Who are we?
Everyturn Mental Health is a charity/not-for-profit organisation providing a wide range of specialist services on behalf of the NHS and local authorities in the North East of England and free NHS talking therapy services across the UK.
We are registered as a data controller with the Information Commissioner’s Office. Our registration numbers are Everyturn Services Ltd Z7824778 and Everyturn Z4639161.
Contact details for our Data Protection Officer are:
Everyturn Mental Health
2 Esh Plaza
Sir Bobby Robson Way
Newcastle upon Tyne
Tel: 0191 217 0377
Personal data and special categories of personal data
Personal data is defined by the UK General Data Protection Regulation (Regulation 2016/679) as ‘any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier’. Personal data is, in simpler terms, any information about you that enables you to be identified.
In order for us to provide you with a service, we need to collect personal data, including health information which is a special category of personal data. We are committed to ensuring that the information we collect, and use, is appropriate for this purpose and does not constitute an invasion of your privacy.
We will process (collect, store and use) the information you provide in a manner compatible with the UK’s General Data Protection Regulation (GDPR).
We will endeavour to keep your information accurate and up to date and not keep it longer than necessary.
What personal data do we collect?
In accordance with the Health and Social care Act 2012 and Health and Social Care (Quality & Safety) Act 2015, personal and sensitive information we will collect from you may include:
- The reasons for referral and information supplied by your GP, medical advisor, NHS referrer or other referrer. This will include your name, date of birth, address, contact telephone numbers, email address and certain health information.
- The information supplied by you at first contact and in your assessment session, with additional information from professionals where applicable.
- Clinical assessments and plans relating to your care or support.
- Summary records of your care and support.
- Copies of any letters or emails sent to you or received from you.
- Details of any telephone conversations with you.
We collect this personal information in order to provide treatment services to you (including communicating with you, your GP, your NHS referrer, other medical advisors, care and support providers as appropriate).
We securely store your information on our electronic care records system and in paper form.
Why do we collect information about you?
At Everyturn Mental Health, we collect and process personal data in order to provide you with the best and most appropriate care. This is essential in helping us to:
- Confirm who you are and when we can contact you.
- Make decisions about your ongoing care and treatment.
- Ensure that we have accurate and up to date information in order to assess your needs and improve your care.
- Allow us to investigate complaints, claims and incidents.
The legal basis for the processing of your personal and special category data is covered under provisions of Article 6 and 9 of the UK General Data Protection Regulation, such as ‘…a task carried out in the public interest or in the exercise of official authority vested in the controller’
Who do we share your information with?
Everyturn Mental Health has a data protection policy which means that relevant information is only shared with people involved in your health care. This will include:
- Staff engaged by us to carry out our services to you.
- Your GP.
- Your local NHS service if this is appropriate.
- The Department of Health and other statutory bodies to whom Everyturn Mental Health is required to submit data.
- Local audits within Everyturn Mental Health, including the management of untoward or
- adverse incidents, person satisfaction and measurement of outcomes.
We will only consider sharing your personal information with other organisations or professionals where we consider that it an important part of delivering effective care.
We do share your information with consent; however, we can also share your information when there is another legal basis to do so.
There may be occasions when we are legally required to share your personal data. This includes sharing information for the prevention of harm to yourself or others, child protection, the prevention, investigation and detection of a serious crime, including terrorism, or a Court Order.
In these circumstances, Everyturn Mental Health will always do its best to notify you of the sharing of information and only share the minimum information required for the purpose.
We only share information with your family, friends, or advocates with your explicit consent. You have the right to refuse/withdraw your consent to this sharing at any time.
Some of our services work with partner organisations who we share information with. For details of which partners we work with, within specific teams, please contact your service.
Some of our services within Everyturn Mental Health share anonymised information with NHS Digital to help achieve better outcomes and experiences of care. The information is securely sent to NHS Digital, which is the central organisation that receives the same data from all NHS-funded services across England.
The type of anonymous information includes demographics (such as postcode or ethnicity), referral, treatment and outcomes details.
This information is used to produce anonymised national reports that show a summary of, for instance, the numbers of patients referred to different services across the country, average waiting times and outcomes. The reports help the NHS to improve the care it provides.
No information that could reveal your identity is used in these reports.
For more information about how NHS Digital uses data, including their lawful basis for processing, how long they hold it, and your rights, please visit: https://www.nhs.uk/your-nhs-data-matters/ Or, call: 0300 303 5678.
The National Data Opt-Out
The national data opt-out was introduced on 25 May 2018, enabling service users to opt out of the use of their data for search or planning purposes. This is in line with the recommendations of the National Data Guardian’s Review of Data Security, Consent and Opt-Outs.
You can view or change your national data opt-out choice at any time by using the following link: www.nhs.uk/your-nhs-data-matters.
If you require more information about the national opt-out, please visit: https://digital.nhs.uk/national-data-opt-out.
Our services are always looking to demonstrate which interventions positively impact our service users.
Therefore, we actively participate in service evaluation work. When conducting evaluations, we will gather information about the impact of the interventions we deliver. In some instances, we will use data to support external research and evaluation. In all instances, any data used in research and evaluation is completely anonymised before it is shared outside of the organisation or published externally.
How long we keep your information
The information we collect will form your health record which we will retain for the duration specified by national guidance from the Department of Health, NHS Records Management Code of Practice . All confidential information is destroyed in line with the NHS Records Management Code of Practice.
Your rights as a data subject
At any point while we are in possession of or processing your personal information, you have the following rights:
- Right of access – you have the right to request a copy of the information that we hold about you. You will need to provide a form of ID to access this. Click here for more details about how to request access to your records, or speak with the service manager.
- Right of rectification – you have a right to correct data that we hold about you that is inaccurate or incomplete.
- Right to erasure – in certain circumstances you can ask for the data we hold about you to be erased from our records; however, there are exceptions to the right to erasure and Insight Healthcare are legally required to maintain your records in accordance with the retention guide referenced in the link above.
- Right to restriction of processing – where certain conditions apply to have a right to restrict the processing.
- Right of portability – you have the right to have the data we hold about you transferred to another organisation.
- Right to object – you have the right to object to certain types of processing such as direct marketing.
- Right to object to automated processing, including profiling – you also have the right to be subject to the legal effects of automated processing or profiling.
You can find out more about your rights under the UK’s data protection laws at www.ico.org.uk
In the event that you wish to make a complaint about how your personal information is being processed by Everyturn Mental Health (or third parties as described), you can contact the Data Protection Officer using the contact details above.
If you are not satisfied with how your complaint has been, or is being, handled, you have the right to lodge a complaint directly with the Information Commissioners Office who is the identified supervisory body:
Information Commissioner’s Office
Tel: 0330 8303 0338
Changes to this privacy notice
We may change this Privacy Notice from time to time. This may be necessary, for example, if the law changes, or if we change our business in a way that affects personal data protection.
Any changes will be made available on our website www.everyturn.org
How to contact us
To contact us about anything to do with your personal data and data protection, including to make a request for access to your records (subject access request), please contact our Data Protection Officer (DPO):
FAO Data Protection Officer
Everyturn Mental Health
2 Esh Plaza
Sir Bobby Robson Way
Newcastle upon Tyne
Tel: 0191 217 0377
Data Protection Impact Assessments
For more information relating to our Data Protection Impact Assessments, please contact the Data Protection Officer at firstname.lastname@example.org
Information Governance Policies and Procedures
If you would like a copy of, or have any queries regarding, our IG Policies and Procedures, please contact our Governance and Quality Department at email@example.com