Privacy Policy

Introduction

Whitchurch House understands that privacy is important, we respect and value the privacy of everyone who is cared for, their relatives/family/friends, people employed by us or anyone else who is associated to Whitchurch House in a professional capacity.

We require data of a personal nature to operate and provide care services, this data is obtained from various sources including residents, their relatives or representatives and healthcare professionals, we also require data to employ staff to run the home for example, any personal data we hold or collect will be the minimum required to operate and will only be used in the running of our home and the provision of care and will only be used as permitted by law. Please read this Privacy Policy carefully and ensure that you understand it.

Definitions and Interpretation

In this Policy, the following terms shall have the following meanings: “personal data”means - any and all data that relates to an identifiable person who can be directly or indirectly identified from that data. In this case, it means personal data that we have to hold in order to function as a Care Home. This definition shall, where applicable, incorporate the definitions provided in the EU Regulation 2016/679 – the General Data Protection Regulation (“GDPR”); and “We/Us/Our”means - Whitchurch House, Whitchurch, Ross-on-Wye, Herefordshire, HR9 6BZ As a data subject, you have the following rights under the GDPR, which this policy and our use of personal data have been designed to uphold:

The right to be informed about collection and use of personal data;

The right of access to the personal data we hold about you.

The right to rectification (update/correct) if any personal data we hold about you is inaccurate or incomplete.

The right to be forgotten – i.e. the right to ask us to delete any personal data we hold about you (We have to hold personal data for a limited time, we will not hold any data for longer than is required by law at that time, all data will be destroyed/deleted the moment it is no longer required to be held).

The right to restrict (i.e. prevent) the processing of your personal data;

The right to data portability (obtaining a copy of your personal data to re-use with another service or organisation).

The right to object to us using your personal data for any purposes other than the functioning of our business. If you have any cause for complaint about our use of your personal data, please contact us, we will do our best to solve the problem for you. If we are unable to help, you have the right to contact the UK’s supervisory authority, the Information Commissioner’s Office. For further information about your rights, please contact the Information Commissioner’s Office or your local Citizens Advice Bureau.

Our legal obligations

As data controllers (the Management Team) and data processors (everyone who uses the data) we are responsible to for all data held, we will  collect only the minimum data that is required to operate the business and comply with all legal requirements. There are severe financial penalties for non compliance and data breaches which we are liable for.

Why we need data

We require data for ‘legitimate interests’ to enable us to provide care services, employ staff and liaise with other care professionals in the pursuit of providing care and support to our clients.

How do we obtain data

We only collect the relevant amount of data that is appropriate for the purpose. Special categories data is obtained from various sources, including residents, their relatives or representatives and healthcare professionals. We also require data to employ staff to run the home, this data comes from staff members, previous employers, DBS checks etc.

What Data do we collect

We collect data: including ‘special categories’ that is relevant to providing care services; including resident’s assessment details, comprehensive care plan details, medical history, medication information etc. We also hold data relating to the employment of staff and complying with all mandatory requirements in providing care, including information on employment, DBS checks, training, payroll, supervisions, disciplinary actions, work performance etc.

How do we use the data

Data including ‘special categories’ is used to enable us to deliver the best possible outcome in caring for our residents. This data is only shared with other healthcare professionals when it is relevant to do so in the pursuance of providing care support. The amount of information required should only be the minimum that is appropriate in that instance. Other data is required in recruiting, employing, paying, supervising and training staff that are required to operate the business. We also need contact data to communicate with others as and when is relevant in the pursuance of running the business.

How and where do we store data

All written data is kept in lockable files and lockable stores/ offices. Computers are all password protected. Dormant data which has to be kept for a set period is locked away and only accessible by the Management Team.

How long do we keep data for

We will only retain data for the mandatory period (currently six years) to comply with obligations to archive certain types of information for  accountability and destroy once this period has expired either by shredding or deletion. We will not share any data with any third parties for any purposes unless it is for the continued function of the business provision or there is a legal obligation to do so.

Data security

All data should be kept locked in filing cabinets and in locked offices, only accessible to those who have a legitimate right to access it. Digital data should be kept on computers and password protected; computers should not be accessible to unauthorised individuals. Data should not be left on view (on desks, notice boards, computer screens, medication rounds etc), or accessible to anyone other than relevant individuals or healthcare professionals who have a legitimate vested interest in the data for the sole use of providing care for that individual only. When emailing, faxing, written communication or any other forms of contact with others we must ensure that the recipient’s details are correct and we are contacting the right person to eliminate data breaches. If at all possible a person’s identity should be encrypted in communications IE: using initials only or if they have an ID number as long as it is clear to the recipient who the communication is referring to.

Rights of Data subjects

Everyone has a right to be informed what their data is used for. They can request a copy (subject access request) of their personal data either in writing or verbally. They can rectify inaccuracies. They can request the erasure of their data unless it has to be legally archived for a set period. They can request restricted processing but only if relevant. Any request has to be responded to within one month.

Breach of data

Any breach of data should be reported immediately to the Management Team at Whitchurch House who will investigate.  If we cannot resolve the problem you have the right to contact the ICO (Information Commissioners Office) at www.ico.org.uk or phone the helpline on 0303 123 1113.

Contacting us

Contact the ‘management team’ by email at whitchurchhouse@googlemail.com, by telephone on 01600 890655, or by post at Whitchurch House, Whitchurch, Ross-on-Wye, Herefordshire, HR9 6BZ

Changes to Our Privacy Policy

We may change this Privacy Policy from time to time (for example, if the law changes).