Verve Communications – our approach to managing your personal information
We understand that the personal information provided to us to support patient, public and citizen involvement with public services is held on trust.
The data management principles and standards we adopt are consistent whether you have contacted us directly or whether Verve Communications is working as a data manager on behalf of a client data owner.
We will:
- Hold information securely on our network, taking all reasonable steps to ensure that your personal data is protected. Verve Communications holds a Cyber Essentials certificate.
- Personal information will used only as agreed and solely for the purpose of the engagement exercise for which it has been provided. Our approach complies with the General Data Protection Regulation (GDPR).
- We will not share your information with third parties for any reason without your consent, and we will make it easy for you to opt out of future communication from Verve Communications on request.
- The nature of the work we do means that we frequently work with vulnerable people or receive information of a personal and confidential nature (e.g. about use of health services). We recognise that this places additional obligations on us – both to manage confidentiality and to ensure that it is as easy as possible to understand and choose the level of information you provide to us.
Should you have any questions, please contact Verve’s Director, Clive Caseley on [email protected].
Verve Communications is registered with the Information Commissioner’s Office (registered no. ZA107980).
About this project
Personal information collected for this project will be held according to Guy’s and St Thomas’ Patient and public engagement transparency policy.
This document explains how we handle the personal information you provide to us.
There are two types of personal data that we collect for our patient and public engagement activities:
- Contact details and health information – provided by you when you book a place at a workshop
- Engagement information – which online events you have booked to attend.
What information we collect and how we use it
We will keep this information during the time of your involvement with our services and usually for a period of up to 3 years afterwards.
We and our partners will hold this information in confidence and comply with all our responsibilities under the General Data Protection Regulation and Data Protection Act.
The information we collect will be shared with staff supporting the Royal Brompton and Harefield and King’s Health Partnership (Royal Brompton and Harefield hospitals, Guy’s & St Thomas’ NHS FT and Kings College Hospital staff), to enable the partnership to monitor and ensure the delivery of this project.
The type of data we collect could include all or some of the following:
- contact information (such as your name, email address, postal address, phone number)
- information about your experience of health conditions, treatments, services and communities, so that we can match and target invitations to get involved in engagement activities
- information about your interests in Trust priorities and transformation projects (such as cardiovascular disease or electronic health records)
- demographic information, so we make sure that we can involve a wide range of people (such as age, ethnic group, disabilities, gender and sexual orientation).
How we collect and store your information
This information will be enable us to communicate with you and involve you in the engagement activities in which you have agreed to participate. It will not be used for any other purpose.
The information you provide to us for this project will be collected securely by Eventbrite of 10-11 Charterhouse Square, Barbican, London EC1M 6EH and Verve Communications of Verve Communications The Fold Space, 20 Clyde Terrace, Forest Hill SE23 3BA, who act as agents and data processors on behalf of Guy’s and St Thomas’ NHS Foundation Trust of Trust Offices, St Thomas’ Hospital, Westminster Bridge Road , London, SE1 7EH (the data controller).
For more information on Eventbrite’s GDPR policies, please visit https://www.eventbrite.co.uk/support/articles/en_US/Troubleshooting/data-processing-addendum-for-organizers?lg=en_GB
The legal basis for processing this information is Article 6(1)(b) of GDPR – ‘processing is necessary for the performance of a contract, or to take steps at your request prior to entering into a contract’.
Your personal information will not be transferred to or held on servers outside of the European Economic Area.
How to raise any concerns
If you wish to make a complaint please visit email [email protected] or write to us at our office address (see above). You can also find out more about your rights to access, correct or erase your data, or how to complain to the Information Commissioner’s Office at ico.org.uk.