Behçet’s Patients Centres (BPC) are committed to protecting your personal information, being clear about what we do with it, and ensuring we only use your personal information in accordance with all applicable laws.
We are a "data controller" for the purposes of the Data Protection Act 2018 and the EU General Data Protection Regulation 2016 ("Data Protection Law"). This means that we are responsible for the processing of your personal information. Furthermore, as an NHS Contractor, Behçet’s Patients Centres (BPC) will comply with the Caldicott Principles with regards the use of personal information.
Where we ask you to provide us with any information by which you can be identified, you can be assured that it will only be used in accordance with this privacy statement.
We do not want to do anything with your information you would not reasonably expect.
· How we obtain your personal information;
· What information we collect;
· How we will use that information;
· Who we share your information with;
· Your choices about the information we hold;
· Your active consent.
We collect information directly from you so we can:
· Deliver our charitable activities;
· Support benefit applications and appeals;
· Signpost you to other agencies for alternative support;
· Carry out our obligations arising from any discussions between you and us;
· Seek your views or comments on the services we provide via online feedback surveys;
· Assist the NHS in obtaining Quality of Life data via online surveys;
· Improve our services;
· Improve our services;
· Report on the service and support provided to NHS England;
· Send you communications which you have requested and that may be of interest to you. These may include information about benefits, grant aid, support groups, promotions about the services of our associated organisation, Behçet’s UK.
Note that the use of your personal data will depend on the nature of our relationship with you and how you interact with our services.
Personal information is any information that can be used to identify you.
This includes information you give when interacting with us, for example during meetings and conversations with a Behçet’s Patients Centres Support Coordinator.
· Personal details (name, date of birth, email, address, telephone, and so on) when you contact a Behçet’s Patients Centres Support Coordinator;
· Financial information (income and expenditure when assessing claims for income benefits and other grants);
· Personal circumstances.
Sensitive personal data
Data protection law recognises that certain categories of personal information are more sensitive. This is known as sensitive personal information and covers health information, racial or ethnic origin, religious beliefs or other beliefs of a similar nature. We would only collect sensitive personal information where there is a clear need to do so, such as to ascertain what services we provide which are relevant to you. Before collecting any sensitive personal information about you we will make it clear to you what information we are collecting and why.
We may use your information in the ways set out below:
· We use your personal data to give you the information, support and services you require;
· We use your information to gain a full understanding of your situation, so we can develop and offer you the best possible support;
· We use personal data to carry out statistical analysis and research to help us to understand how we are performing and how we can improve our services and meet the needs of people that require our help;
· We may sometimes share your information with trusted NHS service providers with whom we work in partnership to deliver and improve services for people affected by Behçet’s.
Behçet’s Patients Centres (BPC) do not rely on consent to use your personal information as a ‘lawful basis for processing’.
There are other lawful reasons that allow us to process your personal information and one of those is called 'legitimate interests'. This means that the reason that we are processing information is because there is a legitimate interest for Behçet’s Patients Centres (BPC) to process your information to help us to deliver our charitable activities and provide the necessary non-medical support to patients with Behçet’s.
Whenever we process your Personal Information under the 'legitimate interest' lawful basis we make sure that we take into account your rights and interests and will not process your personal information if we feel that there is an imbalance.
In some cases, we will only use your personal information where we have your consent ( for example, online feedback surveys and Quality of Life Surveys ).
Keeping your information
We will only use and store your information for as long as it is required for the purposes it was collected for. How long it will be stored for depends on the information in question, what it is being used for and, sometimes, statutory legal requirements.
Most records are destroyed after a certain period of time. Generally, most health and care records are kept for eight years after you were discharged or last seen at a Behçet’s clinic. Behçet’s Patients Centres (BPC) will adhere to the guidelines published by the NHS in their Records Management Code of Practice (https://www.nhsx.nhs.uk/information-governance/guidance/records-management-code/).
When we collect your personal information, we use strict procedures and security features to prevent unauthorised access.
Information system and data security is imperative to us to ensure that we are keeping our patients and employees safe.
When you trust is with your data, we will always keep your information secure to maintain your confidentiality. By utilizing strong encryption when your information is stored or in transit, we minimize the risk of unauthorized access or disclosure.
Behçet’s Patients Centres operations are based in the UK and we store most of our data within the European Union (EU). Some organisations which provide services to us may transfer data outside the European Economic Area, but we will only allow this if your data is adequately protected.
Any information is encrypted and protected and stored using cloud-based technology. We utilise the services of Salesforce http://www.salesforce.com/uk/company/who delivers its service in the cloud via datacentres in the United Kingdom, France and Germany. Salesforce is the name of the Salesforce cloud computing Customer Relationship Management (CRM) service. Non-sensitive details (your email address etc) are transmitted normally over the Internet, and this can never be guaranteed to be 100% secure. As a result, while we strive to protect your personal information, we cannot guarantee the security of any information you transmit to us, and you do so at your own risk. Once we receive your information, we make our best effort to ensure its security on our systems.
Disclosing and sharing information
We will never under any circumstances sell your information.
We do not allow third parties access to your information and we do not sell or share your personal information for other organisations to use.
We may disclose your personal information to third parties if we are under a duty to disclose or share your personal data to comply with any legal obligation, or to protect the rights, property, or safety of Behçet’s Patients Centres. This includes exchanging information with other companies and organisations for the purposes of fraud protection.
You can request access to any information we hold about you or let us know if you no longer wish to receive communications from us. This is easy to do by contacting Behçet’s Patients Centres (BPC), by email email@example.com or write to us at Data Controller, Behçet’s Patients Centres c/o Critchleys LLP, Beaver House, 23-38 Hythe Bridge St, Oxford OX1 2EP. Please let us know of any changes to your personal information or if you have any questions or queries about this policy.
Behçet’s Patients Centres (BPC) are committed to protecting your personal information, keeping it safe and being clear about what we do with it.