This privacy notice explains what information we collect about you, how we store this information, how we share this information and how we keep it safe and confidential. We want you to be confident that your information is kept safe, secure and for you to understand how and why we use it to support your care. To find out more please click on the relevant hyperlink below:
2. Who are we?
The Community Wellbeing Hub (CWH) was set up in a response to COVID-19. It is an essential link between the public, Virgin Care, Council & voluntary and third sector agencies (3SG), providing support in one place within BaNES. The hub follows agreed BaNES procedures around safeguarding.
The CWH comprises a call centre (hub) and subject-specific response teams called ‘pods’. The call centre acts as a triage point, identifying the core need of the caller and either resolving the issue or referring the caller on to one of the pods. These pods are compromised of a lead organisation and a number of other organisations to act as a network for the resolution of issues and/or onward support. If a clinical or social care need is identified then this is referred to the professional teams within the Care Co-ordination Centre either immediately or within a day.
Virgin Care is the Data Controller for all data that is processed in the pods that are led by Virgin Care. Where callers are referred to a Council Service Bath & North East Somerset Council will be the Data Controller and for referals to specialist groups within the Community Connectors section the relevant Third Sector Group (3SG) will be the Data Controller, you will be notified by that group about how your personal data will be handled by them.
Where an intervention requires more than one organisations to support an individual, the organisations would be joint Data Controllers for the information.
Virgin Care Services Ltd is a limited company registered in England and Wales, number 07557877. Registered office: Virgin Care Services Ltd, The Heath Business and Technical Park, Runcorn, Cheshire, WA7 4QX, part of the Virgin Care Group of companies.
3. Why do we collect personal information about you?
Staff members of Organisations within the CWH need to collect and maintain information about your health and social care needs, treatments, financial information, the wellbeing of your family, friends and/or neighbours, logistics in relation to food, medications and other challenges in relation to shielding, and any other needs you might have so that:
4. What information we collect and how we obtain it?
Personal information about you is collected in a number of ways. This can be from referral details from our staff, other 3rd parties or hospitals, directly from you or your authorised representative.
Once you register with us, we will collect basic ‘personal data’ about you such as; your name, address, contact details including next of kin or carer details and/or NHS number. We might also hold your email address, marital status, occupation, place of birth, preferred name or maiden name and Power of Attorney, advocate or carer information. This information may be held in written form and/or in digital form.
In addition to the above we may also hold more sensitive personal data, called ‘special category data’ which could include:
If you don’t provide this information, your care will be compromised.
Once collected your information will be shared securely and stored by the different organisations on their systems. If you would like to find out how is your information processed by the other organisation, you will need to get in touch directly to our partners.
5. What is our legal basis for processing your information?
In order for us to legally process your information a ‘lawful basis’ needs to be identified. Data protection law recognises the difference between personal data and that of a more sensitive nature known as special categories of data; such as racial or ethnic origin, political opinions, religious beliefs, trade union activities and physical or mental health.
Our legal basis for processing your personal information falls under one of the following legal bases:
The CWH does not process your personal data using your consent. However, you do have the right to say “no” to our use of your information, but this could have an impact on our ability to provide you with care.
6. How we use and share your information?
Your records are used:
We may also use, or share, your information for the following purposes:
7. Who do we share your information with?
We will share relevant personal information with other professional or voluntary organisations who are involved into your direct care, such as private care homes, the Local Authority, health care professionals, the safeguarding team, and private companies contracted to deliver care. However, we will not disclose any health information to third parties without your explicit consent unless there are circumstances, such as when the health or safety of others is at risk or current legislation permits or requires it.
In all cases, your information is only accessed and used by authorised health and social care professionals in locally based organisations who are involved in providing or supporting your direct care.
8. How do we keep your information secure?
We take the security of your personal data very seriously. We have operational policies and procedures in place to protect your information whether it is in hard copy or electronic format. We protect your information in the following ways:
Training: Staff are trained to understand their duty of confidentiality and their responsibilities regarding the security of patient data; this includes their mandatory annual training in data security and confidentiality to demonstrate they understand and are complying with Practice policies on confidentiality.
Access Controls: Any member of staff who has access to personal confidential data will have a username and unique password. This will reduce the risk of unauthorised access to your personal data and all access is auditable.
Technical measures: We complete due diligence assessments and impose contractual obligations on our trusted providers and persons working under our instruction.
We have a duty to:
We maintain our duty of confidentiality to you at all times. We will only ever use or pass on information about you if we reasonably believe that others involved in your care have a genuine need for it.
We will not disclose your information to any third party without an appropriate legal basis and there are exceptional circumstances (such as a risk of serious harm to yourself or others) or where the law requires information to be passed on.
9. How long do we keep your information?
Your personal information is held in both paper and electronic forms for specified periods of time as defined by the NHS Records Management Code of Practice for Health & Social Care 2016 and the National Archives. Please click on the link for the retention periods of the various medical records we hold. Records retention schedules.
We usually retain health records for children from discharge / service user last seen until their 25th birthday (or if the patient was 17 at the conclusion of the treatment, until their 26th birthday). Care records with non-standard retention periods could be kept up to 30 years depending on the record type. Please consult the Records Management Code of Practice for Health and Social Care 2016 for more details on this, the link has been provided below.
General enquiries will be kept for 1 year from the date of the conclusion of the enquiry.
These are the minimum times for which we keep information; we may keep it for longer if we believe doing so will be of benefit to you or we are not able to delete it due to a technical issue.
We have a duty to:
Further details can be found in The Records Management Code of Practice for Health and Social Care 2016. Please note that the independent inquiry into Child Sexual Abuse (IICSA) has requested that large parts of the health and social care sector do not destroy any records that are, or may fall into, the remit of the inquiry. Therefore, Organisations that retain such records are currently not destroying any children’s records until further notice (please consult the website www.iicsa.org.uk for more details).
10. Social Media and our Website
When you contact Virgin Care through social media such as Facebook and Twitter, we hold your information and reason for contact in our social media management portal to enable us to easily access and manage our engagement with you. This may result in us sharing your information with other parties within the Virgin Care Group e.g. individuals involved in your care, managing your complaint etc.
When you visit our websites, we collect standard internet log information and details of visitor behaviours. This is statistical data only which we collect in order to find out the numbers of visitors to the site and the pages visited. The information is collected in such a way that does not identify individuals and we do not make any attempts to identify visitors this way.
Where we do collect personal information on our website, this will be made obvious to you through the relevant pages.
11. What are your rights?
If we need to use your personal information for any reasons beyond those stated above, we will discuss this with you and ask for your explicit consent. Under the Data Protection Act 2018 you have the following rights:
FURTHER INFORMATION ABOUT YOUR RIGHTS
The right to be informed - As a controller, we are obliged to provide understandable and transparent information about the way we process your data (this is provided within this privacy notice)
The right of access - You are entitled to request a copy of the personal data we hold about you. (see the section below, how to request a copy of your record)
The right to rectification - Request the correction of inaccurate or incomplete information in your health record, subject to certain safeguards.
The right to erasure - Where no overriding legal basis or legitimate reason continues to exist for processing personal data, you may request that we delete the personal data.
The right to restrict processing - Under certain circumstances, you may ask us to stop processing your personal data. We will still hold the data but will not process it any further.
The right to data portability - Subject to certain conditions, you may request a copy of your personal data to be transferred to another organisation.
The right to object to processing - You have the right to object to our processing of your data where:
Please note that the above rights may not apply in all circumstances.
Keep us updated of any changes
Please let us know if you change your address or contact details etc. so that we can keep your information accurate and up to date.
12. How to request a copy of your record?
You can request a copy of your records from Virgin Care via the Data Subject Access Portal. Please click on the following link to request your record.
Our portal supports the management of requests with regards to records and/or alterations/concerns. Your request will be directed to our Privacy Team who will ensure that the correct service receives your request promptly.
For requests for Council controlled data please submit your request via the following webform;
or write to the Council at;
Data Protection Officer (SAR)
Bath & North East Somerset Council,
To progress the request, you will need proof of identity as follows:
If you are a Representative acting on a data subject’s behalf you will need proof of your identity as well as proof that the data subject is freely giving consent to the request, or you have the appropriate legal authority.
13. Who can you contact regarding your personal information we hold?
If you have any questions or concerns about the information we hold about you, please do not hesitate to talk to someone in the CWH or contact:
Data Protection Officer
Head of Information Governance
Virgin Care Ltd
The Heath Business and Technical Park
Data Protection Officer
Bath & North East Somerset Council,
If you are not happy about the way your information is handled, or you are not satisfied with our response, you have the right to lodge a complaint with a supervisory authority. In the UK, this is the Information Commissioners Office (ICO).
Information Commissioner’s Office
0303 123 1113
14. Disaggregation of Services
In the event of the contract between BaNES council with Virgin Care Ltd coming to an end, all relevant documentation and records will be transferred to the new provider. The transfer of records will be conducted in accordance with the current UK Data Protection Law.
15. Changes to our privacy notice
We will update this privacy notice from time to time to reflect any changes to our ways of working. Please contact our Data Protection Officer if you would like more information.