Privacy Notice (complaints advocacy clients)
The Citizen Voice Body for health and social care (referred to in this notice as “Llais” “we”, “us” or “our”) treat privacy and confidentiality very seriously. We comply with all aspects of the UK’s data protection legislative framework, which includes the UK General Data Protection Regulation and the Data Protection Act 2018.
This is a summary privacy notice that gives you key information about how we use your personal information. For more information, please refer to our primary privacy notice or request a copy from our Data Protection Officer (DPO).
This summary privacy notice applies to complaints advocacy clients, and the people that represent or accompany them, where data is held and processed by Llais for certain purposes in connection with providing a complaints advocacy service.
Data Controller and Data Protection Officer
Your information will be held by Llais as Data Controller.
Why do we collect and use your personal information
The primary reason that Llais collects and uses your personal data is in connection with the provision of advocacy services to you.
Specifically, our statutory functions/tasks include public engagement, representation and complaints advocacy. We also have legislative duties relevant to the conduct of these functions/tasks, including promoting Llais activities, etc) and we may process your information in the course of exercising these tasks/functions.
We may also process your information in the course of putting you in touch with the appropriate person for advice, or in the course of dealing with any complaints you may have about the advocacy service provided by us. It is lawful for us to do this because it is necessary to collect and use your personal data in order to fulfil a public task/function. For more information about specific lawful basis for collecting and using your personal data please refer to our primary privacy notice.
Sharing your personal data
We share your personal data with third parties in order to carry out the public tasks/ functions listed above. In particular we may share your information with the Public Services Ombudsman for Wales. We may also share your information with Local Health Boards, Local Authorities, NHS Trusts, general practitioners or other healthcare or social care providers who provided treatment to you, but only to the extent that this is necessary for the provision of the complaints advocacy service to you.
Your personal data may also be shared with other third parties such as:
- Welsh Government
- our insurers
- professional advisers
- third parties who supply goods and services to us, in order to allow us comply with our reporting and legal requirements and to enable us to run our organisation effectively
- third parties engaged in the course of services we provide to advocacy clients such as social services or the police
We do not sell, rent or otherwise make personal information commercially available to any third party.
Personal information you share with us
The law allows us to collect and use personal information about others in the course of providing you with advocacy services. If you wish to give us personal information about another person, please speak to us to ensure that you are legally entitled to give us the information and for advice on whether you need to inform that person.
For more details on the categories of personal information that we hold, please see our primary privacy notice
How long do we keep personal information
Our policy is to not hold personal information for longer than is necessary. We have established data retention timelines for all of the personal information that we hold based on why we need the information and captured this in our Data Retention Policy. This policy is available on our website – www.llaiswales.org.We delete or destroy personal information securely in accordance with the Data Retention Policy.
On the completion of your case, we will generally keep the personal information relevant to it for a period of six years from closure, although there may be a different retention period for some of your information and if so, this will be specified in our Data Retention Policy.
We are strongly committed to information security and we take reasonable and appropriate steps to protect your personal information from unauthorised access, loss, misuse, alteration or corruption. We have put in place physical, electronic, and managerial procedures to safeguard and secure the information you provide to us including the use of encryption. We have Cyber Essentials Plus certification.
If you wish to discuss the security of your information please contact us
Individuals have a number of rights under the data protection legislation. Our full Privacy Notice contains full details of all of the rights, although please be aware that not all of the rights will apply to you.
To find out more about your individual rights please see our primary privacy notice
How to Complain
Please let us know if you are unhappy with how we have used your personal information.
To notify us of a concern please contact our DPO, the Strategic Director of Operations and Corporate Services. You can do this by letter, telephone or email using the contact details listed below:
Postal address: 33-35 Cathedral Road Cardiff CF11 9HB
Telephone: 02920 235558
Email: [email protected]
You also have the right to complain to the Information Commissioner’s Office. Find out on their website (www.ico.org.uk) how to report a concern. The contact details are:
Postal address: Information Commissioner’s Office – Wales, 2nd floor, Churchill House, Churchill Way, Cardiff, CF10 2HH.
Telephone: 0330 414 6421.
Email: [email protected]