This privacy notice describes how Six Degrees Social Enterprise handles personal information.
Who we are
Six Degrees Social Enterprise is a Salford based Community Interest Company (CIC) that provides talking therapy services.
What is a Privacy Notice?
A Privacy Notice describes how we collect, use, retain and disclose personal information which we hold. This Privacy Notice is part of our commitment to ensure that we process your personal information/data fairly, lawfully and transparently.
Why issue a Privacy Notice?
To ensure that we are compliant with the Data Protection Act 2018 (DPA) and General Data Protection Regulations (GDPR). The Data Protection Law requires us to ensure that your information is processed correctly. This notice also explains what rights you have to control how we use your information.
Data Protection Law
We process your personal data in accordance with the Data Protection Act 2018 (DPA) and General Data Protection Regulations (GDPR), or for other lawful reasons.
Data Protection law says that the personal information we hold about you must be:
- Used lawfully, fairly and in a transparent way.
- Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes.
- Relevant to the purposes we have told you about and limited only to those purposes.
- Accurate and kept up to date.
- Kept only as long as necessary for the purposes we have told you about.
- Kept securely.
The rights that patients have with respect to their data
If you would like more information about your rights, please refer to:
Who are we regulated by?
We are regulated by the following:
Department of Health – https://www.gov.uk/government/organisations/department-ofhealth
Information Commissioner’s Office – https://ico.org.uk/ NHS England – https://www.england.nhs.uk/
Our healthcare professionals are also regulated and governed by their respective professional bodies including the Royal College of Nursing.
Why and how we collect information?
We may ask for or hold personal confidential information about you which will be used to support delivery of appropriate high-quality care and treatment. These records may include:
- Basic details, such as name, address, date of birth, next of kin.
- Contact we have had, such as appointments.
- Details and records of treatment and care, including notes and reports about your health.
- Information from other health professionals, such as your GP.
- It may also include personal sensitive information such as health conditions, ethnic origin, your religious or philosophical beliefs, sexuality, and whether you have a disability or any allergies.
It is important for us to have a complete picture, as this information assists staff involved in your care to deliver and provide appropriate treatment to meet your needs. Information is collected in a number of ways, via your healthcare professional, referral details from your GP or directly given by you.
How we use information?
- To help inform decisions that we make about your care.
- To ensure that your treatment is safe and effective.
- To work effectively with other organisations who may be involved in your care.
- To review care provided to ensure it is of the highest standard possible.
This helps you because:
- Accurate and up-to-date information assists us in providing you with the best possible care.
- If you see another healthcare professional, specialist or another part of the health and care, they can readily access the information they need to provide you with the best possible care.
We would not share information about you unless:
- You have asked us to and given us permission
- We are lawfully required to report certain information to the appropriate authorities e.g. to prevent fraud or a serious crime
- To protect children and vulnerable adults
- When a formal court order has been served upon us
- For the health and safety of others
There is huge benefit to use non-identifiable information to improve health and care services across the NHS and Social Care. This non-identifiable information can be used to help to:
- support the health of the general public.
- ensure our services can meet future needs.
- train healthcare professionals.
- manage research and audit.
- prepare statistics on NHS performance.
- monitor how we spend public money.
- Understand more about risk and causes.
- Develop new treatments.
- Plan services.
- Improve patient safety.
- Evaluate Government, NHS and Social Care policy.
How is information retained and kept safe?
Information is retained in secure electronic records and access is restricted to only those who need to know. It is important that information is kept safe and secure, to protect your confidentiality. There are a number of ways in which your privacy is shielded by removing your identifying information, using an independent review process, adhering to strict contractual conditions and ensuring strict sharing or processing agreements are in place. The Data Protection Act 2018 regulates the processing of personal information. Strict principles govern our use of your information and our duty to ensure it is kept safe and secure.
We will not transfer the personal information we collect about you outside the EU. There are some exceptions to this e.g. if you ask us to provide information about you to a company outside of the United Kingdom or the EU.
How do we keep information confidential?
Everyone working for Six Degrees Social Enterprise is subject to the Common Law Duty of Confidentiality and the Data Protection Act 2018. Information provided in confidence will only be used for the purpose(s) to which you consent to, unless there are other circumstances covered by the law. Under the NHS Confidentiality Code of Practice, all staff are required to protect information, inform you of how your information will be used and allow you to decide if and how your information can be shared. This will be noted in your records.
All Six Degrees Social Enterprise staff are required to undertake annual training in Data Protection, Confidentiality, IT/Cyber Security, with additional training for specialist staff, such as healthcare records, Data Protection Officers and IT staff.
Clinical placements for students commonly take place within the NHS. Students, such as student nurses could be receiving training in the service that is caring for you. If staff would like a student to be present they will always ask for your permission before that meeting or episode of care. The treatment or care you receive will not be affected if you refuse to have a student present during your episode of care. Occasionally, for assessment purposes, our Trainee Psychological Wellbeing Practitioners may request that their supervisor be present. You may refuse this if it makes you feel uncomfortable.
Who will the information be shared with?
To provide the best care possible, sometimes we will need to share information about you with others. We share information with other NHS and Social Care partner agencies for the purpose of improving local services, research, audit and public health. This includes the following:
- We may share your information with a range of Health and Social Care organisations and regulatory bodies. You may be contacted by any one of these organisations for a specific reason; they will have a duty to tell you why they have contacted you. Information sharing is governed by specific rules and law.
- We may also need to share information from your records with non-NHS organisations, from whom you are also receiving care, such as social services or private healthcare organisations. However, we will not disclose any health information to third parties without your explicit consent, unless there are exceptional circumstances, such as when the health or safety of others is at risk or where the law requires the disclosure of information.
- We may also be asked to share basic information about you, such as your name and parts of your address, which does not include sensitive information from your health records. Generally, we would only do this to assist others to carry out their statutory duties (such as usages of healthcare services, public health or national audits). In these circumstances, where it is not practical to obtain your explicit consent, we are informing you through this Privacy Notice, under the Data Protection Act 2018.
- Where patient information is shared with other non-NHS organisations, an Information Sharing Agreement is drawn up to ensure information is shared in a way that complies with relevant legislation. Non-NHS organisations may include, but are not restricted to: social services, education services, local authorities, the police, voluntary sector providers and private sector providers.
Your right to withdraw consent for us to share your personal information
You have the right to refuse/withdraw consent to some of the information sharing that may be held about you, but not all. If you want to withhold consent for sharing information please contact Six Degrees Social Enterprise. Each request will be dealt with on a case by case basis and the potential consequences for you of withholding information will be explained, for example it may result in there being a delay in you obtaining the care you are looking to receive.
Contacting us about your information
Each organisation has a senior person responsible for protecting the confidentiality of your information and enabling appropriate sharing. This person is known as the Caldicott Guardian. If you have any questions or concerns regarding the information we hold on you, the use of your information or would like to discuss further, please contact us at firstname.lastname@example.org
Sharing and linking data
Sharing information enables the NHS to improve its understanding of the most important health needs and the quality of the treatment and care we provide to you. We have entered into contracts with other NHS organisations to provide some services to us, which includes processing data on our behalf, including patient information. In these instances, we ensure that our partner agencies have contracts which outline that your information is processed under strict conditions and in line with the law. These services are subject to the same legal rules and conditions for keeping personal information confidential and secure, and Six Degrees Social Enterprise is responsible for ensuring their staff are appropriately trained and that technical and operational procedures are in place to keep information secure and protect privacy.
Keeping information secure and confidential
All staff have contractual obligations of confidentiality, enforceable through disciplinary procedures. All staff receive appropriate training on confidentiality of information and staff who have regular access to personal confidential data will have received additional specialist training.
We take relevant organisational and technical measures to ensure the information we hold is secure, such as:
- holding information in secure locations
- restricting access to information to authorised personnel
- protecting personal and confidential information held on equipment such as laptops with encryption
Unless required to do so by law, we will not share, sell or distribute any of the information you provide to us with any third party organisation/individuals without your explicit consent.
Each NHS organisation has a senior person responsible for protecting the confidentiality of patient information and enabling appropriate information sharing. This person is called the Caldicott Guardian, and in Six Degrees Social Enterprise this is Kelly Hylton, Senior Operational Manager.
Six Degrees Social Enterprise hold data in accordance with the Records Management Code of Practice for Health and Social Care 2016.
Please see the link below for the detailed record retention schedules. It sets out how long records should be retained, either due to their ongoing administrative value or as a result of statutory requirement.
All personal data (paper and electronic) is destroyed securely by Six Degrees Social Enterprise.
Opting out of data being shared beyond direct care purposes
The NHS Constitution states “You have the right to request that your confidential information is not used beyond your own care and treatment and to have your objections considered”.
If you do not want your personal information being shared and used for purposes other than your direct care and treatment, then you should contact the GP Practice you are registered with, and speak to a member of staff to ask how to “opt-out”. This should not affect the care and treatment you receive.
The Practice will add the appropriate code to your records to prevent your confidential information from being used for non-direct care purposes. Please note that these codes can be overridden in special circumstances required by law, such as a civil emergency or public health emergency.
Data Protection Register / ICO Registration
Six Degrees Social Enterprise is a Data Controller and under the terms of the Data Protection Act 2018 and are legally responsible for ensuring that all personal information we process is in compliance with the law. All data controllers must register with the Information Commissioners Office (ICO) who is the UKs independent body set up to uphold information rights, of all personal information processing activities.
Six Degrees Social Enterprise has dutifully registered and our ICO Notification number is Z2753802 you can access this notification of registration via the ICO website at www.ico.org.uk
Data Protection Officer
We have appointed a Data Protection Officer (DPO) to oversee compliance with Data Protection Law. The DPO also:
- informs/advises the organisation on data protection law and practices
- acts as point of contact for the data subjects and the Information Commissioners Office (ICO)
- advises on Data Protection Impact Assessments
- maintains due regard to the risk associated with processing data, taking account of nature, scope and context of processing
- co-operates with supervisory authority (ICO) on behalf of the organisation
Our Data Protection Officer is: Phil McEvoy
Questions or concerns
If you have any questions or concerns regarding the information we hold on you or the use of your information, please contact us at:
Six Degrees Social Enterprise Southwood House Greenwood Business Centre Regent Road Salford M5 4QH
To contact the Caldicott Guardian or the the Data Protection Officer, please also contact us at email@example.com
Please note this email account is accessed by a number of staff, therefore please state that the email is for the Caldicott Guardian or for the Data Protection Officer, so that we can deal with your enquiry as quickly as possible.
We record all calls, and information is retained for 36 months