Client privacy notice
Please read this privacy notice carefully as it explains how we comply with the General Data Protection Regulation (GDPR). The notice was published on 25th May 2018 and may be revised from time to time; we will let you know when this happens.
In order that we can provide your care and support services, we need to collect and use information about you (“personal information”). Personal information is anything about you from which you can be identified, but it doesn’t include information from which your identity has been removed (i.e. anonymous data).
As a ‘controller’ of your personal information, we are legally responsible for making sure that your personal information is:
- Used lawfully, fairly and in a transparent way;
- Collected only for valid purposes that we have clearly explained to you and not used for any other purpose;
- Relevant to the purposes we have told you about and only used for those purposes;
- Accurate and up to date;
- Kept only as long as we need it for the purposes we have told you about;
- Kept securely.
In this notice, a “public body” is any organisation that delivers, commissions or reviews a public service, including local authorities, councils, unitary authorities, clinical commissioning groups, health and social care trusts, the Ombudsman and regulatory bodies.
In this notice, a “health or social care professional” is any person that provides direct services, acts as a consultant or is involved in the commissioning of your healthcare or social care services, including your GP, dentist, pharmacist, nurses and health visitors, clinical psychologists, dieticians, physiotherapists, occupational therapists, hospital staff and social workers.
‘Lawful basis for processing’ your information
The GDPR says that we must have a ‘lawful basis’ for collecting and using your personal information. We rely on the following grounds within the GDPR for this lawful basis:
- Article 6(1)(b) – processing is necessary for the performance of our contracts to provide individuals with care and support services;
- Article 6(1)(c) – processing is necessary for us to demonstrate compliance with our regulatory framework and the law;
- Article 9(2)(h) – processing is necessary for the provision of social care or the management of social care systems and services.
Other lawful grounds for processing your data could apply in certain situations, such as where sharing your personal information is essential in order to protect you from harm (“vital interests”).
The information we collect about you
In order to set up and provide your service, we need to collect personal information from you or from other sources, such as your family or health and social care professionals. Without this information, we may be unable to create a suitable care plan and provide safe and effective care:
- Your name, date of birth and contact details;
- Details of people we may need to contact in an emergency (including their names, relationship to you and contact details);
- Any medical or practical information that is relevant to the provision of your care (including physical or mental conditions, care needs and allergies);
- Assessments of your care needs;
- Your likes, dislikes and lifestyle preferences in so far as they are relevant to the delivery of your service. This may include information about your religion, racial or ethnic origin, health, sexual life or sexuality;
- Information about your Attorney or Deputy (if applicable);
- Financial assessments (where we need these);
- Payment card or direct debit details (if you pay us for some or all of your services using one of these methods);
- Photographs of you (if we need these to manage any risks to your safety, e.g. that you might go missing). In the course of delivering your service, we will also produce records of the care delivered to you.
How we use your personal information
We use your personal information to:
- Prepare, review and update a suitable care plan, describing the care and support you have requested we supply to you;
- Deliver your care service in a safe and effective way;
- Communicate with you, your representatives and relevant health or social care professionals about your needs and the service we provide to you;
- Make reasonable adjustments, when required, to meet your individual needs and to ensure we have suitable facilities to ensure your safety;
- Invoice you for the care and support services in accordance with our terms and conditions (if you pay for your own service);
- Carry out quality assurance procedures, review our service and improve our customer experience.
Sharing your personal information
We will not share your information with others unless we have a lawful reason for doing so.
We may share your personal information with appropriate health or social care professionals (including your GP and pharmacist) and any other individuals you nominate when we prepare your care plan. This enables us to make sure the care support we provide to you is suitable and safe.
We will also share your information with certain data processors in order to properly deliver your service. For example, our care management software is hosted by a separate company. However, by law, the data processors we use can only use your information for the purpose we have asked them to and will not share your information with anyone else or use it to do anything other than allow us to provide your service properly. They must also keep your data safe and secure.
Although we seek to avoid using agency staff to deliver our services, we may need to do so on occasion to ensure continuity of service, and this may require us to share your personal information with an agency or their staff in order that they can deliver your service safely and effectively.
We may also share information about you where not doing so could mean you come to serious harm, for example where the emergency services need information in order to save your life.
Our company is part of City and County Healthcare Group. Although the group provides its care services through a number of different companies, it shares a middle and senior management structure and back-office functions (such as finance and payroll). In order to deliver your service properly (and only for that purpose), we will share your personal information as necessary within the management and back-office structure of City and County Healthcare Group.
We may also share personal information with law enforcement or other authorities if required by law. This includes information required by public bodies to evidence our compliance with the applicable regulatory framework. We are also required to share personal information with external health or social care professionals, including public bodies and local safeguarding groups (in some circumstances) to ensure your safety.
We will not share your personal information with any other third party without first asking your permission and will never sell your personal information to anyone.
Keeping your personal information secure
We have appropriate security measures in place to prevent personal information from being accidentally lost, or used or accessed in an unauthorised way. We limit access to your personal information to those who have a genuine need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.
We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
How long your personal information will be kept
We will hold the personal information we hold about you for as long as we continue to provide a service to you and for three years after your service ends, at which time we will destroy your records securely.
We are required to retain information about services provided to children for eighty years.
Under the GDPR, you have a number of important rights. In summary, those include rights to:
- Fair processing of information and transparency over how we use your use personal information;
- Access to your personal information and to certain other supplementary information (which is provided in this privacy notice);
- Require us to correct any mistakes in the information we hold about you;
- Require the erasure (i.e. deletion) of personal information concerning you, in certain situations (although you should be aware that if you ask us to delete any of your personal information that we need in order to comply with our legal or contractual obligations, we may no longer be able to provide you with a service);
- Receive any personal information that you have provided to us in a format that would allow you to pass it on to a third party in certain situations;
- Object at any time to processing of personal information concerning you for direct marketing (although as we have explained, we will not use your data for that purpose);
- Object to decisions being taken by automated means which produce legal effects concerning you or similarly significantly affect you;
- Object in certain other situations to our continued processing of your personal information;
- Otherwise restrict our processing of your personal information in certain circumstances;
- Claim compensation for damages caused by our breach of any data protection laws.
You will find further information on each of these rights on the Information Commissioner’s website (www.ico.org.uk).
How to contact us
If you wish to exercise any of the above rights or have any other complaints or queries about this notice and our use of your personal information, you can contact us as follows:
Telephone: 020 7186 0500
By post: The Data Protection Officer City and County Healthcare Group 3rd Floor, Caparo House 101-103 Baker Street London W1U 6LN
Note that we may ask you to provide proof of your identity before we can discuss your personal information with you.
Your right to complain
If you have a complaint about the way we process your personal information, we would ask you to contact us using the details in the previous section.
We hope that we can resolve any concern you raise, but if you want to do so, you also have the right to complain to a supervisory authority in any European Union (or EEA) state where you work or live. In the UK, the supervisory authority is the Information Commissioner, who may be contacted at www.ico.org.uk/concerns or by telephone on 0303 123 1113.
Do you need extra help?
If you would like this notice in another format (e.g. audio, large print or braille), please contact us (see ‘How to contact us’ above).
Your use of this website and the documents, files and other information available through it is subject to the following terms and conditions, as amended by us from time to time. Use of and access to this website does not of itself create an accountant/ client relationship between you and City & County Healthcare Group Ltd and where such an arrangement does exist it is governed by separate off-line terms of engagement.
If you require advice on a specific legal problem please contact the relevant fee earner or alternatively you can send an email to firstname.lastname@example.org.
All electronic links to any part of this site require the consent of City & County Healthcare Group Ltd. Please email requests to email@example.com.
1.) This website is provided by City & County Healthcare Group Ltd, Cardinal House, Abbeyfield Court, Abbeyfield Road, Nottingham, NG7 2SZ.
2.) References on this website and in these terms and conditions to:
- “City & County Healthcare Group Ltd” or “we” or “our” or “us” shall mean City & County Healthcare Group Ltd and/or its affiliated undertakings; and
- “you” or “your” shall mean the user of this website. If you are accessing or using this website in your capacity as an employee, director, officer, partner or agent of a corporate or unincorporated entity “you” and “your” shall refer to you and such entity and you represent that you are authorised to accept these terms and conditions on behalf of such entity and agree to be personally bound by these terms and conditions.
- We and our suppliers own the intellectual property rights in the software that runs this website. Save to the extent expressly permitted by applicable laws, you must not copy, modify, download, distribute or de-compile that software without our consent.
- We cannot guarantee that this website and its document delivery system will operate in accordance with your expectations or will be error free. If you are aware of any error on this website please contact us by email at firstname.lastname@example.org and we will endeavour to correct it.
- Nothing in this website or the documents available through it constitutes legal or other professional advice. You should not rely on any information contained in this website as if it were legal or other professional advice.
- It is our policy to virus check documents and files before they are posted on this website. However, we cannot guarantee that documents or files downloaded from this website will be free from viruses and we do not accept any responsibility for any damage or loss caused by any virus. Accordingly, for your own protection, you must use virus-checking software when using this website. You must not post or provide to us via this website, any document or file which you believe may contain a virus. You must virus check any document or file which you intend to post or provide to us via this website.
- You may only use this website for lawful purposes. You must ensure that any document, file or other information that you intend to post to our website or provide to us via this website does not contravene any applicable laws or contravene any person’s legal rights and you must not post or upload anything indecent, obscene, abusive, libellous or defamatory. We do not monitor or edit documents or files posted or provided to us by other persons for posting on this website and accordingly we do not accept any responsibility for any damage or loss you may suffer. We reserve the right to remove material from this website that infringes these rules.
- By accessing this website, you agree that you will access its contents solely for your own use. You may print out a single hard copy of any part of the content of this website (other than documents, files or other information contained in the restricted areas which are subject to particular terms set out under Restricted Areas) for your use in accordance with these terms and conditions.
From time to time we may use any of the information you submit to us, including personal data, to provide you with marketing information about City & County Healthcare Group Ltd and City & County Healthcare Group Ltd services subject to your consent.
Website Privacy Statement
We are committed to ensuring that your privacy is protected. Should we ask you to provide certain information by which you can be identified when using this website, then you can be assured that it will only be used in accordance with this privacy statement.
We may change this policy from time to time by updating this page. You should check this page from time to time to ensure that you are happy with any changes. This policy is effective from 22nd March 2011.
This policy is consistent with our overall organisational Data Protection Policy, which is available on request.
What Information We Collect
The following table shows the personal information that certain processes on our website will require us to obtain from you:
|Information we will require
|Registration to receive our regular ‘newswire’
|On-line employment applications
What We Do With Your Information
We will only use the personal information you provide for the processes listed above. Your information may be used for business analysis, but where this is done, your information will be anonymised and used only for statistical purposes.
We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online.
Cookies can also be used to record information about your use of a website and to store data on sites that use ‘shopping carts’ etc.
We use traffic log cookies to identify which pages are being used. This helps us analyse data about web page traffic and improve our website in order to tailor it to customer needs. We only use this information for statistical analysis purposes and then the data is removed from the system.
Overall, cookies help us provide you with a better website, by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.
Links to Other Websites
Our website contains links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.
Sharing Your Personal Information
We will not sell, distribute or lease your personal information to third parties unless we have your permission or are required by law to do so.
You may request details of personal information which we hold about you under the Data Protection Act 1998. A small fee may be payable. If you would like a copy of the information held on you please write to the Marketing and Communications Manager at our Headquarters
If you believe that any information we are holding on you is incorrect or incomplete, please write to or email us as soon as possible, at the above address. We will promptly correct any information found to be incorrect.
We automatically collect statistical data about usage patterns on our website. This information is not used to identify any individual. It is only collected to provide us with an understanding of the areas of interest on our site and kept only for as long as required for this purpose.
Please note unless encrypted, email messages sent via the internet may not be secure and could be intercepted and read by someone else. Please bear this in mind when deciding whether to include personal or sensitive information in any email messages you intend to send.