Data Privacy Notice
Clifden House Dementia Care Centre is a provider of social care.
Clifden House (“Clifden House”, “We”, “Us”) is committed to ensuring your privacy is protected in accordance with Data Protection Standards.
This Data Privacy Notice explains what data Clifden House collects and uses through our website; in the line of our work as a provider of social care; as an employer, any links to third party and other websites; and your rights as a data subject.
Clifden House will ensure it complies with Data Protection Law when it comes to processing your data. We will use it lawfully and in a transparent way. We will collect data only for the purposes that we explain to you and will only use it for purposes that are compatible with and relevant to those purposes. We will keep your data accurate and up to date and will only retain it for as long as is necessary according to need and legal and regulatory purposes. Your data will always be kept securely.
This Data Privacy Notice has been updated to include the changes being implemented by the General Data Protection Regulations (GDPR) which are in place from 25th May 2018. This policy will be reviewed on a regular basis and updated when required.
How to contact us:
Clifden House Dementia Care Centre, 80-88 Claremont Road, Seaford, East Sussex BN25 2QD
Registered in England – Company Number 01884909
Registered with the Care Quality Commission – Provider Number 1-138444534
Tele: 01323 896460
What is the GDPR?
The General Data Protection Regulation is a new, European-wide law that places greater obligations on organisations and how they handle personal data.
Clifden House is registered with the Information Commissioner’s Office (ICO) as a Data Controller. The ICO are the regulatory authority for Data Protection in the UK. They can be contacted here: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF www.ico.org.uk Tel: 0303 123 1113.
What information does the GDPR apply to?
The GDPR applies to ‘personal data’. Personal data (and Sensitive Personal Data) is any information which relates to an Identified or Identifiable Natural person (a living person).
Clifden House defines personal data as follows:
|Personal Data –||Information relating to identifiable individuals such as:
Current and Former Employees
Agency, Contract and other staff
Customers and Service Users
|Sensitive Personal Data||Marital Status
Racial or Ethnic Origin
Religious or Similar beliefs
Trade Union membership
Physical or Mental Health condition
Criminal Offences (or related proceedings)
Clifden House will collect and process Personal Data and Sensitive Personal Data as part of its recruitment and employment procedures; and as part of its Service User assessment and provision of care services.
We use consistent third-parties who act as data processors on our behalf to provide specific services. We may share your data with them to enable us to undertake the activities set out above. They themselves may then become data controllers once your data is shared with them. They may also introduce you to us or us to you, eg social services, patient care teams within hospitals, Clinical Commissioning Groups (CCGs).
Your Rights – Access to your information and corrections
Under the Data Protection Law (GDPR and E-privacy) you have certain rights as a Data Subject.
|Right to be Forgotten (Right to Erasure)||You have the right to have information about you to be erased. If it is legal for us to do so and does not interfere with our ability to provide services to you, we will comply with your request.|
|Right to Confirmation and Access||You have the right to confirm what personal data is being held, for what purpose it is being used and what the safeguards are regards to sharing of your personal data with third parties.|
|Subject Access Request||You have the right to request the nature and actual information that we hold about you.|
|Right to object to automated decision making or profiling||You have the right not to be subject to a decision based solely on automated processing, including profiling. Please see section on Automated Decision Making.|
|Right to Object to Processing||You have the right to object to any processing of personal data concerning you.
Please note that Clifden House will make you aware of the consequences of any objection at the time of you raising it.
|Right to Rectification||You have the right to ensure that the data we hold about you is correct at all times.|
|Right to Data Transfer||You have the right to ensure that any of your personal data that is transferred abroad is done so securely giving you the same rights as if this data was being held in the UK.
Please note that Clifden House does not transfer your personal data outside the UK.
|Right to Complain||You have the right to complain at any time if you feel that we have failed to safeguard your information.|
For any Subject Access Requests (SARs or any other request under Your Rights above, please contact us in writing at the address set out at the top of this notice or by email on firstname.lastname@example.org
The reason we monitor visitor activity is to enable us to make our website more responsive to the needs and preferences of our visitors.
We do not collect any identifiable data through our website.
You can set your browser to accept or decline cookies. Please be aware that a decline preference may mean a loss of function in some of our website features.
Clifden House’s website is subject to Google Analytics Software. The Google Analytics Software (“the Software”) is separate to Clifden House and operated by Google Limited. The Software produce a report which shows the number of people who have clicked on this website but does not contain any personal identifiable information. Clifden House does not pass on any information to third parties.
Links to Third Party and other Websites
Our website is not intended for children.
We do not provide care services to children or young persons under the age of 18.
We do not employ children (classed as those under 14) in any capacity.
We do not knowingly collect or process data relating to children.
Under the rules of GDPR, Clifden House will be operating a Privacy by Design and Privacy by Default policy. Meaning that before we use your data we will have already considered the potential impact on you as a Data Subject if your data were to be lost, stolen, shared or compromised.
Clifden House is in the process of reviewing its Security measures, which are likely to then include encryption of data where possible when it is to be stored with or transmitted to third parties. Where data is stored or transmitted to a Third Country (any country outside of the European Economic Area (EEA) we will ensure appropriate adequacy protection is in place).
Clifden House has contracts in place with all of this privately contracted third party relationships involving data transfer, such as for payroll processing, Disclosure and Barring checks, Care Management systems. These contracts have been reviewed to ensure your data is always processed securely.
Please note that we may also need to undertake further security and screening questions when undertaking our routine dealings with you, these are in place to protect your personal data and security.
Automated Decision Making
Clifden House holds contracts with The Access Group (Careblox) and Care Log specifically for the following:
- Scheduling and Rostering
- Payroll and Invoicing
- Daily Records for both staff and service users
- To store information for service users, next of kin, funders
- For recruitment and screening
- For HR Records
- For Accounting
- For Insight and Analytics
Careblox and Care Log enable Automated Decision-Making Processes under its planning rules for things like Maximum Working Hours, Training and Qualification Rules (eg can individual staff deliver the care required to the Service User), staff and Service user preference lists, Clashing / Near Clashing of care visit scheduling.
This Automated Decision Making is necessary for the entry into or performance of our contract with both Service Users and Employers.
Clifden does NOT use any Automated Decision-Making Processes or Profiling for its recruitment of staff or when deciding whether we are able to deliver care services to a potential Service User.
Data Retention Schedule
|Job Applicants||1||Not shortlisted for interview||Data destroyed within 30 days|
|2||Shortlisted for interview||Data retained for 6 months|
|3||Successfully appointed and start work for us||See Employee section|
|In the case of 1 or 2 above you have the Right to be Forgotten and
we will destroy your data at your request
|2||Occupational Health Records||Until 75th Birthday or 6 years whichever is sooner|
|3||HR File||Until 75th Birthday or 6 years whichever is sooner|
|4||Training Records (Statutory and Mandatory)||Until 75th Birthday or 6 years whichever is sooner|
|5||Salaries paid||10 years|
|6||Tribunal Case Records||10 years|
|You have the Right to be Forgotten. However, please note that where we are obliged to keep your personal data because of a regulatory or legal requirement we will not be able to destroy the data.|
|Service Users and Families||1||Initial enquiry information||6 months|
|2||Post Assessment – Where we have completed a Risk Assessment, which may include Sensitive Personal Data, but no service has started||6 months|
|3||Having received a service from us||8 years|
|In the case of 1 or 2 above you have the Right to be Forgotten and
we will destroy your data at your request.
|ALL||1||Subject Access Requests (SARs)||3 years|
|2||Litigation Records||10 years|
Service Users and Service Users’ Families or Advocates
- What information do we collect about you?
The nature of our service means that very personal and sensitive information is discussed, openly and honestly, in order to ensure we can meet your health and social care needs in ways that are unique to your individual circumstances. This specific type of information is required in order for us to meet our legal and regulatory obligations as a registered provider and to be able to fulfil our contract with you.
If you are a next of kin or person with power of attorney, then your details are required to ensure that we can et the necessary authority in respect of the care services we are providing to the person under your authority.
We will be collecting and processing the following information:
- Your full name, address and contact details and next of kin information
- Your capacity to make decisions and/or whether we need to liaise with the person(s) you have entrusted with power of attorney
- Any specific medical conditions that may affect our staff and our ability to look after you
- Any specific health issues that you may be required to disclose, depending on the nature of the care we will be providing to you
- Details relating to the methods through which your care is being funded. If you are funding your care, then we will invoice you or your specified contact and receive payment via cash, cheque or bank transfer. If your care is being funded, then we will deal with the organisation funding this, or any other party that you have nominated or has agreed to pay for your care.
- We will record details of any medication you require in order that we can ensure we administer this and we will also record any specific medical care wishes you have
- If you wish us to, we will record other information such as religion to allow use, should you request, to contact the appropriate religious representative.
The Lawful bases which we use are contained within the Data Protection Act 2018 and are:
|Contractual Obligation||When we have a contract with you to provide care and/or support services.
You may have contracted us directly, or this contract may have been given to us by Social Services or CCGs and you have consented to us providing you with care and support (Consent to Care is separate from consent as a legal basis for us processing your data).
|Legal Obligation||Where we have a legal obligation to comply with current law, industry compliance requirements or court order.
For example, providing funding agencies with information about the services we are providing to you, to comply with the Health & Social Care Act and the Care Quality Commission regulations, or where we are required to be able to demonstrate skills and competencies of our staff to comply with industry or legal requirements.
|Vital Interest||This is where the sharing of information is in the vital interest of you or our staff.
Such as sharing appropriate identity/information with a medical provider (ambulance, doctor, hospital etc) in the event you are taken ill.
Where your condition may represent a threat to the interests, rights or freedoms of other people, eg if you have a communicable disease and we believe your condition may represent a risk to our staff or other healthcare professionals.
- How information about you will be used
We may share information regarding your care with those who have a need to know, namely Health Professionals such as GPs, District Nurses, Hospitals etc., Local Authorities, which would include departments such as Social Services, Housing, Day Centres etc. Any relevant person identified by you such as family members, Power of Attorney; and our staff.
We will not share your information with anyone except those indicated above, unless required by law or at your specific request.
Personal information supplied to us is used in a number of ways, for example:
- To agree a Care Plan
- To review your care needs
- To monitor your medication
- To help us improve our services.
Upon completion of your Assessment of Needs (Risk Assessment), we compile a Care Plan which sets out tasks, aspirations and outcomes in order to meet all your identified needs and this is regularly reviewed and updated. This includes liaison with all those involved in your care such as family, your representative relevant health and social care colleagues and other professionals.
In the event you are unwell, in an emergency, this information will be passed onto medical professional eg ambulance, GP, hospital services.
- How long do we keep your information for?
Please see the section on Data Retention