This privacy notice is in two parts.
Part 1: Under the EU General Data Protection Regulations (GDPR), we are required to update the data protection references for service users and provide certain details regarding the Organisation and collection and use of your personal data. This is set out in more detail below.
Part 2: The second part sets out, in relation to information we collect from this Site, the practices we follow to respect the privacy of all visitors.
Action for Deafness (AFD) is an independent legal entity.
The registered office of AFD is 22 Sussex Road, Haywards Heath, West Sussex RH16 4EA
Our Data Protection Officer/Senior Information Risk Owner can be contacted at email@example.com
What Information do we collect about you?
We only collect and use your information for the lawful purposes of administering the business of AFD. These purposes include:
Accounting and Auditing
Accounts and records
Advertising, marketing & public relations
Crime prevention and prosecution of offenders
Health administration and services
What types of personal data do we handle?
We process personal information to enable us to support the provision of healthcare services to patients, maintain our own accounts and records, promote our services and to support and manage our employees.
The types of personal information we use include:
Personal details such as names, addresses, telephone numbers
Family details such as next of kin details
Details your GP has shared with us
Details held in AFD’s patient management system
Security of your information
We take our duty to protect your personal information and confidentiality seriously. We are committed to taking all reasonable measures to ensure the confidentiality and security of personal data for which are responsible, whether computerised or on paper.
We have appointed a Senior Information Risk Owner (SIRO) who is accountable for the management of all information assets and any associated risks and incidents and a “Caldicott Guardian” who is responsible for the management of patients’ information and patients’ confidentiality.
All staff are required to undertake annual information governance training and are provided with an information governance policy which they are required to read, understand and agree to adhere to. The policy ensures that staff are aware of their information governance responsibilities and follow best practice guidelines ensuring the necessary safeguards and appropriate use of person-identifiable and confidential information.
Everyone working for AFD is subject to the common law duty of confidentiality. Information provided in confidence will only be used for the purposes advised and consented to by the service user, unless it is required or permitted by law.
How can you get access to your personal information?
The EU General Data Protection Regulations (GDPR) give you the right to see the information that AFD holds about you and why.
Requests must be made in writing and you will need to provide adequate information – full name, address, date of birth, patient number etc. – so that your identity can be verified and your information located.
What are your rights?
If at any point you believe the information we process on you is incorrect you can request to see this information and even have it corrected or deleted. If you wish to raise a complaint on how we have handled your personal data, you can contact our SIRO who will investigate the matter.
- If you are not satisfied with our response or believe we are processing your personal data not in accordance with the law you can complain to the Information Commissioner’s Office (ICO). https://ico.org.uk/global/contact-us/helpline, 0303 123 1113, or at the Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF.
Unless otherwise agreed with you, we will only collect basic personal data about you, which does not include any ‘sensitive personal data’. This information does, however, include the likes of your name, home address, telephone number (landline and mobile) and email address. In the case of audiology patients it also includes your NHS number and any medical information given to us by your GP.
A full list of your rights under GDPR is as follows:
- The right to access the personal data we hold on you
- The right to correct and update the personal data we hold on you
- The right to have your personal data erased
- The right to object to processing of your personal data
- The right to data portability
- The right to withdraw your consent to the processing at any time for any processing of personal data to which consent was sought.
- The right to object to the processing of personal data where applicable.
- The right to lodge a complaint with the Information Commissioners Office (ICO). You can contact the Information Commissioners Office (ICO) via https://ico.org.uk/global/contact-us/helpline, on 0303 123 1113, or at the Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF.
We need to know basic personal data in order to provide you with our services. If you do not provide this information then we will be unable to provide the services you have requested. We will not collect any personal data from you that we do not need in order to provide and oversee the services we have agreed to provide you with.
Use of Data
All the personal data we hold about you will be processed by our staff and no third parties will have access to your personal data unless there is a legal obligation for us to provide them with this. We have set out below the legal bases for the Organisation to process your data.
Some of our processing is necessary for compliance with a legal obligation. For example the Organisation is a provider of health services for the NHS and therefore has a duty to share information with other healthcare professionals whenever necessary.
We may also process data if it is necessary for the performance of a contract with you, or to take steps to enter into a contract. An example of this would be processing your data in connection with providing you with services.
We will also communicate with you information about other services we can offer you and update you about our activities.
Where your information is used other than in accordance with one of these uses, we will first obtain your consent to that use.
We take all reasonable steps to ensure that your personal data is processed securely and more information on this can be found on our website.
How long we keep it
We will generally keep your personal data for a minimum of 6 years, after which time it will be destroyed if it is no longer required for the lawful purpose(s) for which it was obtained. If you consent to marketing, any information we use for this purpose will be kept with us until you notify us that you no longer wish to receive this information.
Sharing your personal data
Your personal data will only be shared with third parties including other healthcare professionals or data controllers where it is necessary for the performance of the health care professionals or data controllers’ tasks or where you first give us your prior consent.
At AFD we have focused on implementing fair information practices that are designed to protect your privacy. If you have questions or you do not feel that your concerns have been addressed in our privacy statement, or you just want to talk with us, feel free to contact us by email at firstname.lastname@example.org
We collect personally identifiable information that is voluntarily provided by visitors to this Site (User Data). The User Data that AFD receives from Site visitors includes name, title, address, email address, screen name, telephone and fax numbers, and any other information provided by visitors in email messages or attachments thereto.
Typically, User Data is collected in order to assist visitors to:
- register for certain areas of the Site
- contact us for further information
- enter quick surveys, quizzes, or benchmarking surveys
- register for events, courses and conferences.
It is AFD’s policy to limit the information collected to only the minimum information required to complete a Site visitor’s request.
AFD’s intention is not to seek any sensitive information through our Site. Sensitive information includes a number of types of data relating to race or ethnic origin, political opinions, religious or other similar beliefs, trade union membership, physical or mental health, sexual life, or criminal record.
Use of User Data
AFD makes every practical effort to avoid excessive or irrelevant collection of data. If a visitor believes the Site has collected excessive information, we encourage the visitor to contact us at email@example.com to raise any concerns.
Except for instances where visitors explicitly choose to receive specific AFD marketing or other informational materials, for example our newsletter News & Views, AFD will not use personal data collected from our Website to distribute marketing or informational materials.
It is AFD’s policy only to disclose User Data to third parties under the following circumstances:
- when explicitly requested by the visitor
- when required to deliver publications materials requested by the visitor
- when required to meet any other request of a visitor.
This Site does not collect or compile personally identifying information for dissemination or sale to outside parties for consumer marketing purposes, or host mailings on behalf of third parties.
A cookie is a tiny element of data that a website can send to a visitor’s computer’s browser so that this computer will be recognised by the site on their return. Cookies allow our web server to recognise a computer on connection to the Site, which in turn allows the server to make downloading of pages faster than on first viewing. In addition, cookies may also be used by us to establish statistics about the use of the Site by Internet users by gathering and analysing data such as: most visited pages, time spent by users on each page, site performance, etc. By collecting and using such data, we hope to improve the quality of the Site.
The data collected by our servers and/or through cookies that may be placed on your computer will not be kept for longer than is necessary to fulfil the purposes mentioned above. In any event, such information may not be kept for longer than one year.
Navigation data about site viewers is automatically collected by our servers. If you do not wish to have this navigation data collected, we recommend that you do not use the Site. A visitor can also set their browser to block the recording of cookies on their hard drive to minimise the amount of data that may be collected about your navigating on the Site. The browser on a computer can be set to notify the user when a cookie is being recorded on their computer’s hard drive. Most browsers can also be set to keep cookies from being recorded on their computer. However, for optimal use of the Site, we recommend that visitors do not block the recording of cookies on their computer.
For more information about cookies, please see the Information Commissioner’s website home page or the Interactive Advertising Bureau.
As a policy, visitors are not required to register to gain access to this Site. Personally identifiable information provided to AFD through this Site is provided voluntarily by visitors. Should visitors subsequently choose to unsubscribe from mailing lists or any registrations, we will provide instructions on the appropriate Website area or in communications to our visitors; or a visitor may contact AFD at firstname.lastname@example.org
Each visitor has the right of access to personal data they have submitted through this Site.
User updates of information should be handled by going back through the registration process. Enquiries about the accuracy of identifying information previously submitted, or requests to have information removed, should be directed to email@example.com
All AFD employees are instructed to follow an organisation-wide security policy. Only authorised personnel are provided access to personally-identifiable information and these employees are required to agree to ensure confidentiality of this information.
All documents, programmes, publications, designs, products, processes, software, technology, information, and ideas (Content) provided by or described in this Site are the property of AFD and are protected by U.K. and international copyright laws and other intellectual property laws, unless stated otherwise. The Content is provided to users of this Site for informational purposes only. Except as expressly permitted below or by applicable law, users may not copy (except to the extent required in order to use the site in accordance with the Legal Notice), store in any medium (including in any other website), distribute, transmit, re-transmit, broadcast, modify, or otherwise make available or communicate to the public any part of the Site or systematically extract material from the Site or any document available through it or in any other way exploit commercially all or any part of the Site or any document available through it without our prior written permission.
Users may print or save one copy of any page of the Site and documents available through it (other than documents provided by third parties) for their own personal use.
Changes to our privacy notice
We keep our Privacy Notice under regular review and we will place any updates on this webpage.
This notice was last updated on 01/05/2018.