ACTION FOR ASD PRIVACY NOTICE

Action for ASD (referred to as "we" throughout this document) is a Data Controller in line with Data Protection law, as we collect and process personal information about you in order to provide services and meet our statutory obligations. Please see below 'Why we need your information', for a full description of the services in which we may use your personal data.

We are committed to protecting and respecting your privacy. Through this Privacy Notice we have tried to be as transparent as possible to fully explain how your personal data is held and processed. It explains when and why we collect personal information about people who come into contact with us, whether through applying or receiving our services or our website.

This Privacy Notice also explains how we collect, use and share your information and how long we keep it, and how we keep it secure.

Any questions regarding our privacy practices should be sent to:

dpo@actionasd.org.uk or to: Data Protection Officer, 

Action for ASD, Suites 7 & 8 Kings Mill, Queen St, Burnley, Lancashire, BB10 2HX


WEBSITE POLICIES
Privacy Policy

Who are we?

Action for ASD is:

a Registered Charity (registered number 1089341); 

a company limited by guarantee in England (4243981) 

registered with the Information Commissioner’s Office (Z6368310)

The charity is a "data controller". This means that we are responsible for deciding how we hold and use personal information about you.

As part of the services we offer, we are required to process personal data about our service users and staff and in some instances, the friends or relatives of our service users.

 

What type of information is collected about you?

We may collect various types of personal data about you depending on the services you receive and your contact with us, such as your:

  • Contact details; including name, address, email address, telephone number, etc
  • Financial details for purposes of receiving or making payments
  • Date of birth
  • Employment details (when you apply for jobs)
  • Proof of identity
  • Housing information
  • National identifiers such as; NHS & NI numbers
  • Visual images, personal appearance and behaviour
  • Information about your family
  • IP address and information regarding what internet pages are accessed and when
  • Business activities
  • Lifestyle, social and personal circumstances
  • The services you receive
  • Assessment outcomes
  • Contact we have had with health professionals on your behalf, such as appointments and home visits
  • Details and records of treatment and care, including notes and reports about your health
  • Information from people who care for you and know you well, such as relatives

We may also collect various types of sensitive personal data, sometimes known as special categories from individuals, such as:

  • Physical or mental health details
  • Racial or ethnic origin
  • Offences (including alleged offences)
  • Gender and sexual orientation
  • Religious or other beliefs of a similar nature
  • Trade union membership
  • Criminal proceedings, outcomes and sentences
  • It may also include personal sensitive information such, like and dislikes and whether you have a disability, allergies or health conditions.
It is important for us to have a complete picture, as this information assists staff involved in your care to deliver and provide improved care, deliver appropriate care plans and to meet your needs.
    Information is collected in a number of ways, via your initial pre-assessment before arriving at our services and professional, referral details from your GP/Health Professional or directly given by you or your family.

    Cookies

    When you visit our website, cookies are used to collect information about website usage. For more details see our Cookies Policy.

     

    Why we need your information

    We need your personal data in order to provide you with services that you apply for, or receive, from us and also for where we are required to use information in order to meet our statutory obligations. We will only collect personal data that is absolutely necessary and any information we collect about you will be strictly in accordance with Data Protection legislation and other statutory obligations which we are bound by.

     

    We process your information for the following services, including:

    ·         Child & Family Services

    ·         Adult Services

    ·         Diagnostic Services

    ·         Administration Services

    ·         Employment Services


    How your information will be used?

    • To help inform decisions that we make about your care.
    • To ensure that your treatment is safe and effective.
    • To work effectively with other organisations who may be involved in your care.
    • To ensure our services can meet future needs.
    • To review care provided to ensure it is of the highest standard possible
    • To inform healthcare professionals.
    • The information can be used to help:
    • Improve individual care.
    • Plan services.

    It helps you because you will be able to see accurate and up-to-date information assists us in providing you with the best possible care.

    Where possible, when using information to inform future services and provision, non-identifiable information will be used.


    The lawful basis for using your information

    We collect and use information under one or more of the following legal bases.

    ·         Legitimate interest – we need to process your information and share in your interests e.g. Safeguarding, NMDS-SC submissions

    ·         Consent – we need your permission to use your information for various purposes including marketing and providing services

    ·         Contract – we need to process your information as part of a contract such as contract of employment.

    ·         Legal obligation – we need to share your information with public authorities e.g. HMRC, CCG’s

    Where we require consent to use your information we will make it clear when we ask you for consent and also explain how you can withdraw your consent.

    You will be advised of any additional purposes or uses at the time the information is collected or used.

     

    Who your information may be shared with

    We have statutory obligations to collect, process and share personal or sensitive personal information without consent, with our partners such as the NHS, central government, such as DWP, HMRC, councils and law enforcement agencies such as the Police and the Crown Prosecution Service, for the following purposes:

    ·         Health and wellbeing and public health

    ·         Prevention of fraud

    ·         Safeguarding of vulnerable adults and children

    ·         Protect you or other individuals from serious harm

    ·         Prevention and detection of crime

    ·         Public safety and law enforcement

    ·         Criminal or civil prosecution of offenders

    ·         If required to do so by any court or law

    ·         National security

    We may also share your information with our partners to deliver or improve services we deliver, or provide the services you agreed to receive. We may share with:

    ·         NHS (GPs, Hospital, Mental Health, CCGs etc.)

    ·         Voluntary sectors

    ·         Central government

    ·         Councils

    In most cases this will be done where there is a lawful basis under the conditions set out in the Data Protection Legislation.

    We may also share your information with third party service providers working on our behalf for the purposes of completing tasks and providing services to you on our behalf (for example; Counselling). However, when we use third party service providers, we disclose only the personal information that is necessary to deliver the service and we have a contract in place that requires them to keep your information secure, as required by the Data Protection Act 1998 and General Data Protection Regulation 2016 (GDPR), and not to use it for any other purpose.

     

    How long do we keep your information?

    We keep your information in line with any legal or business requirement as detailed in our retention schedule. We will adhere to the retention timelines determined by the Information Governance Alliance (IGA) in Appendix 3 of Records Management Code of Practise for Health and Social Care 2016 (https://digital.nhs.uk/article/1202/Records-Management-Code-of-Practice-for-Health-and-Social-Care-2016).

     

    Marketing and e-newsletters

    We always act upon your choices around what type of communications you want to receive and how you want to receive them e.g. email newsletters to inform you of what we're doing, news and events.

    You have a choice about whether or not you wish to receive information from us. If you no longer want to receive our e-newsletters, then you can do this by clicking the unsubscribe link or responding to the email sender.

    We will never use or share your personal information to third parties for marketing purposes without your permission.

     

    Business intelligence

    We may analyse your personal information to improve services and for the following purposes;

    ·         undertake statutory functions efficiently and effectively

    ·         service planning by understanding your needs to provide the services that you request

    ·         understanding what we can do for you and inform you of other relevant services and benefits

    ·         help us to build up a picture of how we are performing at delivering services to you and what services the our members need

    ·         analysis of costs and spend of services we provide so that we can to ensure better and efficient use of funds

    We are however committed to using pseudonymised or anonymised information as much as is practical, and in many cases this will be the default position.

    Pseudonymisation is where the most identifying fields within a data record are replaced by one or more artificial identifiers, or pseudonyms.

    Anonymisation is the process of removing identifying particulars or details from (something, especially medical test results) for statistical or other purposes.

     

    Protecting your information

    Any information held by Action for ASD about individuals is held securely and in compliance with all current data protection legislation.

    We are committed to protecting our service user's and employee’s personal data. We have put measures in place to ensure that our staff, service providers, partners and suppliers all protect your information in line with the law and follow best practice. The information security measures we've put in place include:

    ·         following best practice and the law when it comes to collecting, handling and giving access to information in both manual and electronic forms

    ·         annual training for staff in their data protection responsibilities

    ·         access to your information is only given to those who need to know and where it is necessary

    ·         information will not be held for longer than required and will be disposed of securely

    ·         we encrypt all our electronic devices and sensitive information that is transmitted is encrypted

     

    How you can access, update, restrict, remove or correct your information

    Data Protection law gives you the right to apply for a copy of information about yourself, called a Subject Access Request. You will need to request this in writing and provide proof of identity. How to request your information

    The accuracy of your information is important to us to be able to provide relevant services. If you wish to restrict data processing or sharing including use for marketing or do not want to be contacted by Action for ASD, please inform us. You can request that we remove your details from our systems. We will remove data in accordance with your wishes, excluding data we are required to keep by law.

    Legal basis

    Right to request erasure

    Right to portability

    Right to object

    Public task

    No

    No

    Yes

    Legitimate interest

    Yes

    No

    Yes

    Consent

    Yes

    Yes

    No

    Contract

    Yes

    Yes

    No

    Legal obligation

    No

    No

    No

    Vital interest

    Yes

    No

    No

     

    Your information choice and rights

    Where we use your personal data to fulfil a statutory obligation, for other purposes other than what you have consented or where the data protection law allows, then we will let you know so that you can make an informed choice about how your information is used.

    If you do not want your information to be used for any purpose beyond providing the services you have agreed to receive, you can choose to opt out of this. However, if you opt out or withdraw consent from certain processing of your information, we may not be able to deliver certain services to you.

    You may not be able to object to your information being used, held, or shared under certain circumstances. For example, where have a duty to safeguard a vulnerable adult or a child, or the prevention and detection of crime, or where we are required to fulfil our statutory obligations.

    Where you would like to withdraw your consent or opt-out of any other use of your information, please contact the Data Protection Officer using the details above.

     

    The Information Commissioner's Office

    The Information Commissioner is the UK's independent body set up to uphold information rights. If you would like to know more about your rights under the Data Protection law, and what you should expect from us, visit the Information Commissioner's website.

    If you have a complaint or any concerns regarding our privacy practices or about exercising your Data Protection rights, you can contact the Information Commissioner's Office.

     

    Changes to our Privacy Notice

    We will review and updated this Privacy Notice to reflect any changes in the services we provide.