How SUF manages your information
When you share your opinions and experiences with SUF you can expect to have that information treated as confidential and privileged information. We will only pass on information to other organisations that are also charged with seeking and reporting on the opinions and experiences of mental health service users and their families with the remit to work to improve the mental health, health and social services delivered in Suffolk.
When SUF gathers information we will always tell you why we are asking your views and who we will be sending your anonymous information to; examples of such organisations are; West Suffolk Clinical Commissioning Group (CCG); Ipswich & East Suffolk Clinical Commissioning Group (CCG); The Suffolk Health & Wellbeing Board; Suffolk County Council; Healthwatch Suffolk, Suffolk Coalition of Disabled People (SCODP), the Safeguarding Peoples Panel, the Experts by Experience Network, the Norfolk and Suffolk NHS Foundation Trust (NSFT) and all who have a role in improving services in Suffolk.
If you are bringing a personal issue to SUF our staff will agree with you how and who else you would want your concerns expressed to.
Personal information belongs to the individual or organisation entrusting it to SUF. This information remains personal and in the control of the giver.
Once received by SUF, information will be anonymised and only used for the purpose for which it was given. It will not be passed on to any individual or organisation outside SUF without the express permission of the giver.
SUF staff that require access to the information you have provided will be operating within and expected to observe the SUF Privacy Charter. Access to the information within SUF will only be on a need to know basis with all staff and volunteers being bound by these rules of confidentiality.
Anonymised information that is shared to evidence service user experience; for research purposes or in suggesting alternative strategies is done so on the understanding that it will be acknowledged by the receiver in writing, that it has been gathered by SUF for the express purpose it is being used for.
- When other organisations collect data to contribute to the legitimate activities of SUF we will reciprocate this protocol and identify the organisation that has contributed the relevant evidence to the activity.
- When that information is used in any written document; report or any other publication by the recipient they will acknowledge that the data was gathered and reported to them by SUF.
SUF Privacy Charter
The Suffolk User Forum (SUF) is the data controller of your information under the Data Protection Act 1998 (“the DPA”).
All SUF employees and representatives, whether permanent or temporary, must be aware of the requirements of the Data Protection Act when they collect or handle data from an individual.
They must not disclose data except where the disclosure complies with the intentions and requirements of the purpose for collecting the data.
SUF will only collect personal data that is relevant to the carrying out of the legitimate purposes and function of SUF.
Members will have the opportunity of opting out of marketing material from SUF. This is done by ticking the box on the membership application form or responding to a statement to that effect available as a reminder at the bottom of all emails sent out with SUF marketing information.
Mobile telephone numbers and landline telephone numbers are never passed onto third parties for marketing purposes.
SUF staff may in the future use mobile phone texting to inform members of activities and events.
We strive to ensure that data collected is as accurate as possible. Individuals about whom data is held have the right to the amendment or deletion of incorrect entries within a reasonable time.
Appropriate technical and organisational measures are adopted to protect the security of all personal data held by SUF, including sensitive personal data as defined by the Data Protection Act 1998.
Information will be held in an environment as secure as possible. SUF employees and representatives will be responsible for ensuring that all regular data care procedures are fully and conscientiously followed.
All ordered manual files and databases will be kept up-to-date and will have an agreed archiving policy.
Data no longer required for the legitimate purposes of SUF will be regularly appropriately destroyed as stated in the SUF Document Retention Period matrix.
Where data is passed to a third party for processing, SUF will ensure that a written contract is in place that states that the agent will:
- process the data transferred only on the express instructions of SUF;
- ensure data is used in full compliance with the DPA; and
- Implement appropriate security measures to protect the information transferred.
All SUF employees and representatives have a duty to protect individuals’ data from accidental disclosure and are required to comply with the following obligations:
- not to give our passwords to other people, who will then have access to the data you are entitled to view;
- not to recycle reports that contain personal data;
- to take due care to ensure that data is not left about on laptops or in files either in or out of the office, where they can be accessed by unauthorised personnel.
SUF will provide data subjects access to their personal information on request. The data will be provided within 28 days of receipt of written requests.
SUF may make changes to this privacy charter from time to time. If we do make any such changes, we will post the changes on this page of SUF’s website. You are advised to revisit this charter each time you consider giving SUF personal information.
SUF is intending to apply for the new award from Healthwatch Suffolk, called the Suffolk Information Standard, which has been designed by the Suffolk Information Partnership. This award promotes best practice in data management and in the provision of high quality information for service users and carers.