If you decide to make use of our services to help you stop smoking, this Privacy Notice explains what information we collect about you, how we store this information, how long we retain it and with whom and for which legal purpose we may share it. Our aim is to maintain full and accurate records of the care we provide for you and keep this information confidential and secure.

Who are we?

ABL Health
71 Redgate Way, Bolton, BL4 0JL
Tel: 01204 570999 Email: admin@ablhealth.co.uk

ABL Health is the data controller for some information it holds about you. The following outlines how that information is used, who we may share that information with and how we keep it secure.

What we do?

ABL delivers community healthcare programmes across the north of England and beyond. We are passionate about tackling health inequalities and believe we can do this by transforming the way that community healthcare works

How do we use your information?

ABL holds some information about you and this document outlines how that information is used, who we may share that information with, how we keep it secure (confidential) and what your rights are in relation to this. We may also receive written or electronic information about you from other health and social care providers in order to support the care you receive from us. This will enable us to provide the appropriate care and treatment that you need. We also collect information to monitor our compliance with our legal obligations relating to equality and diversity. Our legal basis for processing your information falls within the GDPR as follows:
• Lawfulness of processing – Article 6
• Processing of special categories of personal data – Article 9

What kind of information do we use?

We use the following types of information/data:

• Identifiable: containing details that identify individuals, usually containing data items such as NHS number, date of birth and home postcode
• Pseudonymised: about individuals but with identifying details (such as name or NHS number) replaced with a unique code
• Anonymised: about individuals but with identifying details removed
• Aggregated: anonymised information grouped together so that it doesn’t identify individuals

The records we keep could be stored in paper form or electronically (or both) and may include:

• Name, address, date of birth, next of kin, email addresses, telephone numbers, ethnicity, disability, religion
• Contact we have had with you, such as appointments, attendances and home visits
• Notes and reports about your health including any allergies or health conditions
• Details and records about your treatment and care, such as advice given or referrals made
• Results such as weights, psychology scores, blood tests etc
• Relevant information from people who care for you and know you well, for example, health and social care professionals and relatives

Information could be collected in a number of different ways. This might be from a referral made by your GP or another healthcare professional you have seen, or perhaps directly from you – in person, over the telephone or on a form you have completed.

What do we use anonymised data for?

We use anonymised data to plan health care services. Specifically we use it to:

• Check the quality and efficiency of the services we offer
• Prepare performance reports on the services we provide
• Review the care being provided to make sure it is of the highest standard

What do we use your sensitive and personal information for?

There are some limited exceptions where we may hold and use sensitive personal information about you. For example, ABL could be required by law to perform certain services that involve the processing of sensitive personal information. The areas where we could use sensitive personal information include:

• Referrals for continuing healthcare
• Assessments for continuing healthcare and appeals
• Responding to your queries, compliments or concerns
• Assessment and evaluation of safeguarding concerns
• To monitor access to services, waiting times and particular aspects of care
• You have freely given your informed agreement (consent) for us to use your information for a specific purpose
• There is an overriding public interest in using the information, eg in order to safeguard an individual, or to prevent a serious crime
• There is a legal requirement that will allow us to use or provide information (eg a formal court order).

Patient Complaints

When you make a complaint to ABL, we will store personal details such as your name, date of birth and address.

Destruction Of Personal Data

All data that ABL holds has a retention period, which means depending on which dataset it’s in there is a certain date after which ABL are no longer allowed to retain that information and it must be destroyed. We ensure our confidential waste is securely destroyed aligned with the requirements set out in ISO 9001:2015 (incorporating EN15713).

What are your rights?

We will respect your rights, as provided by the General Data Protection Regulation and the UK Data Protection Bill 2018, the Human Rights Act 1998 (HRA), the Health and Social Care Act 2012 (HSCA) as well as the common law duty of confidentiality. The Equality Act 2010 may also apply in some circumstances.

Your rights under Chapter 3, Articles 12-23 of the GDPR:

• Right to be informed
• Right of access
• Right to rectification
• Right to erasure (in certain circumstances)
• Right to restrict processing
• Right to data portability
• Right to object
• Rights related to automated decision making including profiling

We will also ensure that the National Data Opt-out is adhered to, and respect your wishes not to share information beyond direct care, where you have selected to exercise this right.

What safeguards are in place to ensure data that identifies me is secure?

We only use information that may identify you in accordance with the Data Protection Act 2018. The Data Protection Act requires us to process personal data only if there is a legitimate basis for doing so and that any processing must be fair and lawful.

Within the health sector, we also have to follow the common law duty of confidence, which means that where identifiable information about you has been given in confidence, it should be treated as confidential and only shared for the purpose of providing direct healthcare.
All of our staff are required to protect your information, inform you of how your information will be used, and allow you to decide if and how your information can be shared. All ABL staff are expected to make sure information is kept confidential and receive annual training on how to do this. This is monitored by the senior ABL Management team and can be enforced through disciplinary procedures.

We also ensure the information we hold is kept in secure locations, restrict access to information to authorised personnel only, protect personal and confidential information held on equipment such as laptops with encryption (which masks data so that unauthorised users cannot see or make sense of it).

The ABL’s Medical Director has the overall responsibility for protecting the confidentiality of patient information. This person is called the Caldicott Guardian. If you have any questions regarding the confidentiality of your information, you can contact the Caldicott Guardian.

How long do you hold confidential information for?

All records held by ABL will be kept for the duration specified by national guidance from the Department of Health, NHS Records Management Code of Practice.

Withdrawing Consent

If you have previously given ABL consent to use your identifiable data you are able to withdraw that consent at any time. Please contact us.

Gaining access to the data we hold about you

If you wish to have sight of, or obtain copies of your of your own personal health care records you will need to contact ABL in writing as per the organisations Subject Access Request policy.
You do not need to give a reason to see your data, but you may be charged a fee. Under special circumstances, some information may be withheld.

What is the right to know?

The Freedom of Information Act 2000 (FOIA) gives people a general right of access to information held by or on behalf of public authorities, promoting a culture of openness and accountability

What sort of information can I request?

In theory, you can request any information that ABL Health holds about you that does not fall under an exemption. You may not ask for information that is covered by the Data Protection Act.

How do I make a request for information?

Your request must be in writing or emailed.

Data Protection Officer

ABL Health has a Data Protection Officer who ensures the laws protecting personal data are applied and adhered to. The ABL DPO is Nick Warnett

Information Commissioners Office

For independent advice about data protection, privacy, data sharing issues and your rights you can contact:

Information Commissioner’s Office Wycliffe House Water Lane Wilmslow Cheshire SK9 5AF
Telephone: 0303 123 1113 (local rate) or 01625 545 745
Email: casework@ico.org.uk or visit the ICO website https://ico.org.uk.

Complaints or questions

We try to meet the highest standards when collecting and using personal information. For this reason, we take any complaints we receive about this very seriously. We encourage people to bring concerns to our attention if they think that our collection or use of information is unfair, misleading or inappropriate. Please contact us.