Data Compliance

We Are Survivors works hard to be and remain compliant with the ‘The Data Protection Act 2018’ (“the Act”) and ‘UK GDPR’. We also strictly adhere to our organisational governing policies.

All information we collect, whether paper or electronic, is private and confidential, including any referral forms, assessments, client records and outcome forms; and the process of collecting, storing, and retrieving your information is secure.

You have the absolute right to expect any information collected that contains data on you to be kept private and stored securely. You also have rights to confidentiality under data protection, human rights legislation, and common law.

Why do we keep information?

We Are Survivors are the ‘Data Controller’ (in most cases), we keep information about you to enable us to provide safe and effective services, which meet both your needs and the needs of the community we serve. Therefore, we need to collect demographic information such as:

• Ethnicity
• Age
• Gender
• Employment
• Your GP Practice

and clinical information such as:

• Diagnoses (Please Note: we do not provide any form of mental health diagnoses)
• Type of service(s) accessed
• Clinical outcome measure scores
• Health conditions

Your information is stored electronically on a secure server with restricted access via username, password, multi-factor authentication or 90-day password reset policies.

How do we use your information?

Your worker, their manager and admin worker(s) will usually be the only people authorised to access your information. These workers are authorised so they can record data in the relevant place and system that will help us ensure we are providing an effective service for you.

Other members of the management team may need to access your information to investigate complaints, incidents, or to audit services.

Information is also used more generally to monitor performance and evaluate the effectiveness of services; in these circumstances your name and any other identifying details will be removed prior to analysis and publication.

An example of when we would use this type of data would be in our annual report, which we are required to submit every year to the Charity Commission; or when we are reporting to our funders on the activities we have carried out.

When can you see or share your information?

Sometimes we will need to share information with people outside of We Are Survivors who are involved in your care. This would include people like your GP or agencies and organisations within your care plan that are there to help safeguard your health and wellbeing.

There may also be times when a Subject Access Request (SAR) is submitted for the information we hold on you, this may be from yourself, or other third parties (i.e., Greater Manchester Police, Crown Prosecution Service or Solicitor). A SAR will only be completed by us if it is ethical, justified, and lawful, and with your written consent. You will be informed of the type of information shared in this way and the reasons for it. We would then only share information requested in a SAR after a Right to Review process with yourself.

However, there are times when we may have to share information without your permission. These situations would be when:

• There is a serious and immediate risk of harm to you or others (e.g., children, vulnerable adults); or
• Information is required to be used in court and a court order has been issued by a judge

We always aim to discuss any breach of confidentiality with you when we need to share information, however we cannot guarantee this. It is important to us that we make this as transparent as possible.

Your information will not be shared with anyone else without your written consent, which is why we ask you specifically throughout your care with us – If there is anyone or any agency you would like to add to the list of ‘consent to share information’.

All our staff and volunteers are required to adhere to our Information Governance and GDPR policies. If anyone breaches our Information Governance and GDPR, we will inform you and we will take appropriate action.

You also have the right to erasure (also known as ‘the right to be forgotten’) under UK GDPR (see: https://ico.org.uk/for-organisations/uk-gdpr-guidance-and-resources/individual-rights/individual-rights/right-to-erasure/ for more information).

Privacy Statement

When you request information from, We Are Survivors or sign up to any of our services, We Are Survivors obtains information about you. This statement explains how we look after that information and what we do with it.

We have a legal duty under the Data Protection Act to prevent your information falling into the wrong hands. We must also ensure that the data we hold is accurate, adequate, relevant, and not excessive.

Normally the only information we hold comes directly from you. Whenever we collect information from you, we will make it clear which information is required to offer the best possible information and services to support you throughout your healing journey.

You do not have to provide us with any additional information unless you choose to. We store your information securely, restricting access to be on a need-to-know basis ONLY and we train our staff in handling the information securely.

If you have signed up to a class or other service, we will also pass your details to the professional worker providing that service. That worker may hold additional information about your participation in these activities. As such, some of the services we provide rely on external facilitator. Facilitators will not have access to any form of the information we hold on you and any information provided to the facilitator will be voluntarily provided by yourself during services activities.

We would also like to contact you in future to tell you about other services we provide, to keep you informed of what we are doing and ways in which you might like to support We Are Survivors. We will gather consent at Services Assessment.

You have the right to ask us not to contact you in this way. We will always aim to provide a clear method for you to opt out and any e-Update or newsletter we send will have the option to unsubscribe from our mailing list. You can also contact us directly at any time to tell us not to send you any future material.

You have the right to a copy of all the information we hold about you (apart from a limited number of items which we may be obliged to withhold because they concern other people as well as you).

To obtain a copy, either ask for an application form to be sent to you, write to the Information Governance Lead, or speak to your worker.

We will reply to all SARs without undue delay, within one month of receiving the request. We reserve the right to extend this time by a further two months if the request is deemed complex.

For further information please contact:

Jamie Legge
Operation Director
Unit 9 Brewery Yard
Deva City Office Park
Trinity Way
Salford
M3 7BB

T 0161 236 2182 (24hr Voicemail)
F 0161 839 8454
E [email protected]