Adult Social Care - privacy notice

Who we are

Derby City Council is the local government unitary authority for Derby city. Our address is the Council House, Corporation Street, Derby, DE1 2FS. You can contact our Data Protection Officer on 01332 640763 or by email at data.protection@derby.gov.uk.

How do we collect information from you?

We collect information from you when you visit www.derby.gov.uk, when you fill in any forms using our customer portals or on our website, including myAccount; also when you contact us in writing, speak to us on the phone, by email or any other type of electronic communication, or talk to us face to face. We may collect information from a setting you attend, such as a school or care home, where this data collection is necessary for the following purposes listed.

We may also ask Government departments and agencies to give us information they have about you.

What types of information do we collect from you?

We collect different categories of information about you, depending on the service you want from us and/or the reason why we need to process information relating to you. This could be personal information (for example your name and address), or other more sensitive data that we would only collect and use in very particular circumstances that are set out in law.

Should you wish to exercise your statutory rights, outlined below, then we may request information from you to verify your identification such as a copy of your passport or driving licence. 

Details of information obtained from third parties

We receive information and referrals that include personal data from a wide range of partners including public sector organisations such as:

• health services including Derbyshire Community Health Services NHS Trust
• GPs
• schools
• colleges and universities
• emergency services
• the Probation Service
• the Department of Work and Pensions.

We also receive similar information from independent care providers and voluntary/third sector organisations such as:

• care homes
• care providers
• housing associations
• faith groups.

We also receive similar information from members of the public.

We may require information about your vaccination status from you or your employer to enable visits to care homes and other Council facilities.

We do not routinely collect personal information from publicly accessible sources.

How is your information used?

Depending on the service you have requested or need, we may use your information together with other information you have given us to:

• help you to maximise your independence and to stay safe.
• to assess and determine your suitability to visit care homes and other council facilities, this includes assessing your COVID-19 vaccination status
• assess any risk to your wellbeing in line with our Safeguarding Adults duties
• assess whether you are being deprived of your liberty and to authorise any deprivation of liberty that is necessary, lawful and proportionate to protect you from harm, or to challenge any unlawful deprivation of liberty
• arrange any necessary urgent support you may need to keep you safe
• provide you with information and guidance, and to signpost you to other support services
• refer you to other support services
• assess your eligibility for social care services, including Blue Badge
• provide professional advice about your housing needs and to make recommendations to support your rehousing application
• help you to write a support plan
• enable a care plan to be written to provide you with the necessary support
• arrange support services on your behalf
• set up, pay, monitor and administer a Direct Payment
• set up, monitor and provide a community alarm system to enable you to summon help if needed
• complete a financial assessment and assess any charges that you may have to pay towards the cost of your care and support
• process any payments or charges
• identify and monitor families with multiple and complex needs under the National Supporting Families Programme; and assess the quality and effectiveness of services they are receiving
• provide you with a service tailored to your needs and desired outcomes
• carry out our obligations arising from any contracts entered into by you and us
• notify you of changes to our services
• send you communications which you have requested and that may be of interest
• evaluate the service or for research purposes to better understand the impact of services
• to comply with the requirements of statutory bodies such as the Care Quality Commission, Public Health England and Social Work England and so on
• the commissioning and market management team may request data and information periodically, or for a particular purpose from independent care providers. This information will be required to help fulfil our Care Act duties of market shaping, market oversight, and contingency planning in adult social care
• fulfil our legal obligations under relevant legislation including
  • The Children Act 1989
  • The Family Law Act 1996
  • The Human Rights Act 1998
  • The Mental Capacity Act 2005
  • The Safeguarding Vulnerable Groups Act 2006
  • The Mental Health Act 2007
  • The Forced Marriage (Civil Protection) Act 2007
  • The Health and Social Care Act 2008
  • The Local Authority Social Services and National Health Service complaints (England) regulations 2009
  • The Autism Act 2009
  • The Equality Act 2010
  • The Protection of Freedoms Act 2012
  • The Care Act 2014
  • The Children and Families Act 2014
  • The Children and Social Work Act 2017
  • The Health and Social Care Act 2008 (Regulated Activities) (Amendment) (Coronavirus) Regulations 2021
  • The Data Protection Act 2018
  • The Coronavirus Act 2020
  • The Health Protection (Notification) Regulations 2010
  • The Public Health (Control of Disease) Act 1984 and associated regulations
  • The Care Act 2014
  • The Safeguarding Vulnerable Groups Act 2006
  • The Health and Safety at Work Act 1974
  • and contained in the regulations and guidance that sit behind them.

If you have applied to be a Shared Lives carer, the information we collect will be used for carrying out a Disclosure and Barring Service check, registering you as a Shared Lives carer, and matching you with potential customers for you to support. We will also use the information so that we can pay you for the services that you provide.

COVID-19/Coronavirus

Coronavirus has been added as a notifiable disease under the Health Protection (Notification) Regulations 2010. Under the Public Health (Control of Disease) Act 1984 and associated Regulations;  and the Coronavirus Act 2020 and associated Regulations  the Council has a legal duty to store, process and share personal information. The information will  be stored, processed and shared as part of the national, and local Coronavirus Test and Trace operations where necessary for investigations, as well as the testing and  tracing of individuals, groups or businesses; and to assist in the investigation into cases of Coronavirus; Coronavirus outbreaks and issues of non-compliance with the Acts and associated Regulations. The information will also be used; interrogated and mapped to inform the Councils actions and decision making processes. Any such storage, processing or sharing of information will be done in the public interest in order to promote health and wellbeing.

During the management of Coronavirus risks, information which is gathered may be shared between:

• departments within Derby City Council
• other Councils associated with an outbreak
• other health services
• other government bodies associated with the control of the Coronavirus.

Such information includes, but is not limited to:

• personal identifiers
• health information including vaccination information.

The Council has a duty to notify national government bodies, such as Public Health England, Care Quality Commission and the relevant local authority where an individual resides (if different), where there are suspected Coronavirus cases. The Council will disclose the information under Article 9(2)(j) of the UK GDPR (processing is necessary for reasons of public interest in the area of public health, such as protecting against serious cross-border threats to health), and confidential information may be lawfully disclosed in the public interest, without consent, where the benefits to an individual or to society outweigh both the individual’s and the public interest in maintaining the confidentiality of such data.

The Council may contact staff, service users, residents, patients, businesses and premises with messages relating to Coronavirus by text, phone, letter or e-mail. This contact is not direct marketing; therefore we do not need your Consent before contacting you. There is more information available on the national Information Commissioners Office approach to the current epidemic here: https://ico.org.uk/

Research and statistics

Anonymised and pseudonymised data may be used for research and statistical purposes. Any data collected may be used for research and statistical purposes that are relevant and compatible with the purpose that the data was collected for.

Who has access to your information?

We may share your information with the following third parties for the reasons detailed;

• The information you provide may be shared with other professionals who may or may not be involved with you for similar purposes. This can include professionals such as:
  • Your GP
  • District Nurses and Community Matrons
  • Physiotherapists, Occupational Therapists and so on
• It may also be shared with Derbyshire Community Health Services NHS Trust so that everyone involved in your care can work together for your benefit. Information about you will only be used or passed on to others involved in your care.
• It may also be shared with health services, social care support services and equipment providers where that could be a benefit to you and/or in order to promote your personal health and wellbeing. We have published a list of care support services and equipment providers that we contract with.
• If applicable, we may share your information with a Direct Payment Support Service provider specified by you or by the Council so that they can help you to administer your Direct Payment and to help you fulfil your duties as an employer (if applicable). We may also ask the same Direct Payment Support Service provider to give us information on your behalf.
• We may share your Direct Payment information with a Suitable Person or other Third Party specified by you or by the Council so that they can help you to administer your Direct Payment and to help you fulfil your duties as an employer (if applicable). We may also ask the same Suitable Person or other Third Party to give us information on your behalf.
• If we have agreed to issue you with a Pre-Paid Card, your information will be shared with the card provider, allpay Ltd, and with their data processors Carta Worldwide and their data facility providers JCC Payments Systems Ltd.
• We may share your information with emergency services so that they can gain emergency access and provide emergency assistance if necessary.
• The information you provide may be shared with other departments in the Council such as Derby Advice, Housing and Council Tax Benefit to support your applications and to make sure that you are receiving the right amount and kind of benefit.
• All documents relating to a Blue Badge application may be shared within the local authority, with other Local Authorities, with the Police and with parking enforcement officers to help detect and prevent fraud.
• Blue Badge applications will be uploaded to the national Blue Badge database which is be held by Valtech UK. The badges will then be centrally printed, personalised and distributed by a third party supplier, currently The APS Group, from the information held in the national Blue Badge database.
• If you are attending a course provided by the Workforce Learning and Development Team, the information we collect will be used to administer your course(s), invoice for your course(s) and to maintain your training record.
• We may share your information with HM Revenues and Customs, and with the Department for Work and Pensions, to help us check that your financial assessment is correct and to help detect and prevent fraud.
• We may share your information with the Care Quality Commission (CQC). Read the CQC Privacy Notice.
• Information we collect as part of a Deprivation of Liberty Safeguards assessment may be shared with other professionals and interested parties who have been consulted as part of the assessment and authorisation process.
• The information you provide may be shared with other departments in the Council for the purpose of preventing and detecting fraud, or the misuse of public funds, or for any legal or statutory requirements. It may also be shared with other public bodies such as the Court of Protection and the Cabinet Office for a similar purpose.
• The information you provide may be shared with a third party residential care provider on a commissioned basis.
• The information you provide may be shared anonymously with authorised third parties to help evaluate our services or for research purposes to better understand the impact of services.
• The information you provide may also be shared with health services to be used in an anonymised way to help improve the planning of health and social care services generally.
• We may share information in accordance with the National Fraud Initiative.
• Information may be shared with NHS Digital acting on behalf of the Department for Health and Social Care for the purpose of collecting and analysing data to support Local Governments and Integrated care boards local health and care systems.

We will not sell or rent your information to third parties. We will not share your information with third parties for marketing purposes.

Further information on how health organisations process your information can be found on the Digital NHS website  and from Public Health England.

What are your rights?

• Access – you can request copies of any of your personal information that is held by the Council.
• Rectification – you can ask us to correct any incorrect information.
• Deletion – you can ask us to delete your personal information. The Council can refuse to delete information if we have a lawful reason to keep this.
• Portability – you can ask us to transfer your personal data to different services or to you.
• Right to object or restrict processing – you have the right to object to how your data is being used and how it is going to be used in the future.
• Right to prevent automatic decisions – you have the right to challenge a decision that affects you that has been made automatically without human intervention, for example an online form with an instant decision.

National Data Opt Out

We are one of many organisations working within health and social care to improve health and wellbeing for patients as well as the public. Information collected from you when you use our services may be stored and shared with services or partner organisations for purposes other than your individual care, for instance to help with:

• Improving the quality and standards of care provided
• Research into the development of new treatments
• Preventing illness and diseases
• Monitoring safety

This may only take place when there is a clear legal basis to use this information. Confidential information about your health and care will only be used in limited circumstances where it is not possible to use anonymised data.

You have a choice about whether you want your confidential information to be used in this way. If you are happy for your information to be used in this way you do not need to do anything. If you do choose to opt out your confidential patient information will still be used to support your individual care.

For more information or to register your choice to opt out please visit https://www.nhs.uk/your-nhs-data-matters/. You can choose to opt in at any time.

Please be aware that the National Data Opt Out does not apply to information used for marketing purposes, your data would only be used in this way with your specific agreement.

All Health and Social Care organisations should have systems and process in place so they can be compliant with the national data opt-out and apply your choice to any confidential patient information they use or share for purposes beyond your individual care.

Our organisation is compliant with the national opt out policy.

How long will we keep your information for?

We keep and dispose of all records in line with our record retention schedule. We will comply with Data Protection legislation.

What security precautions are in place to protect the loss, misuse or alteration of your information?

We are strongly committed to data security and will take reasonable and appropriate steps to protect your personal information from unauthorised access, loss, misuse, alteration or corruption. We have put in place physical, electronic, and managerial procedures to safeguard the information you provide to us. However, we cannot guarantee the security of any information you transmit to us. We recommend that you take every precaution to protect your personal information.

Keeping your data up to date

We want to ensure any information we hold is accurate. You can help us by promptly informing us of any changes to the information we hold about you.

Details of any automated decision processes

There are no automated decision processes used in Adult Social Care.

Under 13

If you are accessing online services and are under the age of 13‚ please ask for your parent or guardian's permission beforehand whenever you provide us with personal information

IP addresses

Internet Protocol (IP) addresses are collected when our site is used:

• for statistical or analytical purposes
• to identify any malicious activity.

Cookies

Cookies are small text files which identify your computer to our servers. They are used to improve the user experience. View what cookies we use and how you can manage them.

Complaints

If you would like to make a complaint regarding the use of your personal data you can contact our Data Protection Officer:

• By post: Information Governance, Council House, Corporation Street, Derby, DE1 2FS
• By phone: 01332 640763
• By email: data.protection@derby.gov.uk

For independent advice about data protection, privacy and data sharing issues, you can contact the Information Commissioner's Office (ICO):

• By post: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
• By phone: 0303 123 1113 (local rate) or 01625 545 745 if you prefer to use a national rate number

Alternatively, visit ico.org.uk or email casework@ico.org.uk.