Favour Care Ltd - We are always here!

Mn-Sn: 8am to 6pm

Privacy Policy

PRIVACY POLICY

Overview

FAVOUR CARE SERVICES is committed to data protection and data privacy. With the General Data Protection Regulation (GDPR) becoming enforceable from 25 May 2018, we have undertaken a GDPR readiness programme to review our entire business, the way we handle data and the way in which we use it to provide our services and manage business operations.

We hold personal data on all our residents to meet legal obligations and to perform vital internal functions. This notice details the personal data we may retain process and share with third parties relating to vital business operations. We are committed to ensuring that your information is secure, accurate and relevant. To prevent unauthorised access or disclosure, we have implemented suitable physical, electronic, and managerial procedures to safeguard and secure personal data we hold.

Introduction

We have issued this notice to describe how we handle personal information that we hold about our residents (collectively referred to as “you”). For the purposes of this notice, the term “residents” includes those who are placed under our home care services by Basildon Local Council, other boroughs or direct placement.

We respect the privacy, rights of individuals and are committed to handling personal information responsibly and in accordance with applicable law. This notice sets out the personal data that we collect and process about you, the purposes of the processing and the rights that you have in connection with it. If you are in any doubt regarding this notice, please email us: contactus@favourcare.co.uk

Personal data we collect

During your placement with us, or when assessing your needs, we may process personal and social, employment history data about you and your dependents, beneficiaries and other individuals whose personal data have been provided to us.

The personal information we may process include, but are not limited to the following:

identification data – such as your name, gender, photograph, date of birth, IDs.

psychiatric and medical diagnosis – from Psychiatrist’s, forensic, social care and medical reports

contact details – home and telephone/email addresses, emergency contact details

employment information – job title/position

background information – academic/professional qualifications, education, criminal records data

spouse & dependents information, marital status.

financial information – benefits, expenses, allowances.

sensitive personal data (‘special categories of personal data’ under the General Data

protection Regulation) includes any information that reveals your racial or ethnic origin, religious, political or philosophical beliefs, genetic data, or information about your health/sex life.

Generally, we try not to collect or process any sensitive personal information about you, unless authorised by law or where necessary to comply with applicable laws. In some circumstances, we may need to collect some sensitive personal information for legitimate health related purposes: for example:

data relating to your racial/ethnic origin, gender and disabilities for the purposes of:

equal opportunities monitoring to comply with anti-discrimination laws

data relating to your physical or mental health to provide appropriate psychiatric diagnosis, medical and medication history, health benefits to you

Why we process personal data

We will observe the Caldicott Principles when processing health and/or social care data, which are set out below.

Every proposed use or transfer of personal confidential data within or from an organisation should be clearly defined, scrutinised and documented, with continuing uses regularly reviewed, by an appropriate guardian. We don’t use personal confidential data unless it is necessary.

Personal confidential data items should not be included unless it is essential for the specified purpose(s) of that flow. The need for patients to be identified should be considered at each stage of satisfying the purpose(s).

Use the minimum necessary personal confidential data

Where use of personal confidential data is essential, the inclusion of each discrete item of data should be considered and justified so that the minimum amount of personal confidential data is transferred or accessible as is necessary for a given function.

Access to personal confidential data should be on a strict need-to-know basis

Only those individuals who need access to personal confidential data should have access to it, and they should only have access to the data items that they need to see. This may mean introducing access controls or splitting data flows where one data flow is used for several purposes.

Everyone with access to personal confidential data should be aware of their responsibilities

Action should be taken to ensure that those handling personal confidential data — both clinical and non-clinical employees — are made fully aware of their responsibilities and obligations to respect patient confidentiality.

Comply with the law

Every use of personal confidential data must be lawful. Someone in each organisation handling personal confidential data should be responsible for ensuring that the organisation complies with legal requirements.

The duty to share information can be as important as the duty to protect patient confidentiality.

Health and social care professionals should have the confidence to share information in the best interests of their patients within the framework set out by these principles. They should be supported by the policies of their employers, regulators and professional bodies.

Legitimate business purposes

We may also collect and use personal information when it is necessary for other legitimate purposes, such as to help us conduct our business more effectively and efficiently – for example, for general IT security management, accounting purposes or financial planning. We may also process your personal information to investigate violations of law or breaches of our own internal policies.

The IT Department will record and monitor usage of all our IT equipment, user activity, email and Internet usage as deemed necessary. The IT Department will observe the strictest confidentiality when undertaking these activities. They will make their report directly to the unit Manager and the IT specialist to determine the actions that may need to be taken in any particular case.

Our sites are protected by circuit television (CCTV) systems throughout its premises as deemed necessary, and all personnel should expect all areas (other than those where use would contravene common decency) to be visible on a television monitoring system. Any information obtained from systems will be used with strict adherence to the GDPR. Information will be used for the prevention and detection of crime and safeguarding concerns and to ensure compliance with our policies and procedures and our legal obligations. This may include using recorded images as evidence in safeguarding and disciplinary proceedings.

Legal purposes

We may also use your personal data where we consider it necessary for complying with laws and regulations, including collecting and disclosing risk assessments as required by law (e.g. for health and safety), under judicial authorisation, or to exercise or defend our legal rights (e.g. Liability Insurance claims)

Legal basis for processing personal data

Our legal basis for collecting and using the personal data described above will depend on the personal data concerned and the way we collect it. We will normally collect personal data from you only where we need it to perform a contract with you (i.e. to assess your needs and manage your care), where we have your freely given consent to do so, or where the processing is in our legitimate interests and only where this interest is not overridden by your own interests or fundamental rights and freedoms.  In some cases, we may also have a legal obligation to collect personal information from you or may otherwise need the personal information to protect your vital interests or those of another person.

Any processing based on consent will be made clear to you at the time of collection or use – consent can be withdrawn at any time by contacting contactus@favourcare.co.uk

Who we share your personal data with

 We take care to allow access to personal data only to those who require such access to perform their tasks and duties, and to third parties who have a legitimate purpose for accessing it. Whenever we permit a third party to access personal information, we will implement appropriate measures to ensure the data is used in a manner consistent with this notice and that the security and confidentiality of the data is maintained.

Transfers to third-party service providers

In addition, we make certain personal data available to third parties who provide services to us. We do so on a “need to know basis” and in accordance with applicable data protection and data privacy laws. We ensure that their terms and conditions of engagement meet the Local Authority requirements on privacy and Data Protection law

For example, some personal data will be available to our third-party companies who provide us with Employment law, Payroll support services, Pensions office, HMRC.

The Contractors shall comply with GDPR requirements for maintaining accurate, current and comprehensive Records of Processing Activities. HMRC: https://www.gov.uk/help/privacy-policy

LOCAL AUTHORITIES

Transfer of personal data abroad

We do not currently need to transfer personal data to countries outside of the United Kingdom. However, if we export your personal data to a different country, we will take steps to ensure that such data exports comply with applicable laws. For example, if we transfer personal data outside the European Economic Area (EEA), such as to the United States, we will implement an appropriate data export solution such as entering into contracts with the data importer that contain EU model clauses or taking other measures to provide an adequate level of data protection.

Data retention

Personal data will be stored in accordance with applicable laws and kept for as long as needed to carry out the purposes described in this notice or as otherwise required by law. Generally, this means your personal information will be retained up to 8years.

For more information, please see our Data Retention Policy, which outlines our current document retention schedule.

Please visit retention period here:

http://www.nationalarchives.gov.uk/information-management/browse-guidance-standards/?letter=r&keyword=retention

Your rights

You may exercise the rights available to you under data protection law as follows:

The right to be informed.

The right of access.

The right to rectification.

The right to erasure.

The right to restrict processing.

The right to data portability.

The right to object.

Rights in relation to automated decision making and profiling.

We respond to all requests we receive from individuals wishing to exercise their data protection rights in accordance with applicable data protection laws. You can read more about these rights at:

https://ico.org.uk/for-the-public/is-my-information-being-handled-correctly/

To exercise any of these rights, please email us: contactus@favourcare.co.uk

Issues and complaints

We try to meet the highest standards when collecting and using personal information. For this reason, we take any complaints we receive very seriously. We encourage people to bring it to our attention if they think that our collection or use of information is unfair, misleading or inappropriate. We would also welcome any suggestions for improving our procedures.

This notice was drafted with clarity in mind. It does not provide exhaustive detail of all aspects of our collection and use of personal information. However, we are happy to provide any additional information or explanation needed.

If you want to make a complaint about the way we have processed your personal information, you can contact the Information Commissioner’s Office in their capacity as the statutory body which oversees data protection law – www.ico.org.uk/concerns.

Updates to this notice

This notice may be updated periodically to reflect any necessary changes in our privacy practices. In such cases, we will inform you by our office for significant changes, by company-wide email.” We encourage you to check this notice periodically to be aware of the most recent version.

Contact details

Please address any questions or requests relating to this notice to:

Favour Care Ltd
16A Brownlow Bend
Basildon
Essex SS14 1QD

Telephone: +44 7984 145 953
email: info@favourcare.co.uk

Email: dataprotect@ favourcare.co.uk,  contactus@favourcare.co.uk

 

AMENDMENTS

We may amend this Privacy Policy from time to time. When we amend this Privacy Policy, we will update this page accordingly and require you to accept the amendments in order to be permitted to continue using our services.