This Privacy Notice explains how we use your personal data: how it is collected, how it is held, and how it is processed. It also explains your rights under the law relating to your personal data.
SHC will uphold and actively promote these rights in line with guidance issued by the Information Commissioners Office: https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/
The GDPR provides the following rights for individuals:
- The right to be informed
- The right of access
- The right to rectification
- The right to erasure
- The right to restrict processing
- The right to data portability
- The right to data object
- Rights in relation to automated decision making and profiling
Or direct to the Information Commissioners Office at https://ico.org.uk/concerns/
To find SHC on the Information Commissioner's Office (ICO) Data Protection Public Register, please use the following details:
|Data controller: SHC Clemsfold Group Limited||Data controller: SHC Rapkyns Group Limited|
|Registration number: ZA121725||Registration number: ZA121728|
|Date registered: 17 June 2015||Date registered: 17 June 2015|
|Registration expires: 16 June 2020||Registration expires: 16 June 2020|
|Payment tier: Tier 1||Payment tier: Tier 1|
What is Personal Data?
Personal data is defined by the General Data Protection Regulation (EU Regulation 2016/679) (the “GDPR”) as ‘any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier’.
Personal data is, in simpler terms, any information about you that enables you to be identified. Personal data covers obvious information such as your name and contact details, but it also covers less obvious information such as identification numbers, electronic location data, and other online identifiers.
The personal data that we use is set out below.
What Are My Rights?
Under the GDPR, you have the following rights, which we will always work to uphold:
- The right to access the personal data we hold about you;
- The right to have your personal data rectified if any of your personal data held by us is inaccurate or incomplete. This does not mean that your data can be changed to represent something untruthful at your request;
- The right to be forgotten, that is, the right to ask us to delete or otherwise dispose of any of your personal data that we have;
- The right to restrict, i.e. the processing of your personal data;
- The right to object to us using your personal data for a particular purpose or purposes;
- The right to data portability. This means that if you have provided personal data to us directly, we are using it with your consent or for the performance of a contract, and that data is processed using automated means, you can ask us for a copy of that personal data to re-use with another service or business in many cases;
- Rights relating to automated decision-making and profiling, however, we do not use your personal data in this way.
In some instances, if you refuse to provide us with certain information when requested, we may not be able to:
- Perform the contract we have entered with you
- Comply with our legal or regulatory obligations
If you have any cause for complaint about our use of your personal data, please contact us as soon as possible and we will work with you to alleviate any concerns and, if necessary, rectify the problem. If you feel that that the outcome is unsatisfactory, you have the right to lodge a complaint with the Information Commissioner’s Office.
Data Protection Policy
1) Obtain and process personal data fairly and lawfully – use the forms and procedures set out in the SHC policies and administration systems.
2) Hold the data only for the purposes specified in your Register entry:
- Personnel/employee administration
- People we Support/customer administration
- Social Services/social work
- Purchase/supplier administration
- Health care administration
3) Use the data only for the purposes, and disclose only to the people, listed in your Register entry:
- Individuals or organisations directly associated with the data subjects
- Individuals or organisations directly associated with the data user
- Individuals or organisations (general description)
4) Only hold data which are adequate, relevant and not excessive in relation to the purpose for which the data are held.
5) Ensure personal data are accurate and, where necessary, kept up to date.
6) Hold the data for no longer than is necessary.
7) Allow individuals access to information held about them and, where appropriate, correct it or erase it.
8) Take security measures to prevent unauthorised or accidental access to, alteration, disclosure, or loss and destruction of information.
Subject Access Requests
The Data Protection Act entitles individuals to find out what personal data is held about them on computers and to have that data corrected or erased if it is inaccurate, and to claim compensation if they can prove that they have suffered damage from an inaccuracy or breach of security.
These rights are known as ‘subject access rights’. An individual who makes a subject access request is entitled to be:
- Told by you (the data user) whether any personal data is held which relates to him/her;
- To be supplied with a copy of all the information that forms any such personal data.
The individual must apply in writing to find out what information is held about him/her.
A response must be made within 40 days of the request provided that:
- Any information reasonably required to identify the data subject is supplied
- Any information reasonably required to locate the data is supplied
- Any consent required from other individuals has been obtained
If the information is not particularly sensitive and the reply is to be sent to the address you know to be that of the individual concerned, the individual’s usual signature should be enough proof of identity.
However, if you judge the information to be more sensitive and requiring further proof of identity, the individual may be asked to provide the following:
- Confirm certain items of personal data which you hold e.g. date of birth
- Have his/her signature formally witnessed
- Produce an identifying document e.g. previous correspondence with this organisation, a driving licence or benefit book.
Any subject access request must be made to the Registered Manager. A copy must also be sent to the Director of Operations at SHC’s headquarters. SHC will make a charge of £10.00 for each request.
Access to People we Support’s Records
The underlying principle is that the subject of the record is the only person who should be allowed access to information held regarding him/herself. Access should be granted as extensively as possible, considering the individual’s age, maturity and level of understanding.
It is acknowledged that it is also the right of all adults to refuse access to information to their nearest relative including adults with a learning disability or a psychiatric illness. If it is considered that a Person we Support is unable to make a reasoned decision, then it will be the responsibility of the Registered Manager.
Within the records there may be information that it is considered detrimental to the People we Support’s wellbeing, if it were available to them. Such information should be contained in a confidential report module within the records. Decisions regarding information that may be confidential should be made by the Registered Manager in consultation with the key worker and other professionals involved in the People we Support’ case.
How Do You Use My Personal Data?
Under the GDPR, we must always have a lawful basis for using personal data. This may be because the data is necessary for our performance of a contract with you, because you have consented to our use of your personal data, or because it is in our legitimate business interests to use it. Your personal data may be used for any of the following purposes:
- Providing and managing your account.
- Supplying our services to you. Your personal details are required in order for us to enter into a contract with you.
- Personalising and tailoring our services for you.
- Communicating with you. This may include responding to emails or calls from you.
- Supplying you with information by email AND/OR post that you have opted-in to (you may unsubscribe or opt-out at any time by contacting us).
With your permission and/or where permitted by law, we may also use your personal data for marketing purposes, which may include contacting you by email/telephone/text message and post with information, news, and offers on our products and services. These activities are within our Legitimate Interests as a business with whom you have communicated or shown an interest in the services. You will not be sent any unlawful marketing or spam. We will always work to fully protect your rights and comply with our obligations under the GDPR and the Privacy and Electronic Communications (EC Directive) Regulations 2003, and you always can opt out.
Data Collection and Disclosures
We welcome visitors to SHC Ltd’s website without disclosing their information. We will collect visitors' personal information when they have provided it to us via enquiry forms, contact forms, telephone calls or email, and we would use this information in the following ways:
- To respond to an enquiry or other request, whether that enquiry was made via contact forms, enquiry forms, telephone calls or email.
- To respond to enquiries that are made on behalf of others as directed.
- To send a newsletter if requested.
- To provide further information as requested.
- To validate a contact as current.
- To send you informational and promotional content that you may choose (or “opt in”) to receive. You can stop receiving our promotional emails by following the unsubscribe instructions included in every email.
- To respond to lawful requests by public authorities, including to meet national security or law enforcement requirements.
What are cookies?
Cookies are small data files that are placed on your computer or mobile device when you visit a website. Cookies are widely used by website owners in order to make their websites work, or to work more efficiently, as well as to provide reporting information.
Cookies set by the website owner (in this case, SHC’s website) are called “first party cookies”. Cookies set by parties other than the website owner are called “third party cookies”. Third party cookies enable third party features or functionality to be provided on or through the website (e.g. like advertising, interactive content and analytics). The parties that set these third party cookies can recognise your computer both when it visits the website in question and also when it visits certain other websites.
Some cookies are required for technical reasons for our Website to operate, and we refer to these as “essential” or “strictly necessary” cookies. Other cookies also enable us to track and target the interests of our users to enhance the experience on our Website.
Most web browsers allow some control of most cookies through the browser settings. To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit www.allaboutcookies.org. To opt out of being tracked by Google Analytics across all websites visit http://tools.google.com/dlpage/gaoptout.
Given that the Internet is a global environment, using the Internet to collect and process personal information necessarily involves the transmission of information on an international basis. Therefore, by visiting and browsing the www.sussexhealthcare.org website you are communicating electronically with us, you acknowledge and agree to our processing of personal information in this way.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal information, we cannot guarantee the security of your information transmitted to any website; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
Policy created and updated 1st February 2020.