Why do we collect service users (non-patient/client) information and how do we use it?
At Dorothy House, there are lawful bases for the information that we process on those who hire / use our non-patient / client services. This includes, but is not limited to, those who attend our training courses, hire our facilities, hire us for DBS checking, use our library or hire us for another non-clinical service.
As an education and service provider, the main lawful basis (legal reason) for collecting and using personal information on training course attendees is because we hold a contract with these individuals. Processing information under this basis enables us to:
- Deliver, administer and invoice for our courses
- Visual and audio recording of our courses to play back to attendees within the course, which is an integral part of delivering some of our courses
Our library users and those hiring our facilities also enter into a “contract” with Dorothy House, giving us the lawful basis to process personal information, such as contact details, so that we can administer these services.
Dorothy House will ask, specifically, for “consent” if personal data for our service users (non-patient/client) is to be used for the following:
- Email marketing, for example of new training courses
- Ensuring adequate facilities to accommodate any special needs
- Marketing and publicity of future courses through the use of photos, videos and quotes.
What personal information do we collect about our service users (non-patient/client)?
Based on the data processing reasons outlined above, Dorothy House collects some of the following information:
Basic details: Name, postal / email address, telephone number.
Organisation details: Job title, organisation/employer
Training: Course feedback comments, video footage, photos, any special needs data for course participants
Where do we store service users (non-patient/client) information and for how long?
Service users’ (non-patient/client) information as outlined above is stored on secure databases, hosted at Dorothy House, which only Dorothy House employees and volunteers with a username and password can access. Staff receive training so that they are aware of their professional responsibility to respect confidentiality. This information could be kept up to 7 years for HMRC purposes.
Sharing personal information about service users (non-patient/client) with third parties
The Education, HR and Estates teams at Dorothy House are responsible for storing service users (non-patient/client) information and will need to share some of this information with third parties as follows:
- External training facilitators
- External education system providers (e.g. Moodle)
- Third party communications services: email marketing, survey providers
- Email marketing provider: We currently use Mailchimp to manage some of our email marketing. Mailchimp stores its data in the US, although it complies with the EU-US Privacy Shield Framework and the Swiss – US Privacy Shield Framework. Mailchimp uses personal data for its own purposes. You can read Mailchimp’s privacy information by clicking here. We are currently in the process of moving to a UK/EU hosted email marketing provider.