St Margaret Healthcare understands that your privacy is important to you and that you care about how your personal data is used. We respect and value the privacy of all our consumers and will only collect and use personal data in ways that are described here, and in a way that is consistent with our obligations and your rights under the law.

 

St Margaret Healthcare Services Ltd is a limited company registered in England under the company number 13559138. Registered Address: 30 Arlington Crescent. Waltham Cross. EN8 7RN Office Address: 758 Great Cambridge Road. Enfield. EN1 3GN. Data Protection Officer: admin@stmaghcs.co.uk 02036330027 We are regulated by Care Quality Commission (CQC).

 

To contact us about anything to do with your personal data and data protection, including to make a subject access request, please use the following details (for the attention of Information Officer) Email address: admin@stmaghcs.co.uk Telephone number: 02036330027. Postal Address: 758 Great Cambridge Road. Gorray Business Centre. Enfield. EN1 3GN.

 

As part of the services we offer, we are required to process personal data about our staff, our service users and, in some instances, the friends or relatives of our service users and staff. “Processing” can mean collecting, recording, organising, storing, sharing or destroying data. We are committed to being transparent about why we need your personal data and what we do with it. This information is set out in this privacy notice. It also explains your rights under the law when it comes to your data.

 

Personal data is defined by the General Data Protection Regulation (EU Regulation 2016/679) (the “GDPR”) as ‘any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier’. Personal data is, in simpler terms, any information about you that enables you to be identified. Personal data covers obvious information such as your name and contact details, but it also covers less obvious information such as identification numbers, electronic location data, and other online identifiers. The personal data we use is set in part 7 of this document.

 

Under the GDPR, we must always have a lawful basis for using personal data. This may be because the data is necessary for our performance of a contract with you, because you have consented to our use of your personal data, or because it is in our legitimate business interests to use it. Your personal data may be used for any of the following purposes:

• supplying our services to you. Your personal details are required in order for us to

enter into a

contract with you;

• personalising and tailoring our services for you;

• communicating with you. This may include responding to emails or calls from you;

 

In our use of health and care information, we satisfy the common law duty of confidentiality

because:

• You have provided us with your consent (either implicitly to provide you with care, or

explicitly for other uses)

• We have a legal requirement to collect, share and use the data

• The public interest to collect, share and use the data overrides the public interest

served by protecting the duty of confidentiality (for example sharing information with

the police to support the detection or prevention of serious crime).

 

SERVICE USERS – as a care provider, we must collect some personal information on our service users, including personal health information, which is essential to our being able to provide effective care and support. The information is contained in individual files (manual and electronic) and other record systems, all of which are subject to strict security and authorised access policies. This will help us so that we can provide a safe and professional service. We may process the following types of data: Your basic details and contact information e.g. your name, address, date of birth and next of kin; Your financial details e.g. details of how you pay us for your care or your funding arrangements. We also record the following data which is classified as “special category”:

• Health and social care data about you, which might include both your physical and

mental health data.

• We may also record data about your race, ethnic origin, sexual orientation or religion.

Why do we have this data?

We need this data so that we can provide high-quality care and support. By law, we need to have a lawful basis for processing your personal data. We process your data because:

• We have a legal obligation to do so – generally under the Health and Social Care

Act 2012 or Mental Capacity Act 2005. We process your special category data because

• It is necessary due to social security and social protection law (generally this

would be in safeguarding instances);

• It is necessary for us to provide and manage social care services;

• We are required to provide data to our regulator, the Care Quality Commission

(CQC), as part of our public interest obligations.

 

We may also process your data with your consent. If we need to ask for your permission, we will offer you a clear choice and ask that you confirm to us that you consent. We will also explain clearly to you what we need the data for and how you can withdraw your consent at any time. In some instances, if you refuse to provide us with certain information when requested, we may not be able to perform the contract we have entered into with you. Alternatively, we may be unable to comply with our legal or regulatory obligations.

 

Further information about your rights can also be obtained from the Information

Commissioner’s Office or your local Citizens Advice Bureau. If you have any cause for complaint about our use of your personal data, you have the right to lodge a complaint with the Information Commissioner’s Office. Where do we process your data? Your specific data is collected from or shared with:

1. You or your legal representative(s);

2. Third parties.

We do this face to face, via phone, via email, via our website, via post, via application forms, via careplanner.

 

Third parties are organisations we might lawfully share your data with. These include:

• Other parts of the health and care system such as local hospitals, the GP, the

pharmacy, social workers, clinical commissioning groups, and other health and care professionals;

• The Local Authority;

• Your family or friends – with your permission;

• Organisations we have a legal obligation to share information with i.e. for

safeguarding, the CQC;

• The police or other law enforcement agencies if we have to by law or court order.

EMPLOYEES AND VOLUNTEERS – the service operates a recruitment policy to complywith the regulations in which all personal information obtained, including CVs and references, is, as with service users information, securely kept, retained and disposed of in line with the GDPR. All employees are aware of their right to access any information about them. So that we can provide a safe and professional service, we need to keep certain records about you. We may record the following types of data:

• Your basic details and contact information e.g. your name, address, date of birth,

next of kin, sex, eduction and qualifications, work experience, employment

history,any disciplinary action and National Insurance number;

 

• Your financial details e.g. details so that we can pay you, insurance, pension and tax details;

• Your training records. We also record the following data which is classified as “special category”:

• Health and social care data about you, which might include both your physical and mental health data – we will only collect this if it is necessary for us to know as your employer, e.g. fit notes or in order for you to claim statutory maternity/paternity pay;

• We may also, with your permission, record data about your race, ethnic origin, sexual orientation or religion. As part of your application you may – depending on your job role – be required to undergo a Disclosure and Barring Service (DBS) check (Criminal Record Check).

 

Why do we have this data?

We require this data so that we can contact you, pay you and make sure you receive the training and support you need to perform your job. By law, we need to have a lawful basis for processing your personal data. We process your data because

• We have a legal obligation under UK employment law;

• We are required to do so in our performance of a public task;

• We have a legitimate interest in processing your data – for example, we provide data about your training to update our training matrix this allows us to produce reports about training planning. We are required to provide data to Home Office, as part of immigration obligation as a sponsored licensed holder and also to our regulator, the Care Quality Commission (CQC), as part of our public interest obligations. We process your special category data because

• It is necessary for us to process requests for sick pay or maternity pay.

If we request your criminal records data it is because we have a legal obligation to do this due to the type of work you do. This is set out in the Data Protection Act  2018 and the Rehabilitation of Offenders Act 1974 (Exceptions) Order 1975. We do not keep a record of your criminal records information (if any). We do record that we have checked this. We may also process your data with your consent. If we need to ask for your permission, we will offer you a clear choice and ask that you confirm to us that you consent. We will also explain clearly to you what we need the data for and how you can withdraw your consent. Where do we process your data? As As your employer we need specific data. This is collected from or shared with:

1. You or your legal representative(s);

2. Third parties.

We do this face to face, via phone, via email, via our website, via post, via application forms,

via Atlas, via careplanner.

 

Third parties are organisations we have a legal reason to share your data with. These include:

• Her Majesty’s Revenue and Customs (HMRC);

• Our pension and healthcare scheme (Smart Pension)

• Organisations we have a legal obligation to share information with i.e. for

safeguarding, the CQC;

• The police or other law enforcement agencies if we have to by law or court order.

• The DBS Service – (uCheck)

 

As part of our work providing high-quality care and support, it might be necessary that we hold the following information on you:

• Your basic details and contact information e.g. your name and address.

Why do we have this data?

By law, we need to have a lawful basis for processing your personal data.

We process your data because we have a legitimate business interest in holding next of kin and lasting power of attorney information about the individuals who use our service and keeping emergency contact details for our staff. We may also process your data with your consent. If we need to ask for your permission, we

will offer you a clear choice and ask that you confirm to us that you consent. We will also explain clearly to you what we need the data for and how you can withdraw your consent.

Where do we process your data?

So that we can provide high quality care and support we need specific data. This is

collected from or shared with:

1. You or your legal representative(s);

2. Third parties

We do this face to face, via phone, via email, via our website, via post, via application forms,

via apps

Third parties are organisations we have a legal reason to share your data with. These may

include:

• Other parts of the health and care system such as local hospitals, the GP, the

pharmacy, social workers, and other health and care professionals;

• The Local Authority;

• The police or other law enforcement agencies if we have to by law or court order.

 

Personal information that becomes inactive for any reason is kept securely only for as long as

it is needed, before being safely disposed of.

We will not keep your personal data for any longer than is necessary in light of the reason(s)

for which it was first collected. Your personal data will therefore be kept for the following

periods (or, where there is no fixed period, the following factors will be used to determine

how long it is kept):

 

1. basic information – 10 years. We may anonymise or pseudonymise the personal data

so that it can no longer be associated with you, in which case we may use it without further notice to you;

 

The security of your personal data is important to us, and to protect your data, we take a several essential actions, including the following:

• necessary technical measures to ensure personal data is protected;

• all data transferred is encrypted during transit and at its destination;

• data is not processed for any purpose other than as agreed upon in our terms and conditions;

• protect your data from loss;

Our website and databases are regularly checked by experts to ensure they meet all privacy

standards, are protected through strong passwords and encryption and comply with our general data protection security and protection policies.

 

If we transfer your data to a third party based in the US, we ensure this is protected by the EU- US Privacy Shield. This requires that third party to provide data protection to standards similar levels of data protection to those in Europe. More information is available from the European Commission.

 

We only share the personal information of service users, employees and others with their consent on a “need to know” basis, observing strict protocols in doing so. Most information sharing of service users information is with other professionals and agencies involved with their care and treatment. Likewise, we would not disclose information about our employees without their clear agreement, eg when providing a reference. In some limited circumstances, we may be legally required to share certain personal data, which might include yours, if we are involved in legal proceedings or complying with legal obligations, a court order, or the instructions of a government authority. Where we provide information for statistical purposes, the information is aggregated and provided anonymously so that there is no privacy risk involved in its use. If any of your personal data is required by a third party, as described above, we will take steps to ensure that your personal data is handled safely, securely, and in accordance with your rights, our obligations, and the third party’s obligations under the law, as described above in part 9

If any personal data is transferred outside of the EEA, We will take suitable steps in order to ensure that your personal data is treated just as safely and securely as it would be within the UK and under the GDPR, as explained above in part 9.

 

 

The data that we keep about you is your data and we ensure that we keep it confidential

and that it is used appropriately. You have the following rights when it comes to your data:

1. The right to be informed about our collection and use of your personal data. This

Privacy Notice should tell you everything you need to know, but you can always

contact us to find out more or to ask any questions.

2. You have the right to request a copy of all of the data we keep about you.

Generally, we will not charge for this service;

3. You have the right to ask us to correct any data we have which you believe to be

inaccurate or incomplete. You can also request that we restrict all processing of your data while we consider your rectification request;

4. You have the right to ask that we erase any of your personal data which is no longer necessary for the purpose we originally collected it for. We retain our data in line with the Information Governance Alliance’s guidelines.

5. You may also request that we restrict processing if we no longer require your personal data for the purpose we originally collected it for, but you do not wish for it to be erased.

6. You can ask for your data to be erased if we have asked for your consent to process your data. You can withdraw consent at any time – please contact us to do so.

7. If we are processing your data as part of our legitimate interests as an organisation or in order to complete a task in the public interest, you have the right to object to that processing. We will restrict all processing of this data while we look into your objection. You may need to provide adequate information for our staff to be able to identify you, for example, a passport or driver’s licence. This is to make sure that data is not shared with the wrong person inappropriately. We will always respond to your request as soon as possible and at the latest within one month.

 

We may change this Privacy Notice from time to time. This may be necessary, for example, if the law changes, or if We change our business in a way that affects personal data protection. Any changes will be made available on the privacy policy page on our website. www.stmaghcs.co.uk/privacy-policy