Skip to content

Are you worried about an adult? Please call 0344 800 8020

Report a concern

Norfolk SAR Privacy Policy

Introduction

This page provides information on how Norfolk Adult Safeguarding Board (‘NSAB’ or ‘the Board’) uses your personal information. 

Norfolk Safeguarding Adult Board is committed to protecting the privacy and security of your personal information. By personal information, we mean information which, by itself or with other data available to the Board, can be used to identify you.

This serves as a privacy notice:

  • Under the UK General Data Protection Regulation (GDPR) for the Safeguarding Adult Board’s, statutory functions relating to, for example,
  • Under Part 3 of the Data Protection Act 2018 (the DPA) for the Safeguarding Adult Board’s statutory functions relating to law enforcement.

In summary, this privacy notice:

  • Sets out how we promise to look after your personal information
  • Describes how we collect, use and share your personal information, and
  • Tells you about your privacy rights and how the law protects you

This privacy notice covers personal information we collect about:

  • Visitors to our website
  • People who use receive our services, for example, persons who have suffered abuse or neglect
  • People who refer others to our services
  • People who complain about any aspect of a service we provide
  • People who are subject to or have a connection with enforcement related activity

Who we are

Norfolk Safeguarding Adult Board is the "data controller" for the personal information held by the Board.  This means that we are responsible for deciding how we “process” (that is, collect, hold, use and disclose) your personal information.

Our address is Norfolk Safeguarding Adults Board, Adult Social Services, 8th Floor, County Hall, Martineau Lane, Norwich NR1 2UA.

Norfolk County Council’s County Council’s Data Protection Officer (DPO) is Helen Edwards. 

The kind of information we hold about you and who provides it

Personal information can be found within records which NASB holds which may include electronic records, letters, emails, photographs, audio recordings and video recordings.  It does not include information where the identity has been removed and you cannot be identified by this information and by any other information held NASB.

Personal information can include:

  • Basic details about you such as name, address, telephone number, email address and date of birth
  • National Insurance number
  • NHS number (if appropriate) as it helps to uniquely identify you when sharing information between health and social care
  • Communication needs
  • Social care services and support including social care assessments, mental health assessments, reviews and care and support plans
  • Personal history including educational and employment history
  • Family history and social relationships generally including relationship information such as next of kin, agent, attorney and other information as necessary
  • Accommodation and housing needs
  • Financial details if necessary including income and details of property ownership

We may also hold more sensitive personal data known under the GDPR as “special categories” and under the DPA as “sensitive processing”. Special category data and sensitive data is personal data revealing:  

  • Physical or mental health including details of your disability/medical conditions and mental health and wellbeing
  • Religious beliefs
  • Sexual life or sexual orientation
  • Race or ethnic origin 

Under the GDPR and DPA we may also collect information relating to criminal offences and criminal convictions. 

We may collect personal information about you from yourself directly or other individuals or organisations.

Who provides this information

The information we hold includes information you have provided to us.

We also receive information from:

  • Your family, carers, personal assistants and friends
  • Relevant teams within the County Council
  • District councils as housing authorities and administering housing benefits and council support benefits
  • Housing associations and housing support providers
  • Education providers including schools, 6th form colleges, higher education colleges and other post 16 educational providers
  • The voluntary sector
  • Government departments (eg Department for Work and Pensions, Department of Health, Home Office)
  • Health bodies and providers including local GPs, hospitals, mental health trust, community health and care trust, and ambulance service
  • Courts and other judicial agencies including Office of the Public Guardian and the Court of Protection
  • Immigration advisers
  • Substance misuse teams
  • Police
  • Probation service
  • Organisations providing care and support, such as home care agencies, care homes, nursing homes

What we use your personal information for

We use your personal information to:

  • The protection and safeguarding of vulnerable adults
  • Provide services and anything we must do by law
  • Identifying possible abuse
  • Deal with complaints
  • Assessing the quality of our services and evaluating and improving our policies and procedures
  • Financial assessments for the services
  • Mental Capacity Assessments
  • Tell you about the County Council’s services

We may also use information in other ways compatible with the above.  This will include supporting the work of other public bodies providing services to members of the public.

You do not have to provide information to us but, if you do not provide information, we may not be able to or it may inhibit our ability to provide services to you.

Confidential patient information is used to provide you with support and care and to organise the services you need. It may also be used for wider planning or research in health and social care. To find out more or to stop your confidential patient information being used for this, see Norfolk County Council’s national data opt-out privacy notice.

How the law protects you and the legal basis for processing your information

The GDPR and DPA place a legal obligation on NASB to process your personal information in accordance with the following data protection principles in that your personal data must be:

  • Used lawfully, fairly and in a transparent way
  • Collected only for valid purposes that we have explained to you and not used in any way that is incompatible with those purposes
  • Relevant to the purposes we have told you about and limited only to those purposes
  • Accurate and kept up to date
  • Kept only as long as is necessary for the purposes we have told you about
  • Kept securely 

There must also be a lawful basis for processing personal information – a justifiable reason for us to collect, store, use and disclose your personal information.  We have legal grounds to process this information because it is necessary for the performance of a task carried out in the public interest.

The tasks we carry out in the public interest, which include protecting adults from abuse, reducing the risk of abuse and supporting people to stop abuse where it happens, are under the:

  • Care Act 2014
  • Mental Health Acts 1983 and 2007
  • Mental Capacity Act 2005

We also process special category information and information about criminal offences/convictions under the GDPR and sensitive personal information under the DPA.

Who we share your personal data with

We may also share personal information with families and other organisations, in particular:

  • Adult Social Services
  • Organisations commissioned to provide care and support, such as home care agencies or care homes
  • Courts and other judicial agencies including Office of the Public Guardian and the Court of Protection
  • Police
  • Teams within the County Council to provide our services to you
  • District councils as housing authorities and administering housing benefits and council support benefits
  • Housing associations and housing support providers
  • Voluntary sector
  • Government departments (eg Department for Work and Pensions, Department of Health, Home Office)
  • Health bodies and providers including local GPs, hospitals, mental health trust and community health and care trust
  • Education providers including schools, sixth form colleges, higher education colleges and other post 16 educational providers
  • Substance misuse agencies
  • Advocacy services
  • Equipment providers and suppliers
  • Approved building contractors

We share this information without your specific consent as it is reasonable and necessary to do so to fulfil our public tasks or in respect of special category data it is in the substantial public interest to do so.  The law imposes safeguards to protect your privacy in these circumstances.

We will also share your information, subject to contractual and other legal safeguards, with organisations contracted by us to provide a service to us or directly to you. These service providers are known as data processors and have a legal obligation under GDPR and to us to look after your personal information and only use it for providing that service.

We may also share your data with other services within Norfolk County Council so that we can keep our information on you as up-to-date as possible and so that we can improve our services to you. 

If we transfer your personal information to other countries 

Your personal information may be transferred outside of the UK and the European Economic Area.  While some countries have adequate legal protections for personal data, in other countries steps will be necessary to ensure appropriate safeguards apply to the information.  These include imposing contractual obligations to ensure that these safeguards apply.  You can find details of what information the County Council may transfer to countries outside of the European Economic Area and the safeguards that apply in our privacy notices for council service areas.

How long we use your information for

We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. 

To work out the right retention period for personal data, we consider the following matters:

  • The amount, nature, and sensitivity of the personal data
  • The potential risk of harm from unauthorised use or disclosure of your personal data
  • The purposes for which we process your personal data and whether we can achieve those purposes through other means, and
  • Any legal or regulatory requirements

In some circumstances we may anonymise your personal information so that it can no longer be associated with you, in which case we may use such information without further notice to you.

Once you no longer require services from us, we will retain and securely destroy your personal information in accordance with our data retention schedule.

Automated decision making

We do not make automated decisions in respect of these services but if we do we will let you know.

Your responsibility to inform us of changes

It is important that the personal information we hold about you is accurate and current.

Please keep us informed if your personal information changes during your working relationship with us.  You can do to help us with this by:

  • Telling us when any of your details change; and
  • Telling us if any of the information we hold on you is wrong

Your rights under the GDPR

You have the following rights (but note, these rights do not apply in all circumstances):

  • Your right to be informed about the processing of your personal information.  This is the purpose of this notice.
  • Your right to have your personal information corrected if it is inaccurate and to have incomplete personal information completed
  • Your right to object to the processing of your personal data
  • Your right to restrict processing of your personal information
  • Your right to have your personal data erased (“the right to be forgotten”).  As above, please note this right is subject to several restrictions, which we will discuss further with you if you choose to exercise it.
  • The right to move, copy or transfer your personal information (“data portability”).  This only applies to personal data processed under the GDPR and only in certain limited circumstances.  This right does not apply to personal data processed under the DPA.
  • Rights to be notified of, object to and challenge any automated decision made in respect of you, including profiling
  • Your right to request access to your personal information and information about how the County Council processes it
  • Your right to withdraw any consent you have given for the processing of personal data at any time

If you want to exercise any of these rights, please contact the Information Compliance Team by:

  • Emailing the Information Compliance Team on information.management@norfolk.gov.uk
  • Writing to the Information Compliance Team, Norfolk County Council, County Hall, Martineau Lane, Norwich NR1 2UA

Questions or complaints

If you have any questions about this privacy notice or how we handle your personal information, you can write to the DPO by letter to the DPO, Norfolk County Council, County Hall, Martineau Lane, Norwich NR1 2DH or by email to dpo@norfolk.gov.uk.

You also have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues.  The ICO can be contacted:

  • By writing to the ICO, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
  • By telephoning 0303 123 1113
  • Online at ico.org.uk/global/contact-us/