escv watermark 01 • East Sussex Community Voice

Privacy Policy

Privacy Policy Overview 

This Privacy Statement sets out the data processing practices carried out by East Sussex Community Voice [including in its role as the host of Healthwatch East Sussex and the East Sussex Voluntary Community & Social Enterprise Alliance].

1.1     We retain and use personal data (information that relates to and identifies living people) to help us carry out our role in delivering our various projects and programmes.

1.2     Our commitment to your personal information

We will always make sure that personal information is only captured where necessary, that we communicate when and why information is sought from you, and that any we do collect is protected and treated securely.

Any information that you give will be held in accordance with: 

We maintain a Register of Processing Activity (ROPA) and a data record and retention schedule which identify the lawful basis for capturing, storing and retaining personal data.

2       How we collect and use personal data and information

2.1     We collect personal information from visitors to our website(s) through the use of online forms and every time you email us or contact us with your details. We also collect feedback and views from people about the services that they access.

In addition, we receive information about our own staff, board members, volunteers and people who apply to work or volunteer for us.

2.2     Personal information about you may be used for the following purposes:

This may include any personal information that you choose to share with us, but we will treat this as confidential and protect it accordingly.

We will never include your personal information in our reports or other outputs unless we have obtained your consent to do so.

2.3     We have included more detail about each of the above and other various types of information we process under each of the headings listed within this statement. They are:

2.4     Information about people who use our website(s) 

Please note that this statement does not cover links within our website(s) to other websites. 

When you browse through the information on our websites, it does not store or capture your personal information.

We do log your IP address (as it is automatically recognised by the web server) but this is only so you can download the website onto your device rather than for any tracking purpose; it is not used for any other purpose. 

2.5     User provided information

When you use our websites, as a user or as a visitor, you may provide, and we may collect Personal Data. Examples of Personal Data include your name and email address or other contact details.

Personal Data also includes other information, such as geographic area or your preferences, when any such information is linked to information that identifies a specific individual. We will only collect personal information provided by you.

We will only collect personal information provided by you, such as: 

We will tell you why we need your personal information and how we will use it.

2.6     Measuring website usage (Google Analytics)

We use Google Analytics to collect information about how people use our websites. We do this to make sure it is meeting our users’ needs and to understand how we could do it better.

Google Analytics stores information about what pages you visit, how long you are on the site, how you got there and what you click on. We do not collect or store your personal information (e.g. your name or address) so this information cannot be used to identify who you are.

We also collect information on the number of times particular search terms are used and the number of failed searches. We use this information to improve access to websites and to identify gaps in the information content so we can plan appropriate expansion of the system.

Unless the law allows us to, we do not:

2.7     Signing up to our mailing lists for bulletins and information about our services and activities

We use third-party suppliers to provide our newsletter services. By subscribing to these services you will be agreeing to them handling your data. 


Third-party suppliers handle the data purely to provide these services on our behalf. These suppliers follow the requirements of the Data Protection Act 2018 and UK GDPR in how they obtain, handle and process your information and will not make your data available to anyone other than East Sussex Community Voice. 

2.8     Information about people who share their experiences with us by other means 

There are several ways that we collect feedback from people about their experiences of using statutory, voluntary and community services day to day.

This includes:

Where personally identifiable information is collected, we will ensure that we identify a valid lawful basis. Usually, we process it where we have your consent to keep it and we will be clear on how we intend to use your information. We will aim to anonymise information where we can but there may be instances where this is not possible in order for us to make change happen on your behalf.

There may be circumstances where we can and will keep the data without consent, but we must have a lawful basis for doing so, such as legal obligations or public tasks, including for safeguarding purposes.

We ensure that where consent is required it will be freely given, used only for agreed specific and unambiguous purposes and that you are well informed about how the information will be kept. This includes where it will be stored, details on security and for how long it will be kept. We will always comply with current data protection legislation.

Where we are processing your personal data with your consent, you have the right to withdraw that consent at any time. If you change your mind, or you are unhappy with our use of your personal data, please let us know by contacting us using our contact details (see below).

For any other services we use to handle data via a commercial company or partner, there is always a Memorandum of Understanding (MOU), data sharing agreement or contract in place.

2.9     Personal data received from other sources 

On occasion we will receive information from the families, friends and carers of people who access statutory, commercial and voluntary services. We use this data to inform providers and commissioners and help them deliver services that work for you. 

Where it is practically possible, we will make sure that we have your consent to use information that is about you. We will only process your personal data where there is a lawful basis to do so under current data protection legislation. 

2.10  Publishing information

In most cases we anonymise our data to ensure that a person cannot be identified, unless this has been otherwise agreed and consent has been sought and given.

2.11  Information about people who contact our Healthwatch Information and Signposting Service

In delivering Healthwatch East Sussex, we also provide an Information and Signposting Service to help people access, understand, and navigate health and care services in East Sussex. Our trained staff can help people to find out about:

You do not have to tell the Advisor anything you do not want to, and you do not have to give your name or location. Any personal information you do give to the service will not be shared with any other organisations without your consent.

We record the details of all enquiries securely and use this information to capture trends and help improve people’s experiences of health and care in East Sussex. The records of all enquiries are retained and destroyed in line with our data retention policy.

If contact with our service is made, people will be asked to indicate their consent for us to store information about them and a record of this consent will be maintained on our database.

2.12  Safeguarding

It is recognised that there may be times when it is appropriate to breach confidentiality for legitimate reasons without permission. The law does not allow us to share your information without your permission, unless there is proof that someone is at risk. This risk must be identified as being serious before we can go against your right to confidentiality. 

In instances where East Sussex Community Voice staff, board members or volunteers are worried about your physical safety or we feel that we need to take action to protect you from being harmed in other ways, we will discuss this with you and, if possible, get your permission to tell others about your situation.

We may still share your information if we believe the risk to others is serious enough to do so. There may also be rare occasions when the risk to others is so great that we need to share the information straight away. If this is the case, we will make sure that we record the information we share and our reasons for doing so. We will let you know what we have done and why as soon as or if we think it is safe to do so.

2.13  Sharing your data with Healthwatch England 

In delivering Healthwatch East Sussex, East Sussex Community Voice is required to share information with Healthwatch England to ensure that your views are considered at a national level. This enables them to analyse service provision across the country and supply the Department of Health & Social Care and national health and care commissioners with the information you provide. 

Find out more about Healthwatch England’s purpose and what they do. 

The information we provide to Healthwatch England contains no personally identifiable data. Any information that is used for national publications is anonymised and will only be used with the consent of a local Healthwatch. 

2.14  Our Healthwatch data systems 

Healthwatch England provides a secure digital system for local Healthwatch to manage their data. Other organisations process the data contained within it on behalf of local Healthwatch and a Data Processing Agreement is in place to ensure that this is held securely and according to current data protection legislation.  

Healthwatch England is a committee of the Care Quality Commission (CQC) but acts independently. These organisations must comply with all legal requirements and do not reuse any data for any other reason or make it available to others.  

2.15  Information about our own staff and people applying to work with us 

We need to process personal data about our own staff (and people applying to work for us) so that we can carry out our role and meet our legal and contractual responsibilities as an employer. 

The personal data that we process includes information about racial or ethnic origin, religion/belief, disability, gender and sexuality. We use this information to check we are promoting and ensuring diversity in our workforce and to make sure we are complying with equalities legislation and the inclusive ethos set out in our Equalities Policy. 

Our applicants/employees decide whether or not to share this monitoring data with us and can choose to withdraw their consent for this at any time. Employees who wish to withdraw their consent for us to process this data can let us know. 

Other personal data that we are required to process includes information on qualifications and experience, pay and performance, contact details and bank details. 

We check that people who work for us are fit and suitable for their roles. This may include asking people to undertake Disclosure and Barring Service (DBS) checks. 

Staff, board members or volunteers joining East Sussex Community Voice may be asked to complete a ‘declaration of interests’ form to identify any services with which they have close links (for example, because they have previously worked there or because the service is run by a close relative) or any other issues which could cause a perceived conflict of interest.

We have a legal obligation to comply with the Freedom of Information Act 2000 and this may include the requirement to disclose some information about our employees – especially those in senior or public facing roles. We also publish some information about our staff, including the names, images and work contact details of people in some roles. 

2.16  Information about people who volunteer for us

We need to process personal data about our volunteers (including our Board of Directors) so that we can carry out our role and meet our legal and contractual responsibilities. 

The personal data that we process includes information about racial or ethnic origin, religion/belief, disability, gender and sexuality. We use this information to check we are promoting and ensuring diversity in our workforce and to make sure we are complying with equalities legislation.

Our board members and volunteers decide whether to share this monitoring data with us and can choose to withdraw their consent for this at any time. Volunteers and Board Directors who wish to withdraw their consent for us to process this data can let us know.

Other details that we may process includes information on qualifications and experiences, contact details and bank details (for the payment of expenses).

We check that people who work for us are fit and suitable for their roles. This may include asking people to undertake Disclosure and Barring Service (DBS) checks. 

Volunteers and Board Directors joining East Sussex Community Voice will be asked to complete a ‘declaration of interests’ form to identify any services with which they have close links (for example, because they have previously worked there or because the service is run by a close relative) or any other issues which could cause a perceived conflict of interest. Volunteers and Board Directors are regularly asked to update these forms.

We have a legal obligation to comply with the Freedom of Information Act 2000 and this may include the requirement to disclose some information about our Board Directors and Enter and View volunteers.

2.17  East Sussex Voluntary Community & Social Enterprise (VCSE) Alliance

In hosting the East Sussex VCSE Alliance, ESCV provide a members login area on the VCSE website to share information with and to facilitate collaboration between Alliance members.

 Members of the Alliance are invited to sign up to the login on a voluntary basis and we will tell you why we need your personal information and how we will use it during this process. We will only collect personal information provided by you, such as names and email addresses.

Data in this platform will be captured, stored and managed in accordance with the safeguards and processes outlined in this policy.

2.18  Cookies

A cookie is a small file, typically of letters and numbers, downloaded on to a device when the user accesses certain websites.

Please be aware that some systems on our websites require the use of cookies, but we will always state if this is the case. We will never collect and store information about you without your permission.

Our websites use cookies to help to identify and track visitors and their website access preferences. We use traffic log cookies to identify which pages are being used. This helps us analyse data about webpage traffic and improve our website in order to tailor it to our users’ needs. We only use this information for statistical analysis purposes.

Overall, cookies help us provide users with a better website by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.

We will never collect and store information about you without your permission. 

Find out more about our use of Cookies https://www.gov.uk/help/cookies

2.19  Third party cookies

We use videos from YouTube and feeds from other websites such as Facebook and Twitter on our websites. These third-party platforms place cookies on your device when watching or viewing these pages.

Below are links to their cookie policies:

2.20  Disabling cookies

You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer, however, this may prevent you from taking full advantage of the website or platform you are seeking to access.

Website visitors who do not wish to have cookies placed on their computers should set their browsers to refuse cookies before using the East Sussex Community Voice/Healthwatch East Sussex website.

There is more information about how to delete or stop using cookies on www.aboutcookies.org. If you wish, you can also opt out of being tracked by Google Analytics.

3       Sharing and publishing your information (including safeguarding)

3.1     How we share information with other organisations
We only share personal information with other organisations where it is lawful to do so and in accordance with our Data Protection Policy. Information is shared in order to fulfil our statutory, contractual and public interest obligations.

We work with various public, private and voluntary organisations. We can also engage external suppliers to process personal information on our behalf. 
We will only disclose your personal information where we have your consent to do so, or where there is another very good reason (lawful basis) to make the disclosure – for example, we may disclose information to the Care Quality Commission (CQC) or a local authority (East Sussex County Council) where we think it is necessary to do so in order to protect a vulnerable person from abuse or harm. Any such disclosure will be made in accordance with the requirements of the current data protection legislation. 

Wherever possible, we will ensure that any information that we share or disclose is anonymised, to ensure that you cannot be identified from it. 

We sometimes use other organisations to process personal data on our behalf. Where we do this, those companies are required to follow the same rules and information security requirements as us. They are not permitted to use or reuse the data for other purposes. 

We do not share or sell personal information to any other organisation for the purposes of direct marketing.

4       Security (including data systems)

4.1     Security – keeping information safe and secure

We are strongly committed to data security and we take reasonable and appropriate steps to protect your personal information from unauthorised access, loss, misuse, alteration or corruption. 

We have put in place physical, electronic, and managerial procedures to safeguard and secure the information you provide to us. 

Only authorised employees and contractors under strict controls will have access to your personal information. Our security includes:

5       Retention

5.1     Retention and disposal of personal data 

We use a retention and disposal schedule to guide how long we keep different types of records and documents, including records and documents containing personal data.

Personal data is deleted or securely destroyed at the end of its retention period. For more information on this please contact us.

6       Individual Rights

6.1     Your right to access information about you

If you think we may hold personal data relating to you and you want to see it please write to info@escv.org.uk  

When we receive a request from you in writing, we must normally give you access to everything we have recorded about you. However, we will not let you see any parts of your record if:

This applies to paper and electronic records. If you cannot ask for your records in writing, we will make sure there are other ways you can apply.

6.2     Your other rights
Under data protection legislation, you also have the right to:


Please make your request using our contact details below.

7       Contact details and how to complain

7.1     Our contact details and key roles 

East Sussex Community Voice is the data controller for all the personal data that you provide us with.

Any issues relating to the processing of personal data by or on behalf of East Sussex Community Voice may be addressed to: 

East Sussex Community Voice

Units31/31a

The Old Printworks

1 Commercial Road

Eastbourne

East Sussex

BN21 3UT

Telephone: 01323 403590

Email: info@escv.org.uk   

7.2     Data Protection Officer

East Sussex Community Voice’s Data Protection Officer under Article 37 GDPR is Peter Questier (East Sussex County Council, Information Governance Team, Children’s Services).

However, please contact us in the first instance if you have a query regarding this Privacy Policy or how your information is used.

If you feel that we have not met our responsibilities under data protection legislation, you have a right to request an independent assessment from the Information Commissioner’s Office (ICO). You can find details on their website

8       Compliance, monitoring and review

8.1     The Board of East Sussex Community Voice has the ultimate responsibility for implementing and reviewing this policy. The board will scrutinise our work on data protection to ensure that we meet our legal, ethical and operational commitments.

8.2     The East Sussex Community Voice Chief Executive holds the day-to-day responsibility for ensuring that this policy is implemented.

 8.3     This policy will be reviewed and updated on a two-year rolling basis by the East Sussex Community Voice Board.

 8.4     This policy may be revised sooner if there is a change in working premises, conditions or laws directly affecting data protection or any other aspect embedded in the document.