Privacy Policy

Healthworks Website Privacy Notice

Last updated: 16/12/24

At Healthworks, we are committed to protecting your privacy. This Privacy Notice explains how we collect, use, share, and safeguard your personal data when you visit our website or engage with us online. It also outlines your rights under the UK General Data Protection Regulation (GDPR) and the Data Protection Act 2018.

Who are we?

Healthworks is a charity and not-for-profit organisation dedicated to addressing health inequalities across Newcastle and the North East. We deliver a wide range of services on behalf of the NHS, Local Authorities, and other partners.

We act as the Data Controller for personal data collected via this website. Our Information Commissioner’s Office (ICO) registration number is Healthworks Newcastle Z6958810.

Contact details for our Data Protection Officer are:

Healthworks
Health Resource Centre,
Adelaide Terrace
Newcastle upon Tyne
NE4 8BE

Tel: 0191 272 4244

[email protected]

What Data Do We Collect?

We collect and process personal data to deliver our services effectively. The data we collect depends on your interactions with us and may include:

  • Directly Provided Data
    1. Identity Information:Name, date of birth, gender, ethnicity.
    2. Contact Information:Address, email, telephone number.
    3. Service-Specific Information:Health data, special education needs, or disability information (with consent).
    4. Payment Information:Bank or card details where necessary.
  • Automatically Collected Data: When you interact with our website, we may collect:
    1. Technical Data:IP address, browser type, and operating system.
    2. Usage Data:Information about how you navigate our website, including cookies and page views.
  • Data from Third Parties
    1. Analytics Providers:Google Analytics data to monitor website performance.
    2. Public Sources:Data publicly available for research purposes (with consent).

How do we use your personal data?

We collect personal data about people who access our services, support us or come into contact with us in any other way. This is so that we can:

  • claim Gift Aid
  • contact you for administrative purposes
  • ensure you don’t have to keep providing us with basic details when you interact with us or attend different services and activities
  • for community research purposes (with your permission)
  • keep you up to date with our work (if you opt in to our newsletters and marketing materials)
  • look into and respond to complaints and enquiries
  • monitor the work we do
  • provide you with a service e.g. employment support, benefits advice
  • report to our funders
  • send you information about how to get involved and support our work, through volunteering and fundraising
  • take your registration or payment details
  • tell stories to help us promote our work (with your permission)
  • We may use the information you give us to create a holistic assessment of your needs, this will be done with your clear consent, when you register with our services.

Legal Bases for Processing

  • Article 6(1)(b) GDPR – Contractual Necessity: When the processing of personal data is necessary to perform a contract or to take steps at the request of the individual prior to entering into a contract. For example: Registering you for events or services or Providing tailored health or support services.
  • Article 6(1)(a) GDPR – Consent: When individuals have explicitly consented to the processing of their personal data for specific purposes. For example: Sending marketing emails or newsletters (opt-in required). Collecting and processing sensitive data, such as health information or ethnicity.
  • Article 6(1)(c) GDPR – Legal Obligation: When processing is necessary to comply with a legal obligation. For example: Retaining financial records for tax purposes. Reporting safeguarding concerns or complying with health and safety laws.
  • Article 6(1)(f) GDPR – Legitimate Interests: When processing is necessary for the legitimate interests of Healthworks or a third party, provided these interests are not overridden by the rights and freedoms of the individual. For example: Monitoring website usage for security and optimisation purposes. Improving services through anonymous usage data. Or responding to user queries or complaints.
  • Article 9(2)(a) GDPR – Explicit Consent for Special Category Data When processing sensitive (e.g. Health, ethnicity, or disability information), explicit consent is required unless exception apply. For example: Collecting health data for tailored Health Interventions or using demographic information for research purposes (with consent).

Sharing Your Data

We only share your personal data when necessary and in compliance with the law. Recipients may include:

  • Service Providers: Organisations assisting us with service delivery.
  • Regulatory Bodies: To comply with legal obligations or regulatory requirements.
  • Funders: In anonymised formats for reporting purposes.

International Data Transfers

We do not transfer personal data outside the UK. If this change, we will update this notice and implement appropriate safeguards.

Retention of Data

We retain personal data only for as long as necessary to fulfil the purposes outlined here or as required by law. Retention periods vary depending on the type of data and context.

For detailed information, you may request our Data Retention Policy by contacting our DPO.

Subject Access Request

You can request access to the data we hold about you via our: Subject Access Request Form

Your written request should include:

  • your full name, address, and description of the information that you seek
  • two proofs of identification:
    • one photographic ID (a photocopy of your staff/student smartcard, passport, or driving license)
    • proof of address (a photocopy of a recent bill or statement showing your current address

Subject Access Requests should be addressed to:

Data Protection Officer

Healthworks
Health Resource Centre,
Adelaide Terrace
Newcastle upon Tyne
NE4 8BE

Email: [email protected]

Our response

We will usually process your request within 30 days. As long as we have received proof of your identity.

Following your request, we may write back to you within the 30-day time frame to request you to narrow or modify your requirements. This may also result in an extension of a further 60 days whilst we examine your request.

Information is provided in line with the General Data Protection Regulations (GDPR), Chapter 3, Article 15 (Recitals 63 and 64).

Complaints 
In the event that you wish to make a complaint about how your personal information is being processed by Healthworks (or third parties as described), you can contact the Data Protection Officer using the contact details above.

If you are not satisfied with how your complaint has been, or is being, handled, you have the right to lodge a complaint directly with the Information Commissioners Office who is the identified supervisory body:

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Tel: 0330 8303 0338
www.ico.org.uk

Service Privacy Notices

The following Service Privacy Notices are currently in use:

Automated Decision-Making and Profiling

We do not use automated decision-making or profiling in our data processing. If these changes, we will update this notice and inform you accordingly.

Your Rights

As a data subject, you have the following rights under the GDPR:

  1. Access:Request a copy of the personal data we hold about you.
  2. Correction:Request correction of inaccurate or incomplete data.
  3. Erasure:Request deletion of your data (subject to legal and contractual obligations).
  4. Restriction:Request restriction of data processing in specific circumstances.
  5. Objection:Object to processing based on legitimate interests or for direct marketing.
  6. Data Portability:Receive your data in a structured, commonly used, machine-readable format.
  7. Withdraw Consent:Withdraw consent for data processing where applicable.

To exercise your rights, please contact our DPO using the details provided above.

Cookies

Our website uses cookies which are small text files that originate from us and are stored on your computer or website server. They do not retrieve information about you that is stored on your hard drive and do not corrupt or damage your computer or computer files. They help us identify website visitor behaviour and visitors’ particular preferences. The below explains the cookies we use and why.

Google Analytics: These cookies are used to collect information about how visitors use our site. We use the information to compile reports and to help us improve the site. The cookies collect information in an anonymous form, including the number of visitors to the site, where visitors have come to the site from and the pages they visited. Click here for an overview of privacy at Google

Most web browsers allow some control of most cookies through the browser settings. To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit www.allaboutcookies.org.

To opt out of being tracked by Google Analytics across all websites visit http://tools.google.com/dlpage/gaoptout.

Links to other websites

Healthworks is not responsible for the content of external internet sites. You are advised to read the privacy policy of external sites before disclosing any personal information.

Changes to This Privacy Statement

We will update this privacy statement when necessary to reflect customer feedback and changes in our services/products. When we post changes to this statement, we will revise the “last updated” date at the top of the statement and describe the changes. If there are material changes to the statement or in how Healthworks will use your personal data, we will notify you either by prominently posting a notice of such changes before they take effect or by directly sending you a notification. We encourage you to periodically review this privacy statement to learn how Healthworks is protecting your information.