Engaging Communities Solutions (ECS) Privacy statement
This Privacy Statement sets out the data processing practices carried out by Engaging Communities Solutions (ECS), delivering a range of social research solutions, community engagement and consultation, independent advocacy and Healthwatch services.
Our contact details
- Operations address: Unit 42, Staffordshire University Business Village, Dyson Way, Stafford ST18 0TW
- Telephone: 01785 887809 Website: www.weareecs.co.uk
- Email: SAR@weareecs.co.uk
ECS are both the Data Controller and Data Processor for information we collect.
Elizabeth Learoyd is the Data Protection Officer and can be contacted on the details above.
Information we collect
We collect personal information (information that relates to and identifies living people) from visitors to this website using online forms and every time you email us your details. We also collect feedback and views from people about the health and social care services that they access. In addition, we receive information about our own staff and people who apply to work for us.
Information about people who use our various websites
Information about people who share their experiences with us using online forms / surveys / phone calls, in person and email
Information about our own staff and volunteers as well as people who apply to work or volunteer for us.
There is a range of information that we may collect where it is relevant to the purpose / activity such as sending you regular newsletters or information about health services and social care services for example:
- Email / Postal / Internet protocol (IP) address
- Phone and mobile numbers
- Location data
- Identification number
- An online identifier
- Copies of official documents for identity verification/right to work in UK
- Demographic data
- Special categories of personal data such as data:
- revealing racial or ethnic origin
- revealing religious or philosophical beliefs
- genetic data
- data concerning health
- concerning a person’s sexual orientation
How we collect your information
There are several ways that we collect feedback from people about their experiences of using health services and social care services day to day, plus any additional themes that we have agreed to undertake social research and / or analysis of. Our staff will visit different health services, social care settings, other service provisions/activities as part of their role to evaluate how services are being delivered. We also receive phone calls and requests for information directly from members of the public as part of our signposting service.
Under the General Data Protection Regulation (GDPR), the lawful bases we rely on for processing this information are:
- Your consent. You can remove your consent at any time. You can do this by contacting by the methods above.
- We have a legal obligation.
Where personally identifiable information may be collected, we will ensure that we have your consent to collect and keep it, and we will be clear on how we intend to use your information. We will aim to anonymise information where we can but there may be instances where this is not possible in order to make change happen on your behalf, in these circumstances we will seek your explicit consent to do so, unless we have a legal obligation to share it.
How we will use your personal information
Personal information about you can be used for the following purposes…
- in our day-to-day work.
- in the day to day work of the services we deliver under contract to other organisations such as Healthwatch.
- to respond to any queries you may have.
- to send you a range of information such as our newsletter/s or surveys or questionnaires for example where you have requested to receive the specific type of information.
- to produce reports for public publication.
- to improve the quality and safety of:
- health services and care
- children’s or adult social care
- mental health services
- a particular service/s that we have agreed to undertake work for.
- to provide services for staff and volunteers such as health advice / training / HR functions.
We are strongly committed to data security and we take reasonable and appropriate steps to protect your personal information from unauthorised access, loss, misuse, alteration or corruption.
We have put in place physical, electronic, and managerial procedures to safeguard and secure the information you provide to us.
We will always make sure that your information is protected and treated securely. Any information that you give will be held in accordance with:
- Data Protection Act 2018
- As of 25 May 2018, the new data protection legislation introduced under the General Data Protection Regulation (GDPR) and Data Protection Bill.
- New advocacy charter
- Safeguarding policy
- Complaints policy
- Record keeping and document destruction schedule
Only authorised employees and contractors under strict controls will have access to your personal information.
We only share personal information with other organisations where it is lawful to so and in accordance with our Data Protection Policy. Information is shared in order to fulfil our remit which is to pass on your experiences of health care and social care services to help improve them on your behalf, or to report on peoples experiences of particular services where we have agreed to undertake this work, both in anonymised formats unless we have your explicit consent or a legal obligation.
We work with Healthwatch England, the Care Quality Commission (CQC), local commissioners and providers of health care and social care services and other services that we are undertaking work for, NHS Improvement and local authorities where we deliver our services.
We may and can also engage external suppliers to process personal information on our behalf or use external suppliers’ software and its host location. This may include any personal information or special categories of personal data that you choose to share with us, but we will treat this as confidential and protect it accordingly. Where we do this, those companies are required to follow the same rules and information security requirements as us, outlined in the General Data Protection Regulations. They are not permitted to use or reuse the data for other purposes.
We will never include your personal information in survey / engagement reports. All information that we do use is anonymised.
We use the following range of software and suppliers to deliver our services:
- Microsoft Office 365 comprising functional software and electronic cloud storage
- OpenCRM database and electronic storage
- SNAP survey software and electronic storage
- iHasco eLearning software, systems and Learning management system, and electronic storage locations
- SAGE online for processing our accounting functions which include details of payroll and expenses.
- CareCheck an online DBS checking service
- Deans accountancy to provide payroll services including the use of Tally, a secure cloud document exchange platform.
- Lloyds business banking for payment of staff and volunteer salaries/expenses
- HR Pulse an online HR management system that uses cloud storage
- Adobe software including Acrobat and InDesign software/systems that uses cloud storage
The above suppliers use electronic storage locations held within the EU that are GDPR complaint and may on our request access the data stored in the electronic storage locations to support administrative or trouble shooting purposes in the event of a software/data issue/failure.
- Probrand IT services that cover our software, hardware, backup solutions, advanced antivirus software from and on electronic storage locations held within the EU that are GDPR complaint.
- White Bear services that provide our websites and feedback centre functionality from and on electronic storage locations held within the EU that are GDPR complaint.
The above suppliers support us on a day to day basis for development, maintenance and in the event of software/systems/virus/failure/recovery and may need to access the data stored in the electronic storage locations as a part of this support/recovery.
Under the General Data Protection Regulation (GDPR), the lawful basis we rely on for processing your information is your consent. You can remove your consent at any time. You can do this by contacting ECS on the details above.
In order to keep you updated with news, developments and opportunities to have your say on particular issues we ask for you to give us your name, address and other contact details such as mobile/phone number and email address. We will not share your information with any organisation outside of the ECS company unless there is a legal reason to do so.
Retention and disposal of personal data
Your details will be kept securely in our offices if it is on paper until it is digitised, then held securely in our electronic cloud storage. We may need to retain some information on paper or removable electronic media such as emergency contact/next of kin information for staff and volunteers in the event of a catastrophic event. Information on paper will be destroyed by cross shredding. Digitised information will be deleted if you ask us to remove it from our systems (unless it needs to be retained for legal purposes), which you may do so at any time in addition to the statutory rights detailed below. We use a Retention Schedule to specify how long we keep certain types of information, a copy is available from our website or you can request a paper copy from our Corporate Office: ECS, Unit 42, Staffordshire Business Village, Dyson Way, Stafford ST18 0TW
A cookie is a small file which asks permission to be placed on your computer’s hard drive. Once you agree, the file is added, and the cookie helps analyse web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.
We use traffic log cookies to identify which pages are being used. This helps us analyse data about webpage traffic and improve our website to tailor it to customer needs. We only use this information for statistical analysis purposes and then the data is removed from the system.
Overall, cookies help us provide you with a better website by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.
You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website.
Your data protection rights – Under data protection law, you have rights including:
Your right of access – You have the right to ask us for copies of your personal information.
Your right to rectification – You have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
Your right to erasure – You have the right to ask us to erase your personal information in certain circumstances.
Your right to restriction of processing – You have the right to ask us to restrict the processing of your information in certain circumstances.
Your right to object to processing – You have the the right to object to the processing of your personal data in certain circumstances.
Your right to data portability – You have the right to ask that we transfer the information you gave us to another organisation, or to you, in certain circumstances
You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you.
If you wish to make a request, please contact us:
Telephone: 01785 887809
How to complain
You can also complain to the ICO if you are unhappy with how we have used your data. The ICO’s address:
Information Commissioner’s Office (ICO), Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
Helpline phone number: 0303 123 1113