C2C Privacy Statement & Policy (GDPR)
Effective Date 25th May 2018
At Commit2Care Services LTD, we are committed to protecting and respecting your privacy in accordance to the requirements of the General Data Protection Regulations (“GDPR”).
This Privacy Statement explains when and why we collect personal information about service users and staff members, how we use it, the conditions under which we may disclose it to others and how we keep it secure.
This Privacy Statement defines the policies and arrangements in place within the Organisation that assures compliance to the requirements of the General Data Protection Regulations (“GDPR”), as relevant to the Organisation’s business interests.
1. The General Data Protection Regulations (henceforth abbreviated to “GDPR”) addresses certain requirements for all Organisations that collect and process personal data as part of their on-going business operations. Personal data is defined as any information relating to an “identifiable living individual”, and will therefore apply to the Organisation’s service users, employees and suppliers.
2. The GDPR applies to any data recorded in a filing system that allows personal data to be easily accessed. In this respect GDPR will apply to any of the following types of file where data may be stored:
2.1“Hard copy” (paper) files relating to employees (e.g. employment records, safeguarding records, risk assessments, assessments of care needs, care planning, and other documents requiring original signatures).
2.2 Electronic (computer) files relating to staffing issues, (shift allocation, staff skills, training), complaints etc, and service user issues (care planning, environmental risk assessments, accidents etc).
2.3 Digital image files relating to the following:
- Photographs of staff – for ID badges / verification of identity as part of employment vetting
- photographs of service users – Care Plan / medicine assistance verification of identity / CCTV images
- biometric scans – fingerprint scans for door entry systems
PRINCIPLES OF DATA PROTECTION:
1.The way in which our Organisation manages service user / staff information will conform to the following 6 principles of Information Management:
- Justify the purpose(s) of using confidential information;
- Only use it when absolutely necessary;
- Use the minimum that is required;
- Access to be on a strict need-to-know basis;
- Everyone should understand his or her responsibilities;
- Understand and comply with the law.
- The Organisation is committed to the enforcement of the following Code of Good Practice in relation to the data
it retains on service users and employees. In summary, data will:
- be fairly and lawfully processed;
- be used for a limited and well-explained purpose;
- be relevant to the Organisation’s needs;
- not be unnecessarily excessive in detail;
- be accurately maintained;
- not be kept any longer than is necessary, or as required by law;
- only be used in accordance with the individual subject’s rights;
- be securely stored;
- only be made available to authorised persons.
What information do we collect and how do we collect it?
- Your full name, DOB, residential address, telephone number and e-mail address
- Records of the Baseline Assessment of your Care Needs
- Records of your specific Assessments – Waking / Dressing / Retiring / Undressing / Sleeping
- Records of your specific Assessments – Standing / Sitting / Walking / Transfers / Mobility / Bathing /
Showering / Toilet
- Records of your specific Assessments – Risk Assessments (Activities / Equipment)
- Records of your specific Assessments – Diets / Nutritional Care
- Records of your specific Assessments – Medication
- Records of your specific Assessments – Medical / Therapeutic Care
- Records of your specific Assessments – Lifestyle Choices
10.Records of your specific Assessments – Culture / Religion / Beliefs
11.Records of the Health & Safety Risk Assessment of your home environment
12.Any Financial Records relating to your account with us
13.Confidential Records of Service Quality Questionnaires that we have asked you to complete
The information above is collected during an assessment by the Registered Manager and/or authorised personal with prior consent from service users / relatives / advocates.
- Your full name, DOB, residential address, details of next of kin, Driving License, photograph (For I.D.) bank details, car details, HMRC details, telephone number and e-mail address
- Confidential Records of Employees – Job Application Forms / References / CVs
- Confidential Records of Employees – Training / Performance Appraisals / Disciplinary Records
- Confidential Records of Employees – DBS Checks
- The location of your work mobile device (*for the purposes set out below)
*When a staff member is on active duty we track the location of your work mobile device through Care Planner for the purpose of protecting our staff members in case of an accident or abuse.
This is also a requirement in case of an emergency or for staff rostering to protect service users.
The information above is collected from the Registered Manager and/or authorised personal during an interview/review with prior consent from the applicant/staff member.
How do we use the information we collect about you?
The information we collect about you is used to develop your person centred Care Plan which will be tailored to your needs. To enable us to identify areas of risk in your home / lifestyle/ health condition and to include these for action in your Care Plan. To help us to improve our levels of service and maintain our own secure and protected, confidential accounts and records.
To ensure that we maintain training and staff records in line with legal requirements. To ensure that our staff members are safe and protected while on active duty.
How do we share your information?
Where it is deemed necessary to divulge personal data to a third party this will only be done with the express permission of the individual subject, ref. Confidentiality Policy, No 1505. In this respect both staff and service users / relatives / advocates will also be advised that personal information held by the Organisation may be shared with the Registration / Regulating Authority, as appropriate.
We do not share your personal information with anyone except as described below. We will share your personal information only with your consent or as required or permitted by applicable law, such as:
with regulatory authorities, health professionals, governmental agencies, reference agencies and authorised personal.
How do we keep and safeguard your information?
The Organisation is committed to understanding and respecting the rights of the individual with respect to the safe and secure handling, storing and management of that individual’s personal data. The Organisation will therefore uphold the fundamental rights for individuals concerning their personal data, per the requirements of the GDPR.
Personal data and records will be maintained under appropriate conditions of security to prevent any unauthorised or accidental disclosure. Records can be in hard copy (paper) format, or as electronic files (word processed and scanned pdf files), or as digital files (biometric scans and digital photographs). In each case our GDPR Policy refers, and particular attention is paid to the following aspects of data sharing and storage security.
What are your rights?
All individuals, service users and employees, have the right of access to manual, electronic and digital records that are relevant to their personal data. For service users, this is supported by Policy No 1505.
You have the right to access, update, and/or erase your personal information. You may also be entitled to restrict and/or object to the use of your personal information in the following ways:
- withdraw your consent for our use of your personal information at any time;
- restrict and/or object to the use of your personal information;
- request a manual review of certain automated processing activities that may impact your legal or other contractual rights; and
- request a copy of your personal information we have about you.
Use of ‘cookies’
Links to other websites
In addition, if you linked to our website from a third party site, we cannot be responsible for the privacy policies and practices of the owners and operators of that third party site and recommend that you check the policy of that third party site.
From time to time, we will change this online privacy statement. Depending on the nature of these changes, we will inform you through our written communications or through our website. Otherwise, we recommend that you check the current version available here. If we make changes to this statement, we will update the
“Effective Date” at the top of this page.
This Policy was last updated 15th May 2018.
Commit2Care Services LTD