Privacy Policy

DATA PROTECTION ACT 2018

GENERAL DATA PROTECTION REGULATIONS 2018

PRIVACY POLICY (reviewed 15^th June 2023)

Canterbury Care Homes LTD is operated by Healthcare Management Solutions LTD, a leading care home management and consultancy business.

This Privacy Policy contains information for service users, visitors, carers, the public, staff, and users of this website that describes how we collect, use, retain and disclose the personal information you provide to us during methods of contact or use of our services.

It is sometimes also referred to as a Privacy Statement, Fair Processing Statement or Privacy Notice. This privacy policy is part of our commitment to ensure that we process personal information/data fairly and lawfully. It is also one of the ways in which we can demonstrate our commitment to our values of Continuous Improvement, Ethical Practice, Reliability and Effectiveness, Responsibility, Expertise and Excellence.

If you have any questions or concerns regarding the information we hold, the use of personal and confidential information, or would like to discuss further, please contact the Information Governance Team.

Information Governance Team

Drakes Court

302 Alcester Road

Wythall

Birmingham

B47 6JR

Email: information.governance@hcsolutions.co.uk

Phone: 01564 820140

Why We Collect Personal Information

We recognise the importance of protecting personal and confidential information in all that we do and take care to meet our legal and regulatory duties.

We may ask, for or, hold personal confidential information to be able to comply with regulations and best practice for employment, or to be able to provide safe and appropriate care to those who reside in our care homes. We need information to be able to correctly identify and distinguish one person from another.

By law, we need to have a lawful basis for processing your personal data.

We process your personal data for reasons including:

• Our legal obligation to do so under the Health and Social Care Act 2012 or Mental Capacity Act 2005.
• Our legal obligation under UK employment law
• We are required to do so in our performance of a public task

We process your special category data because

• It is necessary due to social security and social protection law (generally this would be in safeguarding instances)
• It is necessary for us to provide and manage social care services
• We are required to provide data to the care regulator as part of our public interest obligations.

We also process personal data to handle enquiries, job applications, complaints, investigations, and using legitimate interests to monitor and improve the quality of our services and improve the effectiveness of our marketing.

Residents

What information do we collect for those who are receiving care?

We may ask for, or hold, personal confidential information which will be used to support the delivery of safe and effective care and treatment.

The records we hold may include:

• Basic details, such as name, address, date of birth, next of kin.
• Contact we have had, such as referrals and enquiries.
• Details and records of treatment and care, including notes and reports about care, treatment, accidents and general health.
• Results of assessments and investigations.
• Information from people who either provide or support the package of care through their personal bonds, knowledge or expertise such as health professionals, social workers, relatives and significant others.

The care records may also include personally sensitive information such as sexuality, race, religion or beliefs, disabilities, allergies or other health conditions. It is important for us to have a complete picture, as this information assists staff to develop care plans that keep people safe and well, and administer treatments when needed.

Where possible information is collected from the person who has been referred for care or who is receiving care. Additional information will be provided from sources such as relatives or friends, as well as health and social care professionals such as Social Workers, GPs, District Nurses, or Consultants. It is expected health and social care professionals will have checked to make sure they have permission, or there is a legal basis to share personal information before they provide personal and confidential details.

There may also be times when we are asked to share basic information those receiving care such as their name and parts of their address, which does not include sensitive information; this may be at times such as during the national census or data collection for the Office of National Statistics.

For those who become residents in our care homes, we will store your personal information as long as you remain in our care and for 7 years afterwards (with some exceptions).

How do we use information about those for whom we provide care and who it will be shared with?

We use information about those who reside in our care services to:

• Help inform decisions we make about their care.
• Ensure their treatment is safe and effective.
• Work effectively with other organisations who may be involved in their care, such as social workers, GPs, district nurses or healthcare professionals based in hospital services.
• Ensure services can meet future needs.
• Review care provided to ensure it is of the highest standard possible.
• Train our care teams.
• For internal research and audit.
• Prepare statistics on our performance for commissioners and inspectors.
• Arrange the collection of payments for care provided.

To provide the best possible care and welfare, we will sometimes need to share information about those receiving care with other organisations such as:

• Other health and social care professionals involved in the delivery of care.
• Funders of care packages – local commissioning teams.
• The local authority safeguarding team.
• Regulators – this will normally be anonymised.
• The police or other law enforcement agencies if we have to by law or court order.

Our Staff

What information do we collect for those who are employees?

We may ask for or hold personal and confidential information to be able to evidence compliance with regulations and best practice for employment.  This is to ensure we can correctly identify each employee. We also need to keep proper records of each employee’s performance during their period of employment.

The records we hold may include:

• Name, date of birth and contact details.
• Photographic proof of identity – e.g passport, identity card or driving license.
• Proof of eligibility to work in the UK.
• National Insurance number.
• Bank details.
• Any criminal record or additions to the barred list for working with vulnerable adults/children.
• Employment history and reasons for leaving.
• Qualifications and training relevant to the post being applied for.
• Medical conditions or disabilities that may affect a person’s ability to work.
• Records of performance management and any sickness or disciplinary matters.
• Information from organisations associated with paying wages, pensions or company benefits.

Information we hold may also include personal sensitive information such as sexuality, race, your religion or beliefs, and whether the employee has a disability, allergies or health conditions.

Personal information relating to staff members is stored as long as the individual remains in our employment and for 6 years afterwards (with some exceptions).

How do we use information about employees and who will it be shared with?

We use information about employees to:

• Evidence that correct checks have been undertaken during recruitment, and that staff are supported and trained.
• Ensure staff are paid.
• Ensure contributions and information to government and company benefits or schemes are made.
• Help inform decisions about effective management of the staff team.
• Participate in research and audit.
• Prepare statistics on our performance for commissioners and inspectors.

We will sometimes need to share information about employees with other organisations. We may share information with a range of government or company agencies such as:

• HMRC
• Pension provider
• Payroll provider
• Company health benefit provider
• Government agencies or regulators where there are concerns about the safety of vulnerable adults.
• The police or other law enforcement agencies if we have to by law or court order.

There may also be times when we are asked to share basic information about our employees such as their name and parts of their address, which does not include sensitive information; this may be at times such as during the national census or data collection for the Office of National Statistics.

Website Visitors

What information do we collect from visitors to our website/enquirers?

When you visit this website, we will collect your IP address. This is a string of numbers that are unique to your computer or device. This information is used to measure your use of the website.

During a visit to this website, or during an enquiry call, we may ask for your personal information to allow us to respond to and deal with your enquiry.

This may include:

• Name, age, and gender.
• Email address, telephone number, home address.
• Care type required.
• Your communications/marketing preferences.
• Any other additional personal information you choose to include in your enquiry.

For job applicants this may include:

• Name.
• Email address and telephone number.
• Previous career experience.
• Details held within an uploaded/emailed CV.
• Any other additional personal information you choose to include in your application.

If you are unsuccessful in your job application, personal information provided during the application will be stored for a maximum of 3 years.

How do we use information about website visitors/enquirers and who will it be shared with?

We use information collected from our website visitors/enquirers to:

• Provide you with details relating to the service you are enquiring about and to assist with your enquiry.
• To fulfil a request for a brochure relating to the service you are enquiring about.
• To respond to and process a job application.
• Subject to your marketing preferences, to provide you with further information about our services that we believe may be of interest to you.
• We use IP addresses to improve and optimise our website. For example, by generating analytics about how our customers browse and interact with the website, and to assess the success of our marketing and advertising campaigns.

We will only share your personal information with third parties where we are required to do so by law, or where there is a legitimate reason for doing so.

We share your personal information with third parties to help us provide you with the services as described above. We will only share data with fully compliant third parties or “Data Processors.”

This includes:

Trusted Care – They process the majority of initial telephone care enquiries on our behalf.

Cookies

Cookies are small text files that are used to store small pieces of information. They are stored on your device when the website is loaded on your browser. These cookies help us make the website function properly, make it more secure, provide better user experience, and understand how the website performs and to analyze what works and where it needs improvement.

Our website uses first-party and third-party cookies for several purposes. First-party cookies are mostly necessary for the website to function the right way, and they do not collect any of your personally identifiable data.

The third-party cookies used on our website are mainly for understanding how the website performs, how you interact with our website, keeping our services secure, monitoring the effectiveness of our marketing, providing advertisements that are relevant to you, and all in all providing you with a better and improved user experience and help speed up your future interactions with our website.

Should you decide to change your preferences later through your browsing session, you can click on the “Cookie Consent” tab on your screen. This will display the consent notice again enabling you to change your preferences or withdraw your consent entirely.

You can view our full Cookie Policy, including details of the cookies we use by clicking here.

Third-Party Analytics and Marketing Tools

We use third-party tools that use cookies and/or device identifiers for the analytics and marketing purposes described above.

These tools may include:

• Google Analytics – To help us understand how our customers use our website. You can read more about how Google uses your Personal Information here:  https://www.google.com/intl/en/policies/privacy/.

You can also opt-out of Google Analytics here: https://tools.google.com/dlpage/gaoptout

• Google Ads – To serve you relevant ads on sites across the internet based on your past visits to our website. You can opt out of Google Ads here: http://www.google.com/settings/ads
• Facebook Pixel – To measure the return on investment of our Facebook Ads by reporting on the actions people take after viewing our ads. The Facebook Pixel collects hashed or anonymous customer data. Facebook is able to connect this data to your Facebook account and use the data for their own advertising services. The Facebook Pixel also helps us to serve you relevant ads on sites across the internet based on your past visits to our website. You can read more about how Facebook uses your Personal Information here: https://www.facebook.com/about/privacy/. You can also manage your Facebook advertising preferences here: https://www.facebook.com/adpreferences/advertisers/.

How is personal information retained and kept safe?

Personal information is retained in secure electronic and paper records, and access is restricted to only those who need to know.

It is important that personal information is kept safe and secure, to protect confidentiality. There are a number of ways in which privacy is shielded; by removing identifying information, using an independent review process, adhering to strict contractual conditions and ensuring strict sharing or processing agreements are in place.

The Data Protection Act 2018 and General Data Protection Regulations 2018 regulate the processing of personal information. Strict principles govern our use of information and our duty to ensure it is kept safe and secure.

We are registered with the Information Commissioners Office (ICO), as an organisation that holds and processes information which is sensitive and personal.

The registration number can be found on the ‘Search the Register’ part of the ICO webpage https://ico.org.uk/esdwebpages/search.

How do we keep personal information confidential?

Technology allows us to protect information in a number of ways, in the main by restricting access. Our guiding principle is that we hold information in strict confidence.

Everyone working for us is subject to the Common Law Duty of Confidentiality and the Data Protection Act 2018. Information provided in confidence will only be used for the purposes for which consent has been sought, unless there are other circumstances covered by the law.

As part of their terms of employment, all staff are required to protect information, tell people how their information will be used and allow them to decide if and how their information can be shared, except where there is a legal obligation to share information. In these circumstances, this will be noted in the records for the person concerned.

All of our staff are required to undertake regular training in data protection, confidentiality, IT/cyber security, with additional training for specialist staff, such as records, data protection officers and IT staff.

Your Rights

Under the Data Protection Act 2018 you have enhanced rights relating to the information we hold. This is subject to some exemptions.

Your right to be informed

This privacy policy sets out to inform you about the processing of your personal information.

Your right to withdraw consent for us to share your personal information

Individuals have the right to refuse/withdraw consent to information sharing at any time. We will fully explain the possible consequences, and any legal obligations we have to share information where we cannot comply with a request to not share information.

Right of access

Individuals have the right to request access to information (with some exemptions) that is held about them by an organisation. For more information on how to access the information we hold about you please contact the Information Governance Team using the details in the contact section below.

Right of rectification

You have the right to have your information rectified if it is inaccurate or completed if it is not complete.

Right to erasure

Sometimes called ‘the right to be forgotten’, enables you to request deletion of your personal information (with some exceptions).

Right to restrict data processing

You have the right to restrict the processing of your personal information (with some exceptions).

Right to data portability

This allows you to obtain and reuse your personal information for your own purposes across different services.

Right to object

You have the right to object to the processing of your personal information (with some exceptions). We will restrict all processing of this data while we look into your objection.

Rights of automated decision-making and profiling

You have rights relating to automated decision making and profiling.

National Data Opt-Out:

At this time, we do not share any data for planning or research purposes for which the national data opt-out would apply. We review all of the confidential patient information we process on an annual basis to see if this is used for research and planning purposes. If it is, then individuals can decide to stop their information being shared for this purpose. You can find out more information at https://www.nhs.uk/your-nhs-data-matters/.

Contacting Us with Data Requests, Concerns, or Complaints

We have a senior person responsible for protecting the confidentiality of information and enabling appropriate sharing. The Data Protection Lead has responsibility for advising the Company about the protection of general personally identifiable information. There is also a Caldicott Guardian who is a senior person with responsibility for protecting the confidentiality of information for those who are in receipt of care and treatment.

Should you wish to contact us with a data request, queries relating to your personal information and how it is processed, or with a concern about the way in which we manage your information please contact:

Information Governance Department

Drakes Court

302 Alcester Road

Wythall

Birmingham

B47 6JR

Email: information.governance@hcsolutions.co.uk

Phone: 01564 820140

Complaints

We try to meet the highest standards when collecting and using personal information. We encourage people to bring concerns to our attention and we take any complaints we receive very seriously. You can submit a complaint through the Company’s Complaints Procedure, details of which are on display in the home, or you can write to:

The Complaints Department

Information Governance Department

Drakes Court

302 Alcester Road

Wythall

Birmingham

B47 6JR

 

If you remain dissatisfied with the Company’s decision regarding your complaint, you may wish to contact:

 

Information Commissioner’s Office

Wycliffe House

Water Lane

Wilmslow

Cheshire

SK9 5AF

0303 123 1113

 

The Information Commissioner’s Office – Scotland
Queen Elizabeth House
Sibbald Walk
Edinburgh
EH8 8FT

0303 123 1115

Changes

We may update this privacy policy from time to time to reflect, for example, changes to our practices or for other operational, legal or regulatory reasons.