New legislation now exists which states what obligations we have to follow when collecting and storing your data, its called General Data Protection Regulations (GDPR). These are the rules that govern how Well Aware collects, stores and uses personal data. It is possible you’ve had a number of emails or letters about it from other people who hold your personal data.
What is GDPR?
GDPR covers any information that can be classified as personal details or information that can be used to identify you, and covers a range of information including:
- Email/ IP addresses
- Social media posts
- Personal medical or social care needs information
- Bank details
Parental consent will be required to process any data relating to children aged 16 and under (e.g. student placements)
Don’t panic! All of the information that we collect is treated with the highest standards of confidentiality and security.
What information do we collect?
When you contact Well Aware to receive information and updates or create an account, we need to be able to contact you. We will record your name, address, telephone number and email contact. We call this your CONTACT INFORMATION
As a contact or member, you may also provide information about your specific interests in Well Aware’s work, and any preferences for the kind of information you wish to receive. We call this SENSITIVE PERSONAL INFORMATION
We will also need to monitor who Well Aware is in contact with for equalities monitoring, including your age, disability, ethnicity, gender or sexuality. We call this DEMOGRAPHIC DATA. You can provide this data for yourself as an individual or about the organisation you represent.
Where is this information kept?
Well Aware keeps all of these records on password protected encrypted digital systems, which are regularly updated with secure protection. Where back-ups are in the cloud these will be GDPR compliant.
We have strict controls over who can access your personal data. All mobile devices are digitally encrypted, and password protected, and we have tight controls about who on the staff team can access this data.
We do not keep paper records.
Why do we collect this data?
Well Aware collects this data for the following reasons:
|CONTACT INFORMATION||So that we can keep in touch with you.|
|SENSITIVE PERSONAL INFORMATION||So that we can send you relevant information.|
|DEMOGRAPHIC DATA.||So that we can monitor if Well Aware is contacting a broad range of people and partner organisations, we may need to report anonymously equalities data about our contacts.|
Well Aware will only collect the data it really needs, and will only keep that data for a period of time required either by law or for a period where it must be retained for business purposes, usually only 2 years.
What do we do with this data – who can see it?
|CONTACT INFORMATION||The Care Forum will not share this information with any third party, unless you give us explicit consent to share it or if we feel you or another person is at risk of harm, including safeguarding concerns.|
|SENSITIVE PERSONAL INFORMATION||Will only be shared with a third party outside of The Care Forum if you give us explicit consent to share it or if we feel you or another person is at risk of harm. Your data will only be shared within The Care Forum on a need to know basis, meaning that the only people who can access it are directly responsible for mail-outs to contacts and members.|
|DEMOGRAPHIC DATA.||We do not share this data in any way where you could be identified. We will only provide anonymised reports e.g. 64% of members are women and 36% are men. No one outside of The Care Forum will ever see the personal demographic data you share with us.|
You maintain at all times the right to:
- Access any information we hold about you
- Correct any inaccurate personal information we hold
- Move your data to another service
- Ask for any personal data we hold to be erased
- Lodge a complaint regarding our use of your data
What if I change my mind?
At any point you can choose to stop having your data stored by Well Aware. All you need to do is email us on firstname.lastname@example.org and ask us to “Delete my data”