Introduction
This is Autism Oxford UK Limited’s Privacy Notice.
As part of the services we offer, we are required to process personal data about our staff, our service users and, in some instances, the friends or relatives of our service users and staff. “Processing” can mean collecting, recording, organising, storing, sharing or destroying data.
We are committed to being transparent about why we need your personal data and what we do with it. This information is set out in this privacy notice. It also explains your rights when it comes to your data.
Please note we reserve the right to change this policy, but we will notify you of any significant changes.
If you have any concerns or questions, please contact us:
Telephone Number: 07498 370508
Email: info@autismoxford.org.uk
Address: Autism Oxford UK Limited, Grange Court Business Park, Barton Lane, Abingdon, Oxfordshire, OX14 3NB
1. Individuals accessing health and social care services
What data do we have?
So that we can provide a safe and professional service, we need to keep certain records about you. We may process the following types of data:
- Your basic details and contact information e.g. your name, address, date of birth and next of kin;
- Your financial details e.g. details of how you pay us for your care or your funding arrangements;
- Biographical information such as your education and work history.
We also record the following data which is classified as “special category”:
- Health and social care data about you, which might include both your physical and mental health data.
- We may also record data about your race, ethnic origin, sexual orientation or religion, but we do not collect this routinely.
This data is usually provided to us by you, your parent or guardian (if you are under 18), your legal representatives, or third parties involved in your care.
Why do we have this data?
We need this data so that we can provide high-quality care and support. By law, we need to have a lawful basis for processing your personal data.
We process your data because:
- It is necessary to provide you with the services set out in a contract (i.e. to provide you with health and care services)
- It is in our or a third party’s legitimate interests to do so – details of these legitimate interests are set out in the “Legitimate Interest” section below; or
- We have a legal obligation to do so – generally under the Health and Social Care Act 2012 or Mental Capacity Act 2005.
We process your special category data because:
- It is necessary for us to provide and manage social care services;
- It is necessary due to social security and social protection law (generally this would be in safeguarding instances);
- We are required to provide data to the regulator, the Care Quality Commission (CQC), as part of our public interest obligations.
We may also process your data with your consent. If we need to ask for your permission, we will offer you a clear choice and ask that you confirm to us that you consent. We will also explain clearly to you what we need the data for and how you can withdraw your consent at any time.
We do not currently use your data for research, although we may do so in future. If you do not wish your data to be used for research, please see below for information on the National Data Opt-Out.
Do we share your data with anyone?
In order to provide high quality care and comply with the law, we may lawfully share your personal data with third parties, including:
- Other parts of the health and care system such as local hospitals, the GP, the pharmacy, social workers, clinical commissioning groups, and other health and care professionals;
- The Local Authority;
- Your family or friends – with your permission;
- Organisations we have a legal obligation to share information with e.g. for safeguarding, the CQC;
- The police or other law enforcement agencies if we are required to by law or court order.
If you do not wish your data to be shared with others involved in your care you may opt-out by contacting us using the contact information in this policy, however in some cases we may still be required by law or regulatory bodies to share the information.
To provide you with our services we may also share your data with third-party processors, e.g. for processing payments. Where we do this, we will ensure appropriate contractual safeguards are in place to keep your data secure.
Legitimate interests
The legitimate interests which allow us to process your data include::
- To manage our relationship with you;
- To provide health and social care services on behalf of a third party;
- To keep our records up to date;
- For internal evaluation purposes, to monitor how well we are performing;
- To exercise our rights, to defend ourselves from claims and to keep to laws and regulations that apply to us and the third parties we work with.
National Data Opt-Out
All health and care organisations must comply with the national data opt-out policy by September 30th, 2021.
Autism Oxford UK Limited complies with the national data opt-out policy and the use of the technical services to check for national data opt-outs in line with technical specifications and instructions.
If you do not wish for your confidential information to be used for research and planning, you can choose to opt out by phone, email or post by contacting us by one of the methods of contact listed in the Introduction section at the start of this document.
More information can be found here: https://digital.nhs.uk/services/national-data-opt-out
2. Individuals accessing non-clinical services
What data do we have?
To provide you with our services and products such as training, webinars, conferences and newsletters, we may process the following types of data:
- Your basic details and contact information;
- Your financial details e.g. transaction details for payment;
- Information about your employment, where we are providing services on behalf of your employer.
- Information about how you use our website (please see our cookie policy https://staging.autismoxford.com/policies/cookie-policy/ for more information)
We may also record special category data such as information about a disability, reasonable adjustments, or dietary requirements, however we do not do so routinely.
This data is usually provided to us by you or your employer, where we are providing services on their behalf.
Why do we have this data?
We need this data so that we can provide you with our services and for marketing purposes. By law, we need to have a lawful basis for processing your personal data.
We process your data because:
- It is necessary to provide you with the services set out in a contract (e.g. where you have entered into a contract by purchasing a ticket to an event)
- It is in our or a third party’s legitimate interests to do so – details of these legitimate interests are set out in the “Legitimate Interest” section below; or
- We have your consent to do so, in the case of direct marketing.
We process your special category data only where we have your explicit consent.
Do we share your data with anyone?
At some of our events, we may take photos and videos which may be shared in the public domain for the purposes of promotion, marketing and awareness raising. You will be notified where this is the case and be given an opportunity to opt-out.
To provide you with our services we may also share your data with third-party processors, e.g. for processing payments. Where we do this, we will ensure appropriate contractual safeguards are in place to keep your data secure.
Legitimate interests
The legitimate interests which allow us to process your data include:
- To manage our relationship with you;
- To provide services on behalf of a third party;
- To keep our records up to date;
- To promote and market our services;
- To provide educational materials to the public;
- For internal evaluation purposes, to monitor how well we are performing;
- To exercise our rights, to defend ourselves from claims and to keep to laws and regulations that apply to us and the third parties we work with.
-
Your rights
The data that we keep about you is your data, and we ensure that we keep it confidential and that it is used appropriately. You have the following rights when it comes to your data:
- Access: You have the right to request a copy of all of the data we keep about you. Generally, we will not charge for this service.
- Rectification: You have the right to ask us to correct any data we have which you believe to be inaccurate or incomplete. You can also request that we restrict all processing of your data while we consider your rectification request.
- Erasure: You have the right to ask that we erase any of your personal data which is no longer necessary for the purpose we originally collected it for. We retain information for as long as we need to in order to provide you with our services, and to comply with applicable laws and guidelines, including the Information Governance Alliance guidelines https://digital.nhs.uk/data-and-information/looking-after-information/data-security-and-information-governance/codes-of-practice-for-handling-information-in-health-and-care/records-management-code-of-practice-for-health-and-social-care-2016.
- Restrict processing: You may also request that we restrict processing if we no longer require your personal data for the purpose we originally collected it for, but you do not wish for it to be erased.
- Object: If we are processing your data as part of our legitimate interests as an organisation or in order to complete a task in the public interest, you have the right to object to that processing. We will restrict all processing of this data while we look into your objection.
- Withdraw consent: Where we have asked for your consent to process your data, you have the right to withdraw that consent at any time.
- Portability: You have the right to request access to your data in a machine-readable format.
- Automated decisions: You have the right not to have any decision made about you based solely on automated decision-making. We do not currently use automated decision-making.
Please note, these rights are not absolute, meaning they do not apply in all cases. If you wish to exercise any of these rights, please notify us in writing at info@autismoxford.org.uk. You may need to provide adequate information for our staff to be able to identify you, for example, a passport or driver’s licence. This is to make sure that data is not shared with the wrong person inappropriately.
We will always respond to your request as soon as possible and at the latest within one month.
-
Complaints
If you have any concerns about how we process your data, please contact us at: info@autismoxford.org.uk.
You also have the right to make a complain to the Information Commissioner’s Office, using the details below:
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF