CHD Living – Privacy Commitment Statement
In order to comply with the new European General Data Protection Regulation (GDPR) enforced within the UK from 25th May 2018, CHD Living in relation to the services it offers, is required to process personal data about its staff, service users and, in some instances, the friends/relatives or other third parties. “Processing” can mean collecting, recording, organising, structuring, storing, adaption or alteration, retrieving, sharing or destroying data.
What is GDPR
It s a new European framework which enhances the principles of the Data Protection Act 1998, giving you greater protection and rights, and more control over how your data is used. However, CHD’s Information Governance policy predominantly serves to mandate practices already in place as required within the health and social sector.
Principles relating to Processing of Personal Data
CHD Living is strongly committed to respecting privacy and accordingly privacy and confidentiality of personal information is protected whether provided through paper based, electronic communication, on the telephone or in person. We maintain physical, electronic and procedural safeguards to ensure security of information provided.
This Statement details CHD’s Approach. Personal data shall be
- a) processed lawfully, fairly and in a transparent manner in relation to you, the data subject (‘lawfulness, fairness and transparency’)
- b) collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes, further processing, sharing and archiving will only be carried out if required in the best interest of the data subject or as required by statutory requirements and therefore will not be considered to be incompatible with the initial purpose (‘purpose limitation’)
- c) adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (‘data minimisation’)
- d) accurate and where necessary kept up-to-date, taking every reasonable step to ensure that personal data that are inaccurate, having regard for the purposes for which they are being processed, are erased and rectified promptly (‘accuracy’)
- e) kept in a form which permits identification of data subjects for no longer than is necessary; personal data may be stored for longer periods insofar as the personal data will be processed solely for the purpose of archiving in the public interest or as required under statutory regulations or law subject to organisational measures in order to safeguard the rights and freedom of the data subject (storage limitation’)
- f) processed in a manner that is ethical and ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures (integrity and confidentiality)
Personal Information we Collect
In order for CHD to provide a safe, effective and a professional service, together with meeting our legal and contractual obligations, we need to keep certain records about you, including basic contact information such as your name, address, date of birth, telephone email address, next of kin and financial. We may also record the following additional data about you referred to as “special category” and “sensitive data”
- • Residents: CHD as a registered care provider is required to in compliance with the regulatory standards have on file health and social care data about you, to ensure that we are able to provide a personalised care which achieves the best quality care and outcomes for you.
- • Employees and Volunteers: CHD operates a safe recruitment policy in compliance with current regulations and so is required to obtain your basic details including CV, references, etc.
- • Third parties: All personal information obtained about others associated with the delivery of the care service, including contractors, visitors, legal representatives, other healthcare professionals, NOK, etc will only be obtained if we have a legitimate business reason to do so.
Sometimes your personal data is obtained from or provided to the following third parties depending on your relationship with us as part of our public interest obligations:
➢ HMRC, DWP, and other government departments
➢ Other independent service providers (e.g. those processing CHD’s payroll, health plan, training requirements, PIN revalidation)
➢ NHS, CQC and other healthcare providers and related health professionals
➢ Local authorities, Quality Assurance teams and Safeguarding MDT
➢ Emergency services
➢ Police and other law enforcement agencies if we are required to by law
All personal information obtained on service users, staff and third parties is used only to ensure that we provide a service which is consistent with our purpose of providing a high quality service which meets the regulatory standards and requirements. It will not be disclosed for any other purpose. This information will always be treated in line with our explicit consent, data protection and confidentiality policies.
Where we are required to record data known as special category or sensitive data, we may process your data with your consent. If we need to ask for your permission, we will offer you a clear choice/explanation and ask that you confirm to us that you consent. We will also explain clearly to you what we need the data for and how you can withdraw your consent.
The information obtained is contained in individual files (manual and electronic) and other record systems, all of which are subject to strict security and authorised access policies. Personal information that becomes inactive, e.g. from enquiries or prospective residents who do not enter the home, prospective candidates who are not offered a job or where the offer is declined is also kept securely for as long as it is needed, before being safely disposed of. P a g e 3 | 4
We have in place acceptable standards of technology and operational security in order to protect personally identifiable data and information from loss, misuse, alteration or destruction. In particular, we ensure that all appropriate confidentiality obligations and technical and organisational security measures are in place to prevent any unauthorised or unlawful disclosure or processing of such information and data, and accidental loss or destruction of or damage of such information/data. Only authorised CHD personnel are provided access to personally identifiable information and these employees have agreed to ensure confidentiality of this information. Where information is transferred, we ensure it is protected through encryption and password protected. Where we use external IT supporting suppliers, we ensure that their security standards are maintained in line with the GDPR to prevent data loss, misuse, unauthorised access, disclosure, alteration or destruction.
CHD Living is the Data Controller and the company’s Registered Office address is Capital House, 106 Meadrow, Godalming, Surrey, GU7 3HY. CHD Living has several businesses under its management and confirms that it holds registration with the Information Commissioners Office under the following reference numbers:
- • CHD Living – Z7404043
- • CHD Living Limited – Z9145402
- • Longdene Homecare Limited – Z2672588
Our nominated Data Protection Officer is Rebecca Rutah, Director on the CHD Living Board.
Additionally, when you make a contact request through the Site we may collect certain information from you related to your name, address, telephone contact details and email address. We refer to this information as “Enquiries Information” and we use this to fulfil your request. All such data is processed, held securely and kept for no longer than is necessary in light of the reason(s) for which it was first collected. We will comply with our obligations and safeguard your rights as required under the GDPR at all times. Our website and databases are regularly checked by experts to ensure they meet all privacy standards and comply with our data protection security and protection policies. P a g e 4 | 4
The data that we keep about you is your data and we ensure that we keep it confidential and that it is used appropriately. CHD recognises that your information is personally sensitive, commercially valuable and we take all reasonable measures to protect your data while it is in our care. You have the following rights when it comes to your data
1. You have the right to request a copy of all of the data we keep about you. Generally, we will not charge for this service;
2. You have the right to ask us to correct any data we have which you believe to be inaccurate. You can also request that we restrict all processing of your data while we consider your rectification request;
3. You have the right to request that we erase any of your personal data which is no longer necessary for the purpose we originally collected it for. We retain our data in line with CHD’s Information Governance Policy
4. You may also request that we restrict processing if we no longer require your personal data for the purpose we originally collected it for, but you do not wish for it to be erased.
5. You can ask for your data to be erased if we have asked for your consent to process your data. You can withdraw consent at any time – please contact us in writing to do so.
6. If we are processing your data as part of our legitimate interests as an organisation or in order to complete a task in the public interest, you have the right to object to that processing. We will restrict all processing of this data while we look into your objection.
You may need to provide adequate information for our staff to be able to identify you, for example, a passport or driver’s licence. This is to make sure that data is not shared with the wrong person inappropriately. We will always respond to your request as soon as possible and at the latest within one month.
To contact us for anything to do with your personal data and data protection, including to make a subject access request, please use the following details:
Email: firstname.lastname@example.org Tel: 01483 413 121
If you would like to complain about how we have dealt with your request, please contact:
Information Commissioner’s Office