Privacy Notice

Your information: how we use and keep it

SILC provides a range of services to support disabled people, older people, carers and the wider community in Surrey. You can approach us directly or be referred to us (following a discussion with you) by a health, social care or DWP professional.

To be able to provide the relevant support to you we keep records about you, how we are supporting you and details that help us to do that. Our legal basis for doing this depends on the service(s) that you are accessing and is set out in the table later in this notice.

Our guiding principles are that we hold your records in strict confidence, and in accordance with the current data protection legislation. All of our staff contracts of employment contain a requirement to keep your information confidential.

If you have additional questions, then please contact us using the details listed below.

Information recorded

The information we record about you depends on how we are supporting you. For everyone we support, we record basic details like your name, address, date of birth and contact details.

In addition to these, we also record information relevant to the specific service(s) that we are providing to you. Some examples of this include:

  • Personal Health Budget documentation or relevant details from your support plan if we are helping you to set up and manage your direct payment or PHB;
  • details about the recruitment process and the people you appoint, if we support you with employing a personal assistant;
  • bank details and information about the payments you would like us to make from your account if we are helping you to manage your money;
  • details of any training courses that you are interested in attending;
  • the details of your NHS-related complaint if we are providing you with advocacy support;
  • information about your intended use of a GP prescription payment;
  • information about your intended Personal Assistant role;
  • some ID documents if we are supporting you with a DBS check;
  • some information about the way that you navigate on our website.

If you would like more detailed information on what we hold about you, please contact us directly because the exact information that we hold about you will depend on which services you are accessing. If you contact us by telephone, our phone system will record your telephone number and the time of your call. However, we only use this information to produce anonymised statistics on call volumes and monitor staff performance.

If you visit our websites (www.surreyilc.org.uk or www.supportfinder.org.uk), we will capture some information about your visit using cookies. Cookies are small text files that are placed on your computer by websites that you visit. They help us analyse how the website is used and to identify areas for improvement. In particular, we use cookies to see the volume of website visitors and analyse how the content of our website is viewed. Some of this information is gathered by our web content management system and some is gathered by Google Analytics. You can choose not to allow cookies to be used by adjusting your browser settings, however this may affect website functionality. For further information, visit allaboutcookies.org.

Storage of Information

In order to maintain your privacy, SILC has a number of measures in place to make sure your information is kept safe and private.

Information held in paper files is either stored securely in locked cabinets in the office or held in our offsite archive facility run by the Oasis Group. The cabinets in the office are only used by SILC staff who have a genuine need to access the information. The Oasis Group adhere to the highest standards of data protection and hold ISO 27001 certification.

Additionally, some information is held electronically. Access to electronic information is restricted by staff role to ensure that only members of staff who have a genuine need to view the information can do so. Information held electronically is backed up to a secure Microsoft Azure datacentre in the United Kingdom which meets ISO 27001 security compliance standards and the data is encrypted both during transfer and while at rest in the datacentre.

We securely destroy or delete your information six years after the support we provide to you, or your volunteer placement with us, ends.

Information about your visits to our websites are held in our Google Analytics which can only be accessed by authorised members of staff.

We do not use any automated decision-making processes.

SILC’s legal basis for processing your information

SILC Service

Legal basis for processing your information

Independent Health Complaints Advocacy

Legitimate Interests (Article 6(1)f of the GDPR) with the associated condition of health or social care for processing special category data (Article 9(2)h of the GDPR)

GP Carer Break Programme

Public Task (Article 6(1)e of the GDPR) with the associated condition of health or social care for the processing of special category data (Article 9(2)h of the GDPR)

Direct Payment and PA recruitment information and support (Surrey County Council referrals)

Legitimate Interests (Article 6(1)f of the GDPR) with the associated condition of health or social care for processing special category data (Article 9(2)h of the GDPR)

Personal Assistant Support service (Self-funded)

Contract (Article 6(1)b of the GDPR) with the associated condition of consent for processing special category data (Article 9(2)a of the GDPR)

Supported Managed Accounts (NHS referrals)

Contract (Article 6(1)b of the GDPR) with the associated condition of consent for processing special category data (Article 9(2)a of the GDPR)

Personal Health Budgets (NHS referrals)

Legitimate Interests (Article 6(1)f of the GDPR) with the associated condition of health or social care for processing special category data (Article 9h of the GDPR)

Assisted Finance Accounts

Contract (Article 6(1)b of the GDPR) with the associated condition of consent for processing special category data (Article 9(2)a of the GDPR)

Financial Monitoring Advice

Contract (Article 6(1)b of the GDPR) with the associated condition of consent for processing special category data (Article 9(2)a of the GDPR)

PA Finder website

Consent (Article 6(1)a of the GDPR) with the associated condition of consent for processing special category data (Article 9(2)a of the GDPR)

SILC website

Consent (Article 6(1)a of the GDPR) 

PA and Employer Training

Consent (Article 6(1)a of the GDPR) with the associated condition of consent for processing special category data (Article 9(2)a of the GDPR)

PA DBS checks

Consent (Article 6(1)a of the GDPR) with the associated condition of consent for processing special category data (Article 9(2)a of the GDPR)

Volunteers

Legitimate interests (Article 6(1)f of the GDPR) with the associated condition of consent for processing special category data (Article 9(2)a of the GDPR)

Trustees

Legitimate interests (Article 6(1)f of the GDPR) with the associated condition of consent for processing special category data (Article 9(2)a of the GDPR)

Where the table above indicates that the legal basis for our service is ‘consent’, we will need to keep a written record of your consent for us to collect, store and use the personal information that we need to hold for your support. To that end you will be asked to sign a referral form or other document to indicate your consent and we will hold this document on your file. Alternatively, if we obtain your consent during a telephone conversation with you, we will document that this has been done over the phone and will hold that note on your file. Our PA Finder website obtains consent using opt-in tickboxes when you register on the site.

Where the table above indicates that the legal basis for our service is ‘contract’, you will need to enter into a contract with us for the relevant service. This will usually follow a conversation with us about how the service can meet your needs and what the associated terms and conditions are. Please note that if you do not provide us with the personal information that we require for this service, then we will be unable to deliver the service fully.

Where the table above indicates that the legal basis for our service is ‘public task’, this indicates that SILC is a data processor under contract with Surrey County Council for the provision of the service. Our processing of your data will be restricted to the requirements set out in that contract.

Sharing Information

We may need to share your information with or receive information from other organisations and individuals in order to provide the services that you need.

The information held about you will not be shared for any reason, unless:

  • you ask us to do so, for example by entering into a contract with us;
  • you have given us specific permission;
  • we need to do so to fulfil our ‘public task’ obligations to you;
  • it is in our legitimate interests to do so for the purpose of supporting your role as a volunteer or Trustee for SILC;
  • we are required by law, for example to prevent abuse of a vulnerable person or child;
  • we are permitted by law, for example where public interest overrides the need to keep the information confidential.

Some examples of the types of people we may need to share information with, depending on the services we provide you with, include: health and social care professionals and providers; companies who provide payroll services; companies who provide insurance for employers; legal advice lines; advocacy services; the Ombudsman; Healthwatch Surrey; Action for Carers Surrey; training suppliers;  potential employers (for those using the Support Finder website); the DBS service.

If you are being referred to us, for example by a health, social care professional, information about which organisations this might involve should be provided to you by the person making the referral at the point of obtaining your consent for the referral.

If you contact us directly to use our services, we can explain to you which organisations we may need to contact on your behalf in advance of sharing any information with them. Please ask the member of staff you are in contact with for more information.

Your information will be shared in a secure manner, for example external emails containing personal information will be encrypted by Egress Switch or equivalent unless you tell us that you do not want us to do so. Anyone who receives information from us also has a legal duty to keep this information confidential, subject to recognised exceptions such as the ones listed above.

Where we use third parties to provide or support our services, we enter into data processing agreements with them to ensure that your data will be held and processed securely and in accordance with the law.

We do not maintain a mailing list for marketing purposes.

We are compliant with the National Data Opt-Out.

Your rights

If you no longer want us to hold information about you and the service that we are providing you with uses the legal basis of consent, then you have the right to withdraw your consent at any time. Please note that if you withdraw your consent, then this may restrict the type of services that we can offer you.

If you have a contract with us and no longer want us to hold information about you, you may cancel your contract by providing 4 weeks’ notice in writing.

If you are not happy with the way that we manage the information we hold about you, then you have the right to register a complaint with us. A copy of our complaints policy can be found on our website. If you are dissatisfied with how we deal with your complaint you can also raise it with the organisation who referred you to us where applicable.

If you think any information we hold about you is incorrect; you would like to request the restriction of your personal information; you would like to make a data portability request; or you would like to object to the processing of your personal information please let us know.

Your right to view your records

You have the right to ask for a copy of the records that we hold about you. We are required to respond to your request within 30 days. You will need to give us enough information in order for us to identify you (for example, full name, address and date of birth).

We will ask you to provide ID - for example a passport, full driving license or credit/debit card - before any information is released to you. This is a safety check to make sure you are who you say you are.

Contact us

 

For queries relating to our advocacy service, you can contact us in the following ways:

Telephone: 01483 310 500

Text: 07704 265 377

Email: nhsadvocacy@surreyilc.org.uk

Website www.surreyilc.org.uk

 

For queries relating to all other services, you can contact us in the following ways:

Telephone: 01483 458 111

Text: 07771 108 624

Email: admin@surreyilc.org.uk

Website: www.surreyilc.org.uk

 

Sponsored by Eco Hosting

Skip to content