Data protection compliance statement
Sherbutt House Residential & Home Care Services Ltd
This document demonstrates our commitment to protect the privacy and security of your personal information. It contains information regarding how we collect and use personal data or personal information about you in advance of our relationship in accordance with the General Data Protection Regulation (GDPR) and all other data protection legislation currently in force.
Pursuant to that legislation, when processing data we will:
Sherbutt House is a “data controller”. This means that we are responsible for determining the purpose and means of processing personal data relating to you.
“Personal data”, or “personal information”, means any information relating to an identified, or identifiable individual in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
There are “special categories” of sensitive personal data, meaning data relating to racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, physical or mental health conditions, sex life or sexual orientation, genetic data, and biometric data which require a higher level of protection.
This statement is applicable to referrals. It is not intended to, neither will it, form part of any contract of services. We reserve the right to make changes to this statement at any time, if you are affected by substantial changes we will make an alternative statement available to you.
Where you are successful in your application and are appointed a service, you will receive details of our data protection compliance statement (privacy notice).
DETAILS OF INFORMATION WE WILL HOLD ABOUT YOU
The list below identifies the kind of data that we will process about you during the application process:
The following list identifies the kind of data that we will process and which falls within the scope of “special categories” of more sensitive personal information:
HOW WE COLLECT YOUR PERSONAL INFORMATION
Your personal information is obtained through the application and assessment process, this may be directly from you, care manager, individuals involved in your care. We may occasionally request further information from third parties including, but not limited to, previous carers and any further personal information that may be collected in the course of your care, throughout the period of you contracted within our service.
PROCESSING INFORMATION ABOUT YOU
We will only administer personal information in accordance with the lawful bases for processing. At least one of the following will apply when we process personal data:
LAWFUL BASIS FOR PROCESSING YOUR PERSONAL INFORMATION
We consider that the basis for which we will process the data contained in the list above (see section above - details of information we will hold about you) is to enable us to consider whether we can meet your needs and may wish to/prepare for entering into a contract or agreement with you and to enable us to comply with our legal obligations. Occasionally, we may process personal information about you to pursue legitimate interests of our own or those of third parties, provided there is no good reason to protect your interests and your fundamental rights do not override those interests.
The circumstances in which we will process your personal information are listed below:
There may be more than one reason to validate the reason for processing your personal information.
LAWFUL BASIS FOR PROCESSING “SPECIAL CATEGORIES” OF SENSITIVE DATA
“Special categories” of particularly sensitive personal information require higher levels of protection. We need to have further justification for collecting, storing and using this type of personal information. We may process special categories of personal information in the following circumstances:
Occasionally, special categories of data may be processed where you are not capable of giving your consent, where you have already made the information public or in the course of legitimate business activities or legal obligations and in line with the appropriate safeguards.
Examples of the circumstances in which we will process special categories of your particularly sensitive personal information are listed below (this list is non-exhaustive):
Where appropriate, we may seek your written authorisation to process special categories of data. Upon such an occasion we will endeavor to provide full and clear reasons at that time in order for you to make an informed decision. In any situation where consent is sought, please be advised that you are under no obligation to comply with a request. Should you decline to consent you will not suffer a detriment.
INFORMATION ABOUT CRIMINAL CONVICTIONS
We will only collect criminal convictions data where it is appropriate given the nature of your service and where the law permits us. This data will usually be collected at the referral stage, however, may also be collected during your engagement with our service should you be successful.
We may process such information to protect yours, or someone else’s, interests and you are not able to give your consent or we may process such information in cases where you have already made the information public.
We anticipate that we will process information about criminal convictions.
We do not anticipate that any of our decisions will occur without human involvement. Should we use any form of automated decision making we will advise you of any change in writing.
We may make some decisions about you without human involvement, this may include profiling.
Your data will be shared with individuals within the Company where it is necessary for them to undertake their duties with regards to your care.
It may be necessary for us to share your personal data with a third party or third party service providers (including, but not limited to, community nurse, care manger, day centers, safeguarding and other associated/group companies) within, or outside of, the European Union (EU). Data sharing may arise due to a legal obligation, as part of the performance of a contract or in situations where there is another legitimate interest (including a legitimate interest of a third party) to do so.
The list below identifies which activities are carried out by third parties on our behalf:
Data may be shared with 3rd parties in the following circumstances:
If data is shared, we expect third parties to adhere and comply with the GDPR and protect any data of yours that they process. We do not permit any third parties to process personal data for their own reasons. Where they process your data it is for a specific purpose according to our instructions.
We do not anticipate that we will transfer data to other countries.
As part of our commitment to protecting the security of any data we process, we have put the following measures in place Data protection policy, confidentiality policy. If you would like further details please contact:-
Mr Darren Woodhead
106 Yapham Rd
In addition, we have put further security measures in place to avoid data from being accessed, interfered with, lost, damaged, stolen or compromised. In cases of a breach, or suspected breach, of data security you will be informed, as will any appropriate regulator, in accordance with our legal obligations.
Any data that is shared with third parties is restricted to those who have a care need, in accordance with our guidance and in accordance with the duty of confidentiality.
We anticipate that we will retain your data as part of the referral process for no longer than is necessary for the purpose for which it was collected. We will keep your data for one month.
We have given consideration to the following in order to decide the appropriate retention period:
If your application is not successful and we have not sought consent or you have not provided consent upon our request to keep your data for the purpose of a future suitable care service, we will keep your data for one day once the decision is made with regards to a service.
If we have sought your consent to keep your data on file for future care services and you have provided consent, we will keep your data for one year, once the referal exercise ends. At the end of this period, we will delete or destroy your data, unless you have already withdrawn your consent to our processing of your data in which case it will be deleted or destroyed upon your withdrawal of consent.
At the end of the retention period, upon conclusion of any contract or agreement we may have with you, or until we are no longer legally required to retain it, it will be reviewed and deleted, unless there is some special reason for keeping it. Occasionally, we may continue to use data without further notice to you. This will only be the case where any such data is anonymised and you cannot be identified as being associated with that data.
If your application is successful, your data will be kept and transferred to the systems we administer for service users. We have a separate data protection compliance statement (privacy notice) for service users which will be provided to you when applicable.
YOUR RIGHTS IN RELATION TO YOUR DATA
We commit to ensure that any data we process is correct and up to date. It is your obligation to make us aware of any changes to your personal information.
In some situations, you may have the:
Where you have provided consent to our use of your data, you also have the unrestricted right to withdraw that consent at any time. Withdrawing your consent means that we will stop processing the data that you had previously given us consent to use. There will be no consequences for withdrawing your consent. However, in some cases, we may continue to use the data where so permitted by having a legitimate reason for doing so.
If you wish to exercise any of the rights explained above, please contact:
Mr Darren Woodhead
106 Yapham Rd
Consequences of your failure to provide personal information
If you neglect to provide certain information when requested, it may affect our ability to enter into a care contract with you, and it may prevent us from complying with our legal obligations.
Change of purpose for processing data
We commit to only process your personal information for the purposes for which it was collected, except where we reasonably consider that the reason for processing changes to another reason and that reason is consistent with the original basis for processing. Should we need to process personal information for another reason, we will inform you of this and advise you of the lawful basis upon which we will process.
Important note: We may process your personal information without your knowledge or consent, in compliance with the above rules (see above section - lawful basis for processing your personal information).
In the event that you enter into an care contract with us, any information already collected may be processed further in accordance with our data protection policy, a copy of which will be provided to you, upon request.
QUESTIONS OR COMPLAINTS
It is the responsibility of our Data Protection Officer (DPO) to oversee compliance with this statement. Should you have any questions regarding this statement, or how we process your personal information, please contact
Mr Darren Woodhead
106 Yapham Rd
The supervisory authority in the UK for data protection matters is the Information Commissioner (ICO). If you think your data protection rights have been breached in any way by us, you are able to make a complaint to the ICO