Information for our clients
Canopi provides support for NHS and social care staff in Wales.
It is a confidential and free service that provides signposting and access to a tiered model of psychological and mental health support, including where appropriate, access to an accredited Cognitive Behavioural Therapist.
The service is funded by the Welsh Government and administrated by Cardiff University.
In providing this service, Canopi will gather personal information in order to help track and decide on how best to help our clients.
Maintaining confidentiality is at the heart of our service and we intend to ensure that we only share the essential amount of data where necessary and primarily for the purposes of supporting clients to access the various aspects of our service.
We do analyse data to help us with the improvement of this service. On occasion, we utilise anonymised data for research, educational purposes and for presentations at meetings or conferences.
We are providing this privacy notice to make it clear to our clients how data is captured, processed and shared.
Information you will find below:
- Data controller
- What personal data will we collect?
- How will your personal data be used?
- What is the legal basis for processing your personal data?
- Who has access to your personal data?
- Is personal data transferred outside of the EU?
- How long will your personal data be held?
- If you contact us with a general enquiry
- If you make a complaint to us
- Your rights
- Contact us
Cardiff University is the Data Controller of the personal data which you provide and as such is legally responsible for processing your personal data in accordance with data protection legislation. The University is registered as a Data Controller with the Information Commissioner’s Office (ICO) to process personal data. Reg no Z6549747.
Within this service, Canopi’s Doctor Advisors will act as Cardiff University’s data processors in order to help determine the most appropriate course of action for clients. The service will also appoint IT suppliers to act as processors in order to deliver the service.
Where clients are referred to therapists and peer support volunteer options, these individuals will act as independent Data Controllers.
What personal data will we collect?
We will ask clients to provide the following information during the initial contact with the service:
- Telephone number
- Confirmation that you work for the NHS or in social care
- Where you heard about our service and whether you have accessed it before
Our Doctor Advisors may obtain further information, in order to deliver the service. We will only request the minimum amount of data needed to deliver the service. This may include additional information in regard to your:
- Geographic region
- Profession, grade and work status
- Reason for call
How will your personal data be used?
Your data will be used to deliver the service, which includes communication between relevant team members in order to signpost clients to the therapists and peer support volunteers.
What is the legal basis for processing your personal data?
We take client consent for the purpose of gathering, storing and sharing data with relevant team members and, where relevant, with the therapists and peer support volunteers.
You have the right to withdraw your consent at any stage using the contact details above.
Who has access to your personal data?
Only the Canopi administrative team members have access to all the client data.
Where necessary, some data (the minimum: name, contact details) are shared with the Dr Advisors in order to facilitate the hand-over to the next component of the service.
Where necessary, some data (the minimum: name, contact details) are shared with a therapist or peer support volunteer in order to facilitate the hand-over to the next component of the service.
Is personal data transferred outside of the UK?
We do not transfer personal data outside of the UK. Personal data is held on Cardiff University’s systems which are held within the UK.
How long will your personal data be held?
Canopi will keep personal client data for ten years.
If you contact us with a general enquiry
We may need to disclose your information to a third party if their input is required to respond to your enquiry.
If you don’t want information identifying you to be disclosed, we will try to respect that. However, it may not be possible to handle an enquiry on an anonymous basis.
Similarly, where enquiries are submitted to us we will only use the information supplied to us to deal with the enquiry and any subsequent issues and to check on the level of service we provide.
If you make an enquiry on behalf of a third party (for example a friend or relative) then we will normally ask for some form of proof that they are aware of the enquiry and are content for you to pass on their details to us.
If you make a complaint to us
To make a complaint to us please use our contact form.
On receiving your contact form we will share our complaints policy with you. There may be personal information you provide to us in relation to the complaint but as a minimum, we will need to ask for your name and contact details (e.g. postal address, e-mail address, telephone number).
If you make a complaint on behalf of a third party (for example a friend or relative) then we will normally ask for some form of proof that they are aware of the complaint and are content for you to pass on their details to us.
We may need to disclose your information to a third party if their input is required to respond to your complaint or where we have a responsibility to do so for them to resolve the concerns you have raised.
If you don’t want information identifying you to be disclosed, we will try to respect that. However, it may not be possible to handle a complaint on an anonymous basis.
Under data protection legislation you have certain rights which will be associated with the legal basis on which we process your data. For further information please see the following guidance published by the Information Commissioner’s Office.
The Information Commissioner’s Office is responsible for regulating data protection in the UK. We hope to resolve any of your questions, queries or concerns but if you remain dissatisfied you can contact the Information Commissioner’s Office.
The University is required to have a data protection officer who can be contacted if you have any queries, concerns or complaints about the way your personal data is processed.
Cardiff University’s data protection officer can be contacted on InfoRequest@cardiff.ac.uk
Data Protection Officer
Compliance and Risk, University Secretary’s Office