Our online privacy notice gives you detailed information on when and why we collect personal information and how we use it.
Carer and staff surveys are anonymous and case note audit submissions are pseudonymised (we do not ask for any identifying information such as name or NHS number), and allocated a number for the purposes of audit. For further details please refer to our data flow chart. We have completed a Data Protection Impact Assessment (DPIA) to review our management of this data.
Data collection via an online audit tool
- Using SNAP Webhost Survey software. SNAP Surveys is certified to ISO 27001. Please see the statement regarding GDPR requirements and security on their website.
- Using an online data collection platform developed and implemented for the audit by Netsolving on CaseCapture. Contractual arrangements with Netsolving cover their accountability, record of data processing, maintenance of lawful basis for processing, compliance with consent requirements, GDPR transparency, individual rights, breach process and policy. The sub contract also specifies forbidding of data matching, agreed purpose processing, security arrangements, storage and retention, breach notification, subject access data rights, data transfer, rights to inspection and withdrawal, and valid data protection registration.
- Data storage via SNAP, Netsolving or Microsoft Azure is ISO/IEC 27001 compliant.
Data collection using paper questionnaires
Where paper questionnaires are distributed, these are anonymous. Any information supplied in comments that may be identifying is removed and the data is aggregated prior to reporting.
We used HQIP’s UPCARE tool to collate information about the project governance and methodology into a single document.