PRIVACY POLICY

Privacy Policy

Oldercare (Haslemere) Limited provide services regulated by the Care Quality Commission at St Magnus Hospital, St Magnus Nursing and St Martha’s Hospital.

Oldercare Limited are committed to complying with the General Data Protection Regulation and the Data Protection Act 2018.

Looking after the personal information you share with us is very important, and we want you to be confident that your personal data is kept safely and securely and to understand how we use it.

We have published this notice to help you understand

  • how and why Oldercare collect information from you;
  • who we share your information with, why and on what basis;
  • what your rights are.

If we make changes to this notice it will be updated on our website.

Oldercare is the ‘Data Controller’ of the personal data you provide to us, and we will sometimes refer to ourselves in this notice as “we” or “us”. By Data Controller, this means we determine the purposes and way in which any personal data are, or will be, processed.

Should you need to contact us please write to:

Data Protection Officer

St Magnus Hospital and St Magnus Nursing
Marley Common,
Marley Lane,
Haslemere, GU27 3PX.

This privacy notice was last updated in February 2020.

 

What information do we collect and why?

Oldercare are committed to abiding by the data protection legislation which states that all personal information collected and held is done so in accordance with the following principles:

  1. used lawfully, fairly and in a transparent way;
  2. collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes;
  3. relevant to the purposes we have told you about and limited only to those purposes;
  4. accurate and kept up to date;
  5. kept only for as long as necessary for the purposes we have told you about; and
  6. kept securely.

We collect information about you in order to be able to give you the best health care and support, and to otherwise fulfil our obligations to you (for example if you are paying for our services and in the case of suppliers and employees).

The types of information we might collect about you:

  • Personal identifiers such as name, address, date of birth, National Insurance number
  • Contact details including phone number and email address, where applicable.
  • Financial information such as your bank account details
  • Support contact details: of your family, relatives and carers
  • Your likes and dislikes: for example food and hobbies to help us improve your care
  • Visual images: such as using CCTV in public areas

Health and other special category information we collect:

  • Notes and reports about your health, treatment and care and results of investigations and tests
  • Any relevant information from other health and social care professionals, who are, or have been, involved in your care including General Practices (GPs), Acute hospitals, Ambulance services, Clinical Commissioning Groups, NHS England, Dental, Community, Pharmaceutical and Mental Health Services, Walk-in Centres, Nursing Homes, and others including family and carers.
  • Offences and alleged offences, criminal proceedings, outcomes and sentences
  • Sexual life
  • Details about you such as racial or ethnic origin, gender, occupation, lifestyle and social circumstances, religion or similar belief
  • Information may be collected from other non-NHS organisations with whom you may also be receiving care such as social care organisations and partner services e.g. Alzheimer’s Society and Local Authorities.

Information about you may also be needed for the following reasons:

  • To investigate complaints, incidents or legal claims
  • To ensure that Oldercare receives funding from its commissioners to pay for your care
  • To prepare statistics on our performance in order to manage, improve and extend the services we are able to provide to you via the CCG commissioners, including providing anonymous data sets to NHS Digital
  • We might occasionally use your anonymised information for research with your explicit consent.

 

How do we use your information?

Data Protection says that we can only use and share your personal data where we have a proper reason to do so.

We may use your information in the following ways:

  • For the purposes of delivering health and social care for residents and patients
  • For research, with the proper permissions
  • For commissioning and service planning purposes
  • For regulatory and public health purposes
  • For employment purposes

 

Where do we get your information from?

We will collect and record information about you from a variety of sources including:

  1. from you directly ahead of your admission and during the course of your stay with us
  2. from your friends and relatives who provide us with information about you
  3. from anyone who has the authority to act on your behalf such as a power of attorney or deputy
  4. from healthcare professionals such as your GP, the organisation who refers you to us and officers in the local authority/ social services department

 

Who we share your information with and why

We will share your information with those health and care professionals who are directly involved in your care when they need to know.

There may also be situations where we need to share your personal information with other individuals and organisations outside of this, for example if someone’s health or safety is at risk or if we are required to by law. These may include:

  1. Healthcare, social and welfare organisations: Where it is lawful and necessary to do so, we will share information about you with other healthcare providers such as your GP, hospital staff, etc.
  2. Our commissioners and regulators: We may share your personal data with these public bodies when we are required to do so by law.
  3. Police forces and other law enforcement ag­encies: In limited circumstances we may be required to share your personal data with the police if required for the purposes of criminal investigations and law enforcement.
  4. IT support and other service suppliers: We might use external IT providers who may have access to your personal data from time to time as is necessary to perform their services.
  5. Attorneys: We may share your personal information with an individual who has legal authority to act on your behalf such as those granted power of attorney.

Oldercare work within the guidelines set out by data protection legislation as well as NHS healthcare guidelines, such as the NHS Caldicott principles.

 

How the NHS and care services use your information

Whenever you use a health or care service, such as attending Accident & Emergency or using Community Care services, important information about you is collected in a patient record for that service. Collecting this information helps to ensure you get the best possible care and treatment.

The information collected about you when you use these services can also be used and provided to other organisations for purposes beyond your individual care, for instance to help with:

  • improving the quality and standards of care provided
  • research into the development of new treatments
  • preventing illness and diseases
  • monitoring safety
  • planning services

This may only take place when there is a clear legal basis to use this information. All these uses help to provide better health and care for you, your family and future generations. Confidential patient information about your health and care is only used like this where allowed by law.

Most of the time, anonymised data is used for research and planning so that you cannot be identified in which case your confidential patient information isn’t needed.

You have a choice about whether you want your confidential patient information to be used in this way. If you are happy with this use of information you do not need to do anything. If you do choose to opt out your confidential patient information will still be used to support your individual care.

To find out more or to register your choice to opt out, please visit www.nhs.uk/your-nhs-data-matters.  On this web page you will:

  • See what is meant by confidential patient information
  • Find examples of when confidential patient information is used for individual care and examples of when it is used for purposes beyond individual care
  • Find out more about the benefits of sharing data
  • Understand more about who uses the data
  • Find out how your data is protected
  • Be able to access the system to view, set or change your opt-out setting
  • Find the contact telephone number if you want to know any more or to set/change your opt-out by phone
  • See the situations where the opt-out will not apply

You can also find out more about how patient information is used at:

https://www.hra.nhs.uk/information-about-patients/ (which covers health and care research); and

https://understandingpatientdata.org.uk/what-you-need-know (which covers how and why patient information is used, the safeguards and how decisions are made)

You can change your mind about your choice at any time.

Data being used or shared for purposes beyond individual care does not include your data being shared with insurance companies or used for marketing purposes and data would only be used in this way with your specific agreement.

Health and care organisations have until 2020 to put systems and processes in place so they can be compliant with the national data opt-out and apply your choice to any confidential patient information they use or share for purposes beyond your individual care. Oldercare is currently compliant with the national data opt-out policy.

 

Transfers to third countries

If you visit one of our websites we may collect and transfer your IP address to Google Analytics.

 

How long we keep your information

If we collect your personal information, the length of time we retain it is determined by several factors including the purpose for which we use that information and our obligations under other laws.

For healthcare purposes, and particularly mental health, these records need to be kept for long periods of time. These periods are guided by the NHS Digital retention schedule for 2016.

We may need your personal information to establish, bring or defend legal claims. For this purpose, we may retain your personal information after the date it is no longer needed by us for any of the purposes listed under How we use your information above. The only exceptions to this are where:

  • the law requires us to hold your personal information for a longer period, or delete it sooner;
  • you exercise your right to have the information erased (where it applies) and we do not need to hold it in connection with any of the reasons permitted or required under the law

 

What are your rights?

Under certain circumstances you have the following rights regarding your personal information:

  • Right to be informed -to be advised how your information is collected and used
  • Right of access –to request access to your personal information and information about how we process it
  • Right to rectification –to have your personal information corrected if it is inaccurate and to have incomplete personal information completed
  • Right to erasure (also known as the Right to be Forgotten) – to have your personal information erased.
  • Right to restriction of processing – to restrict processing of your personal information
  • Right to data portability – to electronically move, copy or transfer your personal information in a standard form
  • Right to object – to object to processing of your personal information
  • Rights with regards to automated individual decision making, including profiling –rights relating to automated decision making, including profiling

If you wish to exercise any of these rights please contact our Data Protection Officer.

 

Complaints

You have the right to complain to the Information Commissioner’s Office (the “ICO”) if you are not satisfied with the way we use your information, however you are encouraged to contact us in the first place and we will endeavour to answer any questions and resolve any issues you have.

You can contact the ICO by writing to Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF.

 

Employee Privacy Policy

Oldercare Limited are committed to complying with the General Data Protection Regulation and the Data Protection Act 2018.

Oldercare hold and process personal data about prospective, current and former employees, including temporary workers.

We have published this notice to help you understand

  • how and why Oldercare collect information from you;
  • who we share your information with, why and on what basis;
  • what your rights are.

If we make changes to this notice it will be updated on our website.

Oldercare is the ‘Data Controller’ of the personal data you provide to us, and we will sometimes refer to ourselves in this notice as “we” or “us”. By Data Controller, this means we determine the purposes and way in which any personal data are, or will be, processed.

 

What information do we collect and why?

The information we might collect and hold about you:

  • Personal identifiers such as name, address, date of birth, National Insurance number, copies of your passport/visa, professional registrations.
  • Contact details including phone number and email address.
  • Financial information such as your bank account details.
  • Family and circumstances details such as emergency contact and your partner if shared parental leave is requested
  • Education and work history such as qualifications and skills
  • Information about your job and contract such as hours, dates, leave taken, salary
  • Information about your job performance such as performance appraisals and any disciplinary/grievance procedures
  • Visual images: such as using CCTV in public areas and photographs

Health and other special category information we may collect:

  • Details of any periods of leave related to health or family leave etc.
  • Any health disabilities
  • Biometric data (fingerprints)
  • Any offences and alleged offences, criminal proceedings, outcomes and sentences
  • Your fitness to practice in professions that are regulated
  • Details about you such as racial or ethnic origin, gender, sexual orientation, lifestyle and social circumstances, religion or similar belief, Trade union affiliations

 

How do we use your information? 

Data Protection says that we can only use and share your personal data where we have a proper reason to do so.

We process some of your data

  • For the performance of a contract of employment with you
  • To comply with a relevant legal obligation
  • In Oldercare’s legitimate interest

We process some special category data

  • For the performance of our obligations in relation to employment

Exceptionally we may process and share information about you in your vital interest, for example in a medical emergency.

 

Where do we get your information from?

We will collect and record information about you from a variety of sources including:

  • from you directly ahead of your employment and during the course of your job application
  • from you when you commence employment with us
  • from you during the course of your employment

Data we receive from third parties about you may include:

  • Referees
  • Organisations you have named as part of your application
  • HMRC
  • Pension scheme providers
  • DBS

 

Who we share your information with and why

  • Other employees of Oldercare including HR, education, finance, IT and security departments in order to administer your employment, provide you with required training and the tools and facilities to do your job.
  • Your line manager in order to facilitate performance management and promotions
  • HMRC in order to meet our statutory obligation
  • Pension scheme providers in order to enrol you in a pension scheme and ensure contributions are correct
  • DBS when we need to perform criminal record check
  • The Home Office in connection with UK visas and immigration
  • When necessary the police or other law enforcement agencies
  • When necessary internal and external auditors
  • When necessary to third parties requesting a reference with your consent
  • Just Payroll Service as an outsourced third party provider of payroll for employed staff

 

How long we keep your information

If we collect your personal information, the length of time we retain it is determined by several factors including the purpose for which we use that information and our obligations under other laws.

We may need your personal information to establish, bring or defend legal claims. For this purpose, we may retain your personal information after the date it is no longer needed by us for any of the purposes listed under How we use your information above.

The only exceptions to this are where:

  • the law requires us to hold your personal information for a longer period, or delete it sooner;
  • you exercise your right to have the information erased (where it applies) and we do not need to hold it in connection with any of the reasons permitted or required under the law

 

What are your rights?

Under certain circumstances you have the following rights regarding your personal information:

  • Right to be informed -to be advised how your information is collected and used
  • Right of access –to request access to your personal information and information about how we process it
  • Right to rectification –to have your personal information corrected if it is inaccurate and to have incomplete personal information completed
  • Right to erasure (also known as the Right to be Forgotten) – to have your personal information erased.
  • Right to restriction of processing – to restrict processing of your personal information
  • Right to data portability – to electronically move, copy or transfer your personal information in a standard form
  • Right to object – to object to processing of your personal information
  • Rights with regards to automated individual decision making, including profiling –rights relating to automated decision making, including profiling

If you wish to exercise any of these rights please contact our Data Protection Officer.

 

Complaints

You have the right to complain to the Information Commissioner’s Office (the “ICO”) if you are not satisfied with the way we use your information, however you are encouraged to contact us in the first place and we will endeavour to answer any questions and resolve any issues you have.

You can contact the ICO by writing to Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF.

Revised and updated February 2020.

To deal with a general enquiry or specific enquiry.

(a) Identity

(b) Contact

(a) Consent

(b) Necessary for our legitimate interests (recruitment and to communicate with our customers, partners and other third parties)

Your right to complain

If you have a complaint about our use of your information, we would prefer you to contact us directly in the first instance so that we can address your complaint. However, you can also contact the Information Commissioner’s Office via their website at www.ico.org.uk/concerns or write to them at:

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Updates to this Privacy Policy

We regularly review and, if appropriate, update this privacy policy from time to time, and as our services and use of personal data evolves. If we want to make use of your personal data in a way that we haven’t previously identified, we will contact you to provide information about this and, if necessary, to ask for your consent.

We will update the version number and date of this document each time it is changed.

February 2019 V5.1

MAKE A
REFERRAL

ST MAGNUS
NEWS

GET IN TOUCH
WITH US

SIGN UP TO OUR NEWSLETTER

  • This field is for validation purposes and should be left unchanged.

Start typing and press Enter to search