Being transparent and providing accessible information to the people we support and where appropriate, your guardians, about how we will use your personal information are key elements of the Data Protection Act 1998 and the EU General Data Protection Regulations (GDPR).
This notice explains your rights and details how Quarriers will use your information for lawful purposes in order to deliver appropriate support to you as well as ensuring that Quarriers has robust data management processes in place.
We have written this notice in line with guidance from the Information Commissioner’s Office (ICO). You can find out more about the ICO here: https://ico.org.uk
The notice reflects how we use information for:
- maintaining accurate and up-to-date records for the people we support;
- communicating with those lawfully involved in your support;
- ensuring that we deliver the highest possible standard of support and enable you to meet your outcomes through robust audit processes;
- participating in government, local authority , healthcare and other grant funded research; and
- managing the future planning of the services we deliver ensuring that we meet the needs of the people we support.
Data Controller and Data Processor
As Quarriers is the organisation which has been funded to provide your support, we will process your data on behalf the funder where they are the Council, Government and or the Scottish National Health Service: therefore, we are the Data Processor.
Where we are funded through a trust or other grant making body, we will be the Data Controller for any personal data that we hold about you.
What information do we collect and use?
All personal data must be processed fairly and lawfully, whether it is received directly from you or from a third party in relation to your support.
We will collect the following types of information from you or about you either from a third party directly involved in your support or from you:
- Personal data, meaning any information relating to an identifiable person who can be directly or indirectly identified from the data. This includes information like your date of birth, postcode, address, and next of kin, and;
- Special category/sensitive data, meaning information contained within your support plan such as medical conditions, information and history, details of appointments and contact with you, type of support you require, and any physical, mental or learning disability.
Your support plan may contain information about your support needs, medical conditions and associated treatments as well as other people and organisations who are directly involved in your support. These records may be electronic or paper, or a mixture of both. We use a combination of technologies and working practices to ensure that we keep your information secure and confidential.
Why do we collect this information?
Quarriers collects this information in order to ensure that we have the most up-to-date information about your support and support needs to help you achieve your outcomes. We also collect information as required by our funders. Our funders may use this information for research, gather statistics and to plan for future service provision.
In order to do this, we will need to process your information in accordance with current data protection legislation to:
- protect your vital interests
- pursue our legitimate interests as a provider of your support, particularly where you are a child or vulnerable adult.
How do we use this information?
Your records will be used to ensure that we deliver the most appropriate support to meet your needs. Information held about you may be shared with external agencies such as the NHS and the Police in order to keep you safe and to identify if you are at risk of harm. Information may also be used and shared with other professionals involved in your support in order to review your support and audit the quality of support we provide.
How is the information collected?
Your information will be collected either electronically or in paper form. Where it is collected electronically, your information will be stored securely on Quarriers encrypted network. Paper records will be stored in lockable immovable filing cabinets.
Who will we share your information with?
In order to deliver and coordinate your support, we may share information with the following organisations/agencies:
- the local authority in which you reside (including the Health and Social Care Partnership, social work department and safeguarding team)
- NHS Scotland and ancillary services, such as Occupational Health
- The Police
- Scottish Fire and Rescue Service
- education services which are connected to your support
- The Office of National Statistics
Your information will only be shared if it is appropriate in relation to the facilitation of your support, or where we are required to do so in order to satisfy our statutory and/or legal obligations.
Quarriers will not transfer your data outside of the European Union.
Who do we receive information from?
While we might share your information with the organisations detailed above, we may also receive information from them to ensure that information relating to your support and support plan are kept up-to-date, and so that Quarriers can ensure you are receiving the most appropriate support relevant to your needs.
How do we maintain the confidentiality of your records?
We are committed to protecting your privacy and will only use information that has been collected lawfully. Every member of staff who works for Quarriers has a legal obligation to keep information about you confidential. We maintain our duty of confidentiality by conducting mandatory training, raising awareness of data protection legislation and GDPR, and ensuring access to personal data is limited to the appropriate staff and that information is only shared with organisations and individuals who have a legitimate and legal basis for access.
Information is not held for longer than is necessary and will be held in line with our Records Retention Policy.
Consent and objections – do I need to give my consent?
The GDPR sets a high a standard for consent. Consent means offering people genuine choice and control over how their data is used. When consent is used properly, it helps to build trust; however consent is only one potential lawful basis for processing information. Therefore Quarriers may not need to seek your explicit consent for every instance of processing and sharing your information, on the condition that the processing is carried out in accordance with this notice. Quarriers will contact you if we are required to share information for any other purpose which is not mentioned within this notice. Your consent will be documented within your support plan.
What will happen if I withhold my consent or raise an objection?
You have the right to write to withdraw your consent at any time for any particular instance of processing, provided consent is the legal basis for the processing. Please contact your service directly for further information and to raise your objection.
Sharing of electronic support records:
Your support plan and/or details about your support are kept within your service. Our local electronic systems (such as Quarriers SharePoint and Charity Log) enable your record to be shared with organisations directly involved in your support such as:
- GP practices
- community services such as community nursing teams, rehabilitation services and other out of hospital services
- urgent care organisations, minor injury units or out of hours services
- local hospitals
- palliative care hospitals and services
- care homes
- mental health organisation
- Care Inspectorate
- Scottish Social Services Council (SSSC)
- education services
- any other third sector organisation directly involved in your support
Your support plan contains lots of information about you. In most cases, particularly for people with complex support requirements and arrangements, the support plan plays a vital role in delivering the best support and a coordinated approach, taking into account all aspects of a person’s physical and mental health. A number of people we support are not able to provide or articulate a full account of their support needs and may rely on other care givers and/or guardians to do this for them.
You have the right to ask your service not to share your information or restrict access to your information. This will mean that the information recorded by the project can only be shared with the local authority.
You can also reinstate your consent at any time by giving your permission to override your previous objection. This will be stored in your support plan.
Your right of access to your records:
The Data Protection Act 1998 and the GDPR allows you to find out what information is held about you including information held within your support plan, either in electronic or hard copy format.
This is known as the right of subject access. If you would like to have access to all or part of your records, you can make a request in writing to Quarriers’ Data Protection Officer at the address below:
Safeguarding and Aftercare Team
Bridge of Weir
In the event that you feel Quarriers has not complied with the current data protection legislation, either in responding to your request or in our general processing of your personal information, you should raise your concerns in the first instance to the Data Protection Officer at:
Safeguarding and Aftercare Team
Bridge of Weir
If you remain dissatisfied with our response, you can contact the Information Commissioner’s Officer at 45 Melville Street, Edinburgh, EH3 7HL.