Top

Six Degrees Social Enterprise

Supporting Your Mental Health

Privacy Notice

Privacy Notice

This privacy notice describes how Six Degrees Social Enterprise handles personal information.

We are Six Degrees Social Enterprise, a Salford-based Community Interest Company (CIC) specifically structured and organised to ensure that we provide the right support for people with wellbeing or mental health problems, whilst delivering cost-effective services. We are a data controller under the Data Protection Act 2018 because we collect, store, share and use personal data to provide healthcare services. Your personal data will also be used to plan our services and to make sure those services are as good as they can be.

Our registered address is 8th Floor, 2 City Approach, Albert Street, Eccles, M30 0BL

Our phone number is 0161 983 0900.

Our email address is sixdegrees@nhs.net

Our website address is www.six-degrees.org.uk

Six Degrees is registered with the Information Commissioner’s Office (ICO). Our registration number is Z2753802

Our Data Protection Officer is Carl Ashcroft and he can be contacted by writing to 8th Floor, 2 City Approach, Albert Street, Eccles, M30 0BL, emailing sixdegrees@nhs.net or by phone on 0161 983 0900.

What is a Privacy Notice?

A Privacy Notice describes how we collect, use, retain and disclose personal information which we hold. This Privacy Notice is part of our commitment to ensure that we process your personal information/data fairly, lawfully and transparently.

Why issue a Privacy Notice?

To ensure that we are compliant with the Data Protection Act 2018 (DPA) and U.K. General Data Protection Regulations (U.K. GDPR). The Data Protection Law requires us to ensure that your information is processed correctly. This notice also explains what rights you have to control how we use your information.

Data Protection Law

We process your personal data in accordance with the Data Protection Act 2018 (DPA) and U.K. General Data Protection Regulations (U.K. GDPR), or for other lawful reasons.

Data Protection law says that the personal information we hold about you must be:

  1. Used lawfully, fairly and in a transparent way.
  2. Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes.
  3. Relevant to the purposes we have told you about and limited only to those purposes.
  4. Accurate and kept up to date.
  5. Kept only as long as necessary for the purposes we have told you about.
  6. Kept securely.

The rights that patients have with respect to their data

Under data protection law, you have rights including:

Right to be informed

You have a right to be informed if your personal data is being used. Most of this right to be informed is met in this privacy notice, and similar information when we communicate with you directly and at our initial point of contact to discuss our services to you.

Right of access

YYou have the right to obtain a copy of personal data that we hold about you and other information specified in the U.K. GDPR (via what is commonly known as a Subject Access Request or SAR), although there are exceptions to what we are obliged to disclose.

For example, we may not provide all the information, where in the opinion of an appropriate health professional disclosure would be likely to cause serious harm to your, or somebody else’s physical or mental health or it refers to other individuals.

You will usually not have to pay a fee to access your personal information (or to exercise any of the other rights).

We may refuse to comply with the request in some circumstances.

To submit a Subject Access Request please contact us by email sixdegrees@nhs.net or by phone on 0161 983 0900.

Right to rectification

You have the right to ask us to rectify any inaccurate data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.

Right to erasure (‘right to be forgotten’)

You have the right to request that we erase personal data about you that we hold. This is not an absolute right, and depending on the legal basis that applies, we may have overriding legitimate or other legal grounds to continue to process and store your data.

Right to object

You have the right to object to the processing of personal data about you on some grounds. The right is not absolute, and we may continue to use the data if we can demonstrate compelling legitimate grounds.

Right to restriction of processing

You have the right to ask us to restrict the processing of your information in certain circumstances.

Right in relation to automated individual decision-making

You have the right to object to being subject to a decision based solely on automated processing, including profiling.

Right to data portability

In limited circumstances you have the right to data portability which allows individuals to obtain and reuse their personal data for their own purposes across different services.

It is important that the personal information we hold about you is accurate and current.

Please keep us informed if your personal information changes.

If you would like more information about your rights, please refer to:

Why and how we collect information?

We will collect and retain personal information about you which will be used to support delivery of appropriate high-quality care and treatment. These records may include:

  • Basic details, such as name, address, date of birth, next of kin.
  • Contact we have had, such as appointments.
  • Details and records of treatment and care, including notes and reports about your health.
  • Information from other health professionals, such as your GP.
  • It may also include personal sensitive information such as health conditions, ethnic origin, your religious or philosophical beliefs, sexuality, and whether you have a disability or any allergies.

It is important for us to have a complete picture about you and your health and circumstances.  This assists staff involved in your care to deliver and provide appropriate support or treatment to meet your needs.

Information is collected in a number of ways, for example via your healthcare professional, referral details from your GP or directly given by you.

It is essential that your details are accurate and up to date. Always check that your personal details are correct when you visit us and please inform us of any changes as soon as possible.

Improving the experience of each individual service user is at the centre of our strategic aims and values. Obtaining feedback from patients and taking account of their views and priorities are vital for the delivery of high-quality services and for driving real service improvements. From time to time, we will ask you for such feedback.

We have a responsibility to train and develop our staff to:

  • deliver training briefings and events to support your treatment
  • train and develop our staff who deliver our services
  • provide training, briefing event opportunities that are later accessible to staff who cannot attend on the day of the session or training.

On occasions we may record a training session, briefing or event.

This means that if you have your picture or video image on screen or might include whatever you have in the background if you are working from home. These will be recorded.

If a recording is going to take place on the day you are in attendance, we will inform you, in advance in the invitation to the consultation or session and on the day of recording the session (normally verbally) prior to any recording taking place. You will be told of the purpose of the recording and that it will be made available for use with other SDSE staff or shared with known training providers, for example universities.

On these occasions anyone involved in the recorded session may have aspects of their personal data recorded, whether they actively participate in the session or not.

Improving the experience of each individual service user is at the centre of our strategic aims and values. Obtaining feedback from patients and taking account of their views and priorities are vital for the delivery of high-quality services and for driving real service improvements. From time to time, we will ask you for such feedback.

Our legal basis for processing your data

Our primary lawful bases for most of our processing under the UK GDPR are:

  • Article 6(1)(f)– the processing of personal data is necessary for the purposes of the legitimate interests pursued by Six Degrees or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data. Our primary legitimate interest is our core function to provide health and social care services as a Community Interest Company specifically structured and organised to ensure that we provide the right support for people with wellbeing and mental health problems, whilst delivering cost-effective services. This includes our right to process your personal data to provide you with the healthcare services you need, and to meet our contractual obligations.
  • Article 6(1)(e) – processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
  • Article 6(1)(b) – processing is necessary for the performance of a contract to which the data subject is party or to take steps at the request of the data subject prior to entering a contract.
  • Article 6(1)(c)- processing is necessary for compliance with our legal expectations, for example to meet our legal obligations.
  • Article 6(1)(d) – in order to protect your vital interests or those of another person, for example in a medical emergency where your information needs to be shared with the ambulance services.
  • Article 6(1)(a)– the individual has given clear consent for us to process their personal data for a specific purpose.
  • Where it is needed in the public interest or for official purposes, for example during the Covid pandemic

Special category information

Where we process special category data, for example data including health, racial or ethnic origin, or sexual orientation, we need to meet an additional condition in the U.K. GDPR.

Six Degrees only uses your confidential health information (information that identifies you and says something about your health, care and treatment, including your mental health) to provide you with direct care, and it is only shared with others for the purposes of providing care as set out in this privacy notice.

Where we are processing special category personal data for purposes related to the commissioning and provision of health services the condition is:

  • Article 9(2)(h) – processing is necessary for the purposes of preventive or occupational medicine, for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services.
  • Article 9(2)(b) – processing is necessary for the purposes of carrying out the obligations and exercising specific rights of the controller or of the data subject in the field of employment and social security and social protection law.
  • Article 9(2)(a) where you give us explicit consent to process your data.
  • Article 9(2)(c) to protect your vital interests or those of another person where you are incapable of giving your consent.
  • Article 9(2)(f) where the processing is for the purposes of establishing, exercising or defending legal claims or by courts when they are acting in their judicial capacity.
  • In addition we rely on processing conditions at Schedule 1 part 1 of the Data Protection Act 2018 including where the processing is necessary for the purposes of performing or exercising obligations or rights which are imposed or conferred by law on us as a data controller or you in connection with employment, social security or social protection, and for our statutory purposes, equality of opportunity or treatment, to support volunteers with a particular disability or medical condition, Counselling, for safeguarding of children and individuals at risk, and our insurance provider’s conditions.

How we use information

  • To help inform decisions that we make about your care.
  • To ensure that your treatment is safe and effective.
  • To work effectively with other organisations who may be involved in your care.
  • To review care provided to ensure it is of the highest standard possible.

This helps you because:

  • Accurate and up-to-date information assists us in providing you with the best possible care.
  • If you see another healthcare professional, specialist or another part of the health and care, they can readily access the information they need to provide you with the best possible care.

We would not share information about you unless:

  • You have asked us to and given us permission.
  • We are lawfully required to report certain information to the appropriate authorities e.g. to prevent fraud or a serious crime.
  • To protect children and vulnerable adults.
  • When a formal court order has been served upon us.
  • For the health and safety of others.

There is huge benefit to the use of non-identifiable information to improve health and care services across the NHS and Social Care and we adopt the principles of the national data opt-out in this regard. This non-identifiable information can be used to help to:

  • Support the health of the general public.
  • Ensure our services can meet future needs.
  • Train healthcare professionals.
  • Manage research and audit.
  • Prepare statistics on NHS performance.
  • Monitor how we spend public money.
  • Understand more about risk and causes.
  • Develop new treatments.
  • Plan services.
  • Improve patient safety.
  • Evaluate Government, NHS and Social Care policy.

How is information retained and kept safe?

Information is retained in secure electronic records and access is restricted to only those who need to know. It is important that information is kept safe and secure, to protect your confidentiality. There are a number of ways in which your privacy is shielded by removing your identifying information, adhering to strict contractual conditions and ensuring strict sharing or processing agreements are in place. The Data Protection Act 2018 regulates the processing of personal information. Strict principles govern our use of your information and our duty to ensure it is kept safe and secure.

We will not transfer the personal information we collect about you outside the EU. There are some exceptions to this e.g. if you ask us to provide information about you to a company outside of the United Kingdom or the EU.

How do we keep information confidential?

Everyone working for Six Degrees Social Enterprise is subject to the Common Law Duty of Confidentiality and the Data Protection Act 2018 and this is enforceable through disciplinary procedures. Information provided in confidence will only be used for the purpose(s) to which you consent to, unless there are other circumstances covered by the law. Under the NHS Confidentiality Code of Practice, all staff are required to protect information, inform you of how your information will be used and allow you to decide if and how your information can be shared. This will be noted in your records.

All Six Degrees Social Enterprise staff are required to undertake annual training in Data Protection, Confidentiality, IT/Cyber Security, with additional training for specialist staff, such as healthcare records.

Trainees working in health and social care commonly work closely with patients and other service users, sometimes working with groups of service users, other times working one to one.  Occasionally, when doing one to one work, our trainees may request that a qualified member staff be present, for assessment purposes.  Conversely, a trainee may benefit from observing a qualified member of staff who might request for a trainee to attend. In either case, you will be asked for your permission for the additional member of staff to attend. You may refuse it makes you feel uncomfortable.

We will store and share the recordings of training, briefings or events by storing appropriately.

We take relevant organisational and technical measures to ensure the information we hold is secure, such as:

  • Holding information in secure locations.
  • Restricting access to information to authorised personnel.
  • Protecting personal and confidential information held on equipment such as laptops with encryption.

Unless required to do so by law, we will not share, sell or distribute any of the information you provide to us with any third-party organisation/individuals other than mentioned herein.

We have appointed a Caldicott Guardian, a senior person responsible for protecting the confidentiality of patient information and enabling appropriate information sharing.

Who will the information be shared with?

To provide the best care possible, sometimes we will need to share information about you with others. We share information with other NHS and Care partner agencies for the purpose of improving local services, research, audit and public health. This includes the following:

  • We may share your information with a range of Health and Social Care organisations and regulatory bodies. You may be contacted by any one of these organisations for a specific reason; they will have a duty to tell you why they have contacted you. Information sharing is governed by specific rules and law.
  • We may also need to share information from your records with non-NHS organisations, from whom you are also receiving care, such as social services or private healthcare organisations. However, we will not disclose any health information to third parties without your explicit consent, unless there are exceptional circumstances, such as when the health or safety of yourself or others is at risk or where the law requires the disclosure of information.
  • We may also be asked to share basic information about you, such as your name and parts of your address, which does not include sensitive information from your health records. Generally, we would only do this to assist others to carry out their statutory duties (such as usages of healthcare services, public health or national audits). In these circumstances, where it is not practical to obtain your explicit consent, we are informing you through this Privacy Notice, under the Data Protection Act 2018.
  • Where patient information is shared with other non-NHS organisations as a matter of course, an Information Sharing Agreement is drawn up to ensure information is shared in a way that complies with relevant legislation. Non-NHS organisations may include, but are not restricted to social services, education services, local authorities, the police when appropriate and lawful to do so, voluntary and other third-sector organisations and private sector partners and health and social care providers.
  • We work in partnership with other professional organisations such as universities, to promote and assist them with our joint vital research work. On occasions we may share information with them to carry out their work, this will be done under a joint information sharing agreement.

Your right to withdraw consent for us to share your personal information

You have the right to refuse/withdraw consent to some of the information sharing that may be held about you, but not all.  If you want to withhold consent for sharing information, please contact Six Degrees Social Enterprise.  Each request will be dealt with on a case-by-case basis and the potential consequences for you of withholding information will be explained, for example it may result in there being a delay in you obtaining the care you are looking to receive. In most cases it will be in your best interests and our legitimate interests to continue to share your personal data with other health and social care professionals where appropriate.

Sharing and linking data

Sharing information enables the NHS to improve its understanding of the most important health needs and the quality of the treatment and care we provide to you. We have entered into contracts with other NHS organisations to provide some services to us, which includes processing data on our behalf, including patient information.  In these instances, we ensure that our partner agencies have contracts which outline that your information is processed under strict conditions and in line with the law. These services are subject to the same legal rules and conditions for keeping personal information confidential and secure, and Six Degrees Social Enterprise is responsible for ensuring their own staff are appropriately trained and that technical and operational procedures are in place to keep information secure and protect privacy.

Data Retention

Six Degrees Social Enterprise hold data in accordance with the Records Management Code of Practice for Health and Social Care 2016.

Please see the link below for the detailed record retention schedules. It sets out how long records should be retained, either due to their ongoing administrative value or as a result of statutory requirement.

Records Management Code of Practice 2021 for Health and Social Care (Updated August 2023) (https://www.nhsx.nhs.uk/information-governance/guidance/records-management-code)

All personal data (paper and electronic) are destroyed securely by Six Degrees Social Enterprise.

Questions or concerns

If you have any questions or concerns regarding the information we hold on you or the use of your information, please contact us at:

Six Degrees Social Enterprise 8th Floor, 2 City Approach, Albert Street, Eccles, M30 0BL

Email: sixdegrees@nhs.net

To contact the Caldicott Guardian or the Data Protection Officer, please also contact us at sixdegrees@nhs.net

Please note this email account is accessed by a limited number of staff, therefore please state that the email is for the Caldicott Guardian or for the Data Protection Officer, so that we can deal with your enquiry as quickly as possible.

You have the right to complain to the Information Commissioner if you are not happy with any aspect of how we have processed your personal data or believe that we are not meeting our responsibilities as a data controller.

The contact details for the Information Commissioner are:

Information Commissioner’s Office
Wycliffe House
Water Lane,
Wilmslow SK9 5AF

Website: ico.org.uk Helpline number: 0303 123 1113

Changes to this privacy notice

Any changes we may make to our privacy notice in the future will be posted on our website or you will be informed at the point of collection of your data if it is a significant change to how we use your data.

"My therapist was so lovely and understanding. They helped me tackle some things I didn`t realise were weighing on me so much and I feel better equipped to move forward."

"My therapist was attentive, listened to my problems and talked me through my concerns. I feel much less depressed thanks to their help."

"My practitioner was amazing, always listened and offered support and guidance throughout my sessions"

"I feel the person I spoke with was very understanding and helped me greatly. They were calm, professional and very helpful. Thank you so much."

Copyright ©2022 Six Degrees Social Enterprise C.I.C. registered in England & Wales. Company No. 07576751

Registered Office: 8TH FLOOR, 2 CITY APPROACH, ALBERT STREET, ECCLES, M30 0BL, UK

Please Note: If you want a list of the reference sources used on this website, please contact us on 0161 983 0900 or email us at sixdegrees@nhs.net. These web pages have not been sponsored by any other organisation. For further information, please read our Terms of Use

Six Degrees policy documents are available upon request. Our policies will be made available in large print when required.