Homesafe Plus has been commissioned by North West Surrey Clinical Commissioning Group (CCG) to fulfil its duty to provide support, assistance and reassurance to patients and their families following a visit to hospital. The service is jointly provided by Elmbridge, Runnymede, Spelthorne and Woking Borough Councils. The data controller for your information will rest with your local authority. Please see their privacy information on their website;
Runnymede Borough Council, www.runnymede.gov.uk/privacystatement
Elmbridge Borough Council, www.elmbridge.gov.uk/privacy-notices/
Spelthorne Borough Council, www.spelthorne.gov.uk/privacy
Woking Borough Council, www.woking.gov.uk/dataprotection
Surrey Heath Borough Council https://surreyheath.gov.uk/council/information-governance/how-we-use-your-data
We, your relevant local authority, collect and process personal data relating to our service users in order to provide the Homesafe Plus Service. We are committed to being transparent about how we collect and use that data and meet our data protection obligations.
What information do we collect?
We collect and process a range of information about you. This includes:
- your name, address and contact details, including email address and telephone number, date of birth, gender and ethnicity;
- information about your marital status, next of kin and their emergency contact details;
- information about medical or health conditions, including whether or not you have a disability and your NHS number
We collect this information in a variety of ways. For example, data is collected through an online referral form hosted by Runnymede Borough Council, other borough council service forms and through discussions held with staff in person or by telephone, email or post.
Why do we process personal data?
As explained, the CCG have a duty to provide support and assistance to patients when they leave hospital. The CCG have commissioned us to provide the Homesafe Plus service and we need to collect and process personal data relating to individuals who are eligible in order to provide this service. Therefore we consider that processing this data is necessary for the performance of a task carried out in the public interest. We also need to collect and process special category data, such as health and disability data, for reasons of substantial public interest, namely to be able to support individuals with a particular disability or medical condition.
In some cases, we need to process data to ensure that we are complying with our legal obligations. For example, we have a duty to report safeguarding issues to the appropriate authority.
In other cases, we require your consent to process your information. For example, with voluntary sector organisations where services you request or express an interest in are not provided directly by the partner Borough Councils. However we will always ask for your consent for this and give you the opportunity to withdraw consent at any time.
Who has access to your data?
In order to provide the Homesafe Plus service we will share personal and special category data with other parties, namely the partner borough councils and departments that deliver the service:
- Nominated Homesafe Plus Officers working for other local authorities
- Safer Runnymede (who monitor elements of the Homesafe Plus Service)
- Other departments within your local authority including Housing
Data will only be processed by members of staff that are required to access this information in order to deliver the service to a client within their own borough plus nominated Homesafe Plus officers working for other local authorities.
Your information may also be shared with the parties set out below for the purposes stated above.
- Surrey Heath Borough Council (as a partner organisation with Runnymede Borough Council)
- Surrey County Council (including Adult Social Care)
- North West Surrey Clinical Commissioning Group
- Surrey Heartlands Health and Care Partnership
- Emergency services
- Your GP
We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions and data protection laws. They are also obliged to implement appropriate technical and organisational measures to ensure the security of data.
We will not transfer your data to countries outside the European Economic Area.
How do we protect data?
We take the security of your data seriously. We have internal policies and controls in place to try to ensure that your data is not lost, accidentally destroyed, misused or disclosed, and is not accessed except by its employees in the performance of their duties. Data will only be processed by members of staff authorised by your local authority as the Data Controller for this purpose. Access to systems is limited to authorised members staff whose job role requires access to the personal data.
For how long do we keep data?
We will hold your personal data for 6 years after our service ceases to provide a record of your engagement with the service and document the consent we received to process your information.
As a data subject, you have a number of rights. You can:
- access and obtain a copy of your data on request (known as a subject access request)
- require us to change incorrect or incomplete data
- ask us to delete or stop processing your data, for example where the data is no longer necessary for the purposes of processing. Where possible we will seek to comply with your request, but we may be required to hold or process information to comply with a legal requirement.
- object to the processing of your personal data in certain circumstances. We may still be required to hold or process information if there are legitimate grounds for doing so.
You can make a subject access request by following the instructions for making a subject access request laid out by your local authority. For Runnymede residents please see how to make a subject access request here
To contact us about any of your other data protection rights, please contact the Data Protection Officer for your relevant authority.
If you believe that your rights have not been complied with, you should initially contact our Data Protection Officer and if dissatisfied with the outcome you can make a complaint to the Information Commissioner. You can find out further information on making a complaint to the Information Commissioner on their website