Who is the data controller
Leeds City Council is the data controller for the data provided by Helm users to the Helm development project. It is run in partnership with health and social care organisations and led by Leeds City Council.
What data do we collect
Helm collects data provided by individuals who participate in the project and who contribute information in the form of “top three things to know about me”.
How do we use your data
The Helm programme aims to build a citizen centred record capability for Leeds city. This means data provided by you is used for the purpose of self-care and wellbeing management and may be used by health and social care professionals. They will use it to inform their own decision making as well as help Helm users make more informed health and wellbeing decisions.
How do we share your data
Data provided by you will be accessed by health and care professionals for the purpose of better management of citizens’ health and care needs. They may choose to record the data you provide onto your medical records held by them.
Where users experience technical issues, a member of the Synanetics technical team will access your account to investigate the problem. In this instance the personal data would only be accessed upon the instructions from the Helm team.
We will only share your data with organisations which are signatories to the information sharing agreement. These signatories are:
- Leeds City Council (Data Controller)
- Leeds Teaching Hospital Trust
- Leeds NHS Clinical Commissioning Group
- GP Practices
- Leeds and York Partnership NHS Foundation Trust
- Leeds Community Healthcare NHS Trust
- Yorkshire Ambulance Service
- St Gemma’s Hospice
- Wheatfields Hospice
In some cases we will share your data with other organisations where we are required to do so by law and for crime and fraud prevention purposes.
How do we store your data
Data provided by you will be recorded and stored within your own account held in a secure UK Cloud environment. All the information inputted by you on Helm will be held in accordance with the Helm retention schedule.
Live records will be held for the duration of your involvement with the programme. Where users have withdrawn from the programme or haven’t used the account for twelve months, their accounts will be closed and the information stored on them will be removed from the system in accordance with the Helm retention schedule.
All information gathered for the evaluation of the project will be retained by the Helm project team at Leeds City Council for a period of one year after submission of the final evaluation and then confidentially destroyed in accordance with the Helm retention schedule.
Your data protection rights
You have a number of rights under data protection legislation which are applicable in relation to your Helm account. The rights marked with an asterisk (*) on the list below may not be applicable if you choose to exercise them in respect of your medical records held by health and care professionals.
Right to be informed
You will be able to view the terms and conditions and privacy notice as part of the enrolment process. The terms and conditions and privacy notice acceptance ‘tick box’ will be presented for every login session. You will be mandated to acknowledge and accept changes to the terms and conditions and privacy notices when there are updates.
Right to access
You have the right to request access to your health and care records available to you through Helm. If you wish to access information held about you over and above that accessed through Helm you will need to submit a data subject access request to the relevant organisation that holds the information you require. If you wish to access data held in the Helm archive you will need to contact
dpfoi@leeds.gov.uk.
Right to rectification
This right applies when the information is inaccurate or incomplete. You have the right to request the controller to have the data completed and rectified. Where you input information inaccurately onto your Helm account and later decide to correct this information, please be aware that these changes may not necessarily be rectified in the individual organisations' systems and you will be expected to inform them of these changes directly.
Right to erasure* (Right to be forgotten)
You have the right to request from the controller the erasure of personal data concerning you if the continued processing of the data is not justified. You will need to submit the request in writing.
Right to restrict processing
You have the right to request the restriction or suppression of your personal data. You can make a request for restriction verbally or in writing.
The right to data portability*
The right to data portability gives you the right to receive personal data you have provided to a controller in a structured, commonly used and machine readable format.
Right to object to processing
The
UK General Data Protection Regulation (UK GDPR) gives you the right to object to the processing of your personal data in certain circumstances, where processing is causing you substantial damage or distress. You can make an objection verbally or in writing.
Rights in relation to automated decision making and profiling*
There will be no automated decision making or profiling under this programme.
All enquiries in connection with exercising your rights in respect of data held on Helm should be submitted to Leeds City Council at
dpfoi@leeds.gov.uk.
Security of your data
Leeds City Council is leading on this project and acts as a data controller in respect of the data held on Helm, the system and its security. It is committed to taking all reasonable organisational and technical measures to ensure maximum security of personal data provided by you to Helm.
The Helm system has been built in such a way as to ensure its use can be audited at any time. This allows confidentiality and access to be monitored where necessary. The data access is done via secure transmission between respective systems which are subject to adequate controls documented in respective data processing agreements.
The Helm platform is implemented in a secure cloud environment via UK Cloud which is subject to robust contractual arrangement with disaster recovery and contingency solutions as part of the service provision. You have responsibility for safety and security of the data stored on your account and are asked to ensure that your login details and passwords are kept secure at all times and not shared with anyone else.
All organisations that you share Information with are approved by Leeds Information Governance Steering Group and are signatories to the Information Sharing Agreement with robust confidentiality and security obligations. All organisations have appointed appropriate officers to look after your data as follows:
- Data Protection Officers who are responsible for compliance with data protection legislation
- the Senior Information Risk Owner, who is accountable for the management of all information assets
- a Caldicott Guardian, who is responsible for the management of patient information and patient confidentiality
Data quality and assurance
It is important that the information you enter is accurate and up to date. You are responsible for accuracy of your data. This is because the data you contribute may be relied upon by health and care professionals when providing you with care.
If you think you have entered data that is not accurate, you need to correct it immediately on your Helm record. Any data that has been overwritten will be stored in the archive of your Helm account for audit purposes and may be accessed by you on request. However, you will not be able to alter that record.
Making a complaint
In the event where you wish to raise a complaint please contact
info@myhelm.org.
Withdrawing from the project
You can withdraw from participating in the project or in the evaluation at any time by contacting
info@myhelm.org. Please note that if you decide to withdraw from the programme we will not be able to retrieve any information which has already been used in the evaluation. Your views including the reasons for withdrawal would help us to evaluate the pilot.
Transferring of data abroad
Your personal information will not be transferred to and stored in another country outside of the UK.
Changes to this privacy notice
We keep our privacy notice under regular review. This privacy notice was last updated on 30 March 2020.