Data protection privacy notice (Clients)
This notice explains what personal data (information) we hold about you, how we collect it, and how we use and may share information about you whilst receiving our services and after it ends. We are required to notify you of this information under data protection legislation. Please ensure that you read this notice (sometimes referred to as a ‘privacy notice’) and any other similar notice we may provide to you from time to time when we collect or process personal information about you.
Who collects the information
Deafness Support Network (‘Company’) is a ‘data controller’ and gathers and uses certain information about you. This information is also used by our affiliated entities and group companies, namely Positive Hearing Ltd (our ‘group companies’) and so, in this notice, references to ‘we’ or ‘us’ mean the Company and our group companies.
Data protection principles
We will comply with the data protection principles when gathering and using personal information, as set out in our data protection (employment) policy.
About the information we collect and hold
The table set out in the Schedule summarises the information we collect and hold, how and why we do so, how we use it and with whom it may be shared.
We may also need to share some of the categories of personal information set out in the Schedule with other parties, such as external contractors and our professional advisers and potential purchasers of some or all of our business or on a re-structuring. Usually, information will be anonymised but this may not always be possible. The recipient of the information will be bound by confidentiality obligations. We may also be required to share some personal information with our regulators or as required to comply with the law.
We seek to ensure that our information collection and processing is always proportionate. We will notify you of any changes to information we collect or to the purposes for which we collect and process it.
Where information may be held
Information may be held at our offices and those of our group companies, and third party agencies, service providers, representatives and agents as described above.
How long we keep your information
We keep your information during and after you have accessed services and for no longer than is necessary for the purposes for which the personal information is processed. Further details on this are available in our Document Retention Policy.
Your rights to correct and access your information and to ask for it to be erased
Please contact our Data Protection Officer (DPO) Bob Birchall who can be contacted by email at firstname.lastname@example.org if (in accordance with applicable law) you would like to correct or request access to information that we hold relating to you or if you have any questions about this notice. You also have the right to ask our Data Protection Officer for some but not all of the information we hold and process to be erased (the ‘right to be forgotten’) in certain circumstances. Our Data Protection Officer will provide you with further information about the right to be forgotten, if you ask for it.
Keeping your personal information secure
We have appropriate security measures in place to prevent personal information from being accidentally lost, or used or accessed in an unauthorised way. We limit access to your personal information to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.
We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
How to complain
We hope that our Data Protection Officer can resolve any query or concern you raise about our use of your information. If not, contact the Information Commissioner at ico.org.uk/concerns/ or telephone: 0303 123 1113 for further information about your rights and how to make a formal complaint.
About the information we collect and hold
|The information we collect||How we collect the information||Why we collect the information||How we use and may share the information|
|Your name, contact details (ie address, home/mobile phone numbers, email address), emergency contacts (ie name, relationship and home/mobile phone numbers), Registration (level of hearing loss i.e. hard of hearing, deaf with speech, deaf no speech, dual sensory loss), Carer status and whether you are a hearing aid wearer or not. ☐||From you||To enable delivery of services.Legitimate interest: to maintain client records.||To monitor numbers of clients accessing services across Cheshire & signpost/refer to most appropriate service within DSN, or through partner organisations.|
|Your nationality and immigration status and information from related documents, such as your passport or other identification and immigration information ☐||From you and, where necessary, the Home Office||To comply with our legal obligationsLegitimate interest: to maintain client records||Information may be shared with the Home Office|
|Your racial or ethnic origin, sex and sexual orientation, religious or similar beliefs||From you||To comply with our legal obligations and for reasons of substantial public interest (equality of opportunity or treatment)||To comply with our equal opportunities monitoring obligations and to follow our policiesFor further information, see * below|
|Information in referrals you, or someone on your behalf, make for services within our organisation||From you, or an authorised person referring on your behalf||To deliver servicesTo comply with our legal obligations
Legitimate interests: to maintain client records and to comply with legal, regulatory and corporate governance obligations
|To process the referralInformation shared with relevant managers, external funders, providers of other services and with consultants we may engage|
|Details in referrals about you that we give to others||From your client records, our employees||To deliver servicesLegitimate interests: to maintain client records and to comply with legal, regulatory and corporate governance obligations||To provide you with the relevant serviceInformation shared with relevant managers, external funders, providers of other services and the recipient(s) of the referral|
You are required in order to receive services, to provide the categories of information marked ‘☐’ above to enable us to verify the most appropriate service area in which to refer to you into. If you do not provide this information, we may not be able to deliver services.
* Further details on how we handle sensitive personal information and information relating to criminal convictions and offences are set out in our DBS Check/Criminal Convictions Policy and Secure Handling, Use, Retention & Disposal of DBS Certificates & Certificate Information Policy available from the HR department.
** Further information on the monitoring we undertake in the workplace and how we do this is available in our Policies & Procedures, available from the HR department.