Our online privacy notice gives you detailed information on when and why we collect personal information and how we use it.
Carer and staff surveys are anonymous and case note audit submissions are pseudonymised (we do not ask for any identifying information such as name or NHS number), and allocated a number for the purposes of audit. For further details please refer to our data flow chart. We have completed a Data Protection Impact Assessment (DPIA) to review our management of these data.
Data collection is via an online audit tool using SNAP Webhost Survey software. SNAP Surveys is certified to ISO 27001. Please see the statement re GDPR requirements and security on their website.
Pilot data collection is via an online data collection platform developed and implemented for the audit by Netsolving on CaseCapture. Contractual arrangements with Netsolving cover their accountability, record of data processing, maintenance of lawful basis for processing, compliance with consent requirements, GDPR transparency, individual rights, breach process and policy. The sub contract also specifies forbidding of data matching, agreed purpose processing, security arrangements, storage and retention, breach notification, subject access data rights, data transfer, rights to inspection and withdrawal, and valid data protection registration.
We used HQIP’s UPCARE tool to collate information about the project governance and methodology into a single document.