Privacy Policy

Privacy Policy

Please read this privacy policy carefully as it contains important information on how and why we collect, store, use and share personal information, your rights in relation to your personal information and how to contact us and other relevant organisations if you wish to make a complaint.

Introduction

In order that Crossroads Care Rotherham can provide care and support services to the people we support, we collect and use certain personal and sensitive information about you.

‘Personal data’ is any information that relates to a living, identifiable person. This data can include your name, contact details, and other information we gather as part of our relationship with you, but it does not include information where your identity has been removed (anonymous data).

‘Sensitive Information’ is information about race or ethnic origin, religious, political or other beliefs, physical or mental health, sexual orientation. The collection and use of these types of data is subject to strict controls.

As the ‘controller’ of personal information, we are responsible for how the data is managed. The General Data Protection Regulation (GDPR), which applies in the United Kingdom and across the European Union, sets out our obligations to you and your rights in respect of how we manage your personal information.

As the ‘controller’ of your personal information, we will ensure that the data we hold about you is:

  • Used lawfully, fairly and in a transparent way
  • Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes
  • Relevant to the purposes we have told you about and limited only to those purposes
  • Accurate and kept up to date
  • Kept only as long as necessary
  • Kept and destroyed securely

This policy explains why and how we process your data, and explains the rights you have around your data, including the right to access it and to object to the way it is processed.

Please see the section on ‘Your rights’ for more information.

Please note when we refer to:

A ‘public body‘ we mean any organisation in the UK which delivers, commissions or reviews a public service and includes (but is not limited to) the Ombudsman, RMBC, Rotherham CCG (Clinical Commissioning Group), the National Health Service and CQC (Care Quality Commission)

A ‘health or social care professional‘ we mean any person who provides direct services, acts as consultant or is involved in the commission of your healthcare or social care services, including (but not limited to) your general practitioner (GP), dental staff, pharmacists, nurses and health visitors, clinical psychologists, dieticians, physiotherapists, occupational therapists, hospital staff, social workers and other care and support related professionals.

 

How to contact us

If you have any questions about this privacy policy or would like further explanation as to how your personal information is managed, please contact:

Data Protection Officer

Crossroads Care Rotherham

Unit H, The Point

Rotherham

S60 1BP

Email: info@crossroadsrotherham.co.uk

Tel:     01709 360272

The personal information we collect and use in relation to people who enquire about and use our services

Information collected by us

When you enquire about our care and support services through our website, phone, email, post, face-to-face or social media, and during the course of providing care and support services to you, we collect the following personal information when you provide it to us:

  • Your name, home address, date of birth, gender and contact details (including your telephone number, email address)
  • Information about your next of kin, emergency contacts details and power of attorney. (i.e. name, relationship, home and telephone numbers)
  • Your personal care plan including assessment of your needs and preferences, health conditions, medication information, communication methods, mobility assistance and risk assessments.
  • Information relating to resuscitation requirements
  • Contact details for your GP
  • Your likes, dislikes and lifestyle preferences (including your religious beliefs or other beliefs of a similar nature, racial or ethnic origin, health and sexual orientation (so far as they relate to providing you with suitable care)
  • Your feedback and contributions to questionnaires and surveys about the service we offer
  • Your complaints, compliments or concerns about the service we provide
  • Any accidents and incidents or near misses you may have been involved in whilst on our premises or whilst our employees are delivering a service to you – this may include details of injuries and treatment you may have received.

Please be aware that our website may provide you with links to other websites. If you follow a link to any other website please note they have their own privacy policy.

Whether information has to be provided by you, and if so why

The provision of your care needs, including medical, physical or mental condition is necessary to enable us to create a care plan and to provide you with suitable care and support services. Without this information, we will not be able to assess your care needs or provide any care services to you.

The provision of your name, home address and telephone number is required so that we can arrange a care support worker to attend your home to deliver service.

Information collected from other sources

We work closely with third parties such as health and social care professionals and public bodies. We therefore also obtain personal information about you from other sources such as:

  • Your allergies and any medical, physical or mental conditions, assessments and in particular your care and support needs, from any appropriate external health or social care professionals.
  • Your name, home address, date of birth, contact details, needs assessments and financial assessments from any appropriate external health or social care professionals (including any relevant public body regardless of whether you are publicly funded)
  • Your likes, dislikes and lifestyle preferences (including your religious beliefs or other beliefs of a similar nature, racial or ethnic origin, health and sexual orientation (so far as they relate to providing you with suitable care) from your family, friends and any other person you have nominated as your representative
  • Your legal representative (for example Lasting Power of Attorney), if applicable

How we use your personal information

We use your personal information to:

  • Prepare, review and update a suitable care support plan, describing the nature and level of care and support services which you have requested
  • To communicate with you, your representatives and any appropriate external health or social care professionals about your individual needs and personalise the service delivered to you
  • Respond, should your care needs change, to meet your individual needs and ensure the safety of you and your Care Support Worker.
  • Invoice you for the care and support services in accordance with the contractual terms and conditions
  • Carry out quality visits, monitor the effectiveness of our services and improve our customer experience
  • Send information about our services and events which we believe you may be interested in. You may unsubscribe from this at any time
  • Notify you about changes to our services which are relevant to you
  • Respond to you following an enquiry received via our website

Who we share your personal information with

We may share your medical information with appropriate external health or social care professionals (including your GP and pharmacist) and any individuals you have nominated as your representative as and when required. This data sharing enables us to establish the type of care and support you need, it also allows us to work with you to design the right care package to suit your individual needs.

We will share personal information with law enforcement or other authorities if legally required to do so. This includes information required by public bodies to evidence our compliance with the applicable regulatory framework. We are also required to share personal information with external health or social care professionals, including public bodies and local safeguarding groups (in some circumstances) to ensure your safety.

We will share relevant personal information with Care Support Workers and the Care Management Team on a need to know basis in order to provide safe and effective services to you.

We will share information with our insurance company and where applicable with the Health & Safety Executive, following accidents & incidents.

We will not share, your personal information with any other third party without your consent.

We will never sell or trade your personal information with any other third party.

In order to deliver our service to you we rely on third parties to provide specialist support to us. To provide this support they will have access to or a duty of care over your personal information. These providers are:

  • IT and Telecoms Support companies – to ensure the safe, secure and resilient operation of our IT infrastructure including computers, servers, phones and mobile devices
  • Software support companies – to provide specialist support and resolve issues with the software that we run, for example the systems we use to store and manage your customer records
  • Data archiving companies – responsible for the secure storage and destruction of records.

These providers operate under a written contract to ensure the same level of privacy and security that we promise to you.

How long your personal information will be kept

Some retention periods are based on legal requirements while others take into account practical needs to keep the data.

We will hold:

  • personal information in hard copy format and electronically for the duration of your service delivery plus 8 years
  • information relating to accidents and incidents for a minimum of 10 years depending upon the severity
  • financial transactions records for 6 years

Retention periods are in line with the following document:

Records Management Code of Practice for Health and Social Care 2016.

 

Once the applicable retention period expires, unless we are legally required to keep the data longer, or there are important and justifiable reasons why we should keep it, we will securely delete electronic data and destroy hard copies, using a reputable shredding company.

How do we protect your data?

The confidentiality and security of your information is of paramount importance to us. We have appropriate organisational and technical security measures in place to prevent personal information from being accidentally lost, or used or accessed in an unauthorised way. We limit access to your personal information to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.

Security measures in place:

  • Data Protection Policy
  • Information Governance Audits
  • Password protected computers and Management IT systems
  • We may engage third parties to process personal data on its behalf, they do so on the basis of written instructions, are under a duty of confidentiality and are obliged to implement appropriate technical and organisational measures to ensure the security of data.

We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.

Reasons we can collect and use your personal information

We rely on the following grounds within the GDPR:

  • Article 6(1)(a) – processing is conducted with your consent to process personal data for specified purposes
  • Article 6(1)(b) – processing is necessary for the performance of our contracts to provide individuals with care and support services
  • Article 6(1)(c) – processing is necessary for us to demonstrate compliance with our regulatory framework and the law
  • Article 6 (1)(e) – for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller
  • Article 6(1)(f) – to process your personal data in pursuit of legitimate interests, which include;
    • Events and Fundraising Information – the privacy impact on you is expected to be minimal. Information will be specific to events we believe are of interest to you using information from enquiries we receive from you, you can unsubscribe at any time

GDPR recognises that additional care is required when processing special category (sensitive) data such as your health. We process this under the following grounds within GDPR;

  • Article 9(2)(h) – processing is necessary for the provision of social care or the management of social care systems and services

International transfers

All your personal data is stored and processed on systems that are within the European Economic Area (EEA) and offer the same level of legal protection and rights over your data.

If you would like further information, please contact us.

Your rights

As a data subject, you have the following rights, without charge, in relation to your personal data processed by us:

  • To be informed about how your data is handled;
  • To gain access to your personal data;
  • To have errors or inaccuracies in your data changed;
  • To have your personal data erased, in limited circumstances;
  • To object to the processing of your personal data for marketing purposes or when the processing is based on the public interest or other legitimate interests;
  • To restrict the processing of your personal data, in limited circumstances;
  • To obtain a copy of some of your data in a commonly used electronic form, in limited circumstances;

For further information on each of these rights, including the circumstances in which they apply, see the Guidance from the UK Information Commissioner’s Office (ICO) on individuals’ rights under the General Data Protection Regulation.

If you would like to exercise any of these rights, please contact:

The Data Protection Officer

Crossroads Care Rotherham

Unit H, The Point

Bradmarsh

Rotherham

S60 1BP

Email: info@crossroadsrotherham.co.uk

Tel:     01709 360272

Contact us using the details above making clear that you wish to exercise one of your privacy rights

  • Let us have enough information to identify you (e.g. your name and address)
  • Let us have proof of your identity and address (a copy of your driving licence or passport and a recent utility or credit card bill), and
  • Let us know the information to which your request relates, including any account or reference numbers, if you have them
  • If you would like to unsubscribe from any news/events emails you can click on the ‘unsubscribe’ button at the bottom of the emails. It may take up to 14 days for this to take place.

Withdrawing Consent

If we are relying on ‘consent’ to process your data, you may withdraw your consent at any time.

 

How to complain

We hope that we can resolve any query or concern you raise about our use of your information. You can raise any concern you may have with:

The Data Protection Officer

Crossroads Care Rotherham

Unit H, The Point

Bradmarsh

Rotherham

S60 1BP

Email: info@crossroadsrotherham.co.uk

Tel:     01709 360272

You have a right to complain to the Information Commissioner’s Office (ICO) about the way in which we process your personal data. You can make a complaint by visiting:

https://ico.org.uk/https://ico.org.uk/concerns/ or

Telephone: 0303 123 1113.

 

Changes to this privacy policy

This privacy policy was updated on 22nd May 2018.

We may change this privacy policy from time to time, when changes are significant we will draw your attention to this via our website.