Information Handling Privacy Notice

Interserve is committed to protecting the privacy and security of your personal information.

Interserve Healthcare Limited is a “data controller”. This means that we are responsible for deciding how we hold (e.g. electronically or physically) and use personal information about you. We are required under data protection legislation to notify you of the information contained in this privacy notice.

This privacy notice describes how we collect and use personal information about you during and after your relationship with us, in accordance with the Data Protection Act 2018.

It relates to information we collect about a range of Data Subjects, including:

  • Healthcare Clients;
  • People who appear on our CCTV cameras;
  • People who use our website; and
  • Other members of the public, including those who want to make a complaint.

We are committed to protecting the confidentiality, integrity and availability of your personal information.

Data protection principles

Interserve Healthcare fully complies with data protection law. The law says that the personal information we hold about you must be:

  • Used lawfully, fairly and in a transparent way;
  • Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes;
  • Relevant to the purposes we have told you about and limited only to those purposes;
  • Accurate and kept up to date;
  • Kept only as long as necessary for the purposes we have told you about; and
  • Kept securely.

What information we collect and why

Interserve Healthcare collects and holds information about you and the care you receive to enable us to provide the best care possible. It is a requirement of the contract between us and you that you provide us with the information necessary for that purpose.Interserve Healthcare records every time you are seen, what care is provided and who is involved. This ensures that your carers have the most accurate up to date information. We may also analyse information to help us improve our services.

The information we collect from you is necessary for the delivery and management of your care and to carry out our responsibilities arising from any contracts entered into between you and us. These could include:

  • Your personal details (e.g. name, address, DOB);
  • Details of any diagnosis made by a medical professional;
  • Emergency contact details for next of kin;
  • GP and other medical/ care professional involved in your care;
  • Detail of any advanced decisions you have made;
  • All information regarding the care you required;
  • Details of your home environment to enable us to complete full risk assessments; and
  • Detail of any incidents or complaints made by yourself or others on your behalf.

Without this information we cannot ensure we are providing the type of care you have requested us to provide.

In the event that we ask you for any additional information, Interserve Healthcare will clearly explain why we would like to obtain this information and what it will be used for. This is to support you in either giving us your consent or declining to consent.

Once you have given consent for information to be collected, you still retain the right to withdraw your consent at any time.

How do we look after your information?

Interserve Healthcare knows how sensitive care records are and that people want these to be kept safely and securely. Data protection legislation requires us to control how confidential personal information is used so that personal information is not kept longer than necessary, is kept safe and secure at all times, is only used for what it was intended/needed for, and is correct and up to date.

We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees who have a business need to know.

All Interserve Healthcare staff are trained about the importance of confidentiality and the computer systems we use. The paper records we keep are held securely, with access limited to only those people who need to know about you and your care.

For further details on how we look after your information, please see our ‘About Us’ page at www.Interservehealthcare.comor contact your branch manager.

How long will your records be kept for?

Your records will be kept only for as long as it is necessary to meet any business, statutory or regulatory requirements. However, in general adult care records will be kept for 8 years after the conclusion of treatment or passing. Care records for children (0-18 years) will be kept until their 25thbirthday (or 26thif 17 when care ends) or 8 years after their passing,if sooner.

Who do we share your information with?

Interserve Healthcare will share information about you with other organisations involved with the delivery of your care. This may include:

  • Your GP;
  • If you do not pay for your care yourself, then the organisation that does pay for your care such as a Local authority, NHS Trust/CCG or insurance company responsible for a settlement agreement;
  • The representatives of the organisations who pay for your care, for example Case Managers who work for insurance companies or continuing healthcare staff from NHS/CCGs;
  • Other professionals who support your care, for example district nurses, specialist clinical teams or a medical consultant;
  • Organisations we work in partnership with to provide your care, for example other care agencies that also care for you or organisations we provide care on behalf of;
  • Safeguarding teams,where we are legally required to report concerns about your safety or well-being;
  • Regulators of care such as the Care Quality Commission, where we are legally required to notify them of an incident or issue or where they request information as part of the work they do;
  • The police or investigatory bodies, where a complaint or incident has been raised and requires external bodies to investigate for the prevention or detection of a crime or the apprehension or prosecution of offenders; and
  • Interserve Healthcare’sinsurers, if a claim has been made, in order to support the investigation into the claim made.

Interserve Healthcare will share information about your care, medical condition and progress with these organisations, as well as simple information such as your date of birth and contact details. This is to ensure that the care you receive meets your needs, that any changes in your needs are communicated to others involved in your care to keep you safe and to make sure your care is adapted to meet your needs.

Interserve Healthcare will never share information unless there is a need to do so for the purposes of providing high quality, safe and appropriate care to you.

You have the right to stop us sharing your information with other people if you think it will, or could cause you harm but we do not comply with this if we think it is in your best interest or could jeopardise your care or safety. (Please see about your records and your rights below).

People Appearing On CCTV.

We operate CCTV systems to support the physical security of our premises.  Areas covered by CCTV will be identified with signage.

CCTV footage is not shared with third party organisations, with the exception of the Police where there is a need to support criminal investigations.

The CCTV systems which we have installed record footage to hard drive devices and are routinely overwritten with subsequent recordings.  Where no incidents have occurred requiring longer retention, CCTV recordings are normally retained for a maximum of one month.

People Accessing Websites.

We do not attempt to identify anyone who visits the website.  Where website visitors use ‘contact us’ to ask a question, the following information will be recorded:

  • email address;
  • name;
  • telephone number;
  • address; and
  • any comments made.

These details are stored in accordance with information security policy and only retained for aslong as is necessary.  Specific retention periods can vary depending on the nature of the comment or query. The information is not stored within the website.

Other Members Of The Public.

Where members of the general public contact us, for exampleto make a complaint, their information will be stored in accordance with information security policies, will not be distributed to third party organisations and will only be retained for as long as necessary.  Where there is a need to share information with others, we will contact you for your consent.

Purpose And Legal Basis For Data Processing.

To the extent that we hold and/or use any information about you, we do so on the grounds that such processing is both permitted on the basis of your Consent, in accordance with our Legal Obligations and/or in furtherance of our Legitimate Interests.

To the extent that we hold and/or use any information about you which constitutes special category data (meaning information about you relating to your race; ethnic origin; politics; religion; trade union membership; genetics; biometrics (where used for ID purposes); health; sex life; or sexual orientation), we do so on the basis that such processing is necessary for statutory purposes, for the administration of healthcare, for the protection of your vital interests and/or for the safeguarding of children and of individuals at risk.

Security.

We understand the importance of protecting your information properly and that people want their records kept safely and securely.  The Data Protection Act 2018 requires us to control how personal information is used. There are strict rules so that information is not kept for longer than needed, is kept safe and secure at all times and is only used for what it was intended for.

We have security policies and processes in place to prevent your information from being accidentally lost, used or accessed in an unauthorised way, changed or disclosed to people who should not have access to it.

We will notify you and an applicable regulator of any identified or suspected data breach, where we are required to do so by law.

All our staff receive training about information security and data protection.

Automated Decision Making.

You will not be subject to decisions that with have a significant impact on you based solely on automated decision making, unless we have a lawful basis for doing so and we have notified youaccordingly.

We do not envisage any decisions will be taken about you using automated means.

Transfer Of Information Outside Of The EU

We will not share your data with third parties outside of the EU.

How We Will Contact You?

We will not contact you again if you askus not to. This can relate to all communication with you from Interserve Healthcare. You can contact us to change your contact preferences by informing your local Branch or Branch Manager.

How To Best Protect Yourself And Your Personal Information.

To protect yourself when sending us sensitive information, please ensure that you use devices running supported operating systems that are regularly patched, and incorporate some form of malware protection.

Only connect your devices to networks that you trust.

Posting Or Sending Inappropriate Content.

If you post or send any content that we believe to be inappropriate or content in breach of any laws, such as defamatory content, we may use your personal information to inform relevant third parties.

Posting Or Sending Content That You Do Not Own.

We have the right to disclose your identity to any third party claiming to own any content that you posted.

Third Party Requests.

From time to time you might wish for someone acting on your behalf to have access to your information e.g. a solicitor or another care agency when you are wishing to change Care Provider to request copies of your records. In all of these instances Interserve Healthcare will request the third party to provide us with a signed form of consent from you, dated within the last 6 months, to ensure that your rights are protected.

Can you see your records?

Under data protection laws, you have the right to ask to see all the records that Interserve Healthcare keeps about you, including paper care records and information held on computer systems. You can request this by contacting the Branch which looks after your care, who will take you through the process of requesting your records.

Your records and your rights

You have the additional following rights in respect of your records:

  • The right to be informed of how information about you will be handled (as set out in this Privacy Notice);
  • The right to access your information (you are entitled to a copy of the personal information we hold about you);
  • The right to rectification of inaccurate or incomplete information about you;
  • The right to erasure (the deletion or removal of your personal information where there is no compelling reason for its continued processing);
  • The right to object to the processing of information about you (unless we can show that we have compelling legitimate grounds for processing your information which overrides your rights, interests and freedoms);
  • The right to restrict processing of information about you (‘block’ or suppress processing of your personal information);
  • The right to have your personal information transferred to a third party;
  • The right to data portability, (allows you to obtain and reuse your personal data for your own purposes across different services);
  • The right to be informed of and object to any form of automated processing (profiling and decision-making) intended to evaluate certain personal aspects about you; and
  • The right to withdraw any consent which you may have given to the processing of information about you. Once we have received notification that you wish to withdraw your consent, we will cease processing your information for that specific purpose unless we have another legitimate or statutory basis for continuing to do so.  You will be told if we are unable to cease processing your information and why.

However there are some limitations to these rights, so they may not apply under particular circumstances.  You can find out more about these rights and any limitations on them by contacting the Information Commissioner at the address given below.

What We Need From You:

  • Tell Us When Your Details Change.

To assist us in ensuring the accuracy of your personal data, it is important that you tell us if your personal information changes.

  • Verification Of Identity.

We will need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or exercise any of your other rights). This is an appropriate security measure to ensure that personal information is not disclosed to a person who has no right to receive it.

  • Contact Information

If you have any questions about this privacy notice, how we handle your personal information or if you want to exercise your right of access speak to your Local Branch or Branch Manager in the first instance.  You can also write to our Data Protection Officer:

Data Protection Officer

Interserve

Capital Tower

91 Waterloo Rd

Lambeth

London SE1 8RT

What if you are not happy with anything about the way your information has been handled?

At any time, if you are not happy with the way your information has been handled you can raise this with the local branch manager responsible for your care, our Data Protection Officer or

the data protection regulatory authority, the Information Commissioner’s Office, who can reached at Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF.

Changes of Purpose.

We will only use your personal information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal information for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

Changes To This Privacy Notice.

We reserve the right to update this privacy notice at any time.  We will make a new privacy notice available when we make substantial updates. We may also notify you in other ways about the processing of your personal information.

Document Control.

This Privacy Notice was reviewed in January 2019.