Who are we?
Coventry & Warwickshire Mind (CW Mind) is a mental health organisation which provides support to individuals experiencing mental health issues. We take your privacy very seriously.
What data do we keep?
We need to keep certain information (data) to provide support around mental health.
We use two legal bases for processing information under GDPR:
In most adult services, data is processed under ‘contract’ as we need this information to provide effective and efficient support. Once the information is given to us, we do not need permission to process it. There is also data that we need to ask for, for which we DO need consent:
- Equality information – we need to ask for this to comply with Equality Act 2010, but you can choose not to give it
- Care plans / medical reports / criminal convictions – we need this information to understand your mental health needs to further assess risk, but we do need to ask for your explicit consent first as this is more sensitive data.
One adult service and all children and young people’s services are provided using ‘legitimate interests’. This means that we do not need permission to process any information that is necessary to provide appropriate support.
For further information about what data we keep and how, please contact Head Office on 02476 552847.
How will the data be used?
- To enable us to provide you with an appropriate, effective, efficient service
- For monitoring or statistical purposes (we will not use identifiable data for this)
- For research, so we can improve our services in the future (we will not use identifiable data for this)
Your data will not be used for any automated decision making.
Where will we get the data from?
We will collect information from you, the person who refers you to us, or other mental health professionals having contact with you, and anyone else you would like us to speak to about your needs.
Who will we share your data with?
We will only share information with mental health professionals (e.g. your social worker, CPN, Consultant/GP), in the context of providing a service to you, only when it is necessary, and only with your consent. If there is an emergency, we may still need to share your data with other agencies, but we will only do this to keep you or others safe and if it is within your legitimate interests.¹
Monitoring or statistical data will be shared with funders/commissioners, but we will not share identifiable information with them. Where we provide services in partnership with other agencies we will ensure they sign a Data Sharing Agreement to keep your data safe.
How will we keep the data?
We will collect your data onto paper forms, or directly onto a secure service database. We will keep paper forms securely and destroy them as soon as we don’t need them any more (in most cases this will be as soon as the data has been transferred onto our secure database). Our databases are only accessible with individual staff passwords. Access within our databases is restricted to those people who need to see it as part of their job. All identifiable data will be destroyed when we no longer need it. For most services, this is three years after you have stopped receiving services from us.
What are my rights?
Right to be informed – This privacy notice explains the basics about what data we keep, why and how, and for how long. If you would like more information, please ask a member of staff or contact Head Office on (024) 7655 2847.
Right to access – On request, we will provide a copy of all the data we have about you. Please speak to Head Office on (024) 7655 2847 for information about how to go about this.
Right to remove consent – On request, we will destroy data that you have previously given consent for. Please bear in mind this may not mean we can destroy ALL of your data as we need to retain certain data by contract or for legitimate interests – see above.
Right to erasure – (or the ‘right to be forgotten’) When there is no longer any compelling reason for us to process your data, you can ask us to destroy it.
Right to be correct – We are obliged to correct any information we keep that is inaccurate. We will stop using your data (restrict processing) whilst it is rectified.
¹What are “legitimate interests”?
- The legitimate interests can be your own interests or the interests of third parties. They can include commercial interests, individual interests or broader societal benefits. Find out more.
GDPR Leaflets for Services