Find out more about our purpose and what we do
We will always make sure that your information is protected and treated securely. Any information that you give will be held in accordance with:
- Data Protection Act 1998
- As of 25 May 2018, the new data protection legislation introduced under the General Data Protection Regulation (GDPR) and Data Protection Bill.
Read our Information Governance Policy.
We also make our Information Asset Register available for people to read to give further clarity about how data relating to them is managed and kept secure. This includes our retention schedule and clear details about the lawful basis for storing and keeping personally identifiable information.
Read our Data Asset Register.
Information we collect
We collect personal information from visitors to this website through the use of online forms and every time you email us your details. We also collect feedback and views from people about the health and social care services that they access. In addition, we receive information about our own staff and people who apply to work for us.
- Information about people who use our website
- Information about people who share their experiences with us by other means
- Information about our own staff and people applying to work for us
We are strongly committed to data security and we take reasonable and appropriate steps to protect your personal information from unauthorised access, loss, misuse, alteration or corruption.
We have put in place physical, electronic, and managerial procedures to safeguard and secure the information you provide to us.
Only authorised employees and contractors under strict controls will have access to your personal information.
Information about people who use our website
Please note that this statement does not cover links within this website to other websites.
When you browse through the information on this website, it does not store or capture your personal information. We do log your IP address (as it is automatically recognised by the web server) but this is only so you can download this website onto your device rather than for any tracking purpose; it is not used for any other purpose.
We will only collect personal information provided by you, such as:
- feedback from surveys and online forms
- email addresses
- preferred means of communication.
Surveys and forms may use third party systems other than the website
How we will use your personal information
Personal information about you can be used for the following purposes:
- in our day-to-day work;
- to send you our newsletter where you have requested it;
- to respond to any queries you may have;
- to improve the quality and safety of care.
This may include any personal information that you choose to share with us, but we will treat this as confidential and protect it accordingly.
We will never include your personal information in survey reports.
Signing up to our newsletter and bulletins
We use a third-party supplier to provide our newsletter service (Mailchimp). By subscribing to this service you will be agreeing to them handling your data.
The third-party supplier handles the data purely to provide this service on our behalf. We have signed an agreement with this supplier which provides assurance that they handle and process your information in accordance with the GDPR.
Our lawful basis for processing your personal data under for this are the public tasks from Section 221, 2.a&b of the Local Government and Public Involvement in Health Act of 2007:
- Promoting, and supporting, the involvement of people in the commissioning, provision and scrutiny of local care services
- Enabling people to monitor and to review the commissioning and provision of local care services.
You are free to change your preferences for the information that you receive from us or to opt out of our communications from us entirely at any time.
Information about people who share their experiences with us
We collect feedback from people about their experiences of using health and social care services through a range of methods.
Our staff and volunteers visit different health and social care settings and speak to service users as part of their role to evaluate how services are being delivered.
We collect information through paper, electronic and phone surveys, interviews and focus groups.
We receive phone calls, emails and letters sharing experiences and making requests for information directly from members of the public as part of our public duties.
We make every reasonable effort to anonymise personal experiences at the point when we record it. When we use this data to produce reports we make further efforts to ensure it remains anonymous. It is not possible to guarantee full anonymity for all who provide us with information but we make every reasonable attempt to provide this.
Our lawful basis for processing this data is the performance of a public task: “Obtaining the views of people about their needs for, and their experiences of, local care services and making these known through reports and recommendations about how care could or should improve.” This task is detailed in Section 221, 2.c of the Local Government and Public Involvement in Health Act of 2007.
We do not require consent to process data for public purposes and the data is not personally identifiable. Where you do provide personal information (e.g. name and contact details), these are stored separately and there is no way to link personal information to patient experiences.
Personal information may be collected and used with your consent through:
- Our signposting service to enable us to respond to your query. We usually delete your contact information once we have responded to your query. We may retain your contact details for a short period so that we can send you a satisfaction survey.
- When you sign up to receive our newsletters
- If you apply to volunteer for example as an Enter and View representative.
Personal data received from other sources
On occasion we will receive information from the families, friends and carers of people who access health and social care services. We use this data to inform providers and commissioners to help them deliver services that work for you.
Where it is practically possible and necessary, we will seek your consent to use information that is about you. We will only process your personal data where there is a lawful basis to do so under current data protection legislation.
In most circumstances we anonymise our data to ensure that a person cannot be identified, unless this has been otherwise agreed and consent has been given.
We are required to publish our reports and recommendations and the responses from organisations that respond to these. Where we feel it is reasonable to do so we will accommodate such responses through making reasonable changes to our reports, for example where clarification of factual inaccuracies is provided.
Sharing your data with Healthwatch England
We are required to share information with Healthwatch England to ensure that your views are considered at a national level. This enables them to analyse service provision across the country and supply the Department of Health and national commissioners with the information you provide.
The information we provide to Healthwatch England contains no personally identifiable data. Any information that is used for national publications is anonymised and will only be used with the consent of a local Healthwatch.
Our data systems
We process the data that you provide us through a secure encrypted platform with secure access. This information securely stored by a third party on our behalf who comply with all legal requirements and do not reuse any data without our consent.
Information about our own staff and people applying to work or volunteer with us
We need to process personal data about our own staff (and people applying to work or volunteer for us) so that we can carry out our role and meet our legal and contractual responsibilities as an employer.
The personal data that we process may include information about racial or ethnic origin, religion, disability, gender and sexuality. Where we collect this it is used to check we are promoting and ensuring diversity in our workforce and to make sure we are complying with equalities legislation.
Our employees, applicants and volunteers are free to decide whether or not to share this monitoring data with us, and can choose to withdraw their consent for this at any time. Employees who wish to withdraw their consent for us to process this data can let us know.
Other personal data that we are required to process includes information on qualifications and experience, pay and performance, contact details and bank details.
We check that people who work or volunteer for us are fit and suitable for their roles. This may include asking people to undertake Disclosure and Barring Service (DBS) checks.
People joining Healthwatch Richmond as Committee Members, Enter and View Representatives or as Trustees of Richmond Health Voices will be asked to complete a ‘declaration of interests’ form to identify any services with which they have close links (for example, because they have previously worked there or because the service is run by a close relative) or any other issues which could cause a perceived conflict of interest. Staff and committee members are regularly asked to update these forms.
We have a legal obligation to comply with the Freedom of Information Act 2000 and this may include the requirement to disclose some information about our employees and volunteers – especially those in senior or public facing roles. We also publish some information about our staff, including the names and work contact details of people in some roles.
How we share information with other organisations
We only share personal information with other organisations where it is lawful to so and in accordance with our Information Governance Policy. Information is shared in order to fulfil our remit which is to pass on your experiences of care to help improve them on your behalf.
We work with Healthwatch England, the Care Quality Commission (CQC), local commissioners, NHS Improvement and our local authority to make this happen. We can also engage external suppliers to process personal information on our behalf.
We will only disclose your personal information where we have your consent to do so, or where there is another very good reason to make the disclosure – for example, we may disclose information to CQC or a local authority where we think it is necessary to do so in order to protect a vulnerable person from abuse or harm. Any such disclosure will be made in accordance with the requirements of the current data protection legislation.
Wherever possible, we will ensure that any information that we share or disclose is anonymised, so as to ensure that you cannot be identified from it.
We sometimes use other organisations to process personal data on our behalf. Where we do this, those companies are required to follow the same rules and information security requirements as us, outlined in a Data Processing Contract. They are not permitted to use reuse the data for other purposes.
Retention and disposal of personal data
We publish a retention and disposal schedule which forms our Data Asset Register which explains how long we keep different types of records and documents for, including records and documents containing personal data. Personal data is deleted or securely destroyed at the end of its retention period.
Your right to access information about you
If you think we may hold personal data relating to you and want to see it please write to
Correcting or deleting your personal data
If you know that we are holding your personal data and believe that it may be wrong, or if you want it to be deleted or for us to stop using it, you have a right to request that it can be deleted or amended.
Please make your objection in writing to
Or send it by post to:
Healthwatch Richmond 82 Hampton Road, Twickenham, TW2 5QS
Complaints about how we look after or use your information
If you feel that we have not met our responsibilities under data protection legislation, you have a right to request an independent assessment from the Information Commissioner’s Office (ICO). You can find details on their website.
Our contact details and key roles
Richmond Health Voices is the Data Controller in respect of Healthwatch Richmond.
Any issues relating to the processing of personal data by or on behalf of Healthwatch Richmond (Freedom of Information Requests, Subject Access Requests, requests relating to your data rights e.g. asking us to erase or amend data that we hold about you) should be addressed to Mike Derry, Chief Officer, Healthwatch Richmond:
020 8099 5335
Healthwatch Richmond 82 Hampton Road, Twickenham, TW2 5QS