¾ÅÐãÖ±²¥ and Bute Health and Social Care Partnership
Who is the data controller?
¾ÅÐãÖ±²¥ will act as the ‘Data Controller’ for the personal data you provide to us. The Data Protection Officer, who is responsible for ensuring personal data is managed in accordance with data protection legislation, can be contacted as follows:
Address: Iain Jackson, Governance and Risk Manager, ¾ÅÐãÖ±²¥, Governance and Law, Kilmory, Lochgilphead PA31 8RT
Email: Iain.Jackson@argyll-bute.gov.uk or data.protection@argyll-bute.gov.uk
Telephone: 01546 604188 or 01546 605522
What information do we need?
The personal information we use includes information that identifies you like your name, address, date of birth and postcode.
We also use more sensitive types of personal information, including information about racial or ethnic origin; political opinions; religious or philosophical beliefs; genetic and biometric data, health; sex life or sexual orientation.
The information we use can relate to personal and family details; education, training and employment details; financial details; lifestyle and social circumstances; goods and services; visual images; details held in the service user record.
Why we need this information?
We use personal information to enable us to provide services; research and management information; supporting and managing our employees; maintaining our accounts and records; the use of CCTV systems for crime prevention; public protection.
Our legal basis for using personal information
¾ÅÐãÖ±²¥ as data controller, is required to have a legal basis when using personal information. ¾ÅÐãÖ±²¥ has a duty and a legal obligation to comply with the requirements of the Social Work (Scotland) Act 1968, to assess a person’s community care needs and decide whether to arrange any services in the exercise of official authority vested in us. Another example of compliance with a legal obligation to which ¾ÅÐãÖ±²¥ is subject to is the Children’s (Scotland) Act 1995.
When we are using more sensitive types of personal information, our legal basis is usually that the use is necessary:
- for the provision of health or social care services
- for reasons of substantial public interest for aims that are proportionate and which contain appropriate safeguarding measures
- in order to protect the vital interests of an individual
- for the establishment, exercise or defence of legal claims or in the case of a court order
On rare occasions we may rely on your explicit consent as our legal basis for using your personal information. When we do this we will explain what it means, and the rights that are available to you.
Who provides the personal information?
When you do not provide information directly to us, we receive it from other individuals and organisations involved in the delivery of health and social care services in Scotland. These include NHS Boards and primary care givers such as GPs, Local Authorities; Police Scotland; Education; Scottish Prison Service; Scottish Court Service and other suppliers of goods and services. We may also receive information from other similar bodies in other parts of the UK.
What will we do with your information?
Depending on the situation, where necessary we will share appropriate, relevant and proportionate personal information in compliance with the law. This will be with internal and external agencies for service delivery and statistical and research purposes, for example NHS and Scottish Government.
CCTV cameras are in place at some of our offices. Footage is retained for 2 weeks on an overwriting loop and there is no hard storage. Cameras are monitored by Social Work staff in compliance with Council procedures and statutory requirements and notification signs are displayed in public areas of the office.
Transferring personal information abroad
It is sometimes necessary to transfer personal information overseas for example if you are moving abroad or coming to the UK from abroad. When this is needed information may be transferred to/from countries or territories around the world. Any transfers made will be in full compliance with ¾ÅÐãÖ±²¥â€™s Information Security Policy.
How long we will keep your information
Within ¾ÅÐãÖ±²¥ we keep personal information in line within the Scottish Council on Archives Records Retention Schedules, adapted for our own business requirements where appropriate. The schedules set out the retention periods for information, including personal information, held in different types of records including social work records and administrative records. The relevant retention schedules can be found here:
and some examples are provided below.
Reason information collected | Minimum retention period |
---|---|
Adopted children | From date of adoption order – 100 years |
Child Protection Register records | Date of birth of child – 100 years |
Home supervision
|
Date of birth of child – 100 years Date of death where death occurs under age of 18 – 25 years |
When the information is no longer required, it will be destroyed under secure arrangements. More information on our retention policy and procedure can be obtained from the Data Protection Officer if required.
How we protect personal information
We take care to ensure your personal information is only accessible to authorised people.
Our staff have a legal and contractual duty to keep personal information secure, and confidential. The following security measures are in place to protect personal information:
- All staff undertake mandatory training in Data Protection
- Compliance with the Council’s ICT Acceptable Use Policy
- Organisational policy and procedures on the safe handling of personal information
- Access controls and audits of electronic systems
Your rights
When you provide information to the Council, you will have the following rights:
- to withdraw consent at any time, where the lawful basis specified above is consent
- to lodge a complaint with the Information Commissioner’s Office – see below for details
- to request access to your personal data – please contact the Data Protection Officer if you wish to submit a request.
- to data portability, where the legal basis specified above is i) consent or ii) performance of a contract
- to request rectification or erasure of your personal data, as far as the legislation permits – please contact the Data Protection Officer and provide details of what data you wish to be rectified or erased.
You can find out more about your rights in relation to data protection here: www.argyll-bute.gov.uk/data-protection or from the Data Protection Officer by telephone or in writing, as detailed above.
Information Commissioner’s Office
The ICO is the UK’s independent body set up to uphold information rights.
Information Commissioner’s Office
Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Telephone: 0303 123 1113
Email: casework@ico.org.uk
The Information Commissioner’s Office – Scotland
45 Melville Street, Edinburgh, EH3 7HL
Telephone: 0303 123 1115
Email: Scotland@ico.org.uk
Translation Service/ Accessibility
If you would like this information in another language or format, or if you require the services of an interpreter, please contact us.