact details below) on how to access records.
What we ask of you
- Let us know when you change address or name
- Tell us if any information is incorrect
- Tell us if you change your mind about how we share information
Data Protection Officer
For access to records enquiries or for more information about your rights under the UK Data Protection Act 2018/EU General Data Protection Regulations 2018, contact Sirona care & health’s Data Protection Officer at the following address;
If you remain dissatisfied following the outcome of your enquiry, then you may wish to contact the Information Commissioner's Office at the following address:
The Information Commissioner’s Office
How can you make a complaint?
If you have any concerns on how information is used or might be used or you require further information please talk to the healthcare professional providing the service to you. Alternatively you can contact Sirona's Customer Care Team (Tel: 0300 124 5400) who will investigate on your behalf.
The Community Children’s Health Partnership takes the handling of your information extremely seriously. This includes any information provided via this website. We will retain any information submitted online, in digital and/or hard copy form, in order to respond or deal with any request, enquiry, feedback or other submission you may have made.
While we take every precaution to protect the information supplied to us, we cannot guarantee the safety of emails sent in. All information sent via this website or email is done so at the owner’s risk, therefore you may wish to call us if you need to pass on sensitive or confidential information. Any personal information submitted in the form of a job application will be used only for the purpose of processing that application. You mind find links to third party websites on our website. These websites should have their own privacy policies which you should check. We do not accept any responsibility or liability for their policies whatsoever as we have no control over them.
This Website uses analytics services provided by Google Analytics. Website analytics refers to a set of tools used to collect and analyse usage statistics, enabling us to better understand how Users use the Website. This, in turn, enables us to improve the Website and the products services offered through it. Whilst our use of them does not pose any risk to your privacy or your safe use of the Website, it does enable us to continually improve our business. You can choose to enable or disable Cookies in your internet browser. Most internet browsers also enable you to choose whether you wish to disable all cookies or only third party cookies. By default, most internet browsers accept Cookies but this can be changed. For further details, please consult the help menu in your internet browser. You can choose to delete Cookies at any time however you may lose any information that enables you to access the Website more quickly and efficiently including, but not limited to, personalisation settings.
Changes to this Policy The Community Children’s Health Partnership reserves the right to change this Policy as we may deem necessary from time to time or as may be required by law. Any changes will be immediately posted on the Website and you are deemed to have accepted the terms of the Policy on your first use of the Website following the alterations.