1. Notice for Clients Data controller:
CareMatch, Abihouse, Unit 1a Brunel Road Salisbury SP2 7PU The organisation collects and processes personal data relating its clients to manage the care contract relationship. The organisation is committed to being transparent about how it collects and uses that data and to meeting its data protection obligations.
2. What information does the organisation collect?
The organisation collects and processes a range of information about you. This includes: - your name, address and contact details, including email address and telephone number, date of birth and gender;- the details of your care service contract ;- details about your care plan, risk assessment and medical information- details of your bank account for invoicing purposes- information about your marital status, next of kin, dependants and emergency contacts;- information about your nationality;- details of any incidents, accidents or concerns relating to your care;- equal opportunities monitoring information, including information about your ethnic origin, sexual orientation, health and religion or belief. The organisation may collect this information in a variety of ways. For example, data might be collected through local authority social services, service contracts, or from your next of kin. Data will be stored in a range of different places, including in your client file, in the organisation's care computer system and in your client service user guide in your home.
3. Why does the organisation process personal data?
The organisation needs to process data to enable you to enter into a service care contract with you and your care team, to meet its obligations under the contract. For example, it needs to process your data to provide you with a service delivery care plan and to invoice you in accordance with your care contract.
In some cases, the organisation needs to process data to ensure that it is complying with its legal obligations. For example, CQC/CIW (Care Quality Commission/ Care Inspectorate Wales) requires us to hold care delivery records/ medical information/ record of medicines, and health and safety records regarding accidents and incidents through the duration of your contract.
In other cases, the organisation has a legitimate interest in processing personal data before, during and after the end of your care service contract. Processing client data allows the organisation to:
- assess client enquiries for care;
- maintain accurate and up-to-date client records and contact details (including details of who to contact in the event of an emergency), and records of client contractual and statutory rights;
- maintain correct invoicing and finance details
- operate and keep a record of client care plans and risk assessments to ensure person-centred care is delivered.
- respond to and defend against legal claims; and
- maintain and promote equality in providing care.
Some special categories of personal data, such as information about health or medical conditions, is required for the delivery of care. Where the organisation processes other special categories of personal data, such as information about ethnic origin, sexual orientation, health or religion or belief, this is done for the purposes of equal opportunities monitoring. Data that the organisation uses for these purposes is anonymised or is collected with the express consent of employees, which can be withdrawn at any time. Clients are entirely free to decide whether or not to provide such data and there are no consequences of failing to do so.
4. Who has access to data?
Your information will be shared internally, including with members of the local care team for the delivery of care, also Care managers within the organisation, approved family members & advocates and IT staff if access to the data is necessary for performance of their roles. The organisation may share your data with third parties in order to obtain information in relation to your care package (GP’s, hospital discharge teams, district nurses etc). The organisation also shares your data with third parties that process data on its behalf, in connection with invoicing (social services, local authorities, solicitors, health insurance companies).
5. How does the organisation protect data?
The organisation takes the security of your data seriously. The organisation has internal policies and controls in place to try to ensure that your data is not lost, accidentally destroyed, misused or disclosed, and is not accessed except by its employees in the performance of their duties.
Refer to Policies – Protecting Personal Data under the General Data Protection Regulation Policy, Computer Security Policy, Policy re Own Device, Email Policy. Where the organisation engages third parties to process personal data on its behalf, they do so on the basis of written instructions, are under a duty of confidentiality and are obliged to implement appropriate technical and organisational measures to ensure the security of data.
For how long does the organisation keep data?
The organisation will hold your personal data for the duration of your care.
The periods for which your data is held after the end of your care:
- Personal Health & Care records: 3 years after your care team stop providing care
- Financial Records: 3 years
- Marketing Purposes: The organisation may wish to contact you after you have left us as a client for marketing purposes or to inform you of a new service line that the organisation is now providing. The organisation will ask for your consent before it keeps your data for this purpose and you are free to withdraw your consent at any time.
6. Your rights
As a data subject, you have a number of rights.
- access and obtain a copy of your data on request;
- require the organisation to change incorrect or incomplete data;
- require the organisation to delete or stop processing your data, for example where the data is no longer necessary for the purposes of processing; and
- object to the processing of your data where the organisation is relying on its legitimate interests as the legal ground for processing.
If you would like to exercise any of these rights, please contact the Data Protection Officer, CareMatch, Abihouse, Unit 1a Brunel Road, Salisbury, SP2 7PU, Tel: 01722 343989.
If you believe that the organisation has not complied with your data protection rights, you can complain to the Information Commissioner.
7. What if you do not provide personal data?
You have certain obligations under the service contract to provide the organisation with data. Medical and health information, next of kin contact details and financial details are all required to enable the organisation and your care team to enter a service care contract. Your data is important to us and under no circumstances will we comprise your data within legislative constraints.