WE RESPECT PRIVACY.

OUR PRIVACY POLICY.

 

In accordance with the General Data Protection Regulation (GDPR), we have implemented this privacy notice to inform you of the types of data we process about you. As part of the services we offer, we are required to process personal data about our staff, our clients and, in some instances, the friends or relatives of our clients and staff. “Processing” can mean collecting, recording, organising, storing, sharing or destroying data.

We are committed to being transparent about why we need your personal data and what we do with it. This information is set out in this privacy notice. It also explains your rights when it comes to your data.   

This notice applies to current and former clients.

If you have any concerns or questions please contact us:


Sarah Wakeling
Chief Executive Officer
sarah@pbsconsultancy.net

           

DATA PROTECTION PRINCIPLES

Under GDPR, all personal data obtained and held by us must be processed according to a set of core principles. In accordance with these principles, we will ensure that:

a) processing is fair, lawful and transparent

b) data is collected for specific, explicit, and legitimate purposes

c) data collected is adequate, relevant and limited to what is necessary for the purposes of processing

d) data is kept accurate and up to date. Data which is found to be inaccurate will be rectified or erased without delay

e) data is not kept for longer than is necessary for its given purpose

f) data is processed in a manner that ensures appropriate security of personal data including protection against unauthorised or unlawful processing, accidental loss, destruction or damage by using appropriate technical or organisation measures

g) we comply with the relevant GDPR procedures for international transferring of personal data

 

WHAT DATA DO WE HAVE?

So that we can provide a safe and professional service, we need to keep certain records about you. We may process the following types of data:

  • Your basic details and contact information e.g. your name, address, date of birth and next of kin; what punctuation are we using

  • Your financial details e.g. details of how you pay us for your care or your funding arrangements.

We also record the following data which is classified as “special category”:

  • Health and social care data about you, which might include both your physical and mental health data.

  • We may also record data about your race, ethnic origin, sexual orientation or religion.

 

WHY DO WE HAVE THIS DATA?

We need this data so that we can provide high-quality behaviour support care and support. By law, we need to have a lawful basis for processing your personal data.

We process your data because:

  • We have a legal obligation to do so – generally under the Health and Social Care Act 2012 or Mental Capacity Act 2005.

We process your special category data because

  • It is necessary due to social security and social protection law (generally this would be in safeguarding instances);

  • It is necessary for us to provide and manage behaviour services and social care services;

  • We are required to provide data to our regulators, as part of our public interest obligations.

We may process your data with your consent. If we need to ask for your permission, we will offer you a clear choice and ask that you confirm to us that you consent. We will also explain clearly to you what we need the data for and how you can withdraw your consent at any time. 

HOW DO WE USE YOUR INFORMATION?

Positive Behaviour Support Consultancy is one of many organisations working in the health and care system to improve care for clients and the public. 

Whenever you use a health or care service, such as attending Accident & Emergency or using Community Care services, important information about you is collected in a patient record for that service. Collecting this information helps to ensure you get the best possible care and treatment.

The information collected about you when you use these services can also be used and provided to other organisations for purposes beyond your individual care, for instance, to help with:

  1. improving the quality and standards of care provided

  2. research into the development of new treatments

  3. preventing illness and diseases

  4. monitoring safety

  5. planning services

This may only take place when there is a clear legal basis to use this information. All these uses help to provide better health and care for you, your family and future generations. Confidential client information about your health and care is only used like this where allowed by law.

Most of the time, anonymised data is used for research and planning so that you cannot be identified in which case your confidential client information isn’t needed.

You have a choice about whether you want your confidential information to be used in this way. If you are happy with this use of information you do not need to do anything. If you do choose to opt out your confidential information will still be used to support your individual care.

To find out more or to register your choice to opt-out, please visit www.nhs.uk/your-nhs-data-matters. On this web page you will:

  1. See what is meant by confidential patient information

  2. Find examples of when confidential patient information is used for individual care and examples of when it is used for purposes beyond individual care

  3. Find out more about the benefits of sharing data

  4. Understand more about who uses the data

  5. Find out how your data is protected

  6. Be able to access the system to view, set or change your opt-out setting

  7. Find the contact telephone number if you want to know any more or to set/change your opt-out by phone

  8. See the situations where the opt-out will not apply

You can also find out more about how patient information is used at:

https://www.hra.nhs.uk/information-about-patients/ (which covers health and care research); and

https://understandingpatientdata.org.uk/what-you-need-know (which covers how and why patient information is used, the safeguards and how decisions are made).

You can change your mind about your choice at any time.

Data being used or shared for purposes beyond individual care does not include your data being shared with insurance companies or used for marketing purposes and data would only be used in this way with your specific agreement.

Health and care organisations have until 2020 to put systems and processes in place so they can be compliant with the national data opt-out and apply your choice to any confidential patient information they use or share for purposes beyond your individual care. Our organisation is compliant with the national data opt-out policy.

 

WHERE DO WE PROCESS YOUR DATA?

So that we can provide you with high-quality care and support we need specific data. This is collected from or shared with:

  1. You or your legal representative(s);

  2. Third parties.

 

We do this face to face, via phone, via email, via our website, via post, via application forms.

Third parties are organisations we might lawfully share your data with. These include:

  1. Other parts of the health and care system such as local hospitals, the GP, the pharmacy, social workers, clinical commissioning groups, and other health and care professionals;

  2. The Local Authority;

  3. Your family or friends – with your permission;

  4. Organisations we have a legal obligation to share information with i.e. for safeguarding;

  5. The police or other law enforcement agencies if we have to by law or court order.

YOUR RIGHTS

The data that we keep about you is your data and we ensure that we keep it confidential and that it is used appropriately. You have the following rights when it comes to your data:

  1. You have the right to request a copy of all of the data we keep about you. Generally, we will not charge for this service;

  2. You have the right to ask us to correct any data we have that you believe to be inaccurate or incomplete. You can also request that we restrict all processing of your data while we consider your rectification request;

  3. You have the right to ask that we erase any of your personal data which is no longer necessary for the purpose we originally collected it for. We retain our data in line with the Information Governance Alliance’s guidelines (https://digital.nhs.uk/data-and-information/looking-after-information/data-security-and-information-governance/codes-of-practice-for-handling-information-in-health-and-care/records-management-code-of-practice-for-health-and-social-care-2016)

  4. You may also request that we restrict the processing if we no longer require your personal data for the purpose we originally collected it for, but you do not wish for it to be erased.

  5. You can ask for your data to be erased if we have asked for your consent to process your data. You can withdraw consent at any time.

  6. If we are processing your data as part of our legitimate interests as an organisation or in order to complete a task in the public interest, you have the right to object to that processing. We will restrict all processing of this data while we look into your objection.

You may need to provide adequate information for our staff to be able to identify you, for example, a passport or driver’s licence. This is to make sure that data is not shared with the wrong person inappropriately. We will always respond to your request as soon as possible and at the latest within one month.

If you would like to complain about how we have dealt with your request, please contact:

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

https://ico.org.uk/global/contact-us/

DATA PROTECTION COMPLIANCE

Our appointed compliance officer in respect of our data protection activities is:

Katherine Baskerville
katherine.baskerville@pbsconsultancy.net