A privacy notice is a statement that describes how we collect, use, retain and disclose your personal identifiable information.
The Company is committed to maintaining the accuracy, confidentiality and security of your personal information. This Privacy Notice describes the personal information that we collect from or about you, how we use it and to whom we disclose that information.
To ensure that we process your personal data fairly, lawfully and transparently we are required to inform you:
- Why we need your data
- How it will be used; and
- Who it will be shared with
This information also explains what rights you have to control how we use your information.
What personal information do we collect and hold?
The types of information that we collect and hold about you will depend on whether you are a client, job applicant, service user, next of kin or relation of a service user, medical or other professional, supplier etc. It could include:
- ID information such as your name, postal or email address, telephone numbers, and date of birth;
- Next of kin contact information
- Medical records and health information including medicine dosages
- Personal preferences
- Ethnicity or religious affiliation
- National Insurance and NHS numbers
- financial details;
- CVs and applications;
- references and interview notes;
- Education and training information;
- Photographs, video and audio recordings including CCTV imagery.
To improve our services, we sometimes collect anonymised information from web users. That information could include IP addresses or geographical information to ensure your use of our web applications is secure.
What are the main reasons we collect, hold and use your information?
Collecting your personal information allows us to provide service users with the healthcare services requested, specifically tailored to suit your personal needs and in accordance with our legitimate interests. Having entered into a contract with you, a local authority (or other organisation to deliver services to you), we will need information to perform our obligations under that contract. As a service provider and prospective employee we also have legal obligations that may require us to collect, hold and process specific information.
How do we collect your personal information?
We will try to collect personal information directly from you. For this reason, it is important that you help us to do this and keep your contact details up-to-date.
There are a number of ways in which we may seek information from you. We might collect your information when you fill out a form with us, when you have given us a call or used our website. We also find using electronic means, such as email or SMS, a convenient way to communicate with you and to verify your details.
Alternatively we may obtain information about you or your needs from a recruitment agency, our clients, your doctor, consultant, the district nurse, social worker, hospitals, the local authority, the emergency services, other health care professional, occupational health experts or professionals.
Who do we share your personal information with?
In certain circumstances we may need to share your information with other organisations where it is necessary for:
- the performance of our contract with you;
- to fulfil our legal obligations;
- the fulfilment of our legitimate interests;
- the protection of your vital interests;
- reasons of public interest;
- for the exercise or defence of legal claims; or
- when you have explicitly consented to the same.
This includes but is not limited to sharing your data with the following who may in turn process your data:
- our clients,
- the NHS,
- your doctor,
- social services,
- the local authority,
- emergency services,
- the District Nurse
- specific external suppliers such as systems providers (e.g. of our rostering, H&S reporting and financial systems), IT consultants, legal advisers and auditors etc.
However we will not share your personal information without first of all ensuring that the appropriate data sharing protections are in place.
How do we take care of your personal information?
The security of your personal identifiable information is important to us and we take reasonable steps to protect it from unauthorised access, modification or disclosure. We have achieved this by:
- implementing retention policies;
- implementing secure access to all IT systems and encryption technology
- service user verification for information requests
- Regular testing of our procedures and IT security
- Secure destruction of data that is no longer required
What happens when we no longer need your information?
We will only keep your information for as long as we require it for the delivery of a service to you. We may be required to keep some of your information beyond this time for reasons of regulatory or legal compliance and in this regard we will comply with the retention schedule set out in the Records Management Code of Conduct for Health and Social Care, currently located at: https://digital.nhs.uk/article/1202/Records-Management-Code-of-Practice-for-Health-and-Social-Care-2016.
When we no longer require your information, we will ensure that your information is securely destroyed or anonymised.
Can we use your information for marketing our products and services?
We will only market to you in accordance with our legitimate interests or with your consent. This might include sharing your information with approved third party marketing companies.
We will always let you know that you can opt out from receiving marketing material and you can let us know at any time if you no longer wish to receive direct marketing offers from us. You can do so by emailing us here, or writing to us at: firstname.lastname@example.org
Access to your personal information
You can ask to see the personal information that we hold about you. This is known as a ‘Subject Access Request’. We may ask that you put any such request in writing to assist us in verifying your identity, your right to access, as well as to assist us in searching for and providing you with the personal information that we hold about you. In specific circumstances, we may charge you a fee to access your personal information however we will advise you if this is the case and of any fee in advance.
Your right to access the personal information that we hold about you is not absolute. There are instances where applicable law or regulatory requirements allow or require us to refuse to provide some or all of the personal information that we hold about you. This may include circumstances for example where:
- we believe there is a threat to life or public safety;
- there is an unreasonable impact on other individuals;
- the information wouldn’t be ordinarily accessible because of legal proceedings;
- it would prejudice negotiations with you;
- it would be unlawful;
- it would be likely to harm the activities of an enforcement body (e.g. the police); or
- it would harm the confidentiality of our commercial information.
In addition, there are other circumstances whereby the personal information may have been destroyed, erased or made anonymous in accordance with our record retention obligations and practices. If we cannot provide you with access to your personal information, we will inform you of the reasons why, subject to any legal or regulatory restrictions.
Right of erasure, rectification & restrictions on processing
You have the right to have inaccurate information about you corrected and to request we restrict our processing of your data. You also have a limited right to be forgotten. Where you require us to erase data about you and where we agree we are able to comply with your request, we will do so.
If you wish to exercise these rights and/or where you consider information we hold is inaccurate, please contact us and where we agree, we will seek to correct or delete the information we hold, wherever we are able to and once we have verified your identity. Where we do not agree we may nonetheless note the detail of your issues with the same.
How to contact us & complaints
If you have any questions, concerns or complaint in respect of data protection and this privacy notice, please do not hesitate to contact us. Please contact your local Operations Manager at:
By email: email@example.com
Hartwig Care Ltd.
5 Ella Mews
Alternatively you may contact our Data Protection Officer at: firstname.lastname@example.org
We will endeavour to address your issue as swiftly as possible.