The General Data Protection Regulation (GDPR) addresses certain requirements for all organisations that collect and process personal data as part of their on-going business operations. Personal data is defined as any information relating to an “identifiable living individual”, and will therefore apply to the organisation’s service users, employees and suppliers.
What information we collect
The information that we are most likely to collect from you are:
- name, address, date of birth and contact details
- your medical history including current and historic illness, treatment and medication
- any dietary needs you may have
- any allergies we need to be aware of
- name and contact details of authorised persons which you consent for us to contact regarding your care
- financial information
Why we collect your information
Our core activities centre around the collection and processing of large quantities of personal data. Most of this data originates from the service users as assessments of care needs, care planning, records of care service delivery, risk assessments etc, but personal data from staff members (CVs, employment records etc) will also be considered.
Without collecting any personal information from you, we would be unable to provide you with a service; as the nature of the service provided, requires information that would help us to develop a detailed care plan which takes account of your needs and preferences. This way we can ensure that you are provided with the relevant support that you need. Information will most likely be collected during your initial enquiry, care needs assessment and at any other point after that.
Who we might share your information with
- any relatives, advocates or representatives authorised by you
- healthcare professionals e.g. your GP or Pharmacist
- our regulator, the Care Quality Commission (CQC) and local Social Services, to comply with our audit requirements
- a third party who acquires our business; and
- law enforcement and regulatory agencies in connection with any investigation to help prevent unlawful activity or as otherwise required by law.
How we keep your data secure
We have appropriate security measures in place to prevent personal information from being accidentally lost, used or accessed in an unauthorised way. We limit access to your personal information to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.
Transfer of data out of the EEA
It is not our normal policy to transfer any personal data to a country outside the EU or EEA or a country with an EU Adequacy Agreement. If, however, it was necessary to do so, we would seek your express consent in advance of such a transfer and would ensure that the appropriate safeguards were in place.
Friendly Homecare is committed to understanding and respecting the rights of the individual with respect to the safe and secure handling, storing and management of that individual’s personal data. We will therefore uphold the following fundamental rights for individuals concerning their personal data, per the requirements of the GDPR:
- the right to be kept informed
- the right of access to their data at any reasonable time
- the right to rectify / modify records
- the right to erase / redact any information
- the right to restrict processing of data (e.g. on a “need-to-know” basis)
- the right to data portability
- the right to object to any part of the data content
If you wish to exercise any of these rights, you should put your request in writing and provide us with enough information to identify you. If we need further information we will let you know. If you have any concerns or questions as to the way in which we process your information please do contact us. In addition you have a right to bring a complaint with the Information Commissioner’s Office. More information on the Information Commissioner’s Office and your rights are available at www.ico.org.uk.
Retention of data
We will retain your information for no longer than is necessary for the purposes for which we have collected it, or for as long as we have your consent to do so where your consent is our legal basis on which we process such data.
Due to the nature of our business, we collect a wide range of personal data for a broad range of reasons. As a result, our retention policy differs significantly based on the purposes for which the data was collected and the nature of the data. Retention periods are available upon your request.
Changes to this policy
We may change this policy from time to time. You should check this policy frequently to ensure that you are aware of the most recent version.
The Data Protection Lead for Friendly Homecare is Shiva Singh who can be contacted at:
firstname.lastname@example.org / 020 3417 3353
Friendly Homecare, The Vale Business Centre | Unit 45 | 203-205 The Vale | London W3 7QS