Privacy Notice – Service Users, Partner Organisations and the Public
1. Who are we and what do we do?
Parkhaven Trust is a Charity providing care and support to older people in the Maghull area. We work with service users, carers, social care workers and other stakeholders to deliver high quality care and support to people who need our services and to support their relatives.
We take our data protection responsibilities very seriously; implementing appropriate technical security and making every effort to comply with relevant legislation including the GDPR.
This Privacy Notice tells you what you can expect when we collect personal information from service users, their representatives / families, our partners and the public.
There are separate Privacy Notices available for Employees and Job Applicants.
2. Lawfulness and Purpose of Processing
We process information under the legal bases set out in Article 6 of the GDPR for the following purposes:
2.1. Performance of a Contract: this is the legal basis under which we process:
• service user and family data – to provide our services to existing and prospective clients
• partner data – to maintain legitimate working relationships with other organisations (for example our suppliers)
2.2. Legal obligation: this is the legal basis under which we process service user, family and/or visitor data where there is a requirement to do so in law; for example: the processing of accident / incident records
2.3. Legitimate Interests: this is the legal basis under which we process service user and family data to raise awareness of relevant service developments, activities and events
2.4. Consent: this is the legal basis under which we process supporter information to fundraise for the organisation
3. What information do we collect about you and how do we use it?
We need to collect certain information to enable the efficient management of the Trust. The information we ask for varies depending on the reason for your association with the Trust.
3.1. Service users and relatives: We need to hold the details of the people who have requested our services to provide appropriate care and support and to fulfil our legal responsibilities. We will not collect any personal information that we do not need and we will only use this to provide and oversee the service requested and for other closely related purposes (for example, e-bulletins make service users and relatives aware of relevant developments, activities and events – people can easily opt-out of this type of contact at any time).
We collect this information when you complete documentation seeking to access services provided by the Trust. Information collected includes: a photograph, your National Insurance Number, National Health number, date of birth, contact details, medical information, ethnic group and religion, relative contact details. Additional photographs or videos will only be used with permission from the people being photographed or their next of kin. Explicit approval for this will be sought on each occasion.
3.2. Prospective service users and relatives: We will collect contact details from people who enquire about our services and limited health information on the prospective client.
3.3. Partner organisations: We collect contact information and other details needed to manage our professional relationship.
3.5. Complainants: When we receive a complaint, we make up a file which may contain the identity of the complainant and any other individuals involved. We will only use the personal information we collect to process the complaint and to check on the level of service we provide. We may have to disclose the complainant’s identity to our partners where, for example, the accuracy of a person’s record is in dispute. If a complainant doesn’t want information identifying him or her to be disclosed, we will try to respect this. However, it may not be possible to handle a complaint on an anonymous basis. We will keep personal information in complaint files for three years from closure in line with our retention policy. These files will be retained securely and access to them will be restricted to those who ‘need to know’.
We may keep an overview of complaints we receive, but not in a form which identifies anyone.
3.6. Visitors to our website:
When someone visits our website http://www.parkhaven.org.uk a third-party service, Google Analytics, collects standard internet log information and details of visitor behaviour patterns. We do this to find out things such as the number of visitors to the various parts of the site. This information is only processed in a way which does not identify anyone. We do not make, and do not allow Google to make, any attempt to find out the identities of those visiting our website. If we do want to collect personally identifiable information through our website, we will be up front about this. We will make it clear when we collect personal information and will explain what we intend to do with it.
Cookies are small text files that are placed on your computer by websites that you visit. They are widely used to make websites work, or work more efficiently, as well as to provide information to the owners of the site. For more information on the cookies we use, please contact us at the address below.
Links to other websites
This privacy notice does not cover the links within our website to other websites. We encourage you to read the privacy statements on the other websites you visit.
Security and performance
We use Stone Create, a third-party service, to help maintain the security and performance of our website. To deliver this service they process the IP addresses of visitors to the website.
3.7. People who contact us
Calls to our office
When you call our office, we log details of the call to enable us to respond.
Emails sent to us
We use Microsoft Exchange to manage our email traffic. When you email us, we retain your email to enable us to respond. We review our email messages periodically and delete those that are no longer required.
We use Transport Layer Security (TLS) to encrypt and protect email traffic in line with government. If your email service does not support TLS, you should be aware that any emails we send or receive may not be protected in transit.
We monitor any emails sent to us, including file attachments, for viruses or malicious software. Please be aware that you have a responsibility to ensure that any email you send is within the bounds of the law.
Enquiry forms submitted to us online
Our website provider supplies and supports our online enquiry form. Submitting this form generates an email to us, which we retain to enable us to respond. The enquiry form content is retained by the website for one month following submission, after this it is securely erased. We also review our email messages periodically and delete those that are no longer required.
3.8. Job applicants – A Privacy Notice specifically for Job Applicants is made available as part of the application process; this is also available here.
3.9. Current and former employees – An Employee Privacy Notice is available on request
4. When do we share your information?
We may share service user information under the following conditions:
4.1. Health and social care
We may share your information with your family members and/or other organisations involved in your care where this is deemed in your best interest.4.2. Employment, social security and social protection
We may share service user information where this is required by law; for example, where there is a safeguarding concern.
We will not share information without having a justifiable need or your explicit consent and we will never share your data for third-party marketing purposes.
5. Who do we share it with?
We share service user and relatives’ personal information with CQC (Care Quality Commission) and other relevant health bodies as deemed necessary, so that we can provide the best possible care. This information is not shared with any other parties except where there is a legal requirement to do so.
6. How do we protect your information?
We have a Data Protection regime in place to oversee the effective and secure processing of your personal data. We implement technical and organisational security measures and restrict access on a ‘need to know’ basis. All the personal data we collect is processed in the UK, however for the purposes of IT hosting and maintenance this information may be located on servers within the European Union.
7. How long do we keep your information?
We aim to adhere to appropriate legislation and industry standards when retaining information. Generally, information is only retained for as long as it is needed for the purpose/s for which it was collected. When information is no longer required, electronic records are securely deleted, and hardcopies are shredded in line with best practice; for example, records of former service users and their care plans are kept for three years and are then destroyed.
8. Your rights
Under UK Data Protection legislation, you have rights as an individual which you can exercise in relation to the information we hold about you.
These rights include: the right to be informed; the right of access; the right to rectification; the right to erasure; the right to restrict processing; the right to data portability; the right to object and rights in relation to automated decision making and profiling.
You can read more about these rights here – https://ico.org.uk/for-the-public/is-my-information-being-handled-correctly/
8.1. Access to personal information
Parkhaven Trust tries to be as open as it can be in terms of giving people access to their personal information. Individuals can find out if we hold any personal information by making a ‘subject access request’ under the legislation. If we do hold information about you we will:
• give you a description of it;
• tell you why we are holding it;
• tell you who it could be disclosed to; and
• let you have a copy of the information in an intelligible form.
You must put the request in writing to us and, if you agree, we will try to deal with your request informally, for example by providing you with the specific information you need over the telephone.
8.2. Rectification & Erasure
If we do hold information about you, you can ask us to correct mistakes by contacting us. You can also ask for your information to be erased, we will remove your information unless we have a legal or justifiable need to retain it.
Parkhaven Trust tries to meet the highest standards when collecting and using personal information. For this reason, we take any complaints we receive about this very seriously. We encourage people to bring it to our attention if they think that our collection or use of information is unfair, misleading or inappropriate. We would also welcome any suggestions for improving our procedures.
9. This Privacy Notice
This privacy notice was drafted with brevity and clarity in mind. It does not provide exhaustive detail of all aspects of Parkhaven Trust ’s collection and use of personal information. However, we are happy to provide any additional information or explanation needed. Any requests for this should be sent to the address below.
We keep our privacy notice under regular review. This privacy notice was last updated on 16th July 2018.
10. How to contact us
If you want more details, to request access to your information or to make a complaint about the way we have processed your personal information, please email us at Data.Protection@parkhaven.org.uk or write to:
Data Protection Lead
Liverpool Road South,
You can also contact the Information Commissioners Office in their capacity as the statutory body overseeing data protection law www.ico.org.uk/concerns
Information Commissioner’s Office