Client Privacy Information

As a client of the Homeless Health Peer Advocacy (HHPA) service we collect and process personal data on you. We do this to:

  • Organise the support you will receive from our staff and volunteers
  • Liaise with your support worker and other people to coordinate your health appointments
  • Communicate with you directly as and when needed
  • Handle any safeguarding issues if they arise

Where is data stored?

Data will be stored on our Salesforce system and on other IT systems (including email).

What information does the organisation collect?

We collect a range of information about you when are referred to us and over the course of our work with you. This includes:

  • your name, address and contact details, including email address and telephone number;
  • whether or not you have a disability for which the organisation needs to make reasonable adjustments.
  • date of birth and gender
  • information about your emergency contacts

The service we deliver is a health service, so we also process data on your health needs and conditions.

We collect this information in a variety of ways. Normally the data will be sent to us by your support worker or a medical professional after you ask for support to get to a health appointment. In some instances, the data will come from you if you contact us directly for support.

Why does the organisation process personal data?

There has to be a lawful basis or reason for us to process your data. When processing your data, the lawful basis is called “Public Task / Public interest”. Because the Homeless Health Peer Advocacy service is paid for by NHS contracts, we have to process your data to deliver the service effectively in the public interest. If we don’t process your data we are unable to fulfil our obligations to you and to the NHS.

Who has access to data?

Once the data about you and your health appointments reaches us, it will be accessible to people at Groundswell who are in charge of organising and delivering the HHPA service.

Sometimes we will have to share the information we hold on you with medical professionals or your support worker. We don’t do this on a routine basis, but in special cases like if we are unable to contact you to arrange an appointment, if you are a danger to yourself or others or if we are unduly worried about your health. We aim to check with you first that it is ok to share information, but sometimes this might not be possible.

We do not allow access to your data or share it with others for any other purpose than delivering the Homeless Health Peer Advocacy service without your express consent.

For how long does the organisation keep data?

We keep your data for 6 years after our last contact with you. After this it will be deleted from our systems.

What are your rights?

As a data subject, you have a number of rights which are outlined below.

  • Right of access – Individuals can request to access and obtain a copy of all data we hold on them. This request is commonly referred to as a subject access request.
  • Right to rectification – Individuals can require us to change incorrect or incomplete data.
  • Right to erasure – Individuals can require us to delete all their data under certain conditions.
  • Right to object – In certain circumstances, individuals can object to us processing their data.
  • Right to restrict processing – Individuals have the right to restrict the processing of their personal data where they have a particular reason. In most cases we would need to have the restriction in place for a certain period of time not indefinitely.
  • Right to portability – This gives individuals the right to receive personal data they have provided to us. They can also request that we give it directly to another controller.

If you would like to exercise any of these rights, please contact Groundswell’s Data Protection Lead on the details at the beginning of the General Privacy Notice. You can make any request in any form you choose – writing, email, phone, face to face or through a third party such as a solicitor.

If you believe that the organisation has not complied with your data protection rights, you can complain to the Information Commissioner’s Office (ICO). The details are in the General Privacy Notice.