About this Statement
We are fully compliant with the 2018 GDPR Act and 2018 UK Data Protection Act which protect your rights under the law. We are registered with the Information Commissioners Office and have a Data Controller (The Area Manager) and Data Protection Officer (our Volunteer Coordinator). Click here to visit the ICO website.
This Privacy Statement sets out the data processing practices carried out by Healthwatch Bristol. We retain and process personal data (information that relates to and identifies living people) and it is essential in our role as the local independent champion for people who use health and social care services.
Find out more here: https://www.healthwatchbristol.co.uk/what-we-do
We will always make sure that your information is protected and treated securely. Any information that you give will be held in accordance with:
UK General Data Protection Regulation (GDPR) 2018 and the Data Protection Act 2018. Our Information Asset Register is available for people to read to give further clarity about how data relating to them is managed and kept secure. This includes our retention schedule (details of how long we will retain specific types of information) and clear details about the lawful basis for storing and keeping personally identifiable information. Our asset register documents are available by contacting our administration officer on 01275 851400 or emailing
We are strongly committed to data security, and we take reasonable and appropriate steps to protect your personal information from unauthorised access, loss, misuse, alteration, or corruption.
We have put in place physical, electronic, and managerial procedures to safeguard and secure the information you provide to us.
Only authorised employees and contractors under strict controls will have access to your personal information.
Information we collect
We collect personal information from visitors to this website using online forms such as ‘Share Your Views.’ We also collect feedback and views from people about the health and social care services that they access. In addition, we receive information about our own staff, board members, volunteers and people who apply to work for us.
Examples of the information we collect include:
Information submitted when you contact us by mail, phone, email, or via social media.
Information you share when feeding back about local health and social care services on our ‘Share Your Views’ or directly with our staff in a community setting.
Emails people send to our firstname.lastname@example.org email address or those of staff members.
Information we log when you contact our Information and Signposting service
Information obtained in surveys either online via SurveyMonkey or on paper.
How we will use your personal information
Personal information about you, can be used for the following purposes:
in our day-to-day work
to identify you as a member of Healthwatch Bristol
To send you our newsletter when you have requested it
to update you about the work of relevant health and social care organisations
to respond to any queries you may have
to improve the quality and safety of health and social care services in accordance with our statutory purpose and functions.
This may include any personal information that you choose to share with us, but we will treat this as confidential and protect it accordingly. We will never include your personal information in published reports without a clear and recorded positive indication of your consent.
Healthwatch Bristol will never share information that includes your personal information with a third party unless we have your permission, or we believe somebody may be at risk of harm. We might, for example, believe there is cause to raise a safeguarding alert based on the information you have shared.
How we share information with other organisations
We only share personal information with other organisations where it is lawful to do so and in accordance with our data protection policy. Information is shared to fulfil our remit which is to pass on your experiences of health and social care to help improve services on your behalf.
We work with Healthwatch England, the Care Quality Commission (CQC), local commissioners and service providers, NHS England and Improvement and our local authority to make this happen. We may also engage external suppliers to process personal information on our behalf if they are GDPR compliant. We sometimes use other organisations to process personal data on our behalf. Where we do this, those companies are required to follow the same rules and information security requirements as us. We will seek assurances in a Data Processing Contract. They are not permitted to use the data for other purposes.
We will only disclose your personal information where we have your consent to do so, or where there is another very good reason to make the disclosure – for example, we may disclose information to CQC or a local authority where we think it is necessary to do so to protect a vulnerable person from abuse or harm. Such a disclosure will be made in accordance with the requirements of the current data protection legislation.
Wherever possible, we will ensure that any information that we share or disclose is anonymised so that you cannot be identified from it.
Signing up to our newsletter
We may use a third-party supplier to provide our newsletter service. By signing up to receive our newsletter, you will be agreeing to them handling your data.
The third-party supplier handles the data purely to provide this service on our behalf. This supplier follows the requirements of the law and will not make your data available to anyone other than Healthwatch.
The following paragraphs set out why the data processing required for our newsletter distribution is necessary for us to perform a task in the public interest.
We are required under the GDPR to identify a clear basis in either statute or common law for the relevant task, function, or power for which we are using your personal data. We have several statutory duties under The Local Government and Public Involvement in Health Act 2007.
These include (amongst others):
Promoting and supporting the involvement of local people in the commissioning, the provision and scrutiny of local care services.
Enabling local people to monitor the standard of provision of local care services and whether and how local care services could be improved.
Marketing our work through the newsletter is an important part of meeting these requirements in law. This is because it encourages people and other stakeholders to share stories about local care services. It also keeps the public informed about key developments in health and care locally so that they can critically assess changes. This is central to our role as the consumer champion for health and social care services in Bristol.
It is in the interests of the public to hear about any opportunities through which they may influence, shape, challenge or improve their local NHS and social care service provision.
Healthwatch England has a duty to monitor services at a national level and stories shared anonymously by us enable this to take place. We have a duty under The Local Government and Public Involvement in Health Act 2007 to do this. These are public tasks and meet the requirements of statutory duties. These activities then are important to both the data controller and Healthwatch England.
People expect this processing to take place because an ongoing relationship exists, and they already receive a newsletter from us. Evidence of this relationship can be provided.
In our capacity as the consumer champion for health and social care services in Bristol, we have specific interests, and this is reflected in our members and stakeholders who share the same interests and have enrolled voluntarily to participate in our agenda locally. Personal details have been provided to us by recipients and recipients have chosen to participate in this list. Participation in no way negatively impacts your rights.
Our mailing list is not used for profiling or other marketing activity. Email clicks and opens may be tracked to help us monitor performance. Participants can unsubscribe at any time and are reminded how to do so as well as being provided with this privacy notice.
Certain safeguards and measures are also taken to protect the rights of data subjects:
Recipients will be informed about GDPR and reminded how to unsubscribe.
Recipients can unsubscribe at any time by clicking on links within emails sent to them.
Recipients can unsubscribe at any time by contacting our main office number.
Emails are processed and sent via a system that ensures that recipients cannot be identified by each other.
Staff work in accordance with the requirements of the GDPR and the Data Protection Act.
Contact data is held within the European Economic Area (EEA).
Information about people who use our website
Please note that this statement does not relate to links within this website to other websites.
When you browse through the information on this website, it does not store or capture your personal data. We do log your IP address (as it is automatically recognised by the web server) but this is only so you can download this website onto your device rather than for any tracking purpose; it is not used for any other purpose.
We will only collect personal data provided by you, such as:
feedback from surveys and online forms
preferred means of communication.
All data is stored securely and protected using virus and network protections and security system and network protection. This is monitored 24 hours a day, seven days a week for security incidents and ensures operational continuity.
Healthwatch Bristol follows accepted industry standards to protect the information submitted to us, both during transmission and once we receive it.
This includes, for example, firewalls, password protection and other access and authentication controls.
Information we collect through our website
User provided information
When you use our website, as a user or as a visitor, you may provide, and we may collect Personal Data. Examples of Personal Data include your name and email address geographic area or your preferences, when any such information is linked to information that identifies a specific individual. We will only collect personal information provided by you.
Automatically Collected Information
When you visit our website or interact with our electronic mailings, we (or our service providers) may automatically record certain information from your devices by using several types of technology, including cookies. This “automatically collected” information may include:
IP address or other device address or ID
Web browser and/or device type
The web pages or sites visited just before or just after using our service
The pages or other content you view or interact with
The dates and times of your visit, access, or use of our communication platforms
We also may use these technologies to collect information regarding a visitor or user’s interaction with email messages, such as whether you have opened, clicked on, or forwarded our electronic messages. This information is gathered from all users and visitors.
We use Google Analytics to measure and evaluate access to and traffic on the Public Area of the website and create user navigation reports for our site administrators.
The data collected will only be used on a need-to-know basis to resolve technical issues, administer the Site and identify visitor preferences; but in this case, the data will be in non-identifiable form. We do not use any of this information to identify Visitors or Users.
A cookie is a small file which asks permission to be placed on your computer’s hard drive. Once you agree, the file is added, and the cookie helps analyse web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.
We use traffic log cookies to identify which pages are being used. This helps us analyse data about webpage traffic and improve our website to tailor it to customer needs. We only use this information for statistical analysis purposes and then the data is removed from the system.
Overall, cookies help us provide you with a better website by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.
You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer, however this may prevent you from taking full advantage of the website.
How we will use your personal information
Personal information about you can be used for the following purposes:
in our day-to-day work informing and influencing services.
to send you our newsletter where you have requested it.
to respond to any queries, you may have.
to improve the quality and safety of care.
This may include any personal information or special category data such as revealing health information, ethnicity or racial origin, that you choose to share with us, but we will treat this as confidential and protect it accordingly.
We will never include your information in survey reports without your explicit consent to do so.
Information about people who share their experiences with us by other means
There are several ways that we collect feedback from people about their experiences of using health and social care services day to day.
When people complete and submit information about providers of NHS and social care services on our website Feedback Centre
Our staff will visit different health and social care settings as part of their role to evaluate how services are being delivered.
When people submit information in response to one of our surveys or projects
In conversation with our staff and volunteers completing Enter and View visits on our behalf. You can read about these visits here (we never identify individuals within our reports)
When people share their experience with us by post (letters may be sent using our Freepost address)
People may also share their experience electronically direct to our staff, but this is not encouraged wherever possible
We also receive phone calls and requests for information directly from members of the public as part of our Information and Signposting service.
Personal data received from other sources
Where personally identifiable information is collected, we will ensure that we have your consent to keep it and we will be clear on how we intend to use your information. We will aim to anonymise information where we can but there may be instances where this is not possible to make change happen on your behalf. There may be exceptional circumstances where we can and will keep the data without consent, but we must have a lawful basis for doing so.
We ensure that where consent is required it will be requested verbally, or in written form , and used only for agreed specific and unambiguous purposes and that you are well informed about how the information will be kept. This includes where it will be stored, details on security and for how long it will be kept. We will comply with current data protection legislation at all times.
Personal data received from other sources
On occasion we will receive information from the families, friends and carers of people who access health and social care services. We use this data to inform providers and commissioners to help them deliver services that work for you.
Where it is possible, we will make sure that we have your consent to use information that is about you. We will only process your personal data where there is a lawful basis to do so under current data protection legislation.
In most circumstances we anonymise our data to ensure that a person cannot be identified, unless this has been otherwise agreed and consent has been given.
Sharing your data with Healthwatch England
We are required to share information with Healthwatch England to ensure that your views are considered at a national level. This enables them to analyse service provision across the country and supply the Department of Health and national commissioners with the information you provide.
Find out more about Healthwatch England’s purpose at.www.healthwatch.co.uk
The information we provide to Healthwatch England used for national publications is anonymised and will only be used with the consent of a local Healthwatch.
Our data systems
Healthwatch England provides a secure digital system (CiviCRM) for local Healthwatch to manage their data. Other organisations process the data contained within it on behalf of local Healthwatch and a Data Processing Agreement is in place to ensure that this is held securely and according to current data protection legislation.
Healthwatch England is a committee of the Care Quality Commission (CQC) but acts independently. These organisations must comply with all legal requirements and do not reuse any data for any other reason or make it available to others.
Information about people who contact our Information and Signposting Service
In addition to ensuring that the voices of service users, patients and the public are heard by decision-makers within health and social care, we also provide an information and signposting service to the public about accessing health and social care services. This includes:
A free, friendly, and confidential service that is independent from the NHS and social care services.
We will perform a signposting role only. This means that we will give you the contact details for a range of services that best supports your request. You will then need to contact those organisations yourself.
We can give you information about choices you have regarding where you might get help in relation to your health, social care, and wellbeing needs.
We can put you in touch with sources of information on local NHS and social care services.
We can give you information about d how to make a complaint.
We may process the following information when people contact our service:
Name – Your name will be used only in connection with your particular query and not for any other purpose.
Email address – By sharing your email address with us, we will not add you to our mailing list or contact you for any other purpose than to share information about local and national sources of support appropriate to your needs (related to your signposting request).
A telephone number – Your telephone number will be used only in connection with your particular query and not for any other purpose. We might contact you with further suggestions or to clarify details about why you are contacting our service.
A summary of the circumstances surrounding the purpose of the call – We record this information to assist our staff in providing you with relevant information and to check that we have not missed opportunities to suggest sources of support. We also use it to share information with our commissioners (our funder) and other stakeholders about the types of queries we receive.
A record of where we signposted (names of organisations and groups) – This information is recorded in order that we can demonstrate the breadth of signposting delivered by our service to our commissioner and to the public to which we are accountable.
Please note: If there is a safeguarding concern, Healthwatch Bristol will take immediate steps to safeguard people from harm in accordance with our safeguarding policies (available on request). We will not share your personal information with other bodies unless we feel it is necessary to protect your vital interests or the interests of another person. This might include information sharing with the Safeguarding team if we believe somebody to be at risk of abuse or harm.
If contact with our service is made by telephone, people will be asked to verbally indicate their consent for us to store information about them and a record of this consent will be maintained on our Customer Relationship Management (CRM) database.
Information about our own staff and people applying to work with us
We need to process personal data about our own staff (and people applying to work for us), so that we can carry out our role and meet our legal and contractual responsibilities as an employer.
The anonymous personal data that we process includes information about racial or ethnic origin, religion, disability, gender, sexuality, housing status and health. We use this information to check we are promoting and ensuring diversity in our recruitment and to make sure we are complying with equalities legislation.
Other personal data that we are required to process includes information on qualifications and experience, pay and performance, contact details and bank details.
We check that people who work for us are fit and suitable for their roles. This may include asking people to undertake a standard Disclosure and Barring Service (DBS) check.
On joining Healthwatch Bristol staff, will be asked to complete a ‘’Register of interests’ form to identify any services with which they have close links (for example, because they have previously worked there or because the service is run by a close relative) or any other issues which could cause a perceived conflict of interest. Staff are asked to declare a ‘conflict of interest’ at Bristol Prioritisation Panel meetings. These forms can be found in ‘What we do’ on our website
We have a legal obligation to comply with the Freedom of Information Act 2000 and this may include the requirement to disclose some information about our employees – especially those in senior or public facing roles. We also publish some biographical information about our staff including their names and the work contact details of some staff.
Information about people who volunteer for us
We need to process personal data about our volunteers including our Board of Directors, so that we can carry out our role and meet our legal and contractual responsibilities.
The personal data that we process includes information about racial or ethnic origin, religion, disability, gender, and sexuality. We use this information to check we are promoting and ensuring diversity in our workforce and to make sure we are complying with equalities legislation.
Our volunteers and Board of Trustees decide whether to share this monitoring data with us and can choose to withdraw their consent for this at any time. Volunteers and Board of Directors who wish to withdraw their consent for us to process this data can let us know.
Other personal data that we may process includes information on qualifications and experience, contact details and bank details (for the payment of expenses).
We check that people who volunteer for us are fit and suitable for their roles. This includes asking people to declare unspent convictions if they are applying to volunteer in an engagement role. Authorised representatives for Enter and View work will have a standard Disclosure and Barring Service (DBS) check.
Volunteers and Board members joining Healthwatch Bristol will be asked to complete a ‘Register of interests’ form to identify any services with which they have close links (for example, because they have previously worked there or because the service is run by a close relative) At Board meetings they are asked to disclose issues which could cause a perceived conflict of interest. These forms can be found in ‘What we do’ on our website
We have a legal obligation to comply with the Freedom of Information Act 2000 and this may include the requirement to disclose some information about our Board of Directors, Prioritisation Panel and Enter and View volunteers.
Information about people that take part in our research projects
The information we collate when conducting research may vary for several reasons that might include the type of research conducted or the subject matter. We aim to coproduce our research wherever possible and your name and contact details will be help us support your participation in the research. Other anonymised demographical information will be collected from research participants (e.g. age, gender, and ethnicity) and other details if relevant.
Healthwatch Bristol will only collate information that is relevant to the research, and we will never publish your name, or other information about you, without your consent (e.g. case studies). You will have the right to withdraw your consent at any time.
Healthwatch Bristol will not knowingly process the personal information of people under the age of 13 without the consent of a parent or guardian under GDPR guidelines. We will always make an assessment as to whether sharing or processing such information may put a child or young person at risk. Healthwatch Bristol has a Safeguarding Policy that is applicable to individuals under the age of 18 years.
How we share information with other organisations
We only share personal information with other organisations under the lawful basis provided by Article 6 and 9 of GDPR. and in accordance with our statutory obligations to fulfil our remit, which is to pass on your experiences of care to help improve them on your behalf.
We work with Healthwatch England, the Care Quality Commission (CQC), local commissioners and service providers, NHS England and Improvement and our local authority to make this happen. We can also engage external suppliers to process personal information on our behalf.
We will only disclose your personal information where we have your consent to do so, or where we think it is necessary to do so to protect a vulnerable person from abuse or harm. Any such disclosure will be made in accordance with the requirements of the current data protection legislation.
Retention and disposal of personal data
Our Information Asset Register includes a retention and disposal schedule which explains how long we keep different types of records and documents for, including records and documents containing personal data. Personal data is deleted or securely destroyed at the end of its retention period.
Your right to access information about you
If you think we may hold personal data relating to you and want to see it, please email to email@example.com or call us on 03300 553251 which connects to our Bristol team.
Correcting or deleting your personal data
If you know that we are holding your personal data and believe that it may be wrong, or if you want it to be deleted or for us to stop using it, you have a right to request that it can be deleted or amended.
Please put request in writing to firstname.lastname@example.org
Or by post to: Healthwatch, 3rd Floor, The Sion, Crown Glass Place, Nailsea BS48 1RB
Complaints about how we look after or use your information
If you feel that we have not met our responsibilities under GDPR and data protection legislation, you have a right to request an independent assessment from the Information Commissioner’s Office (ICO). You can find details on their website.
Our key roles
Healthwatch Bristol has designated a data controller under Article 37 of the GDPR :This is the Area Manager Vicky Marriott, 3rd Floor, The Sion, Crown Glass Place, Nailsea BS48 1RB
This policy will be reviewed every two years by the Healthwatch Bristol, North Somerset and South Gloucestershire Board of Trustees.
Georgie Bigg, Chair of Healthwatch Bristol, North Somerset and South Gloucestershire Board of Directors.
Date 9th November 2021
(renewal by Nov 2023)