Privacy Policy
Definitions
Words used in this policy in the singular, where the context so permits, shall be deemed to include the plural and vice versa.
The definitions of words in the singular in this policy shall apply to such words when used in the plural where the context so permits and vice versa.
“Personal Data” refers to any information relating to an identified or identifiable natural and living person (“data subject”)
“Data Breach” relates to a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, Personal Data.
“Special Categories of Personal Data” is data which relates to an individual’s health, sex life, sexual orientation, race, ethnic origin, political opinion, religion, and trade union membership. It also includes genetic and biometric data (where used for ID purposes).
“Data Processing” is any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
“Third Party” is a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.
Purpose
This policy outlines what the Ashton Healthcare Group (otherwise referred to as “our”, “us” or “we”) may have to collect and use regarding information about people with whom we work. This Personal Data must be handled and dealt with properly, however it is collected, recorded and used, and whether it be on paper, in computer records or recorded by any other means.
We regard the lawful and correct treatment of Personal Data as very important to our successful operation and to maintaining confidence between us and those with whom we carry out business. We will ensure that we treat Personal Data lawfully and correctly.
To this end we fully endorse and adhere to the principles of the General Data Protection Regulation (GDPR).
This policy applies to the processing of Personal Data in manual and electronic records kept by us in connection with our human resources function as described below. It also covers our response to any Data Breach and other rights under the GDPR.
Service Users
What data do we have?
So that we can provide a safe and professional service, we need to keep certain records about you. We may process the following types of data:
- Your basic details and contact information e.g. your name, address, date of birth and next of kin;
- Your financial details e.g. details of how you pay us for your care or your funding arrangements.
We also record the following data which is classified as “special category”:
- Health and social care data about you, which might include both your physical and mental health data.
- We may also record data about your race, ethnic origin, sexual orientation or religion.
Why do we have this data?
We need this data so that we can provide high-quality care and support. By law, we need to have a lawful basis for processing your personal data.
We process your data because:
We have a legal obligation to do so – generally under the Health and Social Care Act 2012 or Mental Capacity Act 2005.
We process your special category data because
- It is necessary due to social security and social protection law (generally this would be in safeguarding instances);
- It is necessary for us to provide and manage social care services;
- We are required to provide data to our regulator, the Care Quality Commission (CQC), as part of our public interest obligations.
We may also process your data with your consent. If we need to ask for your permission, we will offer you a clear choice and ask that you confirm to us that you consent. We will also explain clearly to you what we need the data for and how you can withdraw your consent at any time.
Where do we process your data?
So that we can provide you with high quality care and support we need specific data. This is collected from or shared with:
- You or your legal representative(s);
- Third parties.
We do this face to face, via phone, via email, via post or via application forms.
Third parties are organisations we might lawfully share your data with. These include:
- Other parts of the health and care system such as local hospitals, the GP, the pharmacy, social workers, clinical commissioning groups, and other health and care professionals;
- The Local Authority;
- Your family or friends – with your permission;
- Organisations we have a legal obligation to share information with i.e. for safeguarding, the CQC;
- The police or other law enforcement agencies if we have to by law or court order.
Friends/Relatives
What data do we have?
As part of our work providing high-quality care and support, it might be necessary that we hold the following information on you:
- Your basic details and contact information e.g. your name and address.
Why do we have this data?
By law, we need to have a lawful basis for processing your personal data.
We process your data because we have a legitimate business interest in holding next of kin and lasting power of attorney information about the individuals who use our service and keeping emergency contact details for our staff.
We may also process your data with your consent. If we need to ask for your permission, we will offer you a clear choice and ask that you confirm to us that you consent. We will also explain clearly to you what we need the data for and how you can withdraw your consent.
Where do we process your data?
So that we can provide high quality care and support we need specific data. This is collected from or shared with:
- You or your legal representative(s);
- Third parties.
We do this face to face, via phone, via email or via application forms.
Third parties are organisations we have a legal reason to share your data with. These may include:
- Other parts of the health and care system such as local hospitals, the GP, the pharmacy, social workers, and other health and care professionals;
- The Local Authority;
- The police or other law enforcement agencies if we have to by law or court order.
Your rights
The data that we keep about you is your data and we ensure that we keep it confidential and that it is used appropriately. You have the following rights when it comes to your data:
- You have the right to request a copy of all of the data we keep about you. Generally, we will not charge for this service;
- You have the right to ask us to correct any data we have which you believe to be inaccurate or incomplete. You can also request that we restrict all processing of your data while we consider your rectification request;
- You have the right to ask that we erase any of your personal data which is no longer necessary for the purpose we originally collected it for.
- You may also request that we restrict processing if we no longer require your personal data for the purpose we originally collected it for, but you do not wish for it to be erased.
- You can ask for your data to be erased if we have asked for your consent to process your data. You can withdraw consent at any time – please contact us to do so.
- If we are processing your data as part of our legitimate interests as an organisation or in order to complete a task in the public interest, you have the right to object to that processing. We will restrict all processing of this data while we look into your objection.
You may need to provide adequate information for our staff to be able to identify you, for example, a passport or driver’s licence. This is to make sure that data is not shared with the wrong person inappropriately. We will always respond to your request as soon as possible and at the latest within one month.