Privacy notice (Volunteers)
The Citizen Voice Body for health and social care (referred to in this notice as “the Llais” “we”, “us” or “our”) treat privacy and confidentiality very seriously. We comply with all aspects of the UK’s data protection legislative framework, which includes the UK General Data Protection Regulation and the Data Protection Act 2018.
Introduction
This is a summary privacy notice that is intended to give you some key information about how we use your personal information in a user-friendly form. For a more detailed information about how and why we process your personal data, please refer to our primary privacy notice. Alternatively, you can request a copy of primary privacy notice from our Data Protection Officer (DPO). More information on how you can contact this individual can be found below.
This summary privacy notice applies to our volunteers where data is held and processed by the organisation for certain purposes in connection with your volunteering work for Llais.
Data Controller and Data Protection Officer
Your information will be held by Llais as Data Controller.
We have appointed a dedicated Data Protection Officer (DPO) to ensure appropriate oversight of our data processing activities. The DPO is the Strategic Director for Operations and Corporate Services. You can contact this individual by letter, telephone or email. Contact details are listed below:
Postal address: 33-35 Cathedral Road Cardiff CF11 9HB
Telephone: 02920 235558
Email address: [email protected]
Why do we collect and use your personal information
The primary reasons Llais collects and uses your personal data include:
- in the course of performing our statutory functions
- to ensure that volunteers comply with the statutory requirements for volunteering with Llais and are not disqualified
- as part of the volunteer appointment process
- for the purpose of appraisals and monitoring and managing the conduct of volunteers
- for the purpose of providing support and development
- to share information, seek opinions and arrange activities and events
- in the course of preparing minutes of meetings (including video recordings of Microsoft TEAMS meetings until they are transcribed at which point they are deleted) and other events or your participation in monitoring surveys on ways of working or other activities
- information you provide to us for the purpose of attending meetings and events we host, including access and dietary requirements.
It is lawful for us to do this because it is necessary to collect and use your personal data in order to fulfil a public task/function to carry out a task in the public interest or comply with a legal obligation.
For more information on the categories of personal information we hold and on what lawful basis, please see our primary privacy notice.
Situations in which we will use your sensitive personal information
We may process special categories of personal information where it is necessary for reasons of substantial public interest or, in some circumstances, where we have your written consent. We also collect special category data in connection for equality monitoring purposes in order to identify or keep under review the existence or absence of equality of opportunity or treatment between groups of people.
Less commonly, we may process this type of information where it is needed in relation to the establishment, exercise or defence of legal claims or where it is needed to protect your, or someone else’s interests.
Information about criminal convictions
We may only use information relating to criminal convictions where the law allows us to do so.
We will only collect information about criminal convictions if it is appropriate given the nature of a volunteer’s role and where we are legally able to do so. Where appropriate, we will collect information about criminal convictions as part of the appointment process or we may be notified of such information directly by you in the course of your term as a volunteer.
We are allowed to use your personal information in this way as the processing is necessary to enable us to perform or exercise those statutory obligations or rights which are conferred on us.
Sharing your information
We share your personal data with third parties in order to carry out the public tasks/function listed above. In particular we may share your information with the following organisations:
- with Welsh Government when this is necessary to comply with our reporting obligations or any other statutory function
- with NHS shared services to process expenses claims
- in the case of minutes of Llais meetings these are usually publicly available documents and will therefore be shared with any organisation or individual who requests copies
- the names and other interests of volunteers may be published in annual reports and we may also publish photographs of volunteers.
We may also share your information, including bibliographical information, with any relevant external committee or interest group where you are nominated to and agree to sit on that committee or group.
Your personal data may also be shared with other third parties such as our insurers and professional advisers and third parties who supply goods and services to us, in order to allow us comply with legal requirements and to enable us to run our organisation effectively.
We do not sell, rent or otherwise make personal information commercially available to any third party.
For more details on sharing your information please refer to the primary privacy notice.
Personal information you share with us
The law allows us to collect and use personal information about others in the course of carrying out our public tasks/functions. If you wish to give us personal information about another person, please speak to us to ensure that you are legally entitled to give us the information and for advice on whether you need to inform that person. For more information on the categories of personal information that we hold please refer to the primary privacy notice.
How long do we keep personal information
Our policy is to not hold personal information for longer than is necessary. We have established data retention timelines for all of the personal information that we hold based on why we need the information and captured this in our Data Retention Policy. We delete or destroy personal information securely in accordance with the Data Retention Policy.
Security
We are strongly committed to information security and we take reasonable and appropriate steps to protect your personal information from unauthorised access, loss, misuse, alteration or corruption. We have put in place physical, electronic, and managerial procedures to safeguard and secure the information you provide to us including the use of encryption. We have Cyber Essentials Plus certification.
If you wish to discuss the security of your information please contact us.
Privacy Rights
Individuals have a number of rights under the data protection legislation. Our primary Privacy Notice contains full details of all of the rights, although please be aware that whether each particular right will apply to you will depend on the circumstances and the type of processing. Please refer to our primary privacy notice.
How to Complain
Please let us know if you are unhappy with how we have used your personal information. To do this, please contact our DPO: Strategic Director of Operations and Corporate Services
Postal address: 33-35 Cathedral Road Cardiff CF11 9HB
Telephone: 02920 235558
Email: [email protected]
You also have the right to complain to the Information Commissioner’s Office. Find out on their website (www.ico.org.uk) how to report a concern. The contact details are:
Postal address: Information Commissioner’s Office – Wales, 2nd floor, Churchill House, Churchill Way, Cardiff, CF10 2HH.
Telephone: 0330 414 6421.
Email: [email protected]