1. Data controller: Autism In Mind (AIM)
AIM (“we”) collects and processes personal data relating to its clients (“you”) to manage the client relationship. We are committed to being transparent about how we collect and use that data and to meeting our data protection obligations.
2. What information do we collect about you?
We collect and process a range of information about you. This may include:
Personal details
Type of data Name, date of birth
Purpose of data Identification purposes
Contact details
Type of data Address, telephone numbers, emails, text
Purpose of data To contact you only if necessary to support your needs
Notes
Type of data Typed notes
Purpose of data Notes from meetings with you and meetings attended on your behalf, which we may need to refer back to in order to support your needs.
Other agencies
Type of data Letters, information extracted from email
Purpose of data Information that we need in order to support you regarding, diagnosis information, benefits, safeguarding, GP’s and any other agencies whom we need to liaise with in order to support your needs.
We may collect this information in a variety of ways. For example, data might be collected through the online enquiry form completed when you first contact us; via a referral form completed on your behalf by a professional. We may ask you to complete an online form, or data may be collected during conversations and meetings that we have, and other documents you disclose to us.
We will seek information from third parties with your consent only.
Data will be stored safely in a range of different places, including in your paper case matter file or in IT systems (including our email system)
3. Why do we process personal data?
We need to process personal data to provide you with our services and ensure we provide you with the support most appropriate to your needs and to be able to respond to any complaints raised by you.
We process and share other special categories of personal data, such as age, postcode with North East North Cumbria (NENC) Integrated Care Board (ICB) who commission our services where the information is necessary for re-commissioning purposes.
We are required to share information that does not identify you (anonymised) with NHS Digital who are the statutory custodian for health and care data for England.
The NHS national data opt-out allows a patient to choose if they do not want their confidential patient information to be used for purposes beyond their individual care and treatment - for research and planning. Patients, or people acting for them by proxy, have control over setting or changing their own opt-out choice, and can change their mind at any time. Information on opting out can be found here:
4. Who has access to data?
Your information is shared internally with AIM staff members who have a legitimate reason for access.
5. How do we protect your data?
We take the security of your data seriously. We have internal policies and controls in place to ensure that your data is not lost, accidentally destroyed, misused or disclosed, and is not accessed except by our employees in the performance of their duties.
Where we engage third parties on your behalf, we do so on the basis of verbal consent, the third parties are under a duty of confidentiality and are obliged to implement appropriate technical and organisational measures to ensure the security of your data.
6. For how long do we keep data?
We will hold your personal data for as long as you are involved with us. If we have no contact with you after a period of 2 years, your data will be safely destroyed/deleted.
7. Your rights
As a data subject, you have a number of rights. You can:
· access and obtain a copy of your data on request
· require us to change/amend incorrect or incomplete data
· require us to delete your data
8. What if you do not provide personal data?
If you do not provide us with personal data it will hinder our ability to support you effectively, or we may not be able to support you at all.