DATA PROTECTION ACT 2018
GENERAL DATA PROTECTION REGULATIONS 2018
PRIVACY NOTICE (reviewed 29 April 2019)
What is a privacy notice?
Why we collect information
We recognise the importance of protecting personal and confidential information in all that we do and take care to meet our legal and regulatory duties.
We may ask, for or, hold personal confidential information to be able to comply with regulations and best practice for employment, or to be able to provide safe and appropriate care to those who reside in our care homes. We need information to be able to correctly identify and distinguish one person from another.
Who are the individuals for whom we collect and use confidential information?
There are two main groups of individuals for whom we collect and manage confidential information:
There may also be times when we are asked to share basic information about employees or those receiving care such as their name and parts of their address, which does not include sensitive information; this may be at times such as during the national census or data collection for the Office of National Statistics.
What information do we use for those who are receiving care?
We may ask for, or hold, personal confidential information which will be used to support delivery of safe and effective care and treatment.
The records we hold may include:
The care records may also include personally sensitive information such as sexuality, race, religion or beliefs, disabilities, allergies or other health conditions. It is important for us to have a complete picture, as this information assists staff to develop care plans that keep people safe and well, and administer treatments when needed.
Where possible information is collected from the person who has been referred for care or who is receiving care. Additional information will be provided from sources such as relatives or friends, as well as health and social care professionals such as Social Workers, GPs, District Nurses, or Consultants. It is expected health and social care professionals will have checked to make sure they have permission, or there is a legal basis to share personal information before they provide personal and confidential details.
What information do we use for those who are employees?
We may ask for or hold personal and confidential information to be able to evidence compliance with regulations and best practice for employment. This is to ensure we can correctly identify each employee. We also need to keep proper records of each employee’s performance during their period of employment.
The records we hold may include:
Information we hold may also include personal sensitive information such as sexuality, race, your religion or beliefs, and whether the employee has a disability, allergies or health conditions.
How we use information about those for whom we provide care and who it will be shared with?
We use information about those who reside in our care services to:
To provide the best possible care and welfare, we will sometimes need to share information about those receiving care with other organisations such as:
How we use information about employees and who will it be shared with?
We use information about employees to:
We will sometimes need to share information about employees with other organisations. We may share information with a range of government or company agencies such as:
How information is retained and kept safe?
Information is retained in secure electronic and paper records, and access is restricted to only those who need to know.
It is important that information is kept safe and secure, to protect confidentiality. There are a number of ways in which privacy is shielded; by removing identifying information, using an independent review process, adhering to strict contractual conditions and ensuring strict sharing or processing agreements are in place.
The Data Protection Act 2018 and General Data Protection Regulations 2018 regulate the processing of personal information. Strict principles govern our use of information and our duty to ensure it is kept safe and secure.
We are registered with the Information Commissioners Office (ICO), as an organisation that holds and processes information which is sensitive and personal.
The registration number can be found on the ‘Search the Register’ part of the ICO webpage https://ico.org.uk/esdwebpages/search.
How do we keep information confidential?
Technology allows us to protect information in a number of ways, in the main by restricting access. Our guiding principle is that we hold information in strict confidence.
Everyone working for us is subject to the Common Law Duty of Confidentiality and the Data Protection Act 2018. Information provided in confidence will only be used for the purposes for which consent has been sought, unless there are other circumstances covered by the law.
As part of their terms of employment, all staff are required to protect information, tell people how their information will be used and allow them to decide if and how their information can be shared, except where there is a legal obligation to share information. In these circumstances this will be noted in the records for the person concerned.
All of our staff are required to undertake regular training in data protection, confidentiality, IT/cyber security, with additional training for specialist staff, such as records, data protection officers and IT staff.
Your right to withdraw consent for us to share your personal information
Individuals have the right to refuse/withdraw consent to information sharing at any time. We will fully explain the possible consequences, and any legal obligations we have to share information where we cannot comply with a request to not share information.
Contacting us about your information
We have a senior person responsible for protecting the confidentiality of information and enabling appropriate sharing. The Data Protection Lead has responsibility for advising the Company about the protection of general personally identifiable information. There is also a Caldicott Guardian who is a senior person with responsibility for protecting the confidentiality of information for those who are in receipt of care and treatment. The contact details can be found in the Contact Us details below.
If you have any questions or concerns regarding the information we hold, the use of personal and confidential information, or would like to discuss further, please contact the Information Governance Team.
Information Governance Team
302 Alcester Road
Phone: 01564 820140
Can I access my information?
Under the Data Protection Act 2018 a person may request access to information (with some exemptions) that is held about them by an organisation. For more information on how to access the information we hold about you please speak to your line manager or a member of the Information Governance Team at Head Office.
Contacting us if you have a complaint or concern about the way in which we manage your information.
We try to meet the highest standards when collecting and using personal information. We
encourage people to bring concerns to our attention and we take any complaints we receive
very seriously. You can submit a complaint through the Company’s Complaints Procedure, details of which are on display in the home or are available on our web site, or you can write to:
The Complaints Department
Information Governance Department
302 Alcester Road
If you remain dissatisfied with the Company’s decision regarding your complaint, you may wish to contact:
Information Commissioner’s Office
0303 123 1113