Privacy Notice: Covid-19 vaccines for Conwy County Borough Council frontline workers
This privacy notice explains how Conwy County Borough Council (as a Data Controller) will process frontline care staff personal data specifically with regard to the Covid-19 vaccination programme.
This is a voluntary programme and it remains the choice of the individual whether or not to have the vaccine.
Part of the national response to the Covid-19 pandemic is recording the details of who has been vaccinated against Covid-19 and when. Normally, vaccines are given in GP setting, however, with Covid-19, vaccinations will be done in a variety of care settings and for most social care staff will be managed by lead vaccination providers on behalf of local health and care organisations.
Vaccination is a fundamental approach to public health practice and forms part of the Protect phase of the Government’s Strategy. This notice specifically explains how your information will be handled for the vaccination phase. More information can be found here: https://gov.wales/test-trace-protect-html
Your information will be shared with Betsi Cadwaladr University Health Board. You will be contacted for an appointment at a Health Board site or there may be a local drop in session which you may be able to attend. The Health Board will need to collect some clinical information about you, if they do not already hold it, such as whether you have had a flu vaccination or whether you have any allergies. This information, and that you have chosen to have the vaccination, will be recorded in your medical record and on the Wales Immunisation System (WIS).
Following vaccination your GP/Local Authority may be informed. This will assist with their legal obligations to manage your own and other people’s health, wellbeing and safety. For the same purpose, your GP/Local Authority may also be informed if you have refused to have the vaccination.
What personal information will be shared?
We will only share the minimum personal information required to deliver this programme.
We may use some or all of the following information:
- full name
- date of birth
- home address
- contact phone number
Who will we share this information with?
We will share the information with Betsi Cadwaladr University Health Board health and service providers such as GPs and lead vaccination providers working on behalf of local health and care organisations.
How long will your information be kept for?
Vaccination, test results and information related to any ongoing conditions related to Covid-19 will remain in your health record in accordance with NHS retention schedules.
What is the legal basis for our use of your personal information?
Under GDPR, the lawful basis for processing this data is found at articles:
6 (1) (c) Processing is necessary for compliance with a legal obligation to which the controller is subject,
6 (1) (e) Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller,
9 (2) (h) Processing is necessary for the purposes of the provision of health or social care or treatment.
Sharing your personal data
In this current pandemic we may share your information with other public authorities, emergency services, and other stakeholders where necessary. This will be done only if necessary and in a controlled and proportionate manner.
How long we keep your personal data
We will only keep your personal data for as long as is necessary for the purpose for which we are processing it, unless we have a legitimate reason for keeping it, for example, any legal requirement to keep the data for a set time period.
However, where possible we will anonymise this data so that you cannot be identified.
Where we do not need to continue to process your personal data, it will be securely destroyed.
Your rights and your personal data
Unless subject to an exemption under the GDPR, you have the following rights with respect to your personal data:
- To request a copy of your personal data which we hold about you.
- To request that we correct any personal data if it is found to be inaccurate or out of date.
- To request that your personal data be erased where it is no longer necessary for us to retain such data.
- To lodge a complaint with the Information Commissioner’ Office.
You can access the personal information that we hold about you (number 1 above) by submitting a Subject Access Request: Data Protection - Applying for your data
If you would like to make a request in regards to the processing of your personal data please contact the Data Protection Officer on the details provided below.
Complaints or queries
We try to meet the highest standards when collecting and using personal information. For this reason, we take any complaints we receive about this very seriously. If you have any concerns, questions or comments please email the council's Data Protection Officer.
If having exhausted the complaint process you are not content that your request or review has been dealt with correctly, you can appeal to the Information Commissioner's Office to investigate the matter further by writing to:
Information Commissioner’s Office – Wales
2nd Floor, Churchill House
Changes to this privacy notice
We keep this privacy notice under regular review and if we make any changes, we will publish the updated version on our intranet and/or website.
Data Protection Officer contact information
Data Protection Officer
Conwy County Borough Council
PO Box 1