General Data Protection Regulation (GDPR)
Privacy Notice for Clients
Last updated: 30 May 2022
In this Privacy Notice Abicare means any of our Group companies including but not limited to:
Abigroup Holdings Limited
Private Limited Company registered in England under company number 09339498.
Abicare Services Limited
Private Limited Company registered in England under company number 05597217.
Abiclean Services Limited
Private Limited Company registered in England under company number 06952599.
Abilink Services Limited
Private Limited Company registered in England under company number 06942520.
Private Limited Company registered in England under company number 09681159
Data Protection Officer: Evalian (Acting as DPOaaS).
Email address: firstname.lastname@example.org.
Telephone number: 01722 342778.
Postal address: Unit 1a Abihouse, Brunel Road, Salisbury, Wilts. SP2 7PU.
The organisation collects and processes personal data relating to its clients to manage the care contract relationship. The organisation is committed to being transparent about how it collects and uses that data and to meeting its data protection obligations.
All personal data that we hold about you will be processed in accordance with the Data Protection laws including the UK General Data Protection Regulation (UK GDPR), the General Data Protection Regulations 2016/679 (GDPR), Privacy & Electronic Communications (EC Directive) Regulations 2003 and Data Protection Act 2018 and any subsequent legislation.
Please take time to read this Privacy Notice. Please note, we may change this Privacy Notice from time to time to reflect how we deliver our products and services so please revisit this Privacy Notice regularly. While we will notify you of any material changes, we encourage you to review this periodically.
What information does the organisation collect?
The organisation collects and processes a range of information about you. This includes (but is not limited to):
your name, address and contact details, including email address and telephone number, date of birth and gender;
- the details of your care service contract
- details about your care plan, risk assessment and medical information including but not limited to:
- Health information
- Allergies and conditions
- Food and lifestyle preferences
- Key locations and codes for access to your home or to the site where the care services are performed;
- details of your bank account for invoicing purposes
- information about your marital status, next of kin, dependants and emergency contacts;
- information about your nationality;
- details of any incidents, accidents or concerns relating to your care;
- equal opportunities monitoring information, including information about your
- ethnic origin, sexual orientation, health and religion or belief.
The organisation may collect this information in a variety of ways. For example, data might be collected through local authority social services, service contracts, from yourself, from professionals with whom you work or from your next of kin.
Data will be stored in a range of different places, including in your client file, in the organisation's care computer system, Within a secured application on your carer’s electronic monitoring device and in your client service user guide in your home.
The reasons why Abicare collects personal information
We collect personal data to enable us to fulfil our legitimate business needs, such
- provide education and training
- provide residential healthcare and welfare
- maintain our accounts and records
- support and manage our staff
- advertising and marketing
Our legal basis for processing your personal data
The organisation needs to process data to enter into a service care contract with you and to meet its obligations under the contract. For example, it needs to process your data to provide you with a service delivery care plan and to invoice you in accordance with your care contract.
In some cases, the organisation needs to process data to ensure that it is complying with its legal obligations. For example, CQC/CIW (Care Quality Commission/ Care Inspectorate Wales) requires us to hold care delivery records/ medical information/ record of medicines, and health and safety records regarding accidents and incidents through the duration of your contract. In other cases, where the organisation has a legitimate interest in processing personal data. This processing may occur before, during and after the end of your care service contract, but will only be performed for legitimate purposes as outlined within this privacy notice.
Processing client data allows the organisation to:
- assess client enquiries for care;
- maintain accurate and up-to-date client records and contact details (including details of who to contact in the event of an emergency), and records of client contractual and statutory rights;
- maintain correct invoicing and finance details
- operate and keep a record of client care plans and risk assessments to ensure person-centred care is delivered.
- respond to and defend against legal claims; and
- maintain and promote equality in providing care.
Some special categories of personal data, such as information about health or medical conditions, are required for the delivery of care. Where the organisation processes other special categories of personal data, such as information about ethnic origin, sexual orientation, health or religion or belief, this is done for the purposes of equal opportunities monitoring. Data that the organisation
uses for these purposes is anonymised or is collected with your express consent, which can be withdrawn at any time. Clients are entirely free to decide whether or not to provide such data and there are no consequences of failing to do so.
Who has access to your data?
Your information may be shared internally, including with members of the local care team for the delivery of care, also Care managers within the organisation and appropriate IT staff if access to the data is necessary for the performance of their roles.
The organisation may share your data with third parties in order to obtain information in relation to your care package (GP’s, hospital discharge teams, district nurses etc)
The organisation also shares your data with third parties that process data on its behalf, in connection with invoicing (social services, local authorities, solicitors, health insurance companies)
How does the organisation protect your data?
The organisation takes the security of your data seriously. The organisation has internal policies and controls in place to try to ensure that your data is not lost, accidentally destroyed, misused or disclosed, and is not accessed except by its employees in the performance of their duties.
Where the organisation engages third parties to process personal data on its behalf, they do so on the basis of written instructions, are under a duty of confidentiality and are obliged to implement appropriate technical and organisational measures to ensure the security of data.
It is unlikely that we’ll ever share your personal data outside the UK. If, however, it becomes necessary for the purposes of providing our services to you, we will only share it with organisations in countries covered by the UK adequacy regulations or on the basis of the International Data Transfer Agreement approved by the UK Government which contractually obliges the recipient to process and protect your personal data to the standard expected under the UK GDPR.
For how long does the organisation keep data?
The organisation will hold your personal data for the duration of your care. The periods for which your data is held after the end of your care:
Personal Health & Care records: 3 years after we stop providing care
Financial Records: 3 years
The organisation may wish to contact you after you have left us as a client for marketing purposes or to inform you of a new service line that the organisation is now providing. The organisation will ask for your consent before it keeps your data for this purpose and you are free to withdraw your consent at any time.
National Data Opt-Out
The national data opt-out gives everyone the choice to stop health and social care organisations sharing their “confidential patient information” with other organisations where it is used for reasons beyond individual treatment and care, such as research and planning purposes.
Confidential patient information:
- identifies or could be used to identify a person;
- is obtained or generated in circumstances leading to an obligation of confidence and
- says something about their health, care, or treatment.
Confidential patient information applies to information about someone’s health or social care that can identify them.
Adult Social Care providers, in line with your wishes and the national data opt-out, are required to apply national data opt-outs to use or disclose confidential patient information for purposes other than your direct care
Abicare does not share your information with any pharmaceutical, medical or other researchers and does not use sensitive information for purposes beyond your care and treatment for which the national data opt-out would apply. We review all of the confidential patient information we process on an annual basis to see if this is used for research and planning purposes. If it is, then individuals can decide to stop their information being shared for this purpose. You can find out more information at https://www.nhs.uk/your-nhs-data-matters/.
We only share personal information on a “need to know” basis, observing strict protocols when doing so. Most of the data sharing is with other professionals and agencies involved with care and treatment.
We will always inform you if we fundamentally change the way we use your personal data,
As a data subject, you have a number of rights. You can:
- Request Information about whether we hold personal information about you, and if so, what that information is and why we are holding/using it.
- Request access and obtain a copy of your data on request;
- Request correction of the personal information we hold against you. Thereby requiring the organisation to change incorrect or incomplete data
- Request erasure. Require the organisation to delete or stop processing your data, for example where the data is no longer necessary for the purposes of processing; and
- Object to the processing of your data where the organisation is relying on its legitimate interests as the legal ground for processing.
- Request the restriction of processing of your personal information. To suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it
- Request transfer of your personal information in an electronic and structured form to you or to another party (commonly known as right to “data portability”) This enables you to take your data from us in an electronically useable format and to be able to transfer your data to another party in an electronically useable format.
- Withdraw consent. In those circumstances where you may have provided your consent to the collection, processing and transfer of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. Once we have received notification that you have withdrawn your consent, we will no longer process
your information for the purpose or purposes you originally agreed to, unless we have a legitimate basis for doing so in law.
- Object to automated decision-making including profiling, that is not to be
subject to any automated decision-making by us using your personal
information or profiling of you.
If you would like to exercise any of these rights, please contact the Data Protection Officer, Abicare Service Ltd, Abihouse, Unit 1a Brunel Road, Salisbury, SP2 7PU, Tel: 01722 343989.
We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your rights) This is an appropriate security measure to ensure that your personal information is not disclosed to any person who has no right to receive it.
If you believe that the organisation has not complied with your data protection rights, you can complain to the Information Commissioner.
What does this mean for me as a Client?
As a client, information collected about you could be provided to other approved organisations, where there is a legal basis to do so, to help plan services, improve care provision and for research into developing new treatments and preventing illness.
Information is only used where allowed by law and never for insurance or marketing purposes without explicit consent. The care service will always seek written permission from you before sharing personal information with anyone else, for purposes other than direct care However, if you do not want your personal data to be used for planning or research, you can stop this.
What if you do not provide personal data?
You have some obligations under the service contract to provide the organisation with data.
Certain information, for example: medical and health information, next of kin contact details, financial details, is required to enable the organisation to enter a service care contract. Your data is important to us and under no circumstances will we sell your data to a third party
Document Name: Carematch Privacy Notice for Clients v1.2
Reviewed by: Evalian Limited
Date Created: 06/03/2018
Policy Reviewed Date: 03/05/2022
Next Scheduled Review: 03/05/2023