General Data Protection Regulation (GDPR)
Data controller: Abicare Services Ltd
Abihouse, Unit 1a Brunel Road
Salisbury SP2 7PU
The organisation collects and processes personal data relating to its clients to manage the care contract relationship. The organisation is committed to being transparent about how it collects and uses that data and to meeting its data protection obligations.
What information does the organisation collect?
The organisation collects and processes a range of information about you. This includes:
- your name, address and contact details, including email address and telephone number, date of birth and gender;
- the details of your care service contract
- details about your care plan, risk assessment and medical information Including but not limited to:
- Health information
- Allergies and conditions
- Food and lifestyle preferences
- Key locations and codes for access to your home or to the site where the care services are performed;
- details of your bank account for invoicing purposes
- information about your marital status, next of kin, dependants and emergency contacts;
- information about your nationality;
- details of any incidents, accidents or concerns relating to your care;
- equal opportunities monitoring information, including information about your ethnic origin, sexual orientation, health and religion or belief.
The organisation may collect this information in a variety of ways. For example, data might be collected through local authority social services, service contracts, from yourself, from professionals with whom you work or from your next of kin.
Data will be stored in a range of different places, including in your client file, in the organisation’s care computer system, Within a secured application on your carer’s electronic monitoring device and in your client service user guide in your home.
The reasons why Abicare collects personal information
We collect personal data to enable us to fulfil our legitimate business needs, such as:
- provide education and training
- provide residential healthcare and welfare
- maintain our accounts and records
- support and manage our staff
- advertising and marketing
Our legal basis for processing your personal data?
The organisation needs to process data to enter into a service care contract with you and to meet its obligations under the contract. For example, it needs to process your data to provide you with a service delivery care plan and to invoice you in accordance with your care contract.
In some cases, the organisation needs to process data to ensure that it is complying with its legal obligations. For example, CQC/CIW (Care Quality Commission/ Care Inspectorate Wales) requires us to hold care delivery records/ medical information/ record of medicines, and health and safety records regarding accidents and incidents through the duration of your contract. In other cases, where the organisation has a legitimate interest in processing personal data. This processing may occur before, during and after the end of your care service contract, but will only be performed for legitimate purposes as outlined within this policy document
Processing client data allows the organisation to:
- assess client enquiries for care;
- maintain accurate and up-to-date client records and contact details (including details of who to contact in the event of an emergency), and records of client contractual and statutory rights;
- maintain correct invoicing and finance details
- operate and keep a record of client care plans and risk assessments to ensure person-centred care is delivered.
- respond to and defend against legal claims; and
- maintain and promote equality in providing care.
Some special categories of personal data, such as information about health or medical conditions, is required for the delivery of care.
Where the organisation processes other special categories of personal data, such as information about ethnic origin, sexual orientation, health or religion or belief, this is done for the purposes of equal opportunities monitoring. Data that the organisation uses for these purposes is anonymised or is collected with your express consent, which can be withdrawn at any time. Clients are entirely free to decide whether or not to provide such data and there are no consequences of failing to do so.
Who has access to your data?
Your information may be shared internally, including with members of the local care team for the delivery of care, also Care managers within the organisation and appropriate IT staff if access to the data is necessary for the performance of their roles.
The organisation may share your data with third parties in order to obtain information in relation to your care package (GP’s, hospital discharge teams, district nurses etc)
The organisation also shares your data with third parties that process data on its behalf, in connection with invoicing (social services, local authorities, solicitors, health insurance companies)
How does the organisation protect your data?
The organisation takes the security of your data seriously. The organisation has internal policies and controls in place to try to ensure that your data is not lost, accidentally destroyed, misused or disclosed, and is not accessed except by its employees in the performance of their duties. Please refer to our Policies – Protecting Personal Data under the General Data Protection Regulation Policy, Computer Security Policy, Policy re Own Device and our Email Policy all of which are available upon request.
Where the organisation engages third parties to process personal data on its behalf, they do so on the basis of written instructions, are under a duty of confidentiality and are obliged to implement appropriate technical and organisational measures to ensure the security of data.
For how long does the organisation keep data?
The organisation will hold your personal data for the duration of your care. The periods for which your data is held after the end of your care:
Personal Health & Care records: 3 years after we stop providing care
Financial Records: 3 years
The organisation may wish to contact you after you have left us as a client for marketing purposes or to inform you of a new service line that the organisation is now providing. The organisation will ask for your consent before it keeps your data for this purpose and you are free to withdraw your consent at any time.
As a data subject, you have a number of rights. You can:
- Request Information about whether we hold personal information about you, and if so, what that information is and why we are holding/using it.
- Request access and obtain a copy of your data on request;
- Request correction of the personal information we hold against you. Thereby requiring the organisation to change incorrect or incomplete data;
- Request erasure. Require the organisation to delete or stop processing your data, for example where the data is no longer necessary for the purposes of processing; and
- Object to the processing of your data where the organisation is relying on its legitimate interests as the legal ground for processing.
- Request the restriction of processing of your personal information. To suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it
- Request transfer of your personal information in an electronic and structured form to you or to another party (commonly known as right to “data portability”) This enables you to take your data from us in an electronically useable format and to be able to transfer your data to another party in an electronically useable format.
- Withdraw consent. In those circumstances where you may have provided your consent to the collection, processing and transfer of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have a legitimate basis for doing so in law.
- Object to automated decision-making including profiling, that is not to be subject to any automated decision-making by us using your personal information or profiling of you.
If you would like to exercise any of these rights, please contact the Data Protection Officer, Abicare Service Ltd, Abihouse, Unit 1a Brunel Road, Salisbury, SP2 7PU, Tel: 01722 343989.
We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your rights) This is an appropriate security measure to ensure that your personal information is not disclosed to any person who has no right to receive it.
If you believe that the organisation has not complied with your data protection rights, you can complain to the Information Commissioner.
What if you do not provide personal data?
You have some obligations under the service contract to provide the organisation with data. Certain information, for example: medical and health information, next of kin contact details, financial details, is required to enable the organisation to enter a service care contract.
Your data is important to us and under no circumstances will we sell your data to a third party.
Date Created: 06/03/2018
Next Scheduled Review: 30/04/2021