Headway Shropshire logo

Headway Shropshire

Improving life after brain injury

Privacy Notices



As a member of Headway Shropshire, we take your privacy rights seriously. This document explains how we obtain, process, store and share your personal information, in accordance with the General Data Protection Regulation (GDPR) 2018.

Please click the headings for more information on each topic:

 

We keep records about your membership. This may include:

  • Your basic details, such as name, address, date of birth, phone number and email address.
  • An indication of whether you are a supporter, professional, employee, carer or brain injury survivor.

We hold some of your records on paper and some electronically on a secure computer system.

Your information is used solely to enable us to administer your membership.

We do not share your membership information with third parties except external storage providers where any information is kept secure and confidential.

You always have the right to refuse or withdraw your consent to information being shared in this way, but this could affect your ongoing membership.

Your membership information will never be shared for marketing purposes.

Further information:

If you need more information on what personal information we share, you can contact us – contact details at the end of this document.

  • Paper-based information is kept in locked cabinets with access being restricted to those staff who need it.
  • Computerised records are stored and accessed as follows:
    • Your information may be stored on a fileserver or on individual PCs. These machines are protected by usernames and passwords, with access restricted to those who need it.
    • Your information may be stored in external systems provided by third party organisations. We carry out due diligence to obtain evidence from suppliers to confirm that these systems meet the required data security standards, so that we can be sure that your information will be safe with them.
    • Some of your information may be accessed via secure web page or web application, again protected by username and password, with access restricted to those who need it, and with all data transmitted across the internet in encrypted form.
    • Some of your data may be accessible by mobile devices such as tablet computers or smartphones. This access is protected by username and password, with access restricted to those who need it, and with all data transmitted across the internet in encrypted form.
  • All employees receive training on data confidentiality to remind them of their obligations to keep your data safe and confidential.
  • All employees and the organisations we deal with have legal obligations to safeguard your confidentiality.
  • We have an Information Security policy in place to ensure that staff comply with security procedures.
  • We have a disciplinary policy to deal with any incident where confidentiality has been broken, and to discourage this from happening.
  • For more information on how we keep your information safe, you can email us – contact details at the end of this document.

Your membership information will be kept for seven years after your membership ends. When the time comes, we will always dispose of your information securely.

You have the right to see any of your information that we have on file, whether electronically or on paper, except for certain information, for example:

You have a right to see the information we hold about you, both on paper or electronic, except for information that:

  • Information that has been given to us by someone else without permission for you to see it
  • Information that relates to criminal offences or is being used to detect or prevent crime
  • Information that, if released to you, could cause harm to you, or to someone else

You may request to see your information at any time. Your request has to be made in writing. We will need to see proof of identity before releasing your personal information.

Your request should be sent to the Data Controller – address at the end of this document.

To stop us holding information about you, you can withdraw your consent to this by contacting us - contact details at the end of this document. Please note that if you choose to withdraw your consent in this way, we may no longer be able to offer membership to you.

As an employee or volunteer of Headway Shropshire, we take your privacy rights seriously. This document explains how we obtain, process, store and share your personal information, in accordance with the General Data Protection Regulation (GDPR) 2018.


Please click the headings for more information on each topic:


We keep records that may include:

  • Your basic details, such as name, address, date of birth, National Insurance number, phone number and email address
  • Bank details
  • Copies of identity documents
  • Copies of Disclosure and Barring Service checks
  • Contact details for your next of kin
  • Information on medication and allergies
  • Personnel records such as absence data, job title, employment contract, disciplinary records, records of meetings and supervisions, training you have received
  • Financial information such as salary/pay rate, pension details
  • PAYE and National Insurance records, tax code
  • Medical insurance details
  • Payment records, for example payment of salary/wages, expenses, tax and National Insurance

We hold some of your records on paper and some electronically on a secure computer system.

Your information is used to enable us to employ you and to administer your employment in line with legislation, your employment contract, your needs and your preferences.

We may share appropriate parts of your personal information, and only when necessary, with the following:

  • HMRC and other Government agencies in order to carry out our Statutory duties, for example paying PAYE tax and National Insurance relating to your employment
  • Headway Shropshire’s solicitor if we require legal advice on any aspect of your employment/placement
  • the emergency services in cases of emergency
  • our pension scheme provider to enable us to provide pension scheme membership to you
  • our medical insurance provider (if you have given explicit consent) to enable us to provide medical insurance to you
  • our bank, to enable payment of your salary or wages

You always have the right to refuse or withdraw your consent to information being shared in this way, but this could affect your employment and we are required by law to share some information in order to carry out our Statutory duties.

Please also note that your right to confidentiality may be overridden in certain circumstances when we have to share information about you with others. This is unusual, but in these circumstances we do not need your consent to share necessary information. Here are some examples:

  • We believe there is a risk of you being seriously harmed if we do not share information
  • We believe there is a risk of someone else being seriously harmed if we do not share information
  • We have been asked to provide information by a Court
  • Information is needed for the investigation of a serious crime
  • If your information needs to be shared for other legal or public health reasons, such as certain infectious illnesses

Your personal information will never be shared for insurance or other marketing purposes.

Further information:

If you need more information on what personal information we share, you can contact us – contact details at the end of this document.

  • Paper-based information is kept in locked cabinets with access being restricted to those staff who need it.
  • Computerised records are stored and accessed as follows:
    • Your information may be stored on a fileserver or on individual PCs. These machines are protected by usernames and passwords, with access restricted to those who need it.
    • Your information may be stored in external systems provided by third party organisations. We carry out due diligence to obtain evidence from suppliers to confirm that these systems meet the required data security standards, so that we can be sure that your information will be safe with them.
    • Some of your information may be accessed via secure web page or web application, again protected by username and password, with access restricted to those who need it, and with all data transmitted across the internet in encrypted form.
    • Some of your data may be accessible by mobile devices such as tablet computers or smartphones. This access is protected by username and password, with access restricted to those who need it, and with all data transmitted across the internet in encrypted form.
  • All employees receive training on data confidentiality to remind them of their obligations to keep your data safe and confidential.
  • All employees and the organisations we deal with have legal obligations to safeguard your confidentiality.
  • We have an Information Security policy in place to ensure that staff comply with security procedures.
  • We have a disciplinary policy to deal with any incident where confidentiality has been broken, and to discourage this from happening.
  • For more information on how we keep your information safe, you can email us – contact details at the end of this document.

Your personal information will be kept for seven years after you leave our employment. When the time comes, we will always dispose of your information securely.

You have the right to see any of your information that we have on file, whether electronically or on paper, except for certain information, for example:

You have a right to see the information we hold about you, both on paper or electronic, except for information that:

  • Information that has been given to us by someone else without permission for you to see it
  • Information that relates to criminal offences or is being used to detect or prevent crime
  • Information that, if released to you, could cause harm to you, or to someone else

You may request to see your information at any time. Your request has to be made in writing. We will need to see proof of identity before releasing your personal information.

Your request should be sent to the Data Controller – address at the end of this document.

To stop us holding information about you, you can withdraw your consent to this by contacting us - contact details at the end of this document. Please note that if you choose to withdraw your consent in this way, we may no longer be able to provide employment to you.

We are legally bound to retain your personal information for seven years after you leave our employment even if you request that it should be deleted. This is because the social care legislation overrides the General Data Protection Regulations on this point.

As a volunteer or Trustee of Headway Shropshire, we take your privacy rights seriously. This document explains how we obtain, process, store and share your personal information, in accordance with the General Data Protection Regulation (GDPR) 2018.


Please click the headings for more information on each topic:


We keep records that may include:

  • Your basic details, such as name, address, date of birth, National Insurance number, phone number and email address
  • Bank details
  • Copies of identity documents
  • Copies of Disclosure and Barring Service checks
  • Contact details for your next of kin
  • Information on medication and allergies

We hold some of your records on paper and some electronically on a secure computer system.

Your information is used to enable us to administer your trusteeship or placement as a volunteer, in line with legislation, your needs and your preferences.

We may share appropriate parts of your personal information, and only when necessary, with the following:

  • HMRC and other Government agencies in order to carry out our Statutory duties, for example paying PAYE tax and National Insurance relating to your employment
  • Headway Shropshire’s solicitor if we require legal advice on any aspect of your employment/placement
  • the emergency services in cases of emergency

You always have the right to refuse or withdraw your consent to information being shared in this way, but this could affect your trusteeship/placement and we are required by law to share some information in order to carry out our Statutory duties.

Please also note that your right to confidentiality may be overridden in certain circumstances when we have to share information about you with others. This is unusual, but in these circumstances we do not need your consent to share necessary information. Here are some examples:

  • We believe there is a risk of you being seriously harmed if we do not share information
  • We believe there is a risk of someone else being seriously harmed if we do not share information
  • We have been asked to provide information by a Court
  • Information is needed for the investigation of a serious crime
  • If your information needs to be shared for other legal or public health reasons, such as certain infectious illnesses

Your personal information will never be shared for insurance or other marketing purposes.

Further information:

If you need more information on what personal information we share, you can contact us – contact details at the end of this document.

  • Paper-based information is kept in locked cabinets with access being restricted to those staff who need it.
  • Computerised records are stored and accessed as follows:
    • Your information may be stored on a fileserver or on individual PCs. These machines are protected by usernames and passwords, with access restricted to those who need it.
    • Your information may be stored in external systems provided by third party organisations. We carry out due diligence to obtain evidence from suppliers to confirm that these systems meet the required data security standards, so that we can be sure that your information will be safe with them.
    • Some of your information may be accessed via secure web page or web application, again protected by username and password, with access restricted to those who need it, and with all data transmitted across the internet in encrypted form.
    • Some of your data may be accessible by mobile devices such as tablet computers or smartphones. This access is protected by username and password, with access restricted to those who need it, and with all data transmitted across the internet in encrypted form.
  • All employees receive training on data confidentiality to remind them of their obligations to keep your data safe and confidential.
  • All employees and the organisations we deal with have legal obligations to safeguard your confidentiality.
  • We have an Information Security policy in place to ensure that staff comply with security procedures.
  • We have a disciplinary policy to deal with any incident where confidentiality has been broken, and to discourage this from happening.
  • For more information on how we keep your information safe, you can email us – contact details at the end of this document.

Your personal information will be kept for seven years after you leave your post as trustee or leave a volunteering post. When the time comes, we will always dispose of your information securely.

You have the right to see any of your information that we have on file, whether electronically or on paper, except for certain information, for example:

You have a right to see the information we hold about you, both on paper or electronic, except for information that:

  • Information that has been given to us by someone else without permission for you to see it
  • Information that relates to criminal offences or is being used to detect or prevent crime
  • Information that, if released to you, could cause harm to you, or to someone else

You may request to see your information at any time. Your request has to be made in writing. We will need to see proof of identity before releasing your personal information.

Your request should be sent to the Data Controller – address at the end of this document.

To stop us holding information about you, you can withdraw your consent to this by contacting us - contact details at the end of this document. Please note that if you choose to withdraw your consent in this way, you may be prevented from holding a trusteeship or volunteering placement.

As a client of Headway Shropshire, we take your privacy rights seriously. This document explains how we obtain, process, store and share your personal information, in accordance with the General Data Protection Regulation (GDPR) 2018.


Please click the headings for more information on each topic:


We keep records about your health and care needs. This may include:

  • Your basic details, such as name, address, date of birth, phone number and email address, bank PIN number if we have consent to withdraw cash from the bank for you or to assist you with this.
  • Care assessments, risk assessments, care plans – past and present
  • Contact details for your next of kin
  • Information on medication and allergies
  • Information on your personal preferences relating to your care
  • Information from your family, other who care for you or other professionals
  • Arrangements for your regular care and support
We hold some of your records on paper and some electronically on a secure computer system.

Your information is used to enable us to provide the best possible care to you. It is important that we have this information, because it helps us to:

  • Assess your needs and for make decisions about your care
  • Provide quality care meeting or exceeding legal standards
  • Keep records of the care you have received in accordance with the law
  • Assess the care we give you, to ensure it meets quality standards
  • Investigate any incident, complain or concern that arises about your care

If we have the appropriate consent, we may share appropriate parts of your personal information, and only when necessary, with the following:

  • The NHS and other agencies such as Social Services who are involved in your care
  • Solicitors
  • The emergency services
  • Advocates
  • The Clinical Commissioning Group
  • The Care Quality Commission
  • Case managers
  • Housing trusts
  • Funding authorities
  • Therapy services e.g. Community Neurological Rehabilitation Team (CNRT)

However, the NHS and other agencies, including social services and private healthcare organisations work together so we may need to share information about you, with other professionals and services involved in your care.

We share this information so that you will receive appropriate care and support for you, or when this information is needed in order to safeguard the welfare of other people.

You always have the right to refuse or withdraw your consent to information being shared in this way, but this could affect the care we provide you with.

Please also note that your right to confidentiality may be overridden in certain circumstances when we have to share information about you with others. This is unusual, but in these circumstances we do not need your consent to share necessary information. Here are some examples:

  • We believe there is a risk of you being seriously harmed if we do not share information
  • We believe there is a risk of someone else being seriously harmed if we do not share information
  • We have been asked to provide information by a Court
  • Information is needed for the investigation of a serious crime
  • If you are subject to the Mental Health Act (1983), under certain circumstances we have to share information with your nearest relative even if you object
  • If your information needs to be shared for other legal or public health reasons, such as certain infectious illnesses

Your personal health information will never be shared for insurance or other marketing purposes.

Further information:

If you need more information on what personal information we share, you can contact us – contact details at the end of this document.

  • Paper-based information is kept in locked cabinets with access being restricted to those staff who need it.
  • Computerised records are stored and accessed as follows:
    • Your information may be stored on a fileserver or on individual PCs. These machines are protected by usernames and passwords, with access restricted to those who need it.
    • Your information may be stored in external systems provided by third party organisations. We carry out due diligence to obtain evidence from suppliers to confirm that these systems meet the required data security standards, so that we can be sure that your information will be safe with them.
    • Some of your information may be accessed via secure web page or web application, again protected by username and password, with access restricted to those who need it, and with all data transmitted across the internet in encrypted form.
    • Some of your data may be accessible by mobile devices such as tablet computers or smartphones. This access is protected by username and password, with access restricted to those who need it, and with all data transmitted across the internet in encrypted form.
  • All employees receive training on data confidentiality to remind them of their obligations to keep your data safe and confidential.
  • All employees and the organisations we deal with have legal obligations to safeguard your confidentiality.
  • We have an Information Security policy in place to ensure that staff comply with security procedures.
  • We have a disciplinary policy to deal with any incident where confidentiality has been broken, and to discourage this from happening.
  • For more information on how we keep your information safe, you can email us – contact details at the end of this document.

Your personal information will be kept for seven years after you leave our care, unless it is subject to the Records Management Code of Practice for Health and Social Care Act 2016. This Code may recommend that we keep some of your information for longer periods. When the time comes, we will always dispose of your information securely.

You have the right to see any of your information that we have on file, whether electronically or on paper, except for certain information, for example:

You have a right to see the information we hold about you, both on paper or electronic, except for information that:

  • Information that has been given to us by someone else without permission for you to see it
  • Information that relates to criminal offences or is being used to detect or prevent crime
  • Information that, if released to you, could cause harm to you, or to someone else

You may request to see your information at any time. Your request has to be made in writing. We will need to see proof of identity before releasing your personal information.

Your request should be sent to the Data Controller – address at the end of this document.

To stop us holding information about you, you can withdraw your consent to this by contacting us - contact details at the end of this document. Please note that if you choose to withdraw your consent in this way, we may no longer be able to provide services to you.

We are legally bound to retain your personal information for seven years after you leave our care even if you request that it should be deleted. This is because the social care legislation overrides the General Data Protection Regulations on this point.


Contact Details:


The Data Controller 
Headway Shropshire Limited
Holsworth Park
Oxon Business Park
Shrewsbury
SY3 5HJ


Email: payrollofficer@headwayshropshire.org.uk Telephone: 01743 365271

Headway Shropshire logo

Headway Shropshire

Holsworth Park

Oxon Business park

Shrewsbury

Shropshire

United Kingdom

SY3 5HJ

Tel:   01743 365565

Fax:  01743 365563

Email: admin@headwayshropshire.org.uk

Headway Shropshire is a Registered Charity (No. 1100376) and is a Company Limited by Guarantee

(No. 4884834) registered in England.