Privacy & Cookies Policy
General Data Protection Regulation (GDPR) Privacy Notice
Introduction
This notice sets out information relating to the use of your personal data in accordance with the provisions of the General Data Protection Regulation (GDPR). We take our obligations concerning your data seriously, and we aim to demonstrate, through the use of this notice, what kind of data we collect, how it is processed, and meet our other responsibilities for notification to you under GDPR.
1. Business details
This is the privacy notice of Surecare Shropshire Limited, which is a Data Controller.
SureCare Shropshire is registered with the Care Quality Commission to provide personal care services to people in their own homes.
Our trading address is at Merrington, Bomere Heath, Shrewsbury, Shropshire, SY4 3QJ.
Our registered office is at Column House, London Road, Shrewsbury, Shropshire, SY2 6NN.
SureCare Shropshire operates services to people in their own homes from the above location.
2. Aims of this notice
We are required by law to tell you about your rights and our obligations regarding our collection and processing of any of your personal information, which we may obtain about you. We have a range of policies and procedures to ensure that any personal information you supply is only with your active consent and will always be held securely and treated confidentially in line with the applicable regulations. We have listed the relevant documents in a later section (6) and can make any available.
3. What personal information we collect about: a) service users b) employees and c) third parties
- Service users. As a registered care provider, we inevitably collect personal information on our service users, being such things as: name and address details, contact information (e.g. email address and phone numbers), age, siblings/next of kin details, sex and financial information, which is essential to our being able to provide effective care and support. The information is contained in individual files (manual and electronic) and other record systems, all of which are subject to strict security and authorised access policies. Personal information that becomes inactive, e.g. from enquiries or prospective users who do not enter the service is also kept securely for as long as it is reasonably required, which typically, is for a 6 year period following the cessation of services being provided.
In relation to service users, we may collect special category data, such as that relating to race, ethnic origin, religion, health and sexual orientation. Where we do so, it is only for the purpose of providing care services to our service users, whom would consent to the processing of such data, to enable us to fulfil our contractual duties to the service user and other legitimate reasons relating to the provision of care services. Such data is processed in line with our policies and strict measures taken to ensure data security at all times. - Employees. The service operates a safe recruitment policy to comply with the regulations in which all personal information obtained, including CVs and references, is, like service users’ information, securely kept, retained and disposed of in line with data protection requirements. All employees are aware of their right to access any information about them.
- Third parties. All personal information obtained about others associated with the delivery of the care service, including contractors, family members, etc. will be protected in the same ways as information on service users and employees; where the individual’s personal details are kept on the file in relation to either a service user or employee, that individual’s information will be destroyed at the same time as any data concerning the service user or employee.
4. How we collect information
The bulk of service users’, employees’ and thirds parties’ personal information is collected directly from them or through form filling, mainly manually, but also electronically for some purposes, e.g. when contacting the service via its website.
With service users, we might continue to build on the information provided in enquiry and referral forms, and, for example, from individual client needs assessments, which feed into their care and support plans. Third parties may provide us with information, such as local authorities and public bodies, again, for the purpose of assisting us in the provision of care services relating to the service user concerned.
With employees, personal information is obtained directly and with consent through such means as references, testimonials and criminal records (DBS) checks. When recruiting staff, we seek applicants’ explicit consent to obtain all the information needed for us to decide to employ them.
All personal information obtained to meet our regulatory requirements will always be treated in line with our explicit consent, data protection and confidentiality policies.
Our website and databases are regularly checked by experts to ensure they meet all privacy standards and comply with our general data protection security and protection policies.
5. What we do with personal information
All personal information obtained on service users, employees and third parties is used only to ensure that we provide a service, which is consistent with our purpose of providing a person-centred care service, which meets all regulatory standards and requirements. It will not be disclosed or shared for any other purpose.
6. How we keep your information safe
As already stated, the service has a range of policies that enable us to comply with all data protection requirements. Foremost are:
- Access to Employee Data under the GDPR
- Access to Service Users Records
- Computer Security
- Concerns and Complaints
- Confidentiality – General
- Confidentiality of Service Users’ Information
- Consent to Care and Treatment
- Data Protection and Compliance with the General Data Protection Regulation
- Information Governance under the General Data Protection Regulation and NHS Records Management Code of Practice
- Records & Record Keeping – Service Users in Domiciliary Care
- Safe Recruitment and Selection in Domiciliary Care
- Sharing Information with Other Providers and Agencies in Domiciliary Care.
7. With whom we might share information
We only share the personal information of service users, employees and others with their consent on a “need to know” basis, and for legitimate purposes in the provision of care services, observing strict protocols in doing so. Most information sharing of service users’ information is with other professionals and agencies involved with their care and treatment. Likewise, we would not disclose information about our employees without their clear agreement, e.g. when providing a reference.
There are only two exceptions to this general rule:-
- We may share your personal data with SureCare Community Services Ltd of Suite 1, 2nd Floor, Maple House, Park West Business Park, Sealand Road, Chester, CH1 4RN, as a processor, which provides IT and system administration services.
We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions. - Where we are required by law to provide information, e.g. to help with a criminal investigation. Even when seeking to notify the local authority of a safeguarding matter or the Care Quality Commission of an incident that requires us to notify it, we would only do so with consent or ensure that the information provided is treated in confidence.
Where we provide information for statistical purposes, the information is aggregated and provided anonymously so that there is no privacy risk involved in its use.
8. How personal information held by SureCare Shropshire can be accessed
There are procedures in place to enable any service user, employee or third party whose personal information we possess and might process in some way to have access to that information on request. (See the policies listed in No. 6 above.) The right to access includes both the information and any uses which we might have made of the information.
9. How long we keep information
There are strict protocols in place that determine how long the organisation will keep the information, which are in line with the relevant legislation and regulations. Typically, we would retain the information during the course of the relationship with the party concerned, if care services are being provided, or employment being maintained, or there are some ongoing relationship with the third party concerned. Where any such relationship ends, we shall retain the data for a period of six years in the absence of compelling reasons for us to extend that period. This may happen if, for example, ongoing investigations regarding a service user extend past that period, and the data needs to be retained for that purpose.
10. Data Protection Officer
We are not required to appoint a Data Protection Officer under the GDPR. However, we have taken the decision to appoint a Data Protection Lead (DPL), and our DPL is Alison Waterhouse. Any request for information concerning personal data held within our organisation should be made of: Alison Waterhouse at careteam@surecareshropshire.co.uk
11. How we keep our privacy policies up to date
The staff appointed to control and process personal information in our organisation are delegated to assess all privacy risks continuously and to carry out comprehensive reviews of our data protection policies, procedures and protocols at least annually.
12. Rights of access to personal data
Under the GDPR, individuals whose data we process have the right to:
- Request access to, deletion of, correction of, their personal data;
- Request their personal data be transferred to another person; and
- Complain to the supervisory authority, which would be the Information Commissioner’s Office, which is contactable on 0303 123 1113 and online at www.ico.org.uk.
Terms of Website Use
This website’s privacy policy governs the privacy of users accessing this website. The information above sets out the different areas where user privacy is concerned and outlines the obligations and requirements of the users, the website and website owners. Furthermore the way this website processes, stores and protects user data and information will also be detailed below.
This website and its owners take a proactive approach to user privacy in order to reasonably ensure (to the best of their ability) the necessary steps are taken to protect the privacy of its users throughout their visiting experience. This website complies to all UK national laws and requirements for user privacy.
Use of Cookies
This website uses cookies to better the user’s experience while visiting the website, by using our website, you consent to us storing cookies. This complies with the latest legislation requirements for websites to obtain explicit consent from users before leaving behind or reading files such as cookies on a user’s computer or device.
Cookies are small files saved to the hard drive of the user’s device, which track, save and store information about the user’s interactions and usage of the website. This allows the website, through its server to provide the users with a tailored experience within this website. Cookies typically expire after 30 days, though in some cases they may last longer. No personal information is stored, saved or collected.
Users are advised that if they wish to deny the use and saving of cookies from this website onto their device’s hard drive, they should take necessary steps within their web browsers security settings to block all cookies from this website and its external serving vendors.
Using anonymous data allows us to get an insight into the ways in which our pages are visited and for how long. This information is used to improve and optimise our website:
- _ga: Used for Google Analytics – Expires after 2 years
- _gat: Used for Google Analytics – Expires after 1 day
- _gid: Used for Google Analytics – Expires after 1 day
More information: (https://policies.google.com/privacy)
The following cookies may be used for marketing purposes to show advertisements to those interested:
- _fbp: Used for Facebook – Expires after 3 months
- fr: Used for Facebook – Expires after 3 months
- tr: Used for Facebook – Expires after the end of the session (when you close your browser)
More information: (https://www.facebook.com/policy.php)
Third-party cookies are set by other websites. We use their online tools to make our website work better for you and to give you access to more information, for information on their policies please refer to:-
Contact and Communication
Users contacting this website and/or its owners do so at their own discretion and provide any such personal details requested at their own risk. Any personal information submitted is kept private and stored securely until a time it is no longer required or has no use. Every effort has been made to ensure a safe and secure form to email submission process but users are advised that by using such form to email processes is done so at their own risk.
This website and its owners use any submitted information to provide users with further information about the products/services offered or to assist in answering any submitted questions or queries.
External Links
Although this website only looks to include quality, safe and relevant external links, users are advised adopt a policy of caution before clicking any external web links mentioned throughout this website. (External links are clickable text / banner / image links to other websites)
The owners of this website cannot guarantee or verify the contents of any externally linked website despite their best efforts. Users should therefore note they click on external links at their own risk and this website and its owners cannot be held liable for any damages or implications caused by visiting any external links mentioned.
Social Media Platforms
Communication, engagement and actions taken through external social media platforms that this website and its owners participate on are custom to the terms and conditions as well as the privacy policies held with each social media platform respectively.
Users are advised to use social media platforms wisely and communicate / engage upon them with due care and caution in regard to their own privacy and personal details. This website nor its owners will ever ask for personal or sensitive information through social media platforms and encourage users wishing to discuss sensitive details to contact them through primary communication channels such as by telephone or email.
This website may use social sharing buttons which help share web content directly from web pages to the social media platform in question. Users are advised before using such social sharing buttons that they do so at their own discretion and note that the social media platform may track and save your request to share a web page respectively through your social media platform account.
Shortened Links in Social Media
This website and its owners through their social media platform accounts may share web links to relevant web pages. By default some social media platforms shorten lengthy URLs (web addresses).
Users are advised to take caution and good judgement before clicking any shortened urls published on social media platforms by this website and its owners. Despite the best efforts to ensure only genuine urls are published many social media platforms are prone to spam and hacking and therefore this website and its owners cannot be held liable for any damages or implications caused by visiting any shortened links.
This page last updated: September 2024