General Data Protection Regulation (GDPR) Privacy Notice
The General Data Protection Regulation (GDPR), which is an EU regulation, comes into force in May 2018 and will be incorporated into UK data protection laws, so will apply even after the UK leaves the EU. The GDPR consolidates and strengthens current data protection safeguards as developed under the Data Protection Act 1998. The Information Commissioner’s Office (ICO) considers that if organisations are already compliant with the current data protection laws, they will most likely find it easy to comply with the GDPR.
Serenity Homecare Limited already has a raft of policies and procedures that already meet the requirements of the Data Protection Act. This privacy notice, which follows ICO guidelines, helps to show that the our care service is serious about protecting personal information it collects and processes from its service users, employees and others, and will show how it succeeds in doing this by providing an overview of its various policies and procedures.
The privacy notice is a public document, available to service users and their families, staff and any third parties who might provide their personal information for any purpose, and in whatever ways, including on our website and intranet.
1. Business details
This is the privacy notice of Serenity Homecare Limited.
Our registered office is at 829 Stratford Road, Springfield, Birmingham, B11 4DA.
Serenity Homecare Limited is registered with the Care Quality Commission to provide personal care to people in their own homes/accommodation.
Serenity Homecare Limited provides domiciliary care services in Birmingham, Walsall, Sandwell and Leicester from one registered location.
2. Aims of this notice
Serenity Homecare Limited is required by law to tell you about your rights and our obligations regarding our collecting and processing any of your personal information, which you might provide to us. We have a range of policies and procedures to ensure that any personal information you supply is only with your active consent and will always be held securely and treated confidentially in line with the applicable regulations. We have listed the relevant documents in a later section (6) and can make any available.
3. What personal information we collect about: a) service users b) employees and c) third parties
- Service users. As a registered care provider, we must collect some personal information on our service users, including financial information, which is essential to our being able to provide effective care and support. The information is contained in individual files (manual and electronic) and other record systems, all of which are subject to strict security and authorised access policies. Personal information that becomes inactive, e.g. from enquiries or prospective users who do not enter the service is also kept securely for as long as it is needed, before being safely disposed of.
- Employees and volunteers. The service operates a safe recruitment policy to comply with the regulations in which all personal information obtained, including CVs and references, is, like service users’ information, securely kept, retained and disposed of in line with data protection requirements. All employees are aware of their right to access any information about them.
- Third parties. All personal information obtained about others associated with the delivery of the care service, including contractors, visitors, etc will be protected in the same ways as information on service users and employees.
4. How we collect information
The bulk of service users’, employees’ and thirds parties’ personal information is collected directly from them or through form filling, mainly manually, but also electronically for some purposes, e.g. when contacting the service through its website and via Council’s commissioning systems.
With service users, we might continue to build on the information provided in enquiry and referral forms, and, for example, from needs assessments, which feed into their care and support plans.
With employees, personal information is obtained directly and with consent through such means as references, testimonials and criminal records (DBS) checks. When recruiting staff, we seek applicants explicit consent to obtain all the information needed for us to decide to employ them.
All personal information obtained to meet our regulatory requirements will always be treated in line with our explicit consent, data protection and confidentiality policies.
Our website and databases are regularly checked by experts to ensure they meet all privacy standards and comply with our general data protection security and protection policies.
5. What we do with personal information
All personal information obtained on service users, employees and third parties is used only to ensure that we provide a service, which is consistent with our purpose of providing a person-centred care service, which meets all regulatory standards and requirements. It will not be disclosed or shared for any other purpose.
6. How we keep your information safe
As already stated, the company has a range of policies that enable us to comply with all data protection requirements. Foremost are:
- Access to Employee Data
- Computer Security
- Confidentiality of Service Users’ Information
- Consent to Care and Treatment
- Data Protection
- Record Keeping
- Information Governance under the General Data Protection Regulation
- Protecting Personal Data under the General Data Protection Regulation
- Safe Staff Recruitment and Selection
- Service Users’ Access to Records
- Sharing Information with Other Providers.
7. With whom we might share information
We only share the personal information of service users, employees and others with their consent on a “need to know” basis, observing strict protocols in doing so. Most information sharing of service users’ information is with other professionals and agencies involved with their care and treatment. Likewise, we would not disclose information about our employees without their clear agreement, e.g. when providing a reference.
The only exceptions to this general rule would be where we are required by law to provide information, e.g. to help with a criminal investigation. Even when seeking to notify the local authority of a safeguarding matter or the Care Quality Commission of an incident that requires us to notify it, we would only do so with consent or ensure that the information provided is treated in confidence.Where we provide information for statistical purposes, the information is aggregated and provided anonymously so that there is no privacy risk involved in its use.
8. How personal information held by Serenity Homecare Limited can be accessed
There are procedures in place to enable any staff member, employee or third party whose personal information we possess and might process in some way to have access to that information on request. (See the policies listed in No. 6 above.) The right to access includes both the information and any uses which we might have made of the information.
9. How long we keep information
There are strict protocols in place that determine how long the company will keep the information, which are in line with the relevant legislation and regulations.
10. How we keep our privacy policies up to date
The staff appointed to control and process personal information in our company are delegated to assess all privacy risks continuously and to carry out comprehensive reviews of our data protection policies, procedures and protocols at least annually.
It is possible to switch off cookies by setting your browser preferences. Turning cookies off may result in a loss of functionality when using our website.
12. Main Cookies used on our website
Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.
These cookies are used to collect information about how visitors use our site. We use the information to compile reports and to help us improve the site.
The cookies collect information in an anonymous form, including the number of visitors to the site, where visitors have come to the site from and the pages they visited
These are Google Maps third party cookies, which are unique identifiers to allow traffic analysis to Google Maps.
13. Right to Erasure
As a visitor or user of our site you have the ability to have all records of your personal data held by Serenity Homecare Limited where there is no legitimate reason for Serenity Homecare Limited to maintain that data, erased. This includes where GDPR is super-ceded by other laws governing the details obtained.
14. Security precautions in place to protect the loss, misuse or alteration of your information
When you give us personal information, we take steps to ensure that it’s treated securely. Any sensitive information (such as credit or debit card details) is encrypted and protected with 128 Bit encryption on SSL software. When you are on a secure page, a lock icon will appear on the bottom of web browsers such as Microsoft Internet Explorer.
Non-sensitive details (your email address etc.) are transmitted normally over the Internet, and this can never be guaranteed to be 100% secure. As a result, while we strive to protect your personal information, we cannot guarantee the security of any information you transmit to us, and you do so at your own risk. Once we receive your information, we make our best effort to ensure its security on our systems. Where we have given (or where you have chosen) a password which enables you to access certain parts of our websites, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.
We may analyse your personal information to create a profile of your interests and preferences so that we can contact you with information relevant to you. We may make use of additional information about you when it is available from external sources to help us do this effectively. We may also use your personal information to detect and reduce fraud and credit risk.
16. Links to other websites
In addition, if you linked to our website from a third party site, we cannot be responsible for the privacy policies and practices of the owners and operators of that third party site and recommend that you check the policy of that third party site.