The SUN Network Cambridgeshire and Peterborough

Our privacy statement

Introduction

It is very important to us that any information we hold about our members or others who have been in contact with us is kept lawfully and that our standards on the protection of data are communicated clearly to all.

This privacy statement sets out the data processing practices carried out by the SUN Network Cambridgeshire and Peterborough.

We retain and use personal data (information that relates to and identifies living people) to help us carry out our role as the local independent champion for people with an interest in mental health and/or drug and alcohol services in Cambridgeshire and Peterborough.

We will always make sure that your information is protected and treated securely. Any information that you give will be held in accordance with:

  • Data Protection Act 1998
  • As of 25 May 2018, the new data protection legislation introduced under the General Data Protection Regulation (GDPR) and Data Protection Bill.

This statement should be read in the context of our overall Information Governance policy (April 2018).

We will also make our Information Asset Register available for people to read to give further clarity about how data relating to them is managed and kept secure. This includes our retention schedule and clear details about the lawful basis for storing and keeping personally identifiable information. Our Information Asset documents are available on request. Call or email 07712 358172 or email enquiries@sunnetwork.org.uk.

Information we collect

We collect personal information from visitors to this website through the use of online forms and every time you email us your details. We also collect feedback and views from people about the mental health and substance misuse services that they access. In addition, we receive information about our own staff and people who apply to work for us.

  • Information about people who use our website
  • Information about people who share their experiences with us by other means
  • Information about our own staff and people applying to work for us

Security

We are strongly committed to data security and we take reasonable and appropriate steps to protect your personal information from unauthorised access, loss, misuse, alteration or corruption.

We have put in place physical, electronic, and managerial procedures to safeguard and secure the information you provide to us.

Only authorised employees and contractors under strict controls will have access to your personal information.

Information about people who use our website

Please note that this statement does not cover links within this website to other websites.

When you browse through the information on this website, it does not store or capture your personal information. We do log your IP address (as it is automatically recognised by the web server) but this is only so you can download this website onto your device rather than for any tracking purpose; it is not used for any other purpose.

We will only collect personal information provided by you, such as:

  • Feedback from surveys and online forms
  • Email addresses
  • Preferred means of communication.

Cookies

Please be aware that some systems on our website require the use of cookies, but we will always state if this is the case. We will never collect and store information about you without your permission. We are currently updating the information about how we use cookies on this website and will update this page as soon as possible.

How we will use your personal information

Personal information about you can be used for the following purposes:

  • In our day-to-day work
  • To send you our newsletter or other information where you have requested it
  • To respond to any queries you may have
  • To improve the quality and safety of care

This may include any personal information that you choose to share with us, but we will treat this as confidential and protect it accordingly.

We will never include your personal information in survey reports or in feedback to other agencies without your express permission. If it is felt to be especially important to quote individuals in a way which makes them identifiable, this will only be done with your written consent.

Signing up to our newsletter

We use a third-party supplier to provide our newsletter service called MailChimp. By signing up to receive our e-newsletter, you will be agreeing to them handling your data.

The third-party supplier handles the data purely to provide this service on our behalf. This supplier follows the requirements of the Data Protection Act 1998 and will not make your data available to anyone other than our organisation. They are also required to follow the General Data Protection Regulation in how they obtain, handle and process your information and will not make your data available to anyone other than the SUN Network.

Information about people who share their experiences with us by other means

There are a number of ways that we collect feedback from people about their experiences of using services day to day. Our staff will visit different health and social care settings as part of their role to evaluate how services are being delivered. We also receive phone calls and requests for information directly from members of the public.

Where personally identifiable information is collected we will ensure that we have your consent to keep it and we will be clear on how we intend to use your information. We will aim to anonymise information where we can but there may be instances where this is not possible. There may be exceptional circumstances where we can and will keep the data without consent, but we must have a lawful basis for doing so, such as for safeguarding purposes.

We ensure that where consent is required it will be freely given, used only for agreed specific and unambiguous purposes and that you are well informed about how the information will be kept. This includes where it will be stored, details on security and for how long it will be kept. We will comply with current data protection legislation at all times.

Personal information may be collected with your consent through:

  • When we receive feedback by phone, outreach work or through surveys
  • Five Values evaluations or other projects

Personal data received from other sources

On occasion we will receive information from the families, friends and carers of people who access services. We use this data to inform providers and commissioners to help them deliver services that work for you.

Where it is practically possible, we will make sure that we have your consent to use information that is about you. We will only process your personal data where there is a lawful basis to do so under current data protection legislation.

To enable us to do our job of gathering and conveying the views of those with experience of mental health and/or substance misuse services, we will hold data passed to us by other agencies. This information will be received and held anonymously by us, and we will record its source.

Our data systems

Our data is held on a password protected system managed by Centradata

Information about our own staff and people applying to work with us

We need to process personal data about our own staff (and people applying to work for us) so that we can carry out our role and meet our legal and contractual responsibilities as an employer.

The personal data that we process includes information about racial or ethnic origin, religion, disability, gender and sexuality. We use this information to check we are promoting and ensuring diversity in our workforce and to make sure we are complying with equalities legislation.

Our employees decide whether or not to share this monitoring data with us and can choose to withdraw their consent for this at any time. Employees who wish to withdraw their consent for us to process this data can let us know.

Other personal data that we are required to process includes information on qualifications and experience, pay and performance, contact details and bank details.

We check that people who work for us are fit and suitable for their roles. This may include asking people to undertake Disclosure and Barring Service (DBS) checks.

We have a legal obligation to comply with the Freedom of Information Act 2000 and this may include the requirement to disclose some information about our employees – especially those in senior or public facing roles. We also publish some information about our staff, including the names and work contact details of people in some roles.

How we share information with other organisations

We only share personal information with other organisations where it is lawful to so and in accordance with our Information Governance Policy. Information is shared in order to fulfil our remit which is to pass on your experiences of care to help improve them on your behalf.

We work with other local agencies such as Cambridgeshire and Peterborough NHS Foundation Trust, the Clinical Commissioning Group Cambridgeshire and Peterborough, Peterborough City Council and Cambridgeshire County Council to make this happen. We may also engage external suppliers to process personal information on our behalf.

We will only disclose your personal information where we have your consent to do so, or where there is another very good reason to make the disclosure – for example, we may disclose information to a local authority where we think it is necessary to do so in order to protect a vulnerable person from abuse or harm. Any such disclosure will be made in accordance with the requirements of the current data protection legislation.

We sometimes use other organisations to process personal data on our behalf. Where we do this, those companies are required to follow the same rules and information security requirements as us, outlined in a Data Processing Contract. They are not permitted to use reuse the data for other purposes.

Retention and disposal of personal data

We publish a retention and disposal schedule which is detailed in our Data Protection Policy. This explains how long we keep different types of records and documents for, including records and documents containing personal data. Personal data is deleted or securely destroyed at the end of its retention period.

Your rights

  1. Your right to access information about you.

If you think we may hold personal data relating to you and want to see it, please write to enquiries@sunnetwork.org.uk

  1. Correcting or deleting personal data.

If you know that we are holding your personal data and believe that it may be wrong, or if you want it to be deleted or for us to stop using it, you have a right to request that it can be deleted or amended. Please make your objection in writing to enquiries@sunnetwork.org.uk  or send it by post to:

The SUN Network

6 Oak Drive

Huntingdon

Cambridgeshire

PE29 7HN

  1. Complaints about how we look after or use your information.

If you feel that we have not met our responsibilities under data protection legislation, you have a right to request an independent assessment from the Information Commissioner’s Office (ICO). We are registered with the ICO number: xxxxx

You can find details on their website.

Our contact details and key roles

The SUN Network Cambridgeshire and Peterborough Community Interest Company is data controller for all of the personal data that you provide us with. Any issues relating to the processing of personal data by or on behalf of us may be addressed to:

Email: enquiries@sunnetwork.org.uk

Our Data Protection Officer under Article 37 of the GDPR is the Executive Director.

Your rights about your personal information

Personal data is information relating to an identifiable living individual. The Information Commissioners Office (IC) is the UK’s independent body set up to uphold information rights.

 

Date approved: 10th July 2018

What personal data we collect and why we collect it

Comments

When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.

An anonymised string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: https://automattic.com/privacy/. After approval of your comment, your profile picture is visible to the public in the context of your comment.

Media

If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.

Contact forms

Cookies

If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.

If you have an account and you log in to this site, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.

Embedded content from other websites

Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.

How long we retain your data

If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognise and approve any follow-up comments automatically instead of holding them in a moderation queue.

For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.

What rights you have over your data

If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.

Where we send your data

Visitor comments may be checked through an automated spam detection service.