PRIVACY POLICY

Privacy Policy

Oldercare (Haslemere) Limited provide services regulated by the Care Quality Commission at St Magnus Hospital and Rosemary Park Nursing Home.

Oldercare Limited are committed to complying with the General Data Protection Regulation and the Data Protection Act 2018.

Looking after the personal information you share with us is very important, and we want you to be confident that your personal data is kept safely and securely and to understand how we use it.

We have published this notice to help you understand

  • how and why Oldercare collect information from you;
  • who we share your information with, why and on what basis;
  • what your rights are.If we make changes to this notice it will be updated on our website.Oldercare is the ‘Data Controller’ of the personal data you provide to us, and we will sometimes refer to ourselves in this notice as “we” or “us”. By Data Controller, this means we determine the purposes and way in which any personal data are, or will be, processed.Should you need to contact us please write to:
    Data Protection Officer
    St Magnus Hospital and Rosemary Park Nursing Home Marley Common,
    Marley Lane,
    Haslemere, GU27 3PX.
    This privacy notice was last updated in March 2019.

 

 

What information do we collect and why?

Oldercare are committed to abiding by the data protection legislation which states that all personal information collected and held is done so in accordance with the following principles:

Oldercare (Haslemere) Ltd, Privacy Policy, March 2019

  1. used lawfully, fairly and in a transparent way;
  2. collected only for valid purposes that we have clearly explained to you and not usedin any way that is incompatible with those purposes;
  3. relevant to the purposes we have told you about and limited only to those purposes;
  4. accurate and kept up to date;
  5. kept only for as long as necessary for the purposes we have told you about; and
  6. kept securely.

We collect information about you in order to be able to give you the best health care and support, and to otherwise fulfil our obligations to you (for example if you are paying for our services and in the case of suppliers and employees).

The types of information we might collect about you:

  • Personal identifiers such as name, address, date of birth, National Insurance number
  • Contact details including phone number and email address, where applicable.
  • Financial information such as your bank account details
  • Support contact details: of your family, relatives and carers
  • Your likes and dislikes: for example food and hobbies to help us improve your care
  • Visual images: such as using CCTV in public areasHealth and other special category information we collect:
  • Notes and reports about your health, treatment and care and results of investigations and tests
  • Any relevant information from other health and social care professionals, who are, or have been, involved in your care including General Practices (GPs), Acute hospitals, Ambulance services, Clinical Commissioning Groups, NHS England, Dental, Community, Pharmaceutical and Mental Health Services, Walk-in Centres, Nursing Homes, and others including family and carers.
  • Offences and alleged offences, criminal proceedings, outcomes and sentences
  • Sexual life
  • Details about you such as racial or ethnic origin, gender, occupation, lifestyle andsocial circumstances, religion or similar belief
  • Information may be collected from other non-NHS organisations with whom youmay also be receiving care such as social care organisations and partner services e.g. Alzheimer’s Society and Local Authorities.Information about you may also be needed for the following reasons:
  • To investigate complaints, incidents or legal claims
  • To ensure that Oldercare receives funding from its commissioners to pay for yourcare
  • To prepare statistics on our performance in order to manage, improve and extendthe services we are able to provide to you via the CCG commissioners, including providing anonymous data sets to NHS Digital

Oldercare (Haslemere) Ltd, Privacy Policy, March 2019

• We might occasionally use your anonymised information for research with your explicit consent.

 

How do we use your information?

Data Protection says that we can only use and share your personal data where we have a proper reason to do so.

We may use your information in the following ways:

  • For the purposes of delivering health and social care for residents and patients
  • For research, with the proper permissions
  • For commissioning and service planning purposes
  • For regulatory and public health purposes
  • For employment purposes

 

Where do we get your information from?

We will collect and record information about you from a variety of sources including:

  1. from you directly ahead of your admission and during the course of your stay with us
  2. from your friends and relatives who provide us with information about you
  3. from anyone who has the authority to act on your behalf such as a power ofattorney or deputy
  4. from healthcare professionals such as your GP, the organisation who refers you to usand officers in the local authority/ social services department

 

Who we share your information with and why

We will share your information with those health and care professionals who are directly involved in your care when they need to know.

There may also be situations where we need to share your personal information with other individuals and organisations outside of this, for example if someone’s health or safety is at risk or if we are required to by law. These may include:

  1. Healthcare, social and welfare organisations: Where it is lawful and necessary to do so, we will share information about you with other healthcare providers such as your GP, hospital staff, etc.
  2. Our commissioners and regulators: We may share your personal data with these public bodies when we are required to do so by law.
  3. Police forces and other law enforcement agencies: In limited circumstances we may be required to share your personal data with the police if required for the purposes of criminal investigations and law enforcement.

Oldercare (Haslemere) Ltd, Privacy Policy, March 2019

  1. IT support and other service suppliers: We might use external IT providers who may have access to your personal data from time to time as is necessary to perform their services.
  2. Attorneys: We may share your personal information with an individual who has legal authority to act on your behalf such as those granted power of attorney.

Oldercare work within the guidelines set out by data protection legislation as well as NHS healthcare guidelines, such as the NHS Caldicott principles.

 

Transfers to third countries
If you visit one of our websites we may collect and transfer your IP address to Google Analytics.

 

How long we keep your information

If we collect your personal information, the length of time we retain it is determined by several factors including the purpose for which we use that information and our obligations under other laws.

For healthcare purposes, and particularly mental health, these records need to be kept for long periods of time. These periods are guided by the NHS Digital retention schedule for 2016.

We may need your personal information to establish, bring or defend legal claims. For this purpose, we may retain your personal information after the date it is no longer needed by us for any of the purposes listed under How we use your information above. The only exceptions to this are where:

  • the law requires us to hold your personal information for a longer period, or delete it sooner;
  • you exercise your right to have the information erased (where it applies) and we do not need to hold it in connection with any of the reasons permitted or required under the law

 

What are your rights?

Under certain circumstances you have the following rights regarding your personal information:

  • Right to be informed -to be advised how your information is collected and used
  • Right of access –to request access to your personal information and informationabout how we process it
  • Right to rectification –to have your personal information corrected if it is inaccurateand to have incomplete personal information completed

Oldercare (Haslemere) Ltd, Privacy Policy, March 2019

  • Right to erasure (also known as the Right to be Forgotten) – to have your personal information erased.
  • Right to restriction of processing – to restrict processing of your personal information
  • Right to data portability – to electronically move, copy or transfer your personal information in a standard form
  • Right to object – to object to processing of your personal information
  • Rights with regards to automated individual decision making, including profiling –rights relating to automated decision making, including profiling

If you wish to exercise any of these rights please contact our Data Protection Officer.

 

Complaints

You have the right to complain to the Information Commissioner’s Office (the “ICO”) if you are not satisfied with the way we use your information, however you are encouraged to contact us in the first place and we will endeavour to answer any questions and resolve any issues you have.

You can contact the ICO by writing to Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF.

Oldercare (Haslemere) Ltd, Privacy Policy, March 2019

 

Employee Privacy Policy

Oldercare Limited are committed to complying with the General Data Protection Regulation and the Data Protection Act 2018.

Oldercare hold and process personal data about prospective, current and former employees, including temporary workers.

We have published this notice to help you understand

  • how and why Oldercare collect information from you;
  • who we share your information with, why and on what basis;
  • what your rights are.If we make changes to this notice it will be updated on our website.Oldercare is the ‘Data Controller’ of the personal data you provide to us, and we will sometimes refer to ourselves in this notice as “we” or “us”. By Data Controller, this means we determine the purposes and way in which any personal data are, or will be, processed.

What information do we collect and why?

The information we might collect and hold about you:

  • Personal identifiers such as name, address, date of birth, National Insurance number, copies of your passport/visa, professional registrations.
  • Contact details including phone number and email address.
  • Financial information such as your bank account details.
  • Family and circumstances details such as emergency contact and your partner ifshared parental leave is requested
  • Education and work history such as qualifications and skills
  • Information about your job and contract such as hours, dates, leave taken, salary
  • Information about your job performance such as performance appraisals and anydisciplinary/grievance procedures
  • Visual images: such as using CCTV in public areas and photographsHealth and other special category information we may collect:
  • Details of any periods of leave related to health or family leave etc.
  • Any health disabilities
  • Biometric data (fingerprints)
  • Any offences and alleged offences, criminal proceedings, outcomes and sentences
  • Your fitness to practice in professions that are regulated
  • Details about you such as racial or ethnic origin, gender, sexual orientation, lifestyle and social circumstances, religion or similar belief, Trade union affiliations

Oldercare (Haslemere) Ltd, Privacy Policy, March 2019

 

How do we use your information?

Data Protection says that we can only use and share your personal data where we have a proper reason to do so.

We process some of your data

  • For the performance of a contract of employment with you
  • To comply with a relevant legal obligation
  • In Oldercare’s legitimate interestWe process some special category data

• For the performance of our obligations in relation to employment

Exceptionally we may process and share information about you in your vital interest, for example in a medical emergency.

 

Where do we get your information from?

We will collect and record information about you from a variety of sources including:

  • from you directly ahead of your employment and during the course of your job application
  • from you when you commence employment with us
  • from you during the course of your employmentData we receive from third parties about you may include:
  • Referees
  • Organisations you have named as part of your application
  • HMRC
  • Pension scheme providers
  • DBS

 

Who we share your information with and why

  • Other employees of Oldercare including HR, education, finance, IT and security departments in order to administer your employment, provide you with required training and the tools and facilities to do your job.
  • Your line manager in order to facilitate performance management and promotions
  • HMRC in order to meet our statutory obligation
  • Pension scheme providers in order to enrol you in a pension scheme and ensurecontributions are correct
  • DBS when we need to perform criminal record check

Oldercare (Haslemere) Ltd, Privacy Policy, March 2019

  • The Home Office in connection with UK visas and immigration
  • When necessary the police or other law enforcement agencies
  • When necessary internal and external auditors
  • When necessary to third parties requesting a reference with your consent

 

How long we keep your information

  • If we collect your personal information, the length of time we retain it is determined by several factors including the purpose for which we use that information and our obligations under other laws.We may need your personal information to establish, bring or defend legal claims. For this purpose, we may retain your personal information after the date it is no longer needed by us for any of the purposes listed under How we use your information above.The only exceptions to this are where:
  • the law requires us to hold your personal information for a longer period, or delete it sooner;
  • you exercise your right to have the information erased (where it applies) and we do not need to hold it in connection with any of the reasons permitted or required under the lawWhat are your rights?Under certain circumstances you have the following rights regarding your personal information:
  • Right to be informed -to be advised how your information is collected and used
  • Right of access –to request access to your personal information and informationabout how we process it
  • Right to rectification –to have your personal information corrected if it is inaccurateand to have incomplete personal information completed
  • Right to erasure (also known as the Right to be Forgotten) – to have your personalinformation erased.
  • Right to restriction of processing – to restrict processing of your personalinformation
  • Right to data portability – to electronically move, copy or transfer your personalinformation in a standard form
  • Right to object – to object to processing of your personal information
  • Rights with regards to automated individual decision making, including profiling –rights relating to automated decision making, including profiling
    If you wish to exercise any of these rights please contact our Data Protection Officer.

Oldercare (Haslemere) Ltd, Privacy Policy, March 2019

 

Complaints

You have the right to complain to the Information Commissioner’s Office (the “ICO”) if you are not satisfied with the way we use your information, however you are encouraged to contact us in the first place and we will endeavour to answer any questions and resolve any issues you have.

You can contact the ICO by writing to Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF.

Cookies, Analytics and Traffic Data

Cookies are small text files which are transferred from our websites, applications or services and stored on your device. We use cookies to help us provide you with a personalised service, and to help make our websites, applications and services better for you.

Our cookies may be session cookies (temporary cookies that identify and track users within our websites, applications or services  which are deleted when you close your browser or leave your session in the application or service) or persistent cookies (cookies which enable our websites, applications or services  to “remember” who you are and to remember your preferences within our websites, applications or services  and which will stay on your computer or device after you close your browser or leave your session in the application or service).

We use the following different types of cookies:

Strictly necessary cookies

These are cookies which are needed for our websites, applications or services to function properly, for example, these cookies allow you to access secure areas of our website or to remember what you have put into your shopping basket.

Performance cookies and analytics techniques

These cookies collect information about how visitors and users use our websites, applications and services, for instance which functionality visitors use most often, and if they get error messages from areas of the websites, applications or services. These cookies don’t collect information that identifies a visitor or user. All information these cookies collect is aggregated and therefore anonymous. We only use these cookies to improve how our website, applications and services work.

Functionality Cookies

These cookies allow our websites, applications and services to remember choices you make (such as your user name, language or the region you are in) and provide enhanced, more personal features. These cookies can also be used to remember changes you have made to text size, fonts and other parts of web pages that you can customise. They may also be used to provide services you have asked for. The information these cookies collect may be anonymised and they cannot track your browsing activity on other websites.

Targeting or advertising cookies (where applicable)

These cookies are used to deliver adverts more relevant to you and your interests. They are also used to limit the number of times you see an advertisement as well as help measure the effectiveness of the advertising campaign. They are usually placed by advertising networks with the website operators’ permission. They remember that you have visited a website and this information is shared with other organisations such as advertisers. Quite often targeting or advertising cookies will be linked to site functionality provided by the other organisations.

They may also affect what you see when you attempt to view other website or search engines as, by their nature, they will endeavour to provide advertisements and websites for products and services that it is believed you have an interest in.

Web beacons and parameter tracking

We also use cookies and similar software known as web beacons to count users who have visited our website after clicking through from one of our advertisements on another website or in emails and to collect details of any products or services purchased. These web beacons collect limited information which does not identify particular individuals. It is not possible to refuse the use of web beacons. However, because they are used in conjunction with cookies, you can effectively disable them by setting your browser to restrict or block cookies.

Other

We keep a record of traffic data which is logged automatically by our servers, such as your Internet Protocol (IP) address, device information, the website that you visited before ours and the website you visit after leaving our site. We also collect some site, application and service statistics such as access rates, page hits and page views. We are not able to identify any individual from traffic data or site statistics.
Find out more about the individual cookies and analytics technologies that we use.

Google Analytics

Google Analytics uses “cookies”, to help the website analyse how users use the websites, applications or services. The information generated by the cookie about your use of the websites, applications or services (including your IP address) will be transmitted to and stored by Google on servers in the United States. Google will use this information for the purpose of evaluating your use of the websites, applications or services compiling reports on website activity for website operators and providing other services relating to website activity and internet usage. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google’s behalf. Google will not associate your IP address with any other data held by Google. You may refuse the use of cookies by selecting the appropriate settings on your browser or within the application, however please note that if you do this you may not be able to use the full functionality of this website. By using our websites, applications or services you consent to the processing of data about you by Google in the manner and for the purposes set out above. To find out more, see “How Google uses data when you use our partners’ sites or apps”, (located at www.google.com/policies/privacy/partners/, or any other URL Google may provide from time to time).

To opt out of being tracked by Google Analytics across all websites visit: http://tools.google.com/dlpage/gaoptout.

Other links and social media websites own posts

If you follow a link from our website, application or service to another site or service, this Privacy Notice will no longer apply. We are not responsible for the information handling practices of third-party sites or services and we strongly advise you to read the privacy notices appearing on those sites or services.

Our websites, applications or services may enable you to share information with social media sites, or use social media sites to create your account or to connect your social media account. Those social media sites may automatically provide us with access to certain personal information retained by them about you (for example any content you have viewed). You should be able to manage your privacy settings from within your own third party social media account(s) to manage what personal information you enable us to access from that account.
The privacy policy for the sites that we might take you to are listed below:

Facebook – http://www.facebook.com/about/privacy/

Twitter – https://twitter.com/privacy

YouTube – http://www.youtube.com/static?hl=en&template=privacy

LinkedIn – http://www.linkedin.com/static?key=privacy_policy

How to refuse the use of cookies

You may refuse the use of cookies by selecting the appropriate settings in your browser. However, if you do this you may lose some useful functionality such as location based features.

How to disable the use of cookies

Here’s how to prevent new cookies from being installed and how to delete existing cookies. The exact procedure depends on which browser you are using.

Google Chrome

To prevent new cookies from being installed

  • Click on the spanner icon in the top right of the browser
  • Click on “Options”
  • Click on “Under the Bonnet” (UK) / “Under the Hood” (US)
  • Click on the “Content settings” button in the Privacy section
  • Ensure that “Allow local data to be set” is selected
  • Select “Block sites from setting any data”

To delete existing cookies

  • Click on the spanner icon in the top right of the browser
  • Click on “Options”
  • Click on “Under the Bonnet” (UK) / “Under the Hood” (US)
  • Click on the “Content settings” button in the Privacy section
  • Click on the “Clear browsing data” button

Safari

To prevent new cookies from being installed and delete existing cookies

  • Go to the Safari menu (icon in top right of browser) and select Preferences
  • In the popup window that appears, select the Security icon (a padlock)
  • Under “Accept Cookies”, select the “Never” button

Internet Explorer 9.0+

To prevent new cookies from being installed

  • Go to Tools in the menu bar
  • Click on Internet Options
  • Click on the Privacy tab on top
  • Move the slider up to the “Block all Cookies” button

To delete existing cookies

  • Go to Tools in the menu bar
  • Click on Internet Options
  • Click on the General tab which should be under “Browsing History” and click “Delete”

Internet Explorer 8.0+

To prevent new cookies from being installed

  • Go to Tools in the menu bar
  • Click on Internet Options
  • Click on the Privacy tab on top
  • Click on “Sites”
  • A new window should open called “Per Site Privacy Actions”
  • Type in the URL of the site in the “Address of website” box and click on Block

To delete existing cookies

  • Go to Tools in the menu bar
  • Click on ‘Internet Options’
  • Click on the Privacy tab on top
  • Click on “Sites”
  • A new window should open called “Per Site Privacy Actions”
  • Under the “Managed websites” box should be a list of all the websites you have visited
  • To remove all cookies click on the “Remove all” button

Internet Explorer 7.0+

To prevent new cookies from being installed

  • Go to Tools in the menu bar
  • Click on Options
  • Click on the Privacy tab on top
  • Click on the Advanced button
  • Select “Prompt” for both “First party cookies” and “Third Party Cookies”

To delete existing cookies

  • Go to Tools in the menu bar
  • Click on Options
  • Click on the General tab on top
  • In the “Browsing History” section, click on “Delete”
  • Click on “Delete Cookies”

Firefox 2.0+, 3.0+, 4.0+

To prevent new cookies from being installed

  • Go to Tools in the menu bar
  • Click on Options
  • Click on the Privacy tab
  • Disable the box that says “Accept Cookies From sites”

To delete existing cookies

  • Go to Tools in the menu bar
  • Click on Options
  • Click on the Privacy tab
  • Click on “Clear Now”
  • Select “Cookies”
  • Click on “Clear Private Data Now”

When you use our website to browse our services and view the information we make available, a number of cookies are used by us and by third parties to allow the website to function, to collect useful information about visitors and to help to make your user experience better.

Some of the cookies we use are strictly necessary for our website to function, and we don’t ask for your consent to place these on your computer. However, for those cookies that are useful but not strictly necessary, we will always ask for your consent before placing them.

As well as the cookies we use, various third parties also place them on your computer, again with your consent.

Our website hosting environment

In line with many other business our website is hosted by a third party. In our case we have chosen Krystal Hosting Ltd t/a Smart Hosting to host the website and Red Beetle Marketing & Events Ltd to design and maintain the website.

The hosting and maintenance of this website is managed and maintained exclusively within the European Economic Area.

This privacy notice aims to give you information on how Smart Hosting and Red Beetle collects and processes your personal data through your use of this website, including any data you may provide through this website when you request further information from St Magnus.

This website is not intended for children and we do not knowingly collect data relating to children.

It is important that you read this privacy notice together with any other notice or fair processing notice we may provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your data.

When you submit an enquiry via our website

When you submit an enquiry via our website, we will ask you for your email address. We use this information to respond to your query, including providing you with any requested information about our services. We may also email you after your enquiry in order to follow up on your interest and ensure that we have answered it to your satisfaction.

Your enquiry is stored and processed by the reception staff who send the email to the most appropriate manager in the organisation. The manager will respond to the enquiry and will retain the enquiry data in line with our Records Retention Policy for any files processed outside of the email system and depending on the nature of the data.

We do not use the information you provide to make any automated decisions that might affect you.

Our email system will keep enquiry emails for two years, after which they are securely archived and kept for seven years, when we delete them.

Purposes for which we use your personal data

Any personal data relating to you gathered by us, during your use of this website will be solely used in accordance with our Privacy Policy.

Any personal data we collect during any visit to this website is designed to allow us to personalise the information you see and give you faster and clearer access to the right kinds of information.

If you request further information or contact us we may keep a record of that correspondence and incorporate the information it contains into our database(s).

We have set out below, in a table format, a description of all the ways we plan to use your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.

Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data.

Please contact us if you need details about the specific legal ground we are relying on to process your personal data where more than one ground has been set out in the table below.

To use data analytics to improve our website, products/services, marketing, customer relationships and experiences.

(a) Technical

(b) Usage

Necessary for our legitimate interests (to define types of customers for our products and services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy)

To make suggestions and recommendations to you about goods or services that may be of interest to you.

(a) Identity

(b) Contact

(c) Technical

(d) Usage

(e) Profile

Necessary for our legitimate interests (to develop our products/services and grow our business)

To deal with a general enquiry or specific enquiry.

(a) Identity

(b) Contact

(a) Consent

(b) Necessary for our legitimate interests (recruitment and to communicate with our customers, partners and other third parties)

Your rights as a data subject

By law, you can ask us what information we hold about you, and you can ask us to correct it if it is inaccurate. If we have asked for your consent to process your personal data, you may withdraw that consent at any time.

If we are processing your personal data for reasons of consent or to fulfill a contract, you can ask us to give you a copy of the information in a machine-readable format so that you can transfer it to another provider.

If we are processing your personal data for reasons of consent or legitimate interest, you can request that your data be erased.

You have the right to ask us to stop using your information for a period of time if you believe we are not doing so lawfully.

To submit a request regarding your personal data by email, post or telephone, please use the contact information provided above in the Who Are We section of this policy.

Data Security

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know.

They will only process your personal data on our instructions and they are subject to a duty of confidentiality

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator, in place at that time, of a breach where we are legally required to do so.

Your right to complain

If you have a complaint about our use of your information, we would prefer you to contact us directly in the first instance so that we can address your complaint. However, you can also contact the Information Commissioner’s Office via their website at www.ico.org.uk/concerns or write to them at:

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Updates to this Privacy Policy

We regularly review and, if appropriate, update this privacy policy from time to time, and as our services and use of personal data evolves. If we want to make use of your personal data in a way that we haven’t previously identified, we will contact you to provide information about this and, if necessary, to ask for your consent.

We will update the version number and date of this document each time it is changed.

February 2019 V5.1

MAKE A
REFERRAL

ST MAGNUS
NEWS

GET IN TOUCH
WITH US

SIGN UP TO OUR NEWSLETTER

  • This field is for validation purposes and should be left unchanged.

Start typing and press Enter to search