PRIVACY POLICY

Privacy Policy

Oldercare (Haslemere) Limited provide services regulated by the Care Quality Commission at St Magnus Hospital and Rosemary Park Nursing Home.

Oldercare Limited is committed to complying with the General Data Protection Regulation and the Data Protection Act 2018.

Looking after the personal information you share with us is very important, and we want you to be confident that your personal data is kept safely and securely and to understand how we use it.

We have published this notice to help you understand

  • how and why Oldercare collect information from you;
  • who we share your information with, why and on what basis;
  • what your rights are.

If we make changes to this notice it will be updated on our website. Oldercare is the ‘Data Controller’ of the personal data you provide to us, and we will sometimes refer to ourselves in this notice as “we” or “us”. By Data Controller, this means we determine the purposes and way in which any personal data are, or will be, processed.

Should you need to contact us please write to: –
Data Protection Officer
St Magnus Hospital and Rosemary Park Nursing Home
Marley Common,
Marley Lane,
Haslemere,
Surrey.
GU27 3PX.

What information do we collect and why?
Oldercare is committed to abiding by the data protection legislation which states that all personal information collected and held is done so in accordance with the following principles:

  1. used lawfully, fairly and in a transparent way;
  2. collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes;
  3. relevant to the purposes we have told you about and limited only to those purposes;
  4. accurate and kept up to date;
  5. kept only for as long as necessary for the purposes we have told you about; and
  6. kept securely.

We collect information about you in order to be able to give you the best health care and support, and to otherwise fulfil our obligations to you (for example if you are paying for our services and in the case of suppliers and employees).

The types of information we might collect about you: –

  • Personal identifiers such as name, address, date of birth, National Insurance number
  • Contact details including phone number and email address, where applicable.
  • Financial information such as your bank account details
  • Support contact details: of your family, relatives and carers
  • Your likes and dislikes: for example food and hobbies to help us improve your care
  • Visual images: such as using CCTV in public areas

Health and other special category information we collect: –

  • Notes and reports about your health, treatment and care and results of investigations and tests
  • Any relevant information from other health and social care professionals, who are, or have been, involved in your care including General Practices (GPs), Acute hospitals, Ambulance services, Clinical Commissioning Groups, NHS England, Dental, Community, Pharmaceutical and Mental Health Services, Walk-in Centres, Nursing Homes, and others including family and carers.
  • Offences and alleged offences, criminal proceedings, outcomes and sentences
  • Sexual life
  • Details about you such as racial or ethnic origin, gender, occupation, lifestyle and social circumstances, religion or similar belief
  • Information may be collected from other non-NHS organisations with whom you may also be receiving care such as social care organisations and partner services e.g. Alzheimer’s Society and Local Authorities.

Information about you may also be needed for the following reasons: –

  • To investigate complaints, incidents or legal claims
  • To ensure that Oldercare receives funding from its commissioners to pay for your care
  • To prepare statistics on our performance in order to manage, improve and extend the services we are able to provide to you via the CCG commissioners, including providing anonymous data sets to NHS Digital
  • We might occasionally use your anonymised information for research with your explicit consent.

How do we use your information?
Data Protection says that we can only use and share your personal data where we have a proper reason to do so.

We may use your information in the following ways: –

  • For the purposes of delivering health and social care for residents and patients
  • For research, with the proper permissions
  • For commissioning and service planning purposes
  • For regulatory and public health purposes
  • For employment purposes

Where do we get your information from?
We will collect and record information about you from a variety of sources including:

  1. from you directly ahead of your admission and during the course of your stay with us
  2. from your friends and relatives who provide us with information about you
  3. from anyone who has the authority to act on your behalf such as a power of attorney or deputy
  4. from healthcare professionals such as your GP, the organisation who refers you to us and officers in the local authority/ social services department

Who we share your information with and why
We will share your information with those health and care professionals who are directly involved in your care when they need to know.

There may also be situations where we need to share your personal information with other individuals and organisations outside of this, for example if someone’s health or safety is at risk or if we are required to by law. These may include:

  1. Healthcare, social and welfare organisations: Where it is lawful and necessary to do so, we will share information about you with other healthcare providers such as your GP, hospital staff, etc.
  2. Our commissioners and regulators: We may share your personal data with these public bodies when we are required to do so by law.
  3. Police forces and other law enforcement agencies: In limited circumstances we may be required to share your personal data with the police if required for the purposes of criminal investigations and law enforcement.
  4.  IT support and other service suppliers: We might use external IT providers who may have access to your personal data from time to time as is necessary to perform their services.
  5.  Attorneys: We may share your personal information with an individual who has legal authority to act on your behalf such as those granted power of attorney.

Oldercare work within the guidelines set out by data protection legislation as well as NHS healthcare guidelines, such as the NHS Caldicott principles.

Transfers to third countries
If you visit one of our websites we may collect and transfer your IP address to Google Analytics.

How long we keep your information
If we collect your personal information, the length of time we retain it is determined by several factors including the purpose for which we use that information and our obligations under other laws.

For healthcare purposes, and particularly mental health, these records need to be kept for long periods of time. These periods are guided by the NHS Digital retention schedule for 2016.

We may need your personal information to establish, bring or defend legal claims. For this purpose, we may retain your personal information after the date it is no longer needed by us for any of the purposes listed under How we use your information above. The only exceptions to this are where:

  • the law requires us to hold your personal information for a longer period, or delete it sooner;
  • you exercise your right to have the information erased (where it applies) and we do not need to hold it in connection with any of the reasons permitted or required under the law

What are your rights?
Under certain circumstances you have the following rights regarding your personal information:

  • Right to be informed -to be advised how your information is collected and used
  • Right of access –to request access to your personal information and information about how we process it
  • Right to rectification –to have your personal information corrected if it is inaccurate and to have incomplete personal information completed
  • Right to erasure (also known as the Right to be Forgotten) – to have your personal information erased
  • Right to the restriction of processing – to restrict processing of your personal information
  • Right to data portability – to electronically move, copy or transfer your personal information in a standard form
  • Right to object – to object to the processing of your personal information
  • Rights with regards to automated individual decision making, including profiling –rights relating to automated decision making, including profiling

If you wish to exercise any of these rights please contact our Data Protection Officer.

Complaints
You have the right to complain to the Information Commissioner’s Office (the “ICO”) if you are not satisfied with the way we use your information, however you are encouraged to contact us in the first place and we will endeavour to answer any questions and resolve any issues you have.

You can contact the ICO by writing to Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF.

Employee Privacy Policy

Oldercare Limited is committed to complying with the General Data Protection Regulation and the Data Protection Act 2018.

Oldercare hold and process personal data about prospective, current and former employees, including temporary workers.

We have published this notice to help you understand

  • how and why Oldercare collect information from you;
  • who we share your information with, why and on what basis;
  • what your rights are.

If we make changes to this notice it will be updated on our website.

Oldercare is the ‘Data Controller’ of the personal data you provide to us, and we will sometimes refer to ourselves in this notice as “we” or “us”. By Data Controller, this means we determine the purposes and way in which any personal data are, or will be, processed.

What information do we collect and why?
The information we might collect and hold about you:

  • Personal identifiers such as name, address, date of birth, National Insurance number, copies of your passport/visa, professional registrations.
  • Contact details including phone number and email address.
  • Financial information such as your bank account details.
  • Family and circumstances details such as emergency contact and your partner ifshared parental leave is requested
  • Education and work history such as qualifications and skills
  • Information about your job and contract such as hours, dates, leave taken, salary
  • Information about your job performance such as performance appraisals and anydisciplinary/grievance procedures
  • Visual images: such as using CCTV in public areas and photographs

Health and other special category information we may collect:

  • Details of any periods of leave related to health or family leave etc.
  • Any health disabilities
  • Biometric data (fingerprints)
  • Any offences and alleged offences, criminal proceedings, outcomes and sentences
  • Your fitness to practice in professions that are regulated
  • Details about you such as racial or ethnic origin, gender, sexual orientation, lifestyle and social circumstances, religion or similar belief, Trade union affiliations

How do we use your information?
Data Protection says that we can only use and share your personal data where we have a proper reason to do so.

We process some of your data

  • For the performance of a contract of employment with you
  • To comply with a relevant legal obligation
  • In Oldercare’s legitimate interest
  • We process some special category data
  • For the performance of our obligations in relation to employment

Exceptionally we may process and share information about you in your vital interest, for example in a medical emergency.

Where do we get your information from?
We will collect and record information about you from a variety of sources including:

  • from you directly ahead of your employment and during the course of your job application
  • from you when you commence employment with us
  • from you during the course of your employment

Data we receive from third parties about you may include: –

  • Referees
  • Organisations you have named as part of your application
  • HMRC
  • Pension scheme providers
  • DBS

Who we share your information with and why

  • Other employees of Oldercare including HR, education, finance, IT and security departments in order to administer your employment, provide you with required training and the tools and facilities to do your job.
  • Your line manager in order to facilitate performance management and promotions
  • HMRC in order to meet our statutory obligation
  • Pension scheme providers in order to enrol you in a pension scheme and ensurecontributions are correct
  • DBS when we need to perform criminal record check
  • The Home Office in connection with UK visas and immigration
  • When necessary the police or other law enforcement agencies
  • When necessary internal and external auditors
  • When necessary to third parties requesting a reference with your consent

How long we keep your information
If we collect your personal information, the length of time we retain it is determined by several factors including the purpose for which we use that information and our obligations under other laws.

We may need your personal information to establish, bring or defend legal claims. For this purpose, we may retain your personal information after the date it is no longer needed by us for any of the purposes listed under How we use your information above.

The only exceptions to this are where: –

  • the law requires us to hold your personal information for a longer period, or delete it sooner;
  • you exercise your right to have the information erased (where it applies) and we do not need to hold it in connection with any of the reasons permitted or required under the law

What are your rights?
Under certain circumstances you have the following rights regarding your personal information:

  • Right to be informed -to be advised how your information is collected and used
  • Right of access –to request access to your personal information and informationabout how we process it
  • Right to rectification –to have your personal information corrected if it is inaccurateand to have incomplete personal information completed
  • Right to erasure (also known as the Right to be Forgotten) – to have your personalinformation erased
  • Right to restriction of processing – to restrict processing of your personal information
  • Right to data portability – to electronically move, copy or transfer your personalinformation in a standard form
  • Right to object – to object to processing of your personal information
  • Rights with regards to automated individual decision making, including profiling –rights relating to automated decision making, including profiling

If you wish to exercise any of these rights please contact our Data Protection Officer.

Complaints
You have the right to complain to the Information Commissioner’s Office (the “ICO”) if you are not satisfied with the way we use your information, however you are encouraged to contact us in the first place and we will endeavour to answer any questions and resolve any issues you have.

You can contact the ICO by writing to Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

Updates to this Privacy Policy

We regularly review and, if appropriate, update this privacy policy from time to time, and as our services and use of personal data evolves. If we want to make use of your personal data in a way that we haven’t previously identified, we will contact you to provide information about this and, if necessary, to ask for your consent.

We will update the version number and date of this document each time it is changed.

Last updated September 2019.

To deal with a general enquiry or specific enquiry.

(a) Identity

(b) Contact

(a) Consent

(b) Necessary for our legitimate interests (recruitment and to communicate with our customers, partners and other third parties)

Your right to complain

If you have a complaint about our use of your information, we would prefer you to contact us directly in the first instance so that we can address your complaint. However, you can also contact the Information Commissioner’s Office via their website at www.ico.org.uk/concerns or write to them at:

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Updates to this Privacy Policy

We regularly review and, if appropriate, update this privacy policy from time to time, and as our services and use of personal data evolves. If we want to make use of your personal data in a way that we haven’t previously identified, we will contact you to provide information about this and, if necessary, to ask for your consent.

We will update the version number and date of this document each time it is changed.

February 2019 V5.1

MAKE A
REFERRAL

ST MAGNUS
NEWS

GET IN TOUCH
WITH US

SIGN UP TO OUR NEWSLETTER

  • This field is for validation purposes and should be left unchanged.

Start typing and press Enter to search