About this Privacy Notice
Shedfield Lodge Residential Care Home is committed to protecting your personal data when you are using our services.
Personal data is any information relating to an identifiable living person who can be directly or indirectly identified in particular by reference to an identifier such as a name, postal, email and IP addresses and cookies.
This privacy notice relates to our use of any personal data that we collect from you whether in the course of an enquiry or the provision of other associated products and services, the provision of access to our online services or recruitment.
We will comply with the General Data Protection Regulation law which requires that personal data we hold about you is:
1. Used lawfully, fairly and in a transparent way;
2. Collected only for valid purposes that we have clearly explained to you and not used in any way incompatible with those purposes;
3. Relevant to the purposes we have told you about and limited only to those purposes;
4. Accurate and kept up to date;
5. Kept only as long as necessary for the purposes we have told you about; and
6. Kept securely.
This privacy notice will, therefore, inform you as to who we are, what personal data we collect, the purposes for which we use it, for how long we retain it and how we keep it secure, your rights in relation to your personal data and how you can contact us to discuss, query or obtain details of the personal data we hold about you.
Topics:
1 Who we are
2 Whose personal data we process
3 Why we process your personal data
4 Personal data sources
5 How we will inform you about our privacy notice
6 The purposes for which your personal data is collected and processed
7 Who we will share your personal data with
8 Transferring your data outside of the European Economic Area
9 Safeguarding your personal data
10 How long we retain your personal data
11 Your rights as a data subject
12 Reporting a concern to us or to the Information Commissioner’s Office
13 Your right to lodge a complaint with a supervisory authority
14 The automated decision-making processes we operate
15 Other Websites
16 Getting in touch with us
1 Who we are
Shedfield Lodge Residential Care Home is registered at St Anne’s Lane, Shedfield , Southampton, Hampshire, SO32 2JZ.
Shedfield Lodge Residential Care Home is a data controller and is registered with the Information Commissioner`s Office (ID ZA332826).
We provide residential care services for the elderly and those living with a dementia.
How to Contact Us
We are located in Shedfield, Hampshire and can be contacted directly about your personal data on the details below:
The Data Protection Manager
Shedfield Lodge Residential Care Home
St Anne’s Lane
Shedfield
Southampton
Hampshire
SO32 2JZ
Telephone Number: 01329 833463 Email: andrew.geach@shedfieldlodge.co.uk Website: www.shedfieldlodge.com
2 Whose personal data we process
We collect and process personal data about our:
-
Service Users;
-
Suppliers and Service Providers;
-
Advisers, Consultants and other professional experts;
-
Employees and prospective employees; and
-
Enquirers and complainants.
3 Why we process your personal data
We collect and process personal data:
-
with your consent; and/or
-
to perform the contract we have entered with you (or discharge other contractual obligations); and/or
-
to comply with our legal obligations; and/or
-
to pursue our legitimate interests (and your rights do not override our interests).
4 Personal data sources
We can collect personal data from any number of sources including:
-
Information you provide by visiting our website (www.shedfieldlodge.com), filling in forms online requesting our products and/or services, contacting us, contracting with us and responding to surveys;
-
Publicly available information such as Companies House, social media and search engines such as Google;
-
Professional agencies such as Social Services, Mental Health Teams, GP’s, Local Authorities & Advocates.
5 How we will inform you about our privacy notice
You can request a free hard copy of this privacy notice by contacting us using the details set out above.
Where we obtain your personal data indirectly, for example from Social Worker, we will inform you where you can access this privacy notice within one month of obtaining that data.
We will not use your personal data for any purposes other than those set out below without first informing you. Changes made to this privacy notice will be updated on our website and clearly signposted on our key documents.
6 The purposes for which your personal data is collected and processed
We collect personal data with the overall aim of providing a better service to all of our service users and employees.
We may need to collect sensitive personal data from you. For example, in order to provide a person-centred approach to care, we may ask for or process data relating to race, religion or ethnicity.
The personal data categories identified below are relevant and specific for the services that we offer or obtain. The listing also describes how and why we process them.
6.1 Name, address and contact details (including company details, contact names, telephone numbers and email addresses)
This data allows us:
-
To carry out our obligations arising from any contracts entered into between you and us including delivery of service, invoicing and reporting; and
-
To provide you with information on services you specifically request from us.
If you are an existing service user, service provider or employee we will only contact you by email and/or SMS with information about products and/or services similar to those which we have previously supplied to you.
If you are a new employee, and where we permit a third party (such as BrightHR) to use your data, we (or they) will contact you by email and/or SMS only with your consent.
If you are a service user, there may be an occasion when we may need to share your personal data with other bodies/agencies (such as GP’s, hospitals, social workers) who may need to contact you to arrange, for example, appointments, interviews or examinations.
Most contact details will be provided by you at the point that you/your loved one become a service user or employee. In some cases, we may need to obtain alternative contacts (for example an advocate, trustee) who may be best suited to assist us should we have a specific query. Where we have no contact details, we may sometimes take proactive steps to collect data using desktop research (such as internet searches).
There may be an impact on the level of service we provide should we have only limited or inaccurate contact details.
6.2 Employment and education details
This data allows us to carry out recruitment. We will dispose of all unsuccessful candidates` data securely unless we are asked to retain the CV/application on file.
6.3 Bank and payment details
This data may be provided to us at the start of or at any time during our business relationship with you. Such data can relate to the setting up of a direct debit, which we will process in accordance with the direct debit guarantee scheme.
We also take payments by cheque & direct bank transfer.
These processing activities allow us charge you for our services and make payments to you.
6.4 Telephone call recordings
External telephone calls are not currently recorded for training, security and auditing purposes but maybe in the future.
6.5 Electronic and hardcopy correspondence and other documentation
We may collect and process electronic and hardcopy correspondence and other documentation (such as emails, invoices, contracts, tenders and letters) as part of either a contractual obligation or a wider legitimate interest.
When you contact us for any reason, we may keep a record of our communication to help us deal with any queries and/or to support our service delivery operation.
6.6 IP addresses and cookies
When you access our website and web portal we may collect data relating to your computer including its IP address. Such data is anonymous in its form and allows us to carry out statistical analysis of browsing behaviour.
Our website uses cookies such as Google Analytics to collect information about how you use our website. A cookie is a small text file that is placed on your hard disk by a web page server. Cookies are uniquely assigned to you and can only be read by a web server in the domain that issued the cookie to you.
The cookies provide us with anonymous information showing us the number of visitors to our website, the device used to access it and which web browser they are viewing it on. This data allows for statistical analysis and helps us understand our customer behaviour better and optimise your online experience. Cookies, also, provide a convenience feature to save you time. For example if you personalise a web page or navigate within a site, a cookie helps the site to recall your specific information on subsequent visits. This simplifies the process of delivering relevant content and eases site navigation.
For further information visit www.aboutcookies.org or www.allaboutcookies.org
You can set your browser not to accept cookies and the above websites tell you how to remove cookies from your browser. However, in a few cases some of our website features may not function as a result.
7 Who we will share your personal data with
We may share your personal data with:
-
Regulatory authorities (such as Trading Standards), Government departments (such as HMRC) or the police in order to comply with any legal obligations or to assist in fraud prevention and detection;
-
Credit agencies (for the purpose of credit risk management), and professional advisors to enforce or apply the terms of any contracts between us and you;
-
Third party agencies, such as Social Services where we have contacted by them to assist you in your residential care requirements;
-
The buyer and its professional advisors should we wish to sell any or all of our business and/or our assets in which case personal data we hold about our service users & employees will potentially be some of the assets we sell; and
-
Other third parties where we reasonably believe that such action is necessary to comply with a legal obligation, or to protect our rights and property, or act in urgent circumstances to protect the personal safety of our staff or agents, users of our services or members of the public.
8 Transferring your data outside of the European Economic Area
Some of our processing activities may involve your personal data being transferred to a third party agency who may in turn process your data outside of the European Economic Area (EEA). In such instances the transfer of data outside of the EEA is necessary for the performance of a contract between ourselves and that of our processing partner.
9 Safeguarding your personal data
We take all reasonable steps to ensure that appropriate safeguards are in place to protect your personal data. We have policies in place dealing with information security (both physical and digital) and data breaches. We ensure that our staff are properly trained so that they can process your data securely and safely.
Safeguards are regularly reviewed by senior management as part of our wider data protection policy which sets out how we aim to preserve the confidentiality, integrity and availability of personal data we hold.
10 How long we retain your personal data
Your personal data will be retained by us for as long as there remains a valid lawful basis for retaining it. We will keep data retention under regular review.
Accounting information (such as invoices) will be retained for at least 6 years in line with current tax legislation. Contractual documentation will be held for at least 6 years.
11 Your rights as a data subject
To ensure fair and transparent processing it is important that we inform you of your rights with regards to how your personal data is processed.
Where you wish to exercise a right, we have signposted the best contact details for you to get in touch with us. Naturally we will need to confirm your identity before your request can be processed.
11.1 Your right to be informed
This is our privacy notice which informs you of who we are, why we are processing your personal data, with whom we share your personal data and how we have collected it.
These details are set out above.
Our privacy notice can be found on our website and other key business documentation (such as on contracts and invoices). Our staff are trained to provide this notice in hard copy, soft copy or orally on request.
If you would like to discuss this privacy notice or suggest ways which we could improve the content or its communication, then please contact a member of our team on 01329 833463 who will put you in contact with the data protection officer or email andrew.geach@shedfieldlodge.co.uk.
11.2 Your right to access
As a data subject you have the right to access the personal data we hold about you and check that we are lawfully processing it.
To make a data subject access request (DSAR) is free and can be done in writing by emailing us at andrew.geach@shedfieldlodge.co.uk or alternatively writing to us at:
The Data Protection Officer
Shedfield Lodge Residential Care Home
St Anne’s Lane
Shedfield
Southampton
Hampshire
SO32 2JZ
Further details of how to make a DSAR can be found here.
You can also speak to a member of staff on 01329 866463 who will put you in contact with the data protection officer should you have any questions or queries relating to a DSAR.
In line with legal requirements we do not need to have a data protection officer due to the nature and volume of our processing activities.
Once we receive your request we will ask you to verify your identity and ask you to specify the data or processing activity that you require so that we can confirm your expectations and respond within one month.
We do have the right to refuse a DSAR should it be manifestly unfounded or excessive and we can apply a reasonable fee and/or extend the time to respond should the request be complex (in which case you would be informed within 1 month). We do have the right to charge a reasonable fee if you make numerous requests for the same information.
11.3 Your right to rectification
Where personal data is inaccurate or incomplete you have the right for it to be rectified on our systems. In such cases we will act promptly to put things right.
So that we can quickly resolve your query we may ask you to provide some supporting evidence to show that the data needs to be altered.
If you require your personal data to be rectified you can speak to a member of staff on 01329 833463 who will put you in contact with the data protection officer or email andrew.geach@shedfieldlodge.co.uk.
11.4 Your right to erasure
This enables you to ask us to delete or remove personal data where there is no good reason for us to continue to process it. You also have the right to ask us to delete or remove your personal data where you have exercised your right to withdraw consent (see below).
Sometimes, however, we may refuse a request to erase such data in order, for example, to comply with a legal obligation.
If you require your personal data to be erased you can speak to a member of staff on 01329 833463 who will put you in contact with the data protection officer or email andrew.geach@shedfieldlodge.co.uk.
11.5 Your right to restricted processing
This enables you to ask us to restrict the processing of your personal data. For example, if you do not want us to erase your data you may ask us to restrict our processing activities instead. A good example would be electronic invoicing.
If you wish for restricted processing to be applied to your personal data you can speak to a member of staff on 01329 833463 who will put you in contact with the data officer or email andrew.geach@shedfieldlodge.co.uk.
11.6 Your right to data portability
To help strengthen your control over your data, you have the right, in certain circumstances, to receive personal data from us in a format which allows you to easily access it. For example, you may want your invoicing data in an Excel format.
We may ask you to specify what data you wish us to provide to you, or we may direct you to an existing service that we already provide where you can freely obtain the information. Where we can we will try and provide you the data in a common format which is transferable with other data controllers.
Should you wish to exercise your right to data portability you can speak to a member of staff on 01329 833463 who will put you in contact with the data protection officer or email andrew.geach@shedfieldlodge.co.uk.
11.7 Your right to withdraw consent
In circumstances where you may have provided your consent to the processing of your personal data for a specific purpose, you have the right to withdraw your consent for that specific processing activity at any time. To withdraw your consent you can speak to a member of staff on 01329 833463 who will put you in contact with the data protection officer or email andrew.geach@shedfieldlodge.co.uk.
Once we have received notification that you have withdrawn your consent, we will no longer process your data for the purpose or purposes you originally agreed to, unless we have another lawful basis for doing so such as a contractual or legal reason.
11.8 Your rights relating to automated decision making
Details of what automated decision-making activities we may carry out in the future are described below in paragraph 14. If you wish to speak to a member of our team to understand the decision made, obtain an explanation of the decision and challenge it you can speak to a member of staff on 01329 833463 who will put you in contact with the data protection officer or email andrew.geach@shedfieldlodge.co.uk.
We may reject your request not to be subject to automated decision making where such activity is a necessary step, in future, in our contracting process or is required in the performance of a contract between us.
12 Reporting a concern to us or to the Information Commissioner’s Office
If you have a concern regarding how we handle your personal data then we kindly request that you inform us about it first so that we can work with you in an effort to resolve it.
You can report a concern or raise a complaint with us initially by contacting your usual contact or speaking to a member of staff 01329 833463 who will put you in contact with the data protection manager or email andrew.geach@shedfieldlodge.co.uk.
Alternatively, you can write to us by sending your letter to:
Data Protection Officer
Shedfield Lodge Residential Care Home
St Anne’s Lane
Shedfield
Southampton
Hampshire
SO32 2JZ
We aim to acknowledge your complaint within two business days and provide a resolution within 28 days. If we are unable to meet this timescale we will write to notify you in advance.
If you are not satisfied with our proposed resolution to your complaint you can raise the matter directly with the Information Commissioner’s Office (ICO). The ICO will take steps to address your concern and provide guidance and support to us to so that we can put things right.
Details as to how to get in touch with the ICO or report a concern can be found on their webpage https://ico.org.uk/concerns/
13 Your right to lodge a complaint with a supervisory authority
If you consider that the processing of personal data infringes any of your rights set out in paragraph 11, you have the right to lodge a complaint with the relevant supervisory authority in the European State that you reside, or work or in the place of the alleged infringement; the relevant supervisory authority for the UK is the Information Commissioner`s Office.
The supervisory authority with which the complaint has been lodged shall inform you of its progress and the outcome of the complaint including the possibility of a judicial remedy.
14 The automated decision-making processes we operate
We do not currently operate automated decision-making processes, however, there are some automatic decision processes that we may operate in future, to which we should draw your attention. The purpose of this automation may be necessary for us to agree a contract with you or to allow us to meet a contractual obligation.
Automated decision making may include credit checks. Where we may, in future, process your data for the purposes of a contract we are not compelled to explain the decision made. However, to show good customer service we will try and provide you with an explanation where we can within a reasonable time.
15 Other Websites
Our website contains links to other websites. This privacy policy only applies to this website so when you link to other websites you should read their own privacy policies.
16 Getting in touch with us
If you would like to discuss this privacy notice or suggest ways in which we could improve the content or its communication, then please contact us on 01329 833463 or andrew.geach@shedfieldlodge.co.uk.
Shedfield Lodge Residential Care Home Privacy Notice
Last Modified: 24th May 2018
We are Shedfield Lodge Residential Care Home and our registered address is St Anne's Lane, Shedfield, Southampton, Hampshire SO32 2JZ
("Shedfield Lodge" / "we" / "our" / "us"). We are committed to ensuring that your privacy is protected. We comply with the General Data Protection Regulation ((EU) 2016/679) (“GDPR”) unless and until the GDPR is no longer directly applicable in the UK, together with any national implementing laws, regulations and secondary legislation as amended or updated from time to time in the UK, and any successor legislation to the GDPR and the DPA (together “Data Protection Legislation”). We are the data controller of data you pass to us pursuant to this policy. Our Data Protection Officer can be contacted at andrew.geach@shedfieldlodge.co.uk
This Privacy Policy [together with our website terms and conditions and Cookie Policy] sets out how we collect personal information from you and how the personal information you provide will be processed by us. By visiting the website at www.shedfieldlodge.com (the “Website”) you are accepting and consenting to the practices described in this Privacy Policy. If you do not consent, please do not submit any personal data to us.
What information does Shedfield Lodge hold and how will we use it?
Information you give Shedfield Lodge: You may give us information about you by completing enquiry forms on the website or by requesting via the website that we send you marketing information or to enquire about availability or to book a place on a Dementia Awareness and/or another training course. The information you give us may include your name, email address, address/location and phone number [if there are any other types of personal data that Shedfield Lodge collects via the website, add them to this list. This does not include all personal data processed by Shedfield Lodge but only personal data it collects through its website].
We will retain this information while we are corresponding with you or providing services to you or to a Service User you represent. We will retain this information for as long as there is a valid lawful reason to do so.
Information Shedfield Lodge collects about you: Shedfield Lodge may collect the following information from you when you visit the website:
•Technical information, including the Internet protocol (IP) address used to connect your computer to the Internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform; and
-
Information about your visit, including the full Uniform Resource Locators (URL), clickstream to, through and from the website (including date and time), products you viewed or searched for, page response times, website errors, length of visits to certain pages, page interaction information, methods used to browse away from the page and any phone number used to call our helpline
We retain this information for as long as there is a valid lawful reason to do so.
Information we receive from other sources: This includes information we receive about you when you use other websites operated by us or other services we provide. This information may include your name, email address, postal address and phone number. We will retain this information for as long as there is a valid lawful reason to do so.
Cookies
The Website uses cookies to distinguish you from other users of the website. For detailed information on the cookies we use and the purposes for which we use them, please see our Cookie Policy [https://www.shedfieldlodge.com/privacy-policy]
Use Made of the Information
Shedfield Lodge may use the information we receive and/or collect about you to:
-
Fulfil our obligations under any contract that we have entered into with you or with a Service User that you represent, and to provide you or the relevant Service User with information or services that you or the Service User has requested
-
Send you newsletters and marketing information if you have consented to us doing so
-
Notify you of products and services that we feel may interest you, or permit third parties to do so if you have provided the appropriate consent
-
Monitor website usage and provide statistics to third parties for the purposes of improving and developing the website and the services we provide via the website
-
Shedfield Lodge processes personal information for certain legitimate business purposes, which include some or all the following:
-
Where the processing enables Shedfield Lodge to enhance, modify, personalise or otherwise improve the website, its services or communications
-
To identify and prevent fraud
-
To enhance the security of the network and information systems of Shedfield Lodge
-
To better understand how people interact with the websites of Shedfield Lodge
-
To administer the website and carry out data analysis, troubleshooting and testing; and
-
To determine the effectiveness of promotional campaigns and advertising
If we obtain consent from you to do so, we may provide your personal details to third parties so that they can contact you directly in respect of services in which you may be interested.
Where we are processing personal data that we have obtained via the website on the basis of having obtained consent from you, you have the right to withdraw your consent to the processing of your personal data at any time. If you would like to withdraw your consent or prefer not to receive any of the above-mentioned information (or if you only want to receive certain information from us) please let us know by contacting us via the contact us page.
Please bear in mind that if you object, this may affect our ability to carry out the tasks above for your benefit.
If you wish to have your information removed from our database or if you do not want us to contact you for marketing purposes, please let us know by clicking the "Unsubscribe" option in any email we send to you and providing the details requested or by contacting us via the 'contact us' webpage and we will take steps to ensure that this information is deleted as soon as reasonably practicable.
We will not share, sell or distribute any of the information you provide to us (other than as set out in this policy) without your prior consent, unless required to do so by law.
We may carry out automated decision-making using the personal data you provide to us. We do so to [insert an explanation about the automated decision-making (including profiling) that you carry out. You should explain the logic involved and the significance and potential consequences for the Data Subject. For example, if you track their behaviour on your website to send targeted advertising, explain this process. If you do not carry out any automated decision making, you can delete this policy entry].
Third Party Sites
Our website may contain links to third party websites, including websites via which you are able to purchase products and services. They are provided for your convenience only and we do not check, endorse, approve or agree with such third-party websites nor the products and/or services offered and sold on them. We have no responsibility for the content, product and/or services of the linked websites. Please ensure that you review all terms and conditions of website use and the Privacy Policy of any such third-party websites before use and before you submit any personal data to those websites.
How Safe is your Information?
Where we have given you (or where you have chosen) a password which enables you to access certain parts of the website, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
Protecting your security and privacy is important to us and we make every effort to secure your information and maintain your confidentiality in accordance with the terms of the Data Protection Legislation. The website is protected by various levels of security technology, which are designed to protect your information from any unauthorised or unlawful access, processing, accidental loss, destruction and damage.
We will do our best to protect your personal data but the transmission of information via the Internet is not completely secure. Any such transmission is therefore at your own risk.
Disclosure of your Information
We may share your personal information with any member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries, as defined in section 1159 of the Companies Act 2006. We may share your information with selected third parties including:
-
Business partners, suppliers and sub-contractors for the performance of any contract we enter with them or you
-
Third parties who may wish to contact you in respect of services or products they offer or sell which may be of interest to you, provided we receive your consent to such disclosure; and/or advertisers and advertising networks that require the data to select and serve relevant adverts to you and analytics and search engine providers that assist us in the improvement and optimisation of the website
Please note we may need to disclose your personal information where we:
-
Sell any or all our business or assets or we buy another business or assets in which case we may disclose your personal data to the prospective buyer or seller
-
Are under a legal duty to comply with any legal obligation or to enforce or apply our terms and conditions; or
-
Need to disclose it to protect our rights, property or the safety of our customers or others, including the exchange of information with other companies, organisations and/or governmental bodies for the purposes of fraud protection and credit risk reduction
Your Rights in Respect of your Data
If any of the information you provide to us via the website changes, please let us know as soon as possible so that we can make the necessary changes to the information we hold for you on our database. If you wish to make any changes to your information, please contact us via the 'contact us' webpage
If you wish to access or rectify the information we hold about you, or request that such information be transmitted directly to another data controller, please contact us via the 'Data Subject Access Request' page. We shall process your request to access your information within one month of receipt, or we'll let you know within that timeframe if we need more information from you. We will process your request free of charge.
To request that your information is deleted or if you wish to restrict or object to the processing of your information, please contact us via the 'Data Subject Access Request' webpage.
If you have any complaints about our use of your personal data, please contact us. You also have the right to complain to the relevant supervisory authority in your jurisdiction. In the UK, the supervisory authority is the Information Commissioner's Office. Contact details for the ICO can be found at https://ico.org.uk/.
If you have any further queries or comments on our Privacy Policy, please contact us via the 'Contact Us' webpage or you can contact us by emailing andrew.geach@shedfieldlodge.co.uk We also welcome your views about our website and our Privacy Policy