Referral Privacy Policy

Spring is a service provided by Northamptonshire Better Health Outcomes Limited (NBHO) on behalf of North and West Northamptonshire Councils and Northamptonshire CCG.  Spring is committed to protecting your privacy and being transparent about how we process your personal information. This document describes what data we collect, why we collect it, how we use it, how we keep it secure, and the conditions under which we share it. It also outlines your rights under the General Data Protection Regulation 2016 and the Data Protection Act 2018.

 

What is Spring?

 

Spring aims to deliver positive and important health outcomes, using social prescribing, to adults with long-term health conditions in Northamptonshire.

Social prescribing complements medical care by helping people address the social determinants of health. The Spring team will seek to promote healthy behaviours, and assist participants in managing social, economic and physical factors that are having a negative effect on their health and wellbeing. 

 

Participants are supported in a holistic way, using strength-based approaches that build permanent capabilities. A member of the Spring team will work with a participant for between 6 and 12 months and will support individuals in accessing   other services that will help meet their needs, such as local voluntary and community sector organisations.

 

Who are we?

 

Spring is a service provided by Northamptonshire Better Health Outcomes Limited (NBHO), a company incorporated in England, registered at Companies House (12274982) commissioned by North and West Northamptonshire Councils and Northamptonshire CCG to deliver this service.

 

Spring and our delivery partners (Northamptonshire Age UK, General Practice Alliance, Mayday Trust and Northamptonshire Carers) collect information about you in order to provide the service described above. By collecting information from you, we can better identify your individual needs and how best to support you whilst on the programme. In data protection terms:

 

• North Northamptonshire Council is the Data Controller and Spring is the Data Processor.

• The following delivery partners are also Controllers in their own right:

  • Northamptonshire Age UK

  • General Practice Alliance

  • Mayday Trust

  • Northamptonshire Carers Association

​

For a more detailed explanation about what a Data Controller is, please visit the Information Commissioner’s Office website. 

​

You can learn more about how we process your information by clicking the links below:

• What personal information do we process?

• How we use your information

• Research and evaluation

• Sharing your information

• Consent

• Protecting your information

• Keeping your information

• Your individual rights

• Contact Us

 

What personal information do we process?

 

• Personal details such as your name, address, contact details, and NHS number

• Physical and mental health conditions

• Family details e.g., next of kin information

• Information regarding your lifestyle and social circumstances

• Details of your GP

• If you provide it, socio-demographic information such as your ethnicity and religion

​

We cannot process your information without having a valid, lawful reason for doing so. The primary basis for processing data for this service is for the purpose of Direct Care, in accordance with Article 6 (1)(e) and Article 9 (2)(h) of the Data Protection Act.

​

How we use your information

​

Spring processes your information to provide you with the best possible support whilst on programme, as well as to meet the requirements of our contracts and other legal obligations. Key reasons for processing your information are:

• To allow you to access the Spring service. We will receive information including name, address, date of birth and NHS number, and when we initially meet with you, we will collect further information directly from you.

• Maintaining contact with you throughout the support process e.g. appointment bookings, progress notes.

• With your permission, referring you to or helping you to access other appropriate organisations. Your information will only be shared with those that need to know, with the minimum amount of information being shared, and always with your verbal or written consent.

 

We endeavour to provide you with the highest quality of service and therefore need to keep information about you, your health, the services and care we have provided and those which we plan to provide to ensure that:

• We provide a good basis for any support or advisory services we offer to you.

• The support and the services we provide are safe, effective, appropriate and relevant to you.

• We work effectively with others providing you with treatment, support, advice or other health related services.

 

Your information may also be used for:

• Performance monitoring and quality assurance purposes to help us assess the quality and standard of our services to you and in order to help us meet contractual requirements with our delivery partners and commissioners.

• Conducting investigations in response to a complaint or enquiry.

• Accounting and record keeping e.g. keeping accounts related to business activities and financial management.

• Research and evaluation such as participating in feedback surveys.

 

Research and evaluation

 

To ensure that we provide you with the best possible service, we may from time-to-time conduct an evaluation to assess the benefit of the Spring service and/or contribute to research in the wider public health field. Sometimes we will do this by aggregating and anonymising the data, which means that no one can identify you. On occasion we may ask you to take part in a new piece of research and provide additional information or share your information with a third party for the purpose of research; this will only ever be done with your knowledge and consent.

 

Sharing your Personal Information

 

Our aim is to assist you as best as possible during the time that we provide support to you. As such, we may work with other organisations to identify certain services that we think you could benefit from. In this way, you do not have to repeat yourself and provide the same information over again. We may therefore share information about you with the following partner organisations to support the service we provide and to assist with your care:

 

• Delivery Partners who we work with to provide the service:

  • Northamptonshire Age UK                          

  • General Practice Alliance                                             

  • Mayday Trust                                                 

  • Northamptonshire Carers                                           

• Your GP regarding your ongoing progress on the programme.

• Other organisations who provide IT or business support services to Spring such as Cyber Media who provide our IT system and Bridges Outcomes Partnerships who provide HR and Financial Services to Spring.

• Organisations who are evaluating the service that we are providing you.

• Other support and community organisations who you may access or be referred to as part of the service.

 

North and West Northamptonshire Councils and the Northamptonshire Clinical Commissioning Group, the commissioners of Spring, stipulate within our contracts with them what information is to be shared, how we share it and the information security requirements that must be adhered to.

 

To ensure the appropriate people are involved in your care, to protect the health of the general public or to check the quality of service we have given you we may also share your information with:

 

• Your partner or other family members

• Education Services

• Local Authorities

 

Information will only be shared with your consent.

 

We will not share information that identifies you to any third party, other than those listed above for any reason, unless:

 

• You ask us to do so.

• We ask and you give us specific permission to do so.

• We are required to do this by law e.g., by request of a court order.

• We are required to share personal information with other organisations, such as the HRMC or law enforcement agencies for the detection and prevention of fraud and other crime.

• We are required to share information for financial or audit purposes.

• We have special permission because we believe that the reasons for sharing are so important that they override our obligation of confidentiality e.g., to prevent someone from being seriously harmed.

 

We do not transfer your personal information outside the European Economic Area.

 

Consent

 

Where we need your agreement to process your information, for example, to pass your contact details to someone offering a specific service, we will ask for your consent, and will clearly state why your information is needed and who we will share your information with.  If you agree to your information being shared, we will record this on your record. We will regularly review consent to make sure that the relationships, and purposes for processing, have not changed.

 

Right to Withdraw Consent

 

Where you have provided consent for us to share your information with a specific organisation or individual, you have the right to withdraw your consent at any time.  Should you wish to withdraw your consent, please tell a member of staff, or, send a written request to the Data Protection Officer (dpo@bridgesoutcomespartnerships.org), who will process your request.

 

Protecting your information

​

We are committed to taking all reasonable measures to ensure we maintain the confidentiality and security of personal data for which we are responsible, whether electronically or on paper. We do so to ensure that we are always compliant with data protection laws and information security standards, for example, the General Data Protection Regulation (GDPR), the Data Protection Act 2018 (DPA) and the Human Rights Act 1998 (HRA – as our service is commissioned by a public body)).

​

Spring will ensure that there are appropriate security measures in place to prevent personal information from being accidentally lost, used or accessed in an unauthorised way. We limit access to your personal data to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality. We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.

​

All our staff are required to complete mandatory data protection and information security training to ensure they understand their responsibilities in relation to processing your personal information. Internal and external audits are also undertaken to ensure that data protection laws are being complied with.

​

All participating organisations that provide services to Spring are registered with the Information Commissioner and have appointed a Data Protection Officer (where appropriate).

 

Keeping your information?

 

Spring and our Delivery Partners are required to retain your information as part of our legal obligations and the contractual obligations set by North Northamptonshire Council. We will not retain your information for any longer than is necessary and where we are no longer required to keep your information, it will be safely and securely destroyed. The following table provides you with summary information on how long we may keep your information:

​

​

​

​

​

 

​​

​

​

​

​

​

​

​

​

​

​

​

​

Your rights

 

The Data Protection Act 2018 grants you certain rights regarding your personal information and the way in which it is processed. This gives you more control over what organisations do with your information. These include the right to:

 

• be informed of why and how we process your data

• request a copy of the information we hold on you

• have any incorrect information updated and put right

• deletion of information, once we have no legal right to hold it

• restrict processing in certain circumstances

• object to unwarranted processing

• ask us to transfer your personal information to another organisation

• object to any automated decision-making including profiling.

 

The right to be informed

​

We are committed to ensuring that you are always aware of what we are doing with your information and are kept abreast of any changes to the processing of your information. We do so through this Privacy Notice, which is reviewed and updated as and when required.

​

The right of access

​

You have the right to ask for the personal information we hold about you. This is known as a Subject Access Request. However, while we will do our best to comply with your request, there may be circumstances where we are unable to fulfil your request, for example, where information we hold has been provided to us in confidence.

​

When requesting your personal information, you will need to include the following information:

• your full name, address and contact telephone number;

• any information used by the organisation to identify or distinguish you from others of the same name (account numbers, unique ID's etc);

• details of the specific information you require and any relevant dates.

​

The right to rectification

​

We endeavour to ensure that the information we hold about you is always accurate, however, there may be instances where the information we hold is no longer up to date. You can ask that we rectify any information about you that is incorrect. We would be happy to rectify such information but may need to verify the accuracy of the information first. Please speak to a member of staff so that any inaccuracies can be investigated and corrected where necessary.

​

The right to erasure

​

You have the right to request that certain personal information be erased from our systems if you feel that there is an underlying legal issue to us processing your information, or, where you withdraw your consent.

​

While you may request for your information to be erased, this does not mean that we will necessarily be able to comply with your request, as there may be a legal reason that we are required to keep your information. As such, each request is considered on a case-by-case basis.

​

The right to restrict processing

​

You have the right to request us to ‘restrict’ the processing of your personal information, for example, if you are unsatisfied about the accuracy of the data and we undertake an investigation. We can continue to use your personal data following a request for restriction where we need to use it to establish, exercise or defend legal claims, or we need to use it to protect the rights of another individual or the company.

​

The right to data transfer to another organisation (portability)

​

You have the right to request us to provide you with a copy of the personal information that you have provided to us, and which we process electronically. The data must be in a machine-readable format that facilitates transmission from controller-to-controller. This allows you further use of the data and enables you to move between service providers without any loss of data.

​

While you may request data portability, this does not mean that we will be able to comply with your request, as there may be reasons that we are unable to comply your request. As such, each request is therefore considered on a case-by-case basis.

 

The right to object to how we use personal information

​

This allows you to object to any of the following processing activities, however, Spring do not currently carry out processing of this nature:

• Direct marketing

• Scientific/historical research and statistics

• Legitimate interests and processing regarding the performance of a public interest or official authority task

• Transfers of your data outside of the EEA

• Automated decision making, including profiling

​

​

Contact Us

​

Please contact our Data Protection Officer at dpo@bridgesoutcomespartnerships.org if you have any questions about this privacy notice or the information we hold about you.

 

If you raise a query or complaint in relation to your data rights, we will endeavour to respond as soon as possible. Requests for a copy of your information will be responded to within a one-month period. If you are not satisfied with how Spring is processing your information, you can contact the Information Commissioner’s Office via the following contact details:

​

Website: www.ico.org.uk/

Phone: 0303 123 1113 

Post: Information Commissioners Office, Wycliffe House. Water Lane, Wilmslow, Cheshire,        SK9 5AF

 

Review of this privacy notice

 

We review this Privacy Notice to ensure we keep you up to date about what we are doing with your personal information and any changes in processing.  This privacy notice was last updated on 10 July 2021.

​

If you require this notice in a different format or you need further information or assistance, please contact the Spring Data Protection Officer via the contact details listed above.

​

​