Community Wellbeing - Privacy Notice
Who we are and what we do
The council is a data controller under the Data Protection Legislation as we collect and process personal information about you in order to provide services and meet our statutory and regulatory obligations.
This notice explains what personal data the Community Wellbeing service holds about you, how we collect, how we use and may share information about you. We are required to give you this information under data protection law.
Any questions regarding our privacy practices should be sent to:
Data Protection Officer (DPO)
Forest of Dean District Council
Council Offices, Coleford GL16 8HG
Email: data.protection@fdean.gov.uk
Tel: 01993 861194
Why we need your information and how we use it
The council uses personal information to enable us to deal with customer-related enquiries in as comprehensive a manner as possible. Specific enquiries could relate to health and wellbeing support, community events, community group support, community development activities, signposting and referring with your permission to other services that both suit you and meet your needs.
Sensitive data will be used for monitoring purposes only in order to ensure that we are compliant with equality and diversity legislation.
We use your personal information for a number of purposes:
- Create a secure and comprehensive record of all of the work that we do with and for you:
- Fully understand your needs:
- Arrange short/long term support solutions:
- Liaise with GP’s, and other Health Care Professionals on your behalf:
- Keep you safe from harm:
- Work with you or your representative to create a Support Plan:
- Analyse the service that we are providing:
The sharing of information facilitates a joined-up approach with partner agencies, to provide you with the best possible support.
What is the legal process for collecting and processing this data
When we collect your personal data, we rely on the following legal bases:
- 6(1)(a) Consent. The data subject has given clear consent for the processing of their personal data for a specific purpose. The data subject has given explicit consent to the processing.
- UK GDPR Article 6 (1) (c) Legal Obligation – processing is necessary for compliance with legal obligation to which the council is subject
- UK GDPR Article 6 (1) (e) Public Task – processing is necessary for the performance of a task carried out in the public interest in the exercise of official authority vested in the council.
When we collect your ‘special categories of personal data’, (such as health, race, ethnicity, sexual orientation) we rely on the following legal bases:
- Article 9(2)(a) the data subject has given explicit consent to the processing of those personal data for one or more specified purposes.
- Article 9(2)(g): Processing is necessary for reasons of substantial public interest (statutory purposes, equality of opportunity and Safeguarding of economic well-being of certain individuals)
- Article 9(2)(h): Processing is necessary for the provision of health or social care
- Article 9(2)(j): Processing is necessary for statistical purposes (which shall be proportionate to the aim pursued, respect the essence of the right to data protection and provide for suitable and specific measures to safeguard the fundamental rights and the interests of the data subject).
These additional legal bases are underpinned by acts of legislation that dictate what actions can and should be taken by local authorities, including:
- The Care Act 2014
- Health & Social Care Act 2015
- Children Act 1989
- Human Rights Act 1998
- Mental Health Act ( Amended 2007)
- Mental Capacity Act
What type of information is collected from you
- Personal information, for example, your name, address, telephone number, date of birth
- Contact details for members of your family and/or support network
- Information about health and medication to support your referral
- Information about you and your circumstances
- Information about any health conditions or disabilities that may apply to you, including your mental health
- Details contained in your records, correspondence received and conversations held
We may also collect special categories of personal data:
- Information about your racial or ethnic origin, religious or philosophical belief and your sexual orientation
- Information about health conditions or disabilities that may apply to you
- Information about you and your circumstances
- Information about relevant health and safety concerns
- Information about your needs and wishes
We will only ask for personal information that is appropriate to enable us to deliver our services. In some cases, you can refuse to provide your details if you deem a request to be inappropriate. However, you should note that this may impact on our ability to provide some services to you.
Anonymisation
Your personal information may be converted into statistical or aggregated data in such a way that ensures that you cannot be identified from it. Anonymised data cannot, by definition, be linked back to you as an individual and may be used to conduct research and analysis, including the preparation of statistics for use in our reports.
Who your information may be shared with (internally and externally)
We may share some information with other organisations including:
- Internal services
- Other councils
- External providers
- NHS providers, such as GPs and hospitals
- Other professionals
- Partner agencies, such as volunteer organisations and statutory organisations
- Law enforcement or other authorities if required by applicable law.
- The National Fraud Initiative, which is administered by the Cabinet Office, for the purposes of assisting the prevention and detection of fraud.
This data sharing enables us to personalise your support and ensure that you are receiving the best service possible.
How long we keep your information (retention period)
Records will be retained at the end of the contract between the NHS and the Community Wellbeing service before being securely destroyed.
For grants awarded by the Community Wellbeing service, the information will be retained as follows:
- Successful application: 7 years (6 years plus the current year) from when the last payment was made.
- Unsuccessful applications: 6 months after decision was made.
- Grants with legal agreements attached: for the length stated within that legal agreement, which may be up to 10 years from the date of commencement
- COVID grants awarded to communities: 10 years in line with HMRC and BEIS requirements.
How we protect your information
All the information the council collects is stored securely on our IT system and manual filing systems. The council has strict procedures for the way this is done. Any and all information about you is treated as confidential and with respect. There are also clear rules and guidance about storing, recording and sharing information which staff receive training on.
The council will not transfer your personal data outside the EU without your consent.
The council has implemented generally accepted standards of technology and operational security in order to protect personal data from loss, misuse, or unauthorised alteration or destruction.
Please note however that where you are transmitting information to us over the internet this can never be guaranteed to be 100% secure.
The council will notify you promptly in the event of any breach of your personal data which might expose you to serious risk.
Your rights
You have rights under the Data Protection Legislations:
- To access your personal data
- To be provided with information about how your personal data is processed
- To have your personal data corrected
- To have your personal data erased in certain circumstances
- To object to or restrict how your personal data is processed
- To have your personal data transferred to yourself or to another business in certain circumstances
- To be told if we have made a mistake whilst processing your data and we will self report breaches to the Commissioner.
How you can access, update or correct your information
The Data Protection law gives you the right to apply for a copy of information about yourself. This is called a ‘Subject Access Request'.
If you wish to see a copy of your records, you should contact the Data Protection Officer. You are entitled to receive a copy of your records free of charge, within a month.
In certain circumstances access to your records may be limited, for example, if the records you have asked for contain information relating to another person.
The accuracy of your information is important to us to be able to provide relevant services more quickly. The council is working to make our record keeping more efficient. In the meantime, if you change your address or email address, or if any of your circumstances change or any of the other information the council holds is inaccurate or out of date, please email us or write to us at:
Community Wellbeing Service
Council Offices
Coleford GL16 8HG
Email: community.wellbeing@fdean.gov.uk
www.fdean.gov.uk/communities-health-and-leisure/community-health-and-wellbeing/
Further information
If you would like to know more about how the council uses your information, or if for any reason you do not wish to have your information used in any of the ways described in this privacy notice, please contact the Data Protection Officer at data.protection@fdean.gov.uk
For more information about data protection please visit: www.fdean.gov.uk/about-the-council/council-data-and-information/data-protection/
If you are concerned about the way the council is handling your personal information you can contact the Information Commissioner (ICO): https://ico.org.uk/make-a-complaint/
The council reserve the right to update this privacy notice from time to time by publishing a new version on our website.