At Cobalt Health we are committed to protecting your privacy. We protect any personal information you give us.
This policy is written in accordance with the Data Protection Act 2018. Cobalt Health (“Cobalt”) is registered under the Act as a Data Controller. If you have any questions about it, please contact our Data Protection Compliance Officer at Cobalt Health, Linton House, Thirlestaine Road, Cheltenham, GL53 7AS or telephone 01242 535914.
Personal information is any information that can be used to identify you.
WHAT PERSONAL INFORMATION DO WE COLLECT FROM YOU
- Information that you give us when you enquire or become a customer or patient of us or apply for a job with us including name, address, contact details (including email address and phone number).
- The name and contact details (including phone number) of your next of kin.
- Details of referrals from hospitals, GPs and other healthcare providers, including insurance companies.
- Notes and other contact and correspondence we may have had with you.
- Details of services and/or treatment you have received from us or which have been received from a third party and referred on to us.
- Information obtained from customer surveys you have completed.
- Recordings of calls we receive or make.
- Notes and reports about your health and any treatment and care you have received.
- Information about complaints and incidents.
- Information you give us when you make a payment to us, such as financial or credit card information.
- Information you give us to enable us to book your place on education or fundraising events.
- Where appropriate, personal risk assessments, records of tests (including Covid-19), notice of isolation and contacts with members of staff (for trace and tracking purposes).
Fundraising & Volunteers
- In addition to the above we keep details of your fundraising preferences, donations made and information on your tax status.
- We keep details of volunteers in order to be able to co-ordinate your activities and support your fundraising efforts.
Staff, Trainees & Work Experience
- In addition to some of the above we keep information on your recruitment (applications, CVs, references etc), financial details in order to administer your salary, pension expenses and benefits.
- We also keep records of qualifications, training, appraisals and reviews, and any legal and tax matters required for the administration of your employment.
Cobalt treats your contact with us as confidential unless there is a legal duty to disclose the information or there is a risk of serious harm or abuse to you or someone else. In this instance, we may have to pass this information onto a third party such as the emergency services. We store your information securely on our computer systems, we restrict access to those who have a need to know, and we train our staff in handling the information securely. Where we are required to share your information with other organisations we seek to do this by the most secure means available.
WHEN DO WE COLLECT PERSONAL DATA ABOUT YOU
We collect personal data about you either directly or indirectly, if you:-
- Enquire about any of our services or treatments;
- Register to be a customer or patient with us or book to receive any of our services or treatments;
- Fill in a form or survey for us, or share a personal risk assessment (Covid-19) with us;
- When you advise us of; symptoms/diagnosis of infectious disease (including Covid-19), or requirements to isolate
- Carry out a transaction on our website;
- Make online payments;
- Contact us, for example by email, telephone or social media;
- Make a donation, fundraise on our behalf, register as a Friend of Cobalt to receive information about the Charity, or apply to volunteer at Cobalt;
- Apply for a post at Cobalt;
- Visit one of our websites;
- Share your story with us;
- Book a place on one of our events.
We may also obtain personal information about you from other sources, such as if a medical professional, Hospital Trust or NHS England, family members or friends contacts us on your behalf, or if a fundraiser passes on your details to us (including organisations such as CAF (the Charities Aid Foundation, Just Giving or Virgin Money Giving). We may also combine your personal information with other information we collect from third parties, particularly for the advancement of your care.
HOW DO WE USE YOUR INFORMATION
We use your information in the ways set out below:-
- We use your personal information to give you the information, support, services, or products you ask for.
- We use your information to gain a full understanding of your situation so we can develop and offer you the best possible personalised services.
- We use your information for internal administrative purposes (such as our accounting and records), and to let you know about changes to our services or policies.
- We use your information to inform our risk assessments regarding your safety when attending our premises or undertaking duties on behalf of Cobalt.
- We will use your information to thank you for donations made to the Charity. If you have made a donation through the post we will write to you to ask for your future communication preferences.
- We may use your information to send you communications about our work and how you can help us to help you, for example, information about our campaigns, volunteering and fundraising activities. You can let us know if you would prefer not to receive these communications at any time by emailing email@example.com, calling us on 01242 535920, or writing to our Data Protection Compliance Officer at the address above.
- We use your personal information look into, and respond to, complaints, legal claims or other issues.
- We use your personal information to claim Gift Aid on your donations.
- We may also use your personal information for other purposes which we specifically notify you about and, where appropriate, obtain your consent.
- We may combine your information with other information (for example, from public records or on social media) and create a profile of your interests and preferences. We do this to help us determine whether and in what ways you might be interested in helping us or getting involved in our activities.
- We use your information to send you tickets, joining instructions or other information about events you have booked a place on.
- We will process information for certain legitimate interest purposes, for example:-
- Where you have used the Charity’s services or have made donations in the past we will provide communications we think that will be of interest to you. We will always give you the option to opt out of future communications.
- Where you have opened the website from an email, analytical data is collected to better understand how you have interacted with the website.
WHO DO WE SHARE YOUR INFORMATION WITH
We will not sell your details to any third parties. For each category of data we hold: We will not use or disclose personal information to other organisations or anyone else unless:-
- Consent has been given for us to do so;
- You would reasonably expect or we have told you that your information is usually used or disclosed to other organisations or persons in this way;
- The use or disclosure is required or authorised by law; or
- The disclosure is reasonably necessary for law enforcement functions or for the protection of public revenue.
- In order to provide your service we may sometimes share your information with healthcare bodies including, NHS England, your local Health Trust, your GP, consultant, or healthcare professional who referred you to Cobalt.
- Your information will not leave the European Economic Area unless we have your consent. Where you volunteer to participate in trials the information shared is anonymised.
- In order to properly process your salary, pension and other benefits, we provide your details to the outsourced payroll company, pension provider, health insurer and benefits provider.
- Details are also shared for legal purposes including the correct administration of taxes.
Friends of Cobalt, Donors & Volunteers
- When you make a donation to Cobalt on-line this will be processed via CAF (Charities Aid Foundation) and sent on your behalf to Cobalt.
- Through the CAF website (and Cobalt’s) you can request to receive updates from the charity.
- We use a third party supplier, to send our newsletters to registered supporters of the Charity. We will securely share your personal information with the supplier so that they can send you our newsletter in accordance with your
ACCESSING & UPDATING YOUR PERSONAL INFORMATION
You can find out if we hold any of your personal information by making a ‘subject access request’ under the Data Protection Act 2018. If any information is held about you, Cobalt will:-
- Give you a description of the personal data for which you are the data subject;
- The purposes for which they are being held;
- The recipients or classes of recipients to whom they are or may be disclosed; and
- Let you have a copy of your data in an intelligible form.
To make a request to Cobalt for any personal information we may hold or to make a complaint about privacy issues, you can put the request in writing to the address above, email us on firstname.lastname@example.org or call 01242 535900.
You are entitled to have personal data rectified if it is inaccurate or incomplete.
If we have disclosed the personal data in question to others, we must contact each recipient and inform them of the rectification - unless this proves impossible or involves disproportionate effort. If asked to, we must also inform you about these recipients.
How long do we have to comply with a request for rectification?
We must respond within one month.
This can be extended by two months where the request for rectification is complex. If we decide not to take action in response to a request for rectification, we will explain to you the reasons why and explain your right to complain to the supervisory authority.
You have a right to have personal data erased and to prevent processing in specific circumstances:-
- Where the personal data is no longer necessary in relation to the purpose for which it was originally collected/processed.
- When you withdraws consent.
- When you object to the processing and there is no overriding legitimate interest for continuing the processing.
- The personal data was unlawfully processed (ie otherwise in breach of the DPA2018 & GDPR).
- The personal data has to be erased in order to comply with a legal obligation.
- The personal data is processed in relation to the offer of information society services to a child.
We can refuse to comply with a request for erasure where the personal data is processed for the following reasons:-
- To exercise the right of freedom of expression and information;
- To comply with a legal obligation for the performance of a public interest task or exercise of official authority.
- For public health purposes in the public interest; archiving purposes in the public interest, scientific research historical research or statistical purposes; or the exercise or defense of legal claims.
Please note that the right to be forgotten does not apply to special category data i.e. your medical or health records.
Right to Restrict Processing:-
We will be required to restrict the processing of personal data in the following circumstances:-
- Where you contest the accuracy of the personal data, we should restrict the processing until verifying the accuracy of the personal data.
- Where you have objected to the processing (where it was necessary for the performance of a public interest task or purpose of legitimate interests), and we are considering whether we have legitimate grounds to override your rights.
- When processing is unlawful and you oppose erasure and request restriction instead.
- If we no longer need the personal data but you require the data to establish, exercise or defend a legal claim.
USE OF THE WEBSITE
- The Cobalt website may include links to other sites, not owned or managed by us. We cannot be held responsible for the privacy of information collected by websites not managed by us.
- Search queries and results are logged anonymously to help us improve our website and search functionality. No user-specific data is collected by either Cobalt or any third party.
- We may collect your personal information if you choose to provide this to us via an online form or by email.
- If you're aged 16 or under, you must get your parent/guardian’s permission before you provide any personal information on through links on this Website.
In the interests of training and continually improving our services calls to Cobalt may be monitored or recorded. If payment details are required to be taken over the telephone, that section of the call will not be recorded.
Any email sent to us, including any attachments, may be monitored and blocked if the email is potentially a threat to our information systems or illegal.
Many of our premises are surveyed by CCTV for the purposes of security. Images and videos may be retained for a limited period.
From time to time we would like to keep you up to date with news of the work of the Charity, educational events and fundraising activities. We will ask you if you are happy to receive the updates and by which method. We will always aim to provide a clear process for you to opt out. You can stop us from contacting you for marketing purposes by clicking on the ‘unsubscribe’ link embedded within the email that has been sent to you, by emailing email@example.com, by ringing 01242 535922. We will remove your data from our contacts lists within 28 days.
If you make contact with us via social media, we will consider this implied consent to respond through the same channel if required or appropriate to do so. If you request support from Cobalt via social media for fundraising activities we will discuss and agree this with you in advance.
We may access information you share publicly on social media for recruitment, fundraising support or marketing purposes.
When individuals apply to work at Cobalt, we will only use the information they supply to us to process their applications and to monitor recruitment statistics. Where we want to disclose information to a third party, for example where we want to take up a reference or obtain a ‘disclosure’ from the Disclosure Barring Service (DBS) previously known as the Criminal Records Bureau (CRB) we will not do so without informing applicants beforehand unless the disclosure is required by law.
Personal information about unsuccessful candidates will be held for up to 12 months after the recruitment exercise has been completed, it will then be destroyed or deleted. We retain de-personalised statistical information about applicants to help inform our recruitment activities, but no individuals are identifiable from that data.
COBALT IS RESPONSIBLE FOR COLLECTING YOUR PERSONAL INFORMATION
When we collect your personal information we use strict procedures and security features to prevent unauthorised access. However, no data transmission over the internet is 100% secure. As a result, while we try to protect your personal information, Cobalt cannot guarantee the security of any information you transmit to us and you do so at your own risk.
In addition, from time to time we may exchange your personal information with other organisations for the purposes of fraud and credit risk reduction. We may also share information with our financial and legal advisers for the purposes of obtaining advice and protecting our legal rights.
FUNDRAISING PREFERENCE SERVICE
Cobalt subscribes to the Fundraising Regulator and the Fundraising Preference Service. Further information and FAQs about the service can be found on the FPS website:- www.fundraisingpreference.org.uk or by phoning 0300 999 3418.
CHANGES TO THIS PRIVACY NOTICE