Positive Wellbeing privacy notice

Last Updated: 8th July 2021

This notice explains what personal data (information) we hold about you, how we collect, how we use and may share information about you.  We are required to give you this information under data protection law.

Who are we?

We are Kent County Council (KCC). KCC collects, uses and is responsible for certain personal information about you. When we do so we are regulated under the United Kingdom General Data Protection Regulation (‘UK GDPR’) and we are responsible as ‘controller’ of that personal information for the purposes of those laws.

Interreg Connected Communities is a pilot project run by Kent County Council’s Business Development Team and the Community Safety Team.  It aims to develop a local approach to preventative care for isolated older people through a new service model we call ‘Positive Wellbeing’.

Positive Wellbeing is about promoting a wide range of social activities and healthy lifestyle interventions. Your referral will be made to a Community Connector worker who then spends time with you and connects you to activities which are typically provided by voluntary and community sector organisations. Examples include volunteering, arts, sports, peer learning, gardening, welfare/financial advice, befriending, cookery, and healthy eating advice.

The personal information we collect and use

Information collected by us

If you are the third party making a referral on someone else’s behalf:

During the application process through our Positive Wellbeing referral form, we collect the following personal information provided to us by you, the third party:

Third party’s details:

  • Third party’s Name
  • Third party’s Contact details (telephone number, email address)

If you are the person being referred:

During the application process through our Positive Wellbeing referral form, where you directly apply yourself, we collect the following personal information when you provide it to us:

  • Name
  • Contact details (address, telephone number, email address)
  • Date of birth
  • Whether you require an interpreter.

In the course of providing the Connected Communities Positive Wellbeing service to you, we collect the following personal information when you provide it to us:

  • Gender
  • Marital status
  • Education, housing and employment details

We also collect the following special category information:

  • Details of medical information (including conditions and GP practice details) where relevant and appropriate
  • Your views about your wellbeing, social interaction, feelings of loneliness and lifestyle
  • Ethnicity.

Personal details (including name and address) are always recorded to enable the Community Connector to take the necessary steps required to complete the referral.

How we use your personal information

If you are the third party making a referral on someone else’s behalf, we use your personal information to:

  • Contact you if the details of the person being referred are incorrect and we are unable to get in touch with them.

If you are the person being referred, we use your personal information to:

  • Enable you to join the Positive Wellbeing scheme.
  • Determine any accessibility needs.
  • Develop a personal action plan and record your progress through the project. The action plan is used to help us signpost you to, or make referrals to, appropriate support services and to enable follow-up visits by an individual Community Connector. Details of referral options will be discussed with you and your permission to share will be obtained prior to making any referrals to third-party organisations e.g. clubs/societies.
  • Form centralised data within the project to support management functions regarding managing workloads, analysing demand profile on the service and analysing outputs of the service.
  • Form centralised data to support project reporting requirements and data sharing between partner agencies.

How long your personal data will be kept

If you are the third party making a referral on someone else’s behalf:

All personal information of the third party recorded as part of the referral is stored in an electronic form. Recorded information is retained for the duration of the time until first contact is made with the person referred into the service. After successful contact is made with the person referred into the service, the third party’s data is securely destroyed.

If you are the person being referred:

All personal information recorded by the Community Connectors in accordance with the above is primarily stored on an electronic case management system. Recorded information is retained for the duration of the time you are actively engaged with the project. After you leave the project, the health, ethnicity, gender, education, housing, employment & marital status data is also only held for 6 months data on your case record is securely destroyed after 6 months. All other personal data is held by us securely until 31/12/2027. After this time the complete case record is securely destroyed.

Reasons we can collect and use your personal information

The lawful basis on which we collect and use your personal data is that:

  • Article 6(1)(c): Processing is necessary for compliance with a legal obligation to which the controller is subject.
  • Article 6(1)(e): Processing is necessary for the performance of a task carried out in the public interest

We may also collect and use special categories of personal data (e.g. relevant medical conditions) specifically in order for us to provide you with the Positive Wellbeing service. We will normally collect this data via face-to-face conversations. In cases where this isn’t possible, we may conduct conversations over the telephone.

The lawful basis on which we collect and use this special category data is that:

  • Article 9(2)(g): Processing is necessary for reasons of substantial public interest (statutory purposes, equality of opportunity and Safeguarding of economic well-being of certain individuals)
  • Article 9(2)(h): Processing is necessary for the provision of health or social care
  • Article 9(2)(j): Processing is necessary for statistical purposes (which shall be proportionate to the aim pursued, respect the essence of the right to data protection and provide for suitable and specific measures to safeguard the fundamental rights and the interests of the data subject).

This is specifically in order for us to fulfil our duties under the Care Act 2014; to promote an individual’s social wellbeing and our duties under the Equality Act 2010.

Who we share your personal information with

If you are the third party making a referral on someone else’s behalf:

Your information is not shared.

If you are the person being referred:

Where there is a need to share your details for signposting or referral purposes, we will obtain your permission to share your details before any referrals are made.

The personal data that is held by us until 31/12/2027 is for the purposes of audit by Interreg who provide funding for the project and may wish to see evidence of the work we have conducted. Interreg is one of the key instruments of the European Union (EU) supporting cooperation across borders through project funding. Any audit by Interreg would take the form of an on-site visit to our business premises and would not require data to be transferred outside of the UK. We will share personal information with law enforcement or other authorities if required by applicable law.

Your rights

Under the UK GDPR you have rights which you can exercise free of charge that allow you to:

  • Where we have relied upon consent you may withdraw your consent at any time
  • Know what we are doing with your information and why we are doing it
  • Ask to see what information we hold about you (subject access request)
  • Ask us to correct any mistakes in the information we hold about you
  • Object to direct marketing
  • Make a complaint to the Information Commissioners Office

Depending on our reason for using your information you may also be entitled to:

  • Ask us to delete information we hold about you
  • Have your information transferred electronically to yourself or to another organisation
  • Object to decisions being made that significantly affect you
  • Object to how we are using your information
  • Stop us using your information in certain ways

Please contact the Information Resilience and Transparency Team at data.protection@kent.gov.uk to submit a Subject Access Request or for more information on your rights.

We will always seek to comply with your request however we may be required to hold or use your information to comply with legal duties. Please note: your request may delay or prevent us delivering a service to you.

For further information about your rights, including the circumstances in which they apply, see the guidance from the UK Information Commissioner's Office (ICO) on individuals’ rights under the United Kingdom General Data Protection Regulation.

Keeping your personal information secure

We have appropriate security measures in place to prevent personal information from being accidentally lost or used or accessed in an unauthorised way. We limit access to your personal information to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.

We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.

Who to contact

Please contact the Information Resilience and Transparency Team at data.protection@kent.gov.uk to exercise any of your rights, or if you have a complaint about why your information has been collected, how it has been used or how long we have kept it for.

You can contact our Data Protection Officer, Benjamin Watts, at dpo@kent.gov.uk.

The General Data Protection Regulation also gives you the right to lodge a complaint with the Information Commissioner who may be contacted on the ICO website or telephone 03031 231113.

Read our corporate privacy statement.