Privacy Statement for Residents and prospective residents July 2018
At Century Healthcare we are committed to protecting your personal data and handling it responsibly. This privacy notice explains how we collect and use personal information about you when you are referred to or use our services.
Century Healthcare is a ‘data controller’ this means that we are responsible for deciding how we hold and use personal information about you. We are required under the General Data Protection Regulations (GDPR) to notify you of the information contained in this privacy notice.
What are the data protection principles?
We will comply with data protection law. This says that the personal information we hold about you must be:
1. Used lawfully, fairly and in a transparent way.
2. Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes.
3. Relevant to the purposes we have told you about and limited only to those purposes.
4. Accurate and kept up to date.
5. Kept only as long as necessary for the purposes we have told you about.
6. Kept securely.
Types of information we use and why
We ask for information about you so that we can make sure we offer you the very best care and maintain your safety. Without this information, we may not be able to offer you a place at one of our homes.
Types of information
- Your name, date of birth, telephone or other contact details,
- GP, health information and external healthcare providers e.g. podiatry services
- Care needs, wishes and preferences
- Lasting Power of Attorney (LPA), Independent Mental Capacity Act (IMCA), next of kin contact details
- Ethnicity or religious beliefs
- Your likes and dislikes (relating to hobbies, food, routines and other categories of likes and dislikes which help us improve your care)
- Details of your life history (to ensure that we help you feel at home with us it is important for us to get to know you as best we can)
- Video and photographs of you (such as CCTV footage, photographs for security purposes, etc)
- Information about your long term wishes (such your desired arrangements in the event that you pass away while staying with us)
How do we use your information?
We use your personal information to:
- provide you with the support services and other services requested
- create your plan of care and manage any identified risks to yourself or others
- contact you or your next of kin
- record the contact or care you are receiving from our services
- provide health and social care professionals who are involved in your care with relevant, accurate and up-to-date details about your health and other needs
- investigate any incidents, concerns or complaints you may have about your care or the standards of any health or social care professionals looking after you
- check and make improvements to our services
- invoice you or your appointee where you are self-funding
- protect the health and safety of our staff, visitors, service users and buildings
Who might we share your information with?
- Other healthcare professionals – e.g. GP, district nurse and on referrals to hospital – to explain about the care we have provided and also the care we are asking them to provide.
- Contractors and suppliers who provide services on our behalf, e.g. occupational therapists, speech therapists, physiotherapists.
- Regulatory bodies such as the Care Quality Commission, who govern our services, and Local Authorities such as safeguarding and Clinical Commissioning Groups, who commission our services under contracts.
- The Police and other law enforcement agencies: In limited circumstances we may be required to share your personal data with the police if required for the purposes of criminal investigations and law enforcement.
- Attorneys: Where it is lawful to do so, we may share your personal information with any individual who has authority to act on your behalf such as those granted power of attorney.
Sources of information
- From you directly both prior to your admission and during the course of your stay with us;
- From your friends and relatives who provide us with information about you;
- From anyone who has the authority to act on your behalf such as a power of attorney or deputy; and
- From healthcare professionals and officers in the local authority/ social services department.
Our lawful grounds for using your data
- It is necessary in order to enter into a contract with you. Our lawful basis for using your information
- It is necessary to meet legal / regulatory obligations.
- It is necessary to perform our contract with you.
- It is necessary for the protection of your vital interests.
- It is necessary for us to provide you with healthcare as a resident and for the management of health and social care services.
We rely on our legitimate interest in that as a health and Social Care provider we would not be able to provide the services that you require unless we were able to process your personal information, and where the processing is necessary to provide health and social care services.
How long do we keep your information for?
We keep your information for no longer than is necessary, as set out in our Data Retention Schedule
Where we are not under a legal obligation to retain your information, we will determine what is necessary by reference to the lawful basis for processing ?
How do we protect personal information?
We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.
In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal information on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected data security breach, and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
What are your rights?
Under certain circumstances, by law you have the right to:
- Request access to your personal information (commonly known as a "data subject access request"). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
- Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected. You may be asked to correct the information yourself.
- Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing.
- Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground.
- Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
- Request the transfer of your personal information to another party.
If you want to review, verify, correct or request erasure of your personal information, object to the processing of your personal data, or request that we transfer a copy of your personal information to another party, please contact our Head Office 296 Clifton Drive South Lytham St Annes FY8 1LH
Your duty to inform us of changes
It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes.
Changes to this policy