ASHFIELD CARE LTD. (ASHLEY CARE CENTRE)
The purpose of this notice is to inform you of the type of information (including personal information) that Ashley Care Centre (Ashfield Care Ltd.) holds, how that information is used, who we may share that information with, and how we keep it secure and confidential.
WHAT WE DO
Ashley Care Centre (Ashfield Care Ltd.) is responsible for planning and designing health services for the residents at Ashley Care Centre. We do this by providing nursing and residential care services at Ashley Care Centre and by liaising with other services like:
We work with patients and health and social care partners (e.g. local hospitals, local authorities and local community groups etc) to make sure that the residents needs are met. We manage the performance of our services to make sure that they are safe, provide high quality care and meet the needs of our residents. Part of this performance management role includes responding to any concerns from our patients about our services or third-party services.
DATA PROTECTION PRINCIPLES
We will comply with data protection law. This says that the personal information we hold about you must be:
Whether we are in the process of recruiting you, assessing you for the purpose of a potential admission, continuing our relationship with you once we have accepted you as a resident or as an employee, providing you with a service, receiving a service from you, or if you are visiting our website, we are committed to providing a transparent service and to protecting and safeguarding your data privacy rights.
PERSONAL AND CONFIDENTIAL INFORMATION
In order to provide the best possible placement that are tailored to you, we need to process certain information about you. We only collect details that will genuinely help us to cater your needs at the nursing home. The details that are collected at the time of pre-admission assessment or provided to us in addition to this, either in writing or verbally, will be stored. This may include, but is not limited to: your name, contact details, education details, employment history, emergency contacts, gender, marital status, emergency contact details and details of any nearest relatives, nationality, ethnicity, religious beliefs, physical and/or mental capacity, details about your finances, pensions and benefits arrangements, and photographs. There are some specific areas, however, because of our responsibilities, where we do hold and use personal information. In order to process that information, we will have met a legal requirement, in general this is where we have complied with one of the followings:
THE INFORMATION IS NECESSARY FOR DIRECT HEALTHCARE FOR PATIENTS.
THE AREAS WHERE WE USE PERSONAL INFORMATION ARE:
KEEPING INFORMATION SECURE AND CONFIDENTIAL
All staff have contractual obligations of confidentiality, enforceable through disciplinary procedures. All staff are trained to keep information confidential. Any staff who, because of their role, need to have regular access to personal information, receive additional specialist training.
We take relevant organisational and technical measures to make sure that the information we hold is secure – such as holding information in secure locations, restricting access to information to authorised personnel, protecting personal and confidential information held on equipment such as laptops with encryption.
Ashley Care Centre has a senior person responsible for protecting the confidentiality of patient information and enabling appropriate information sharing. This person is called the Caldicott Guardian. The Caldicott Guardian for Ashley Care Centre is Mr. Amit Patil, Registered Manager.
HOW DO WE COLLECT YOUR PERSONAL DATA?
There are different ways in which we collect your personal data:
1) Directly from you: via email, post, fax, verbally and/or
2) From third parties, such as Social services, G.P surgeries, Hospital, Medical records etc.
HOW DO WE USE YOUR PERSONAL DATA?
Having obtained data about you, we then use it in a number of ways.
Obviously, our main area of work is providing nursing and residential care for residents with dementia, mental health and general nursing needs. We’ve listed below various ways in which we may use and process your personal data for this purpose, where appropriate and in accordance with any local laws and requirements. Please note that this list is not exhaustive.
1) Medical or mental health treatment
2) Storing your details (and updating them when necessary) on our database, so that we can contact you or your nearest relative in case of emergencies and to provide updates
3) Sending your information to G. P’s, social workers, Councils, IMCA services, or any multidisciplinary health professionals or CQC
We may use your personal data for the above purposes if we deem it necessary to do so for our legitimate interests. If you are not happy about this, in certain circumstances you have the right to object and can contact us at any time.
We are committed to ensuring that your placement to the nursing home are aligned with our approach to equal opportunities. Some of the data we may (in appropriate circumstances and in accordance with local law and requirements) collect about you comes under the umbrella of “diversity information”. This could be information about your ethnic background, gender, disability, age, sexual orientation, religion or other similar beliefs, and/or social-economic background. Where appropriate and in accordance with local laws and requirements, we’ll use this information on an anonymised basis to monitor our compliance with our equal opportunities policy. We may also disclose this (suitably anonymised where relevant) data to third parties where this is contractually required, or the third party specifically requests such information to enable them to comply with their own processes (eg:- Social services, MASH, CQC, CHC, CCG etc.). This information is what is called ‘sensitive’ personal information and slightly stricter data protection rules apply to it. We therefore need to obtain your explicit consent before we can use it.
WHO DO WE SHARE YOUR PERSONAL DATA WITH?
Primarily we will share your information with (this list is not exhaustive) G.P surgeries, Social Workers, Safeguarding officers, CQC, CCG, and Health professionals directly and indirectly involved in your care. In most cases, your personal data will always remain anonymous. We may also share your data with third party outsourced IT and document storage providers where we have an appropriate processing agreement (or similar protections) in place.
In any instance, Ashfield Care Ltd will subject your data to the utmost protection to prevent unauthorised access, use or disclosure.
WHAT KIND OF PERSONAL DATA DO WE COLLECT?
If you are one of our Employee or potential Employee, we need to collect and use information about you, or individuals at our organisation, in the course of providing you services such as:
1) arranging interviews at our organisation;
2) notifying you of changes to our services
3) We hold your personal data in respect to your work contact details including: but is not limited to: your name, contact details, education details, employment history, emergency contacts, gender, marital status, emergency contact details and details of any nearest relatives, nationality, ethnicity, religious beliefs, physical and/or mental capacity, details about your finances, pensions and benefits arrangements, and photographs. This is to enable us to ensure that our relationship runs smoothly. We may also hold extra information that someone in your organisation has chosen to tell us.
HOW DO WE COLLECT YOUR PERSONAL DATA?
There are two main ways in which we collect your personal data:
1) Directly from you; and
2) From third parties, such as from Candidates, an online job board with whom we hold formal contractual agreements for the access to candidate details (and do so under legitimate interest consent) or via a regulatory body that you would be registered with.
WHO DO WE SHARE YOUR PERSONAL DATA WITH?
We will share your personal data such as current work place name, address, and contact details within your work capacity or to external sources in the events of any incidents (eg – safeguarding, police, CQC, POVA etc).
HOW WILL WE USE YOUR DATA?
The main reason for collecting your personal details is to ensure that the contractual arrangements between us can properly be implemented i.e. Legitimate Interest.
Depending on the type of personal data in question and the grounds on which we may be processing it, should you decline to provide us with such data, we may not be able to fulfil our contractual requirements or, in extreme cases, may not be able to continue with our relationship.
WHAT DO WE USE YOUR DATA FOR?
We need a small amount of information from our Suppliers to ensure that things run smoothly. We need contact details of relevant individuals at your organisation so that we can communicate with you. We also need other information such as your bank details so that we can pay for the services you. The processing applied to this data if part of the performance of a contract and therefore supported by the consent provided by our contractual dealings with you as a Supplier.
WE WILL ONLY USE YOUR INFORMATION:
1) To store (and update when necessary) your details on our database, so that we can contact you in relation to our agreements;
2) To offer services to you or to obtain support and services from you;
3) To perform certain legal obligations;
4) In more unusual circumstances, to help us to establish, exercise or defend legal claims.
We may use your personal data for these purposes if we deem this to be necessary for our legitimate interests. Depending on the type of personal data in question and the grounds on which we may be processing it, should you decline to provide us with such data, we may not be able to fulfil our contractual requirements or, in extreme cases, may not be able to continue with our relationship.
If you are not happy about this, in certain circumstances you have the right to object. Please contact us to do so.
HOW DO WE SAFEGUARD YOUR PERSONAL DATA?
We are committed to taking all reasonable and appropriate steps that are designed to protect the personal information that we hold from misuse, loss, or unauthorised access. We do this by having in place a range of appropriate technical and organisational measures. These include measures to deal with any suspected data breach. If you suspect any misuse or loss of or unauthorised access to your personal information, please let us know immediately.
HOW LONG DO WE KEEP YOUR PERSONAL DATA FOR?
We will delete your personal data from our systems if we have not had any meaningful contact with you (or, where appropriate, the company you are working for or with) for seven years (or for such longer period as we believe in good faith that the law or relevant regulators require us to preserve your data). After this period, it is likely your data will no longer be relevant for the purposes for which it was collected. For those Candidates whose services are provided via a third-party company or other entity, “meaningful contact” with you means meaningful contact with the company or entity which supplies your services. Where we are notified by such company or entity that it no longer has that relationship with you, we will retain your data for no longer than two years from that point or, if later, for the period of two years from the point we subsequently have meaningful contact directly with you.
HOW CAN YOU ACCESS, AMEND OR TAKE BACK THE PERSONAL DATA THAT YOU HAVE GIVEN TO US?
Even if we already hold your personal data, you still have various rights in relation to it. To get in touch about these, please contact us. We will seek to deal with your request without undue delay, and in any event in accordance with the requirements of any applicable laws. Please note that we may keep a record of your communications to help us resolve any issues which you raise.
Right to object:
If we are using your data because we deem it necessary for our legitimate interests to do so, and you do not agree, you have the right to object. We will respond to your request within 30 days (although we may be allowed to extend this period in certain cases). Generally, we will only disagree with you if certain limited conditions apply.
Right to withdraw consent:
Where we have obtained your consent to process your personal data for certain activities (for example, for profiling your suitability for certain roles), or consent to market to you, you may withdraw your consent at any time.
Data Subject Access Requests (DSAR):
Just so it’s clear, you have the right to ask us to confirm what information we hold about you at any time, and you may ask us to modify, update or Delete such information. At this point we may comply with your request or, additionally do one of the followings:
Right to erasure:
In certain situations (for example, where we have processed your data unlawfully), you have the right to request us to “erase” your personal data. We will respond to your request within 30 days (although we may be allowed to extend this period in certain cases) and will only disagree with you if certain limited conditions apply. If we do agree to your request, we will delete your data.
Right of data portability:
If you wish, you have the right to transfer your data from us to another data controller. We will help with this – either by directly transferring your data for you, or by providing you with a copy in a commonly used machine-readable format.
Right to lodge a complaint with a supervisory authority:
You also have the right to lodge a complaint with your local supervisory authority.
The right to rectification of your personal data
OUR LEGAL BASIS FOR PROCESSING YOUR DATA:
Article 6(1)(f) of the GDPR is the one that is relevant here – it says that we can process your data where it “is necessary for the purposes of the legitimate interests pursued by [us] or by a third party, except where such interests are overridden by the interests or fundamental rights or freedoms of [you] which require protection of personal data.”
We don’t think that any of the following activities prejudice individuals in any way – in fact, they help us to offer you a more tailored and efficient service. However, you do have the right to object to us processing your personal data on this basis. If you would like to know more about how to do so, please contact us.
SERVICE USER DATA
To ensure that we provide you with the best service possible, we store your personal data and/or the personal data of individual contacts at our organisation as well as keeping records of our conversations, meetings, and placements. We think this is reasonable – we deem these uses of your data to be necessary for our legitimate interests as an organisation providing Nursing and residential care services.
We use and store the personal data of individuals within your organisation in order to facilitate the receipt of services from you as one of our Suppliers. We also hold your financial details, so that we can pay you for your services. We deem all such activities to be necessary within the range of our legitimate interests as a recipient of your services.
ESTABLISHING, EXERCISING OR DEFENDING LEGAL CLAIMS
Sometimes it may be necessary for us to process personal data and, where appropriate and in accordance with local laws and requirements, sensitive personal data in connection with exercising or defending legal claims. Article 9(2)(f) of the GDPR allows this where the processing “is necessary for the establishment, exercise or defence of legal claims or whenever courts are acting in their judicial capacity”.
This may arise for example where we need to take legal advice in relation to legal proceedings or are required by law to preserve or disclose certain information as part of the legal process.
Why would you need to contact us?
Apart from contacting us with regards to recruitment activity or maintaining our relationship, you may wish to contact us for a number of reasons in relation to the use of your personal data. This may include:
How can you contact us?
Ashley Care Centre
Alternatively, you can send an email to: firstname.lastname@example.org
You can contact us by phone at any time on 01909 500541
Why would you need to contact your local supervisory authority?
If you’re not satisfied with our response to any complaint or believe our processing of your information does not comply with data protection law, you can make a complaint to the Information Commissioner’s Office (ICO) using the following details:
How can you contact your local supervisory authority?
Information Commissioner’s Office Wycliffe House
Cheshire SK9 5AF
You can contact the ICO by phone at any time on 0303 123 1113.