1. WHO WE ARE
Ideal Carehomes Ltd together with any group companies (“we” “us” “our”) are committed to protecting and respecting your privacy. For the purposes of data protection legislation, we are the data controller and we will process your personal data in accordance with the General Data Protection Regulation (EU) 2016/679 and national laws which relate to the processing of personal data. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.
2. HOW WE COLLECT INFORMATION
2.1 VISITORS TO OUR WEBSITE
To the extent permissible under applicable law, we may collect and process personal data about you in the following circumstances:
2.1.1 when you complete forms on our website (“Site”). This includes your name, email address, contact telephone number which is provided at the time of registering to use our Site, subscribing to our services, requesting further services;
2.1.2 whenever you provide information to us when reporting a problem with our Site, making a complaint, making an enquiry or contacting us for any other reason. If you contact us, we may keep a record of that correspondence;
2.1.3 details of your visits to our Site including, but not limited to, traffic data, location data, weblogs and other communication data, whether this is required for our own billing purposes or otherwise, and the resources that you access (see section 2.2.2 on Cookies below); and
2.1.4 whenever you disclose your information to us, or we collect information from you in any other way, through our Site and live chat facility.
2.2 We may also collect data in the following ways:
2.2.1 We may collect information about your device, including where available your Internet Protocol address, for reasons of fraud protection. We may also collect information about your device’s operating system and browser type, for system administration and to report aggregate information to our advertisers. This is statistical data about our users’ browsing actions and patterns, and does not identify any individual.
2.2.3 Our Site may, from time to time, contain links to and from the websites of third parties. Please note that if you follow a link to any of these websites, such websites will apply different terms to the collection and privacy of your personal data and we do not accept any responsibility or liability for these policies. Please check before you submit your information to these websites.
3. RESIDENTS & CUSTOMERS
3.1 We process two categories of personal information about you and (where this applies) your next of kin:
• Standard personal information (for example, information we use to contact you, identify you or manage our relationship with you); and
• Special categories of information (for example, health information, information about your race, ethnic origin, religion, that allows us to tailor your care.)
3.2 To ensure we can process your application for care and support services, and to fulfil our contract with you to provide care services we will collect the following information by email, facsimile, post, telephone (we may also record the conversation), and if you complete an pre-admission assessment form:
• Your name, address, contact details, date of birth and next of kin information.
• Your capacity to make decisions and/or whether we need to liaise with the person(s) you have entrusted with power of attorney.
• Any specific health issues that you may be required to disclose, depending on the nature of the care we will be providing you.
• Details relating to the methods through which your care is being funded. If you are funding your care, then we will take payment through direct debit. If your care is being funded, then we will deal with the organisation funding this, or any other party that you have nominated or has agreed to pay for your care.
• We will record details of any medication you require in order that we can ensure we administer this and we will also record any specific medical wishes you have.
• We will record other information such as your religion to allow us, at your request, to contact the appropriate religious representative.
• We will use this information to process your application and comply with our contractual obligations.
• In order to perform our contract with you, we may also need to share personal data with third parties such as medical professionals, social services, mental health services, funding services such as relatives or local authorities, government services as required by law or order, service providers such as hairdressers and chiropodist, and payment providers to enable us to process your payments.
• We may also advertise your feedback and share your images on our website and marketing materials (subject to obtaining your prior consent where necessary).
• If you are the next of kin or person with power of attorney, then your details are required to ensure that we can get the necessary authority in respect of the care services we are providing to the person under your authority.
3.3 We will retain your information as long as we have a contractual obligation with you, and for a period of 7 years afterwards, subject to an annual review. Where you have subscribed to receive marketing correspondence from us we will keep personal data until you unsubscribe from receiving such correspondence from us.
3.4 SPECIAL CATEGORY INFORMATION
In order to ensure that we can provide the necessary care to you as an individual, to ensure that we can protect our staff and other residents, and to make an assessment of whether we are able to provide the care you need, we need to understand aspects of your care needs such as medical, physical, psychological, and mental wellbeing.
We will collect details such as your name, email address, contact telephone number, address, bank details in order to contact you about goods or services ordered with you and to place further orders. We will keep the personal data for 7 years further to being provided with the goods/services, subject to an annual review.
5. HOW WE USE YOUR INFORMATION
LEGAL BASIS FOR PROCESSING YOUR PERSONAL DATA
5.1 In accordance with data protection legislation we are required to notify you of the legal basis upon which we process your personal data. We process your personal data for the following reasons:
5.1.1 for performance of a contract we enter into with you;
5.1.2 where necessary for compliance with a legal obligation we are subject to; and/or standards such as those regulated and inspected by the Care Quality Commission.
5.1.3 for our legitimate interests (as described within this policy).
5.2 We may use your personal data for the legitimate interests of Ideal Carehomes Ltd, to the extent permissible by law in order to:
5.2.1 provide you with care services or information that you requested from us;
5.2.2 perform obligations of contract to which you are party;
5.2.3 fulfil any legal obligations we are subject to;
5.2.4 allow you to participate in interactive features of our Site, when you choose to do so;
5.2.5 ensure that content from our Site is presented in the most effective manner for you and for your device;
5.2.6 improve our Site and services;
5.2.7 process and deal with any complaints or enquiries made by you; and
5.2.8 contact you for marketing purposes where you have signed up for these (see section 6 for further details).
5.3 We do not undertake automated decision making with your personal data.
6.1 In addition to the uses described in sections 2-4 above, we may use Resident / Customer personal data for our legitimate interests in order to provide you with details about our care services, business updates and events which we think may be of interest.
6.2 If you are not an existing Customer but you invite us to provide information about our care services, we may collect your name, address, email address, and contact telephone number for the purposes of providing you with information about our care services or newsletters. We will retain such data for a period of 3 years from the point at which you provide us with your data, unless you place an order with us in which case 3.3 above will apply.
6.3 You have the right to opt-out of receiving the information detailed in section 6.1 at any time. To opt-out of receiving such information you can:
6.3.1 tick the relevant box situated in the form on which we collect your information;
6.3.2 clicking the unsubscribe button contained in any such communication received;
6.3.3 email us at firstname.lastname@example.org providing us with your name and contact details.
7. SHARING YOUR INFORMATION WITH THIRD PARTIES
7.1 We may disclose your information to third parties for the following legitimate interests:
7.1.1 to staff members and medical providers, in order to facilitate the provision of care services to you; and in the event you are taken ill
7.1.2 to other members of the public, where your condition may represent a threat to the interests, rights and freedoms of other people, e.g. if you have a communicable disease and we believe your condition may represent a risk to other residents.
7.1.3 to our affiliated entities to support internal administration;
7.1.4 IT software providers that host our website and store data on our behalf; and
7.1.5 to a prospective buyer of some or all of our business or assets, in which case personal data including personal data will also be one of the transferred assets.
7.2 We may disclose personal data to the police, regulatory bodies, legal advisors or similar third parties where we are under a legal duty to disclose or share personal data in order to comply with any legal obligation, or in order to enforce or apply our website terms and conditions and other agreements; or to protect our rights, property, or safety of our customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.
7.3 We will not sell or distribute personal data to other organisations without your approval.
8. TRANSFERS OUTSIDE OF THE EUROPEAN ECONOMIC AREA
8.1 We will not transfer your personal data outside the European Economic Area.
9. SECURITY AND STORAGE OF INFORMATION
9.1 Where we have given you (or where you have chosen) a password which enables you to access certain parts of our Site, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
9.2 Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your information transmitted to our Site; any transmission is at your own risk.
9.3 Information you provide to us is shared on our secure servers. We have implemented appropriate physical, technical and organisational measures designed to secure your information against accidental loss and unauthorised access, use, alteration or disclosure. In addition, we limit access to personal data to those employees, agents, contractors and other third parties that have a legitimate business need for such access.
10. YOUR INFORMATION AND YOUR RIGHTS
10.1 It is important that the personal data we hold about you is accurate and current. Please keep us informed if the personal data we hold about you changes.
10.2 Data protection legislation gives you the right to object to the processing of your personal data in certain circumstances or withdraw your consent to the processing of your personal data where this has been provided. You also have the right to access information held about you and for this to be provided in an intelligible form. If you would like a copy of some or all of your personal information, please send an email to email@example.com. In certain circumstances we reserve the right to charge a reasonable fee to comply with your request.
10.3 You can also ask us to undertake the following:
10.3.1 update or amend your personal data if you feel this is inaccurate;
10.3.2 remove your personal data from our database entirely;
10.3.3 send you copies of your personal data in a commonly used format and transfer your information to another entity where you have supplied this to us, and we process this electronically with your consent or where necessary for the performance of a contract; or
10.3.4 restrict the use of your personal data.
10.4 We may request specific information from you to help us confirm your identity and your right to access, and to provide you with the personal data that we hold about you or make your requested changes. Data protection legislation may allow or require us to refuse to provide you with access to some or all the personal data that we hold about you or to comply with any requests made in accordance with your rights referred to above. If we cannot provide you with access to your personal data, or process any other request we receive, we will inform you of the reasons why, subject to any legal or regulatory restrictions.
10.5 Please send any requests relating to the above to our Data Protection Officer at firstname.lastname@example.org specifying your name and the action you would like us to undertake.
11. RIGHT TO WITHDRAW CONSENT
Where you have provided your consent to the collection, processing and transfer of your personal data, you have the legal right to withdraw your consent under certain circumstances. To withdraw your consent, if applicable, please contact us at email@example.com
13. CONTACT US
Last updated: 21st May 2018.