Privacy Policy

Contents

Last Updated: 2nd June 2018

How we use personal information about you and protect your privacy

1.

Who are we?

Angus Health and Social Care Partnership is the public body created under the Public Bodies (Joint Working) (Scotland) Act 2014 to be responsible for the planning and delivery integrated health and social care services in Angus. 

Health services are delivered by NHS Tayside, and organisations contracted by NHS Tayside, on our behalf but we are responsible for the operational management of most of those services.  We are also responsible for the operational management of social care services which are provided by Angus Council directly or by other organisations under contract to the council.

Angus Health and Social Care Partnership is a “joint data controller” with NHS Tayside of any personal health information which is used in providing these health services to residents of Angus.  We are also a “joint data controller” with Angus Council of any personal information related to the health and social care of adult residents of Angus.

This means that we share responsibility with NHS Tayside and Angus Council for deciding what personal information we collect, the purposes for which we use that information, and how it is used.

Angus Health and Social Care Partnership is also responsible for consulting with the public in relation to the planning and performance of health and social care services in Angus.  We are the sole “data controller” of any personal information we collect about the people we consult with or who contact us with comments, suggestions or complaints.

This document explains:

  • The legal basis on which we process your personal information
  • How we collect personal information about you
  • How we use that information to help us carry out our work
  • Who we share your personal information with
  • What your rights are in relation to the personal information we keep about you
  • How to contact us to exercise your rights
  • How to complain about our handling of your information or response to your enquiries

2.

What is personal information?

Personal information is any information that can be used to identify a living person.  This can include information that on its own might not identify an individual but would do so when combined with some other information about that individual.

This may include your name, gender, address, national insurance number, email address, photograph, telephone numbers, and unique online identifiers such as IP addresses which are numbers that can uniquely identify a specific computer or other network device on the internet etc.

Personal information is sometimes referred to as ‘personal data’.

‘Special’ categories of personal information

We sometimes need to process personal information which is very sensitive.  This is often information which you would not want widely known and is very personal to you.  This includes any information that reveals your:

  • religious or philosophical beliefs
  • ethnicity
  • physical or mental health
  • trade union membership
  • political opinion
  • genetic/biometric data
  • sexuality and sexual health
  • criminal history

We take particular care to ensure that these ‘special’ categories of personal information remain confidential and are only seen by people who need access to that information to undertake tasks with your agreement or which we are required to do by the law.

‘Processing’ Personal Information

In this document we use the word ‘processing’ to describe the various things we do with your personal information.  This includes things like:

  • collecting your information
  • recording your information on a computer system or paper record
  • updating your information or correcting it when necessary
  • accessing your information
  • merging your information with other information about you
  • sharing some of your information with someone else
  • storing your information
  • archiving your information
  • destroying our records of your information when it is no longer needed by us

3.

What do we use your personal information for?

We collect and process information about people for different reasons depending on the kind of relationship they have with us.  What information we hold about you and how we process it will depend on whether you are a service user / patient, a carer, a family member, a volunteer, or an interested member of the public.

The following sections describe the different ways we use personal information, the reasons we need to process that information, and the legal basis on which we are empowered to do so.

If you are a Service User (a patient or user of social care services)

If you are a service user we need to collect information about you, your circumstances, your health and your social care needs to enable us to help you to maintain your health and wellbeing and access health and social care services.   We only collect and process personal information about you for the following purposes:

  • to assess your health and social care needs
  • to organise or provide services to meet those needs
  • to help us improve health and social care services in Angus
  • to help us improve and protect the health and wellbeing of the population of Angus

The law gives us the authority to do this in order to protect your vital interests, to carry out our legal duties to provide health and social care services, and to enable us to contract with other organisations to provide you with care and support.

We may use your information to process financial transactions in relation to health and social care services including grants, payments and benefits involving the council or NHS Tayside, or where we are acting on behalf of other government bodies, e.g. Department for Work and Pensions.

In general we collect and process your personal data to enable us to provide health and social care services to you.  The duties and powers under which we are able to provide these services to you and others are set out in a number of pieces of legislation including:

  • The Social Work (Scotland) Act 1968
  • National Health Service (Scotland) Act 1978
  • Disabled Persons (Services, Consultation and Representation) Act 1986
  • Adults with Incapacity (Scotland) Act 2000
  • Community Care and Health (Scotland) Act 2002
  • Mental Health (Care and Treatment) (Scotland) Act 2003
  • The Adult Support and Protection (Scotland) Act 2007
  • Public Services Reform (Scotland) Act 2010
  • Patient Rights (Scotland) Act 2011
  • Social Care (Self-directed Support) (Scotland) Act 2013

If you are a Carer

To enable us to help support you in your caring role and ensure you have access to training and respite when you need it, we need to collect and process personal information about you.  We normally only collect and process personal information about you for the following purposes:

  • to help us assess the support you need to continue in your caring role and maintain your own health and wellbeing
  • to ensure we have the information we need to help you manage in a crisis
  • to make payments to you if you are eligible for a carer support budget

We may use your information to process financial transactions in relation to support provided to you including grants, payments and benefits involving the council or NHS Tayside, or where we are acting on behalf of other government bodies, e.g. Department for Work and Pensions.

The law gives us the authority to do this in order to carry out our duties under the Carers (Scotland) Act 2016.

If you are a Volunteer

To enable us to help support you in your volunteering and ensure you and the service users you support get the best out of your voluntary work we need to collect some personal information about you. 

We normally only collect and process personal information about you for the following purposes:

  • to ensure you are a fit and proper person to work with vulnerable people
  • to co-ordinate and monitor your volunteering for us
  • to ensure you receive any legitimate expenses incurred during your volunteering in accordance with our policies
  • to help us provide you with management support and training as required

The law gives us the authority to do this in order to safeguard vulnerable adults and children and to ensure your volunteering experience, and that of the service users you work with, is of the highest standard.

We may use your information to process financial transactions in relation to legitimate expenses incurred in the course of your volunteering for us.

In general we collect and process your personal data to enable us to provide volunteer health and social care services to residents of Angus.  The duties and powers under which we are able to provide these services are set out in a number of pieces of legislation.  Details of the relevant legislation can be provided on request.

If you are a service user’s next of kin or other key contact person

When providing health or social care services to people we require to take details of their next of kin and sometimes other people who are important to the service user.

The information is provided to us by the service user and is only used in situations in which they have asked us to contact you on their behalf.  We only collect the minimum information necessary to contact you.

The law gives us the authority to do this in order to protect the vital interests of the service user, to carry out our legal duties to provide health and social care services, and to enable us to contract with other organisations to provide you with care and support.

If you are a member of the public

We regularly consult with members of the public and receive comments, suggestions, and complaints about our services.  When we do so we may collect personal information about you.  We normally only collect and process this information in order to:

  • Respond to your complaint or comment
  • Invite you to further consultation events
  • Tell you about new services
  • Ensure that we have consulted with all sections of the population

We sometimes take photographs or video of consultation events organised by Angus Health and Social Care Partnership for publicity purposes.  We also may take photographs or video of services which we provide for publicity and training purposes.

We will always notify people attending an event or participating in a service if we intend to take photographs or video, and individuals are free to choose not to be shown in any photographs or video which is taken.  Where possible we will seek to obtain your explicit permission to be photographed or videoed, and will always do so where photographs or video is taken of small groups or individuals and where we wish to link your name to the image.

It should be noted that there is generally no restriction to us taking photographs or video of people in a public place, as defined in the Public Order Act 1936 section 9(1), and no legal requirement for us to seek consent from the individuals shown in such photographs or video footage.

4.

Do you use personal information for any other purposes?

There are some circumstances where the law allows us to process your personal information for other purposes, and there are some circumstances where the law requires us to do so.  These purposes are called ‘secondary purposes’ because they are not the main reasons we collect and process personal information.

This section describes these secondary purposes and their legal basis.

Use of personal information for historical, statistical or research purposes

The law allows us to use your personal information to undertake statistical analysis of our services, and for research purposes in the public interest.  The law also allows us to archive personal records for historical purposes in the public interest.

We do not require your permission to do this but the law does require us to ensure that the information is securely and confidentially processed and stored.

Personal information for statistical or research purposes may be analysed by ourselves, our partners, or by external contractors working on our behalf.  Normally we only share personal information which has been anonymised by removing the name and any other data which could be identifiable. 

We only share identifiable personal information for statistical purposes with the NHS Common Services Agency under a strictly defined information sharing agreement and service level agreement.  A copy of the agreement is available on request.

We may decide to archive records containing personal information where they may be of historical interest.  Archiving of personal health records is carried out under contract between NHS Tayside and the University of Dundee.  Archiving of personal social care records is carried out under arrangement between Angus Council and the Archives service of ANGUSalive.

Protection of vulnerable groups

The law requires us to share personal information where we have reason to believe that a person is at risk of harm, or that there is a risk that a person may cause harm to others.

We are required to do this to protect the welfare of children and vulnerable adults under a range of legislation including:

  • Children (Scotland) Act 1995
  • Adults with Incapacity (Scotland) Act 2000
  • Mental Health (Care and Treatment) (Scotland) Act 2003
  • Adoption and Children (Scotland) Act 2007
  • Protection of Vulnerable Groups (Scotland) Act 2007
  • Adult Support and Protection (Scotland) Act 2007
  • Children and Young People (Scotland) Act 2014

Prevention of crime and detection of fraud

The requires us to share information with the police, HM Revenue and Customs, and the Department of Work and Pensions to help prevent or prosecute crime and to help detect fraud.

The circumstances under which we are able to share information for these purposes are set out in Part 3 of the Data Protection Act 2018.

Audit and regulatory compliance

We are required to give access to personal information to a number of statutory regulatory bodies when they are undertaking statutory inspections, investigations, or conducting audits.

Legal action

Occasionally we have to pursue or defend legal action in which we have to disclose the personal information of an individual whose information we have collected for a different primary purpose, and we are allowed to do this by law.   We are also required to disclose personal information when instructed to do so by the Courts, Children’s Hearing or other similar judicial or quasi judicial bodies.

Public statements

If someone makes a public statement about the Angus Health and Social Care Partnership and we have information showing it to be wrong, we may publicise the fact that we have information to contradict it.  We may ask for your consent to publish our information if it involves you.  If you refuse, we may make your refusal to consent public.

5.

How do we collect information about you?

Face to face conversations

The most common way in which we collect information from you is in face to face conversation when we assess your health or social care needs, needs as a carer, speak to us at an event, or register you as a volunteer.  For example, you may speak to a community nurse, your GP, a care manager, or occupational therapist and you may receive a service from a health care assistant or a home care worker.

Telephone

We may collect information from you over the phone when you call us or when we call you. 

In general we do not routinely record or monitor telephone calls made to us.  We will notify you at the beginning of any call which we need to record so you can choose whether to proceed with the call or not.

Some of our services, such as the Community Alarm Service, do require to record all calls as a condition of the service for safety and security reasons.  Details of why we do this, how long we keep the recording, who we share them with, and your rights in respect of these recordings will be provided in a separate privacy notice when you agree to receive that service.

Email

You may provide information to us by email and we may also provide information to you by email. 

If you do email us you should be aware that your email will include your email address and the identification of the internet address you emailed us from (the IP address).

Website

If you are a user with general public access, the Angus Health and Social Care Partnership website, which is hosted by Angus Council or another 3rd party service provider under contract, does not store or capture personal information other than logs a number called your IP address. The system will record other personal information only if you use the website to contact us and leave contact details to enable us to respond to you.

The website employs cookie technology to help log visitors. A cookie is a string of information that is sent by a web site and stored on your hard drive or temporarily in your computer’s memory. The information collected is used for the administration of the server and to improve the service provided by the web site. No personal information is collected this way. You can reject the use of cookies but you may be asked for information again, e.g. to participate in a survey. Further information and how to block cookies is located on our or the council’s cookies page. This statement only covers our website, which is maintained by the council, and does not cover other web sites linked from our site.

CCTV surveillance

CCTV systems are installed in some of the NHS or Angus Council premises used by the partnership for the purposes of public and staff safety and crime prevention and detection.  CCTV is also installed on the outside of some of these buildings for the purposes of monitoring building security and crime prevention and detection. 

Images captured by CCTV will not be kept for longer than necessary. However, on occasions there may be a need to keep images for longer, for example where a crime is being investigated.

We operate CCTV and disclose recordings in accordance with the code of practice issued by the Information Commissioner.  You have the right to see images/audio recording of yourself in accordance with data protection legislation and be provided with a copy of the images.

We will only disclose images and audio to other authorised bodies who intend to use it for the purposes stated above. Images and audio will not be released to the media for entertainment or any other purposes or placed on the internet for public viewing.

Information from third parties

Some personal information about you is provided by third parties.  For example, when a person provides you with health or social care, or carer’s support, they may record information about your needs and wellbeing.  This includes NHS Staff, Council Social Work staff, and staff of organisations we have contracted to provide you with services.

This information helps us to keep up to date with your needs and wellbeing.

If you are a volunteer with us we will also collect information from the service users you work with and from others who interact with you as part of your volunteering to help us review your performance and help you develop as a volunteer.

6.

Who do we share your information with?

We only ever share your information where it is necessary in order for us to carry out our public functions or where we are required to by law. 

We never use your personal information for marketing purposes without your explicit permission.  We do not sell or make your personal information to anyone else for marketing or any other purpose.

When we do share information with another organisation we only share the minimum information necessary for the specific purpose for which it is shared.

If you are a service user

We will only share your information with other organisations where it is necessary to meet your health or social care needs or where we have a legal duty to do so.

When we share your information we only share those pieces of information that are necessary for other people to do their part in meeting your health and social care needs.

Your information is shared with staff within NHS Tayside, Angus Council, and the Angus Health and Social Care Partnership who are involved in your care. Your personal information is also shared with independent contractors who act on our behalf.  These include your GP, pharmacist, dentist, and any social care provider who has been contracted to provide you with social care services.  We may be required to share your information with the finance departments of these or related organisations to process financial transactions in relation to health and social care services including grants, payments and benefits involving the council or NHS Tayside, or where we are acting on behalf of other government bodies, e.g. Department for Work and Pensions.

If you are a carer

We will only share your information with other organisations where it is necessary to meet your support needs, the needs of the person you care for, or where we have a legal duty to do so.

When we share your information we only share those pieces of information that are necessary for other people to fulfil their roles in relation to you and the people you care for.

Your information is shared with staff within NHS Tayside, Angus Council, the Angus Health and Social Care Partnership, and the Angus Carers Centre who are responsible for assessing your support needs and providing support to you, or who are responsible for the care and support of the person or persons you care for. We may be required to share your information with the finance departments of these or related organisations for the purposes to process financial transactions for example in relation to health and social care services including grants, payments and benefits involving the council or NHS Tayside, or where we are acting on behalf of other government bodies, e.g. Department for Work and Pensions.

If you are a volunteer

We will only share your information with other organisations where it is necessary to train and support you as a volunteer, to ensure you and the service users you support get the best out of your volunteering work, or where we have a legal duty to do so.

Your information is shared with staff within NHS Tayside, Angus Council, the Angus Health and Social Care Partnership, and Voluntary Action Angus who are responsible for the service users with whom you work or who are responsible for your work as a volunteer. We may be required to share your information with the finance departments of these or related organisations, for example, to process financial transactions in relation to legitimate expenses incurred in the course of your volunteering for us.

When we share your information we only share those pieces of information that are necessary for other people to fulfil their roles in relation to you and the service users you work with.

If you are a service user’s next of kin or other key contact person

We will only share your contact details with other organisations where it is necessary for them to be able to contact you on behalf of the service user.

Your contact information may be shared with staff within NHS Tayside, Angus Council, and the Angus Health and Social Care Partnership who are involved in the service user’s care. Your contact information is also shared with independent contractors who provide support the service user on our behalf.  These may include the service user’s GP and any social care provider who has been contracted to provide the service user with social care services.

If you are a member of the public

We will not share your personal information with anyone else without your explicit permission unless the law requires us to do so.

Other purposes

Section 3 described the secondary purposes for which we may process your information as required or permitted by the law.  In relation to these purposes we may share information with a wide range of bodies including:

  • Scottish Public Services Ombudsman
  • The Scottish Information Commissioner
  • The Scottish Social Services Council
  • The (UK) Information Commissioner
  • The Care Inspectorate
  • Mental Welfare Commission
  • Office of the Public Guardian
  • Police Scotland and other criminal investigation agencies
  • Department for Work and Pensions (DWP)
  • Her Majesty’s Revenue and Customs (HMRC)
  • Scottish Government
  • Scottish Children’s Reporter’s Administration
  • Scottish Courts

These organisations are obliged to keep your details securely and in line with the data protection legislation. 

7.

How long do we keep your information?

We do not keep records about you for longer than is necessary.  How long we normally keep your personal information depends on the relationship you have with us.

In some cases the law requires us to keep some records for longer periods of time than the standard retention periods described below.  Full details are set out in the Angus Health and Social Care Partnership Business Classification Scheme and Retention Schedule.

When a record containing personal information reaches the end of its retention period, we will either choose to securely archive it for historical purposes, or we will securely shred and destroy the record if it is in paper format or delete it from all computer systems if it is an electronic record. 

Service users

In general we keep health records about you for no more than six years after you last had contact with us.  We keep most social care records for five years after you last had contact with us. 

Carers

In general we keep records for no more than five years after you cease to receive support from us. 

Volunteers

In general we keep volunteer records for no more than six years after you cease to work with us. 

Service user’s next of kin or other key contact person

Your personal information forms part of the service user’s records and will only be retained as long as the service user’s record is retained.

Members of the public

We will keep your personal information only for as long as is necessary for the purpose for which you entrusted us with that information, or until you withdraw your consent for us to hold your information.

8.

What rights do you have over the personal information we hold?

The personal information we hold about you is your information and the law gives you a number of rights in relation to that information.  The rights you have in relation to that information depend on the legal basis on which we hold and process it.

If you wish to exercise any of these rights please contact the Data Protection Officer whose contact details are given in section 10.

Service users, carers, volunteers, service user’s next of kin and other key contact persons

Our basis for processing your personal information is in order to carry out a public task in relation to you or another person.  This means that you have the following rights:

  • You have the right to be to be informed about the information we hold and how we process it
  • You have the right to access all the information we hold about you
  • You have the right to require us to rectify any errors in the information we hold about you
  • You have the right to ask us to restrict your information from being processed under certain circumstances
  • You have the right to object to us collecting or processing personal information about you though this will affect our ability to provide services to you or a person you care for

Members of the public

The basis on which we process your personal information is your explicit consent.  This means you have the following rights:

  • You have the right to be to be informed about the information we hold and how we process it
  • You have the right to access all the information we hold about you
  • You have the right to require us to rectify any errors in the information we hold about you
  • You have the right to require us to erase your personal information from our records
  • You have the right to ask us to restrict your information from being processed under certain circumstances
  • You have the right to object to us collecting or processing personal information about you though this will affect our ability to provide services to you or a person you care for
  • You have the right at any time to withdraw your consent to us processing your personal information

9.

How do we protect your information?

If your personal information is held in paper format it is kept in secure filing cabinets within the premises of Angus Council, NHS Tayside or other bodies operating under contract to us.

If we hold your personal information electronically it is kept in secure database or file systems on secure servers operated by or on behalf of Angus Council, NHS Tayside or other bodies operating under contract to us.  We do not store personal information on servers outwith the UK and the European Economic Area.

We share personal information with other bodies only through secure encrypted electronic means, wherever possible.  Where this is not possible we take other reasonable measures to secure your information from loss or disclosure.

No one has access to the personal information we hold unless it is necessary to enable us to carry out our duties towards you or to protect your vital interests. Access to your personal information in either format is systematically logged and monitored.

No third parties have access to your personal data unless permitted by law or unless we have contracted with them to provide services on our behalf.  We only share personal information with third parties under a formal contract or information sharing agreement which requires them to process that information in accordance with the GDPR and the Data Protection Act 2018.

Everyone who has access to your personal information is bound by a duty of confidentiality.  In most cases that duty is an enforceable contractual obligation.

We never sell your information to third parties for any purpose including marketing.  We do not provide your information to any other public bodies or departments unless the law requires us to do so.

We will dispose of paper records or delete any electronic personal information in a secure way. 

10.

Getting further advice, exercising your rights, or raising concerns

Angus Health and Social Care Partnership has appointed a Data Protection Officer to ensure we comply with the GDPR and the Data Protection Act 2018.

If you want further advice or wish to exercise any of your rights under the data protection legislation please contact:

The Data Protection Officer
Angus Health and Social Care Partnership
St Margaret’s House
Forfar
DD8 1WS

Tel: 01307 474156

Email: AHSCPDataProtection@angus.gov.uk

If you wish to exercise any of your rights we need to make sure of your identity to make sure that you have the right to see the information you are asking to see. We will usually require proof of identity, for example, a passport, driving licence, birth or marriage certificate.  You should send us photocopies or scans of your proof of identity by mail or email along with the appropriate form which can be found on our website at:

https://www.angus.gov.uk/social_care_and_health/angus_health_and_social_care_partnership

Please do not send original documents through the post.

Once we have received a competed form and have verified your identity we will respond to you within one calendar month.

If you have any concerns or want to seek further advice you can contact the Information Commissioner’s Office (ICO).  The ICO is an independent body set up to uphold information rights in the UK.  

They can be contacted at:

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Telephone Helpline: 0303 123 1113

Email: casework@ico.org.uk

Website: www.ico.org.uk

11.

Changes to this privacy notice

We will continually review and update this privacy notice to reflect changes in our services and feedback from service users, as well as to comply with changes in the law. When such changes occur, we will revise the ‘last updated’ date at the top of this notice and the current version will be at: www.angushscp.scot/privacy-policy