Data Processing Notice
We care about your personal data and ensure you are informed about how we use it. We promise to protect your data, and to manage any information you share with us, in line with data protection law.
This Notice sets out how and why we collect and use your personal data and our legal basis for doing so.
Who Are We?
We are Health Connections LBG. We are a member of the Association of Guernsey Charities (Number CH 39) and registered with the Guernsey Registry (No 65185). We are also registered with The Office of the Data Protection Authority (registration number DPA 4323).
What Data We Collect
Depending on what service we provide to you we may collect the following personal data: contact details and those of your next of kin, DOB, GP name and practice. We may request medical data including long-term conditions and support needs. This not only enables us to contact our passengers and service users to carry out our core services or comply with a contract but also to comply with statutory requirements and our legal obligations.
We also hold contact details, emergency contact details and any special medical requirements of our Directors, Staff and Volunteers. We hold contact details of all trained Community Connectors so that we can invite them to our events.
We hold names, contact detailsand bank account details of our staff and shop creative suppliers.
Where Does This Information Come From?
The personal data we process is given to us directly by you, our passengers, customers, Community Connector trainees, event attendees, suppliers, service users, volunteers, staff and directors. We do not collect any personal data from any other sources.
Our Lawful Basis For Processing Your Personal Data
In order to be able to provide you with the services you require, we use our legal contractual basis for processing your data or rely on our legitimate business interests.
In instances where we are not relying on a contractual or legitimate business interest basis, we rely on consent to lawfully process your data. This can be obtained orally over the telephone (if you are an isolated passenger), by email, written consent or by an online process. You have the right to withdraw your consent at any time, however, it must be highlighted that by withdrawing your consent we may not be able to provide you with our core business services.
Types of Personal Data We Collect
· Your contact details, such as name, postal address, email address and contact number
· Bank details (if you are a shop customer, paid staff or shop creative).
· A record of our communications with you
· Your communication preferences
· Emergency contact details
· Any special medical requirements
Special Category Data
Defined in the Law as – “Personal data revealing an individual’s racial or ethnic origin, political opinion, religious or philosophical belief, trade union membership, genetic data, biometric data, health data, data concerning an individual’s sex life or orientation, & criminal data.”
We keep a very brief summary of health data to ensure we can offer you the most appropriate support by understanding your unique personal and medical requirements when carrying out our activities e.g. if you are diabetic, asthmatic or if you have hearing, sight, memory loss or mobility underlying health concerns.
Sharing of your Personal Data
Health Connections will only use your contact details for our own official purposes in the carrying out of the internal referral function we undertake, for example, pass your contact details on to a charity or other organisation for you to access their services. Your details will not be given or sold to any third party for their use. We provide anonymised data for reporting and evaluation of the service.
We provide the name, address and bank details of our employees to an external payroll company for the purposes of payroll.
We also use selected third-party services including Mail chimp, Eventbrite, website analytics. They each maintain their own privacy policies and are registered with privacy shield (www.privacyshield.gov) which provides a mechanism for US companies to comply with EU data protection requirements.
Data collected as part of registering/attending an event
We process your personal data (in this instance: your name, mobile number and email address only) in relation to our event registration process under paragraph 2 (the entering into and performance of a contract) of Schedule 2, Part I of the Law.
When registering for an event with us, you only need to provide your name, mobile number, email address and job title. We will use this information to facilitate the event and your attendance at it. We will be unable to manage your attendance at any event without your name, mobile number and email address. You will not receive any event specific communication other than for events you have signed up for. When registering for an event with us, we will ask you to let us know if you are happy to be included in photographs that may be taken during the event that we may share online. This is processed under paragraph 1 (consent) of Schedule 2, Part I of the Law and as such you can decide whether you wish to be in photos or not. If you do not want to be photographed this will not impact on your experience of the event. We seek your job title so we can understand the make-up of an event’s audience, to tailor it accordingly and understand the demographic who use our Directory or support our charity. This is processed with your consent (Para. 1 of Schedule 2, Part I of the Law) and as such you do not have to tell us your job title if you don’t want to. Not providing it will not negatively impact your attendance or experience of the event.
On the odd occasion that we run events that are catered for we will ask you to provide details of any specific dietary requirements so that we can try to cater to your need. This is processed with your explicit consent (Para. 18 of Schedule 2, Part III of the Law).
We hold the names, contact numbers and bank account details of our staff and shop creative suppliers for the purpose of the stock control and making payments to them for goods sold.
We undertake to secure and protect your data and to only use it lawfully and ethically. All our staff and volunteers are subject to data protection awareness training as part of the training on all of our policies.
Transfer of Data
We do not transfer your personal data outside the Bailiwick of Guernsey.
We will not use your data for marketing nor any purpose not associated or aligned with our charitable aims or objectives. However, you should be aware that, through your use of certain third-party services, you may receive communication directly from
them and you retain your right to contact them to request removal of your details from their marketing.
Retention of Data
All data is retained securely and only used for the purposes for which it was collected under the Law. Data is only retained for as long as it is required to comply with our statutory obligations andfor us to provide you with the services forming part of a contract or with your consent. In any event, data is reviewed and will be retained by us for as long as you are listed on our directory or directly with us for voluntary services and for a period of up to one year after we have been notified that you are no longer with an organisation or using our service. Our drivers are not permitted to store client contact details on their personal devices without the client’s explicit consent and will confirm destruction of the data at the point you are no longer considered to be a service user/client.
Please see our Retention Policy for details.
The Law provides you with several rights, but specifically and of relevance, you have the right to:
· request confirmation of the personal data that we hold about you and what we are doing with your data
· request correction of your personal data if incorrect, out of date or incomplete
· request that we stop any consent-based processing of your personal data after you have withdrawn that consent
· We are defined as a Controller according to the Law. If you have any questions or queries regarding how your personal data is being managed, please contact our CEO, Bella Farrell by emailing email@example.com.
If you would prefer to write to us, our address is: Health Connections, Unit 4, Cour du Bordier, 42 Le Bordage, GY1 1BP
Contacting the Regulator
If you feel that your data has been handled incorrectly or are unhappy with our response to any requests you have made to us regarding the use of your personal data, you have the right to lodge a complaint with the data
protection regulator – The Office of the Data Protection Authority (ODPA). You can contact them for advice by writing to:
The Office of the Data Protection Authority
St Martin’s House
St Peter Port
by telephoning (01481) 742074 or by email to firstname.lastname@example.org or you can submit a complaint online at www.odpa.gg and complete the ‘make a complaint’ section.