Proudly part of the Compassionate Community movement where people in BANES are inspired and supported to look after each other

Community Wellbeing Hub

supporting residents in Bath and North East Somerset

Community Wellbeing Hub Privacy Notice

This privacy notice explains what information we collect about you, how we store this information, how we share this information and how we keep it safe and confidential. We want you to be confident that your information is kept safe, secure and for you to understand how and why we use it to support your care. To find out more please click on the relevant hyperlink below:

1. Definitions

GDPR: General Data Protection Regulation.
Personal data: Any information relating to an identifiable individual such as your name, NHS number, contact details. It can also be location data or an online identifier.
Special categories of personal data are defined as: any information relating to an identifiable individual such as racial or ethnic origin, politics, religious or philosophical beliefs, trade union membership, genetics, biometrics (where used for identification) information concerning your health, sex life or sexual orientation.

2. Who are we?

The Community Wellbeing Hub (CWH) was set up in a response to COVID-19. It is an essential link between the public, Virgin Care, Council & voluntary and third sector agencies (3SG), providing support in one place within BaNES. The hub follows agreed BaNES procedures around safeguarding.

The CWH comprises a call centre (hub) and subject-specific response teams called ‘pods’. The call centre acts as a triage point, identifying the core need of the caller and either resolving the issue or referring the caller on to one of the pods. These pods are compromised of a lead organisation and a number of other organisations to act as a network for the resolution of issues and/or onward support. If a clinical or social care need is identified then this is referred to the professional teams within the Care Co-ordination Centre either immediately or within a day.

Food (Pod 1)- shielded individuals, those lacking access to food or identified as in food poverty – led by Virgin Care
Wellbeing (Pod 2) - those with needs regarding physical and mental inactivity, loneliness, anxiety, and any request for welfare checks by Social Workers. – led by Virgin Care
Money Matters and Employment (Pod 3) - those struggling to meet financial obligations, understanding entitlement, or gaining access to personal finances - led by Citizen’s Advice Bureau.
Housing (Pod 4) - individuals with complex housing needs or general housing issues – led by DHI
Logistics (Pod 5) - isolated individuals who require the delivery of essential items. – led by BaNES Council.
Discharge/Admission Support (Pod 6) - Non-clinical support required by health professionals to support discharge and admissions, or the avoidance of such situations.
Public Health (Pod 7) - general queries regarding social distancing, isolation and shielding. – led by Virgin Care
Family Support (Pod 8) - those requiring support with children at home, family cooking and struggling with a child.
Community Connectors (Pod 9) - to deliver and support any activity that may be provided by the Charitable, Social Enterprise, Faith or Volunteer sectors.
Council Services (Pod 11) - any query related to the continuation or access to Council Services such as waste collection, highways etc. - led by BaNES council
Enhanced Triage (Pod 10) - further discussion regarding specific needs and support that is not able to be dealt with by initial conversations -
or any other Pods that might be created on a later date.

Virgin Care is the Data Controller for all data that is processed in the pods that are led by Virgin Care. Where callers are referred to a Council Service Bath & North East Somerset Council will be the Data Controller and for referals to specialist groups within the Community Connectors section the relevant Third Sector Group (3SG) will be the Data Controller, you will be notified by that group about how your personal data will be handled by them.

Where an intervention requires more than one organisations to support an individual, the organisations would be joint Data Controllers for the information.

Virgin Care Services Ltd is a limited company registered in England and Wales, number 07557877. Registered office: Virgin Care Services Ltd, The Heath Business and Technical Park, Runcorn, Cheshire, WA7 4QX, part of the Virgin Care Group of companies.

3. Why do we collect personal information about you?

Staff members of Organisations within the CWH need to collect and maintain information about your health and social care needs, treatments, financial information, the wellbeing of your family, friends and/or neighbours, logistics in relation to food, medications and other challenges in relation to shielding, and any other needs you might have so that:

Accurate and up to date information is available in order to provide the best possible care and/or treatment and/or support for you.
The information is available should you need another form of care, for example a referral to another service.
We can review the type and quality of care you received and make the necessary changes in order to provide the best possible care.
Your concerns can be properly looked into if you have a complaint.
Your personal information can be held in a variety of formats including electronically on computer systems and audio files.

4. What information we collect and how we obtain it?

Personal information about you is collected in a number of ways. This can be from referral details from our staff, other 3rd parties or hospitals, directly from you or your authorised representative.

Once you register with us, we will collect basic ‘personal data’ about you such as; your name, address, contact details including next of kin or carer details and/or NHS number. We might also hold your email address, marital status, occupation, place of birth, preferred name or maiden name and Power of Attorney, advocate or carer information. This information may be held in written form and/or in digital form.

In addition to the above we may also hold more sensitive personal data, called ‘special category data’ which could include:

Notes and reports about your health, treatment and care
Medical condition
Results of investigations, such as x-rays and laboratory tests
Future care you may need
Personal information from people who care for and know you, such as relatives and health or social care professionals
Smoking status and any learning disabilities
Your religion and ethnic origin
Whether or not you are subject to any protection orders regarding your health, wellbeing and human rights (safeguarding status)
Sexual history including partners, sexual orientation where relevant
School information and information about your family health or social history
Images and recordings
Any special needs or preferences for receiving information
Financial information about your affordability of care

If you don’t provide this information, your care will be compromised.

Once collected your information will be shared securely and stored by the different organisations on their systems. If you would like to find out how is your information processed by the other organisation, you will need to get in touch directly to our partners.

5. What is our legal basis for processing your information?

In order for us to legally process your information a ‘lawful basis’ needs to be identified. Data protection law recognises the difference between personal data and that of a more sensitive nature known as special categories of data; such as racial or ethnic origin, political opinions, religious beliefs, trade union activities and physical or mental health.

Our legal basis for processing your personal information falls under one of the following legal bases:

Performance of a task carried out in the public interest or in the exercise of official authority
Necessary for a legal obligation such as responding to a request from a coroner
Our legal basis for processing special category data falls under one of the following legal bases:
The provision of health or social care
Social protection law for safeguarding purposes.
Where it is necessary to protect your vital interests when you are physically or legally incapable of providing consent.

The CWH does not process your personal data using your consent. However, you do have the right to say “no” to our use of your information, but this could have an impact on our ability to provide you with care.

6. How we use and share your information?

Your records are used:

By social care professionals to make care decisions with, and about you.
To make sure your care is safe and effective.
To support working with others who provide your care.
To make referral on your behalf to other agencies involved in your direct care.

We may also use, or share, your information for the following purposes:

If it is in your best interests.
Looking after the health of the general public.
To ensure that our services can meet patient needs in the future.
Preparing statistics on NHS performance and activity.
Investigating concerns, complaints or legal claims.
Helping colleagues review the care they provide to make sure it is of the highest standards.
Training and educating staff.
Recommendations for special arrangements at home.
To manage incidents that you have been involved in.
Requests for information from official authorities or your representative.
If the service is transferring to us under contract or if you are moving out of the area.
The prevention and detection of crime.
Funding requests or payments.
Integrated care initiatives.
Legal advice or proceedings.
Responding to legal requests and court orders.
Public health notifications.
External contractors for repairs and building work to the facilities.

7. Who do we share your information with?

We will share relevant personal information with other professional or voluntary organisations who are involved into your direct care, such as private care homes, the Local Authority, health care professionals, the safeguarding team, and private companies contracted to deliver care. However, we will not disclose any health information to third parties without your explicit consent unless there are circumstances, such as when the health or safety of others is at risk or current legislation permits or requires it.

In all cases, your information is only accessed and used by authorised health and social care professionals in locally based organisations who are involved in providing or supporting your direct care.

8. How do we keep your information secure?

We take the security of your personal data very seriously. We have operational policies and procedures in place to protect your information whether it is in hard copy or electronic format. We protect your information in the following ways:

Training: Staff are trained to understand their duty of confidentiality and their responsibilities regarding the security of patient data; this includes their mandatory annual training in data security and confidentiality to demonstrate they understand and are complying with Practice policies on confidentiality.

Access Controls: Any member of staff who has access to personal confidential data will have a username and unique password. This will reduce the risk of unauthorised access to your personal data and all access is auditable.

Technical measures: We complete due diligence assessments and impose contractual obligations on our trusted providers and persons working under our instruction.

We have a duty to:

Maintain full and accurate records of the care we provide to you.
Keep records about you confidential and secure.
Provide information in a format that is accessible to you.
We are committed to protecting your privacy and will only use information collected lawfully in accordance with:
Data Protection Act 2018.
General Data Protection Regulation 2016
Human Rights Act 1998.
Common Law Duty of Confidentiality.
NHS Codes of Confidentiality and Information Security.
Health and Social Care Act 2015.
And all applicable legislation.

We maintain our duty of confidentiality to you at all times. We will only ever use or pass on information about you if we reasonably believe that others involved in your care have a genuine need for it.

We will not disclose your information to any third party without an appropriate legal basis and there are exceptional circumstances (such as a risk of serious harm to yourself or others) or where the law requires information to be passed on.

9. How long do we keep your information?

Your personal information is held in both paper and electronic forms for specified periods of time as defined by the NHS Records Management Code of Practice for Health & Social Care 2016 and the National Archives. Please click on the link for the retention periods of the various medical records we hold. Records retention schedules.

We usually retain health records for children from discharge / service user last seen until their 25th birthday (or if the patient was 17 at the conclusion of the treatment, until their 26th birthday). Care records with non-standard retention periods could be kept up to 30 years depending on the record type. Please consult the Records Management Code of Practice for Health and Social Care 2016 for more details on this, the link has been provided below.

General enquiries will be kept for 1 year from the date of the conclusion of the enquiry.

These are the minimum times for which we keep information; we may keep it for longer if we believe doing so will be of benefit to you or we are not able to delete it due to a technical issue.

We have a duty to:

Maintain full and accurate records of the care we provide to you
Keep records about you confidential and secure

Further details can be found in The Records Management Code of Practice for Health and Social Care 2016. Please note that the independent inquiry into Child Sexual Abuse (IICSA) has requested that large parts of the health and social care sector do not destroy any records that are, or may fall into, the remit of the inquiry. Therefore, Organisations that retain such records are currently not destroying any children’s records until further notice (please consult the website www.iicsa.org.uk for more details).

10. Social Media and our Website

When you contact Virgin Care through social media such as Facebook and Twitter, we hold your information and reason for contact in our social media management portal to enable us to easily access and manage our engagement with you. This may result in us sharing your information with other parties within the Virgin Care Group e.g. individuals involved in your care, managing your complaint etc.

When you visit our websites, we collect standard internet log information and details of visitor behaviours. This is statistical data only which we collect in order to find out the numbers of visitors to the site and the pages visited. The information is collected in such a way that does not identify individuals and we do not make any attempts to identify visitors this way.

Where we do collect personal information on our website, this will be made obvious to you through the relevant pages.

11. What are your rights?

If we need to use your personal information for any reasons beyond those stated above, we will discuss this with you and ask for your explicit consent. Under the Data Protection Act 2018 you have the following rights:

FURTHER INFORMATION ABOUT YOUR RIGHTS

The right to be informed - As a controller, we are obliged to provide understandable and transparent information about the way we process your data (this is provided within this privacy notice)

The right of access - You are entitled to request a copy of the personal data we hold about you. (see the section below, how to request a copy of your record)

The right to rectification - Request the correction of inaccurate or incomplete information in your health record, subject to certain safeguards.

The right to erasure - Where no overriding legal basis or legitimate reason continues to exist for processing personal data, you may request that we delete the personal data.

The right to restrict processing - Under certain circumstances, you may ask us to stop processing your personal data. We will still hold the data but will not process it any further.

The right to data portability - Subject to certain conditions, you may request a copy of your personal data to be transferred to another organisation.

The right to object to processing - You have the right to object to our processing of your data where:

Processing is based on legitimate interest.
Processing involves automated decision-making and profiling.
Processing would be for a purpose beyond your care and treatment, e.g. direct marketing and scientific or historic research; you can opt-out to the sharing of this information under the National Data Opt-Out. Further information can be found on the following website: https://digital.nhs.uk/national-data-opt-out/

Please note that the above rights may not apply in all circumstances.

Keep us updated of any changes

Please let us know if you change your address or contact details etc. so that we can keep your information accurate and up to date.

12. How to request a copy of your record?

You can request a copy of your records from Virgin Care via the Data Subject Access Portal. Please click on the following link to request your record.

Subject Access Request Portal

Our portal supports the management of requests with regards to records and/or alterations/concerns. Your request will be directed to our Privacy Team who will ensure that the correct service receives your request promptly.

For requests for Council controlled data please submit your request via the following webform;

https://www.bathnes.gov.uk/form/submit-subject-access-request

or write to the Council at;

Data Protection Officer (SAR)

Bath & North East Somerset Council,

Lewis House,

Manvers Street,

Bath,

BA1 1JG

To progress the request, you will need proof of identity as follows:

Driving licence or Passport or Work ID badge or Bus Pass or a witness to your signature by someone who is over 18 and is not a relative, (preferably by your doctor/solicitor on their headed business paper) as proof of identity

and

Bank statement or Pay slip or Utility bill or a Letter on headed paper from a local authority or similar as proof of residence.

If you are a Representative acting on a data subject’s behalf you will need proof of your identity as well as proof that the data subject is freely giving consent to the request, or you have the appropriate legal authority.

13. Who can you contact regarding your personal information we hold?

If you have any questions or concerns about the information we hold about you, please do not hesitate to talk to someone in the CWH or contact:

Data Protection Officer

Sarah Murray

Head of Information Governance

Virgin Care Ltd

The Heath Business and Technical Park
Runcorn
Cheshire
WA7 4QX

Email: information.governance@virgincare.co.uk

Data Protection Officer

Bath & North East Somerset Council,

Lewis House,

Manvers Street,

Bath,

BA1 1JG

Email: data_protection@bathnes.gov.uk

If you are not happy about the way your information is handled, or you are not satisfied with our response, you have the right to lodge a complaint with a supervisory authority. In the UK, this is the Information Commissioners Office (ICO).

Information Commissioner’s Office

Wycliffe House

Water Lane

Wilmslow

Cheshire

SK9 5AF

0303 123 1113

Email: casework@ico.org.uk

https://ico.org.uk/global/contact-us/

14. Disaggregation of Services

In the event of the contract between BaNES council with Virgin Care Ltd coming to an end, all relevant documentation and records will be transferred to the new provider. The transfer of records will be conducted in accordance with the current UK Data Protection Law.

15. Changes to our privacy notice

We will update this privacy notice from time to time to reflect any changes to our ways of working. Please contact our Data Protection Officer if you would like more information.