DATA PROTECTION ACT 2018
GENERAL DATA PROTECTION REGULATIONS 2018
PRIVACY POLICY (reviewed 15th June 2023)
Old Raven LTD is operated by Healthcare Management Solutions LTD, a leading care home management and consultancy business.
This Privacy Policy contains information for service users, visitors, carers, the public, staff, and users of this website that describes how we collect, use, retain and disclose the personal information you provide to us during methods of contact or use of our services.
It is sometimes also referred to as a Privacy Statement, Fair Processing Statement or Privacy Notice. This privacy policy is part of our commitment to ensure that we process personal information/data fairly and lawfully. It is also one of the ways in which we can demonstrate our commitment to our values of Continuous Improvement, Ethical Practice, Reliability and Effectiveness, Responsibility, Expertise and Excellence.
If you have any questions or concerns regarding the information we hold, the use of personal and confidential information, or would like to discuss further, please contact the Information Governance Team.
Information Governance Team
Drakes Court
302 Alcester Road
Wythall
Birmingham
B47 6JR
Email: information.governance@hcsolutions.co.uk
Phone: 01564 820140
We recognise the importance of protecting personal and confidential information in all that we do and take care to meet our legal and regulatory duties.
We may ask, for or, hold personal confidential information to be able to comply with regulations and best practice for employment, or to be able to provide safe and appropriate care to those who reside in our care homes. We need information to be able to correctly identify and distinguish one person from another.
By law, we need to have a lawful basis for processing your personal data.
We process your personal data for reasons including:
We process your special category data because
We also process personal data to handle enquiries, job applications, complaints, investigations, and using legitimate interests to monitor and improve the quality of our services and improve the effectiveness of our marketing.
We may ask for, or hold, personal confidential information which will be used to support the delivery of safe and effective care and treatment.
The records we hold may include:
The care records may also include personally sensitive information such as sexuality, race, religion or beliefs, disabilities, allergies or other health conditions. It is important for us to have a complete picture, as this information assists staff to develop care plans that keep people safe and well, and administer treatments when needed.
Where possible information is collected from the person who has been referred for care or who is receiving care. Additional information will be provided from sources such as relatives or friends, as well as health and social care professionals such as Social Workers, GPs, District Nurses, or Consultants. It is expected health and social care professionals will have checked to make sure they have permission, or there is a legal basis to share personal information before they provide personal and confidential details.
There may also be times when we are asked to share basic information those receiving care such as their name and parts of their address, which does not include sensitive information; this may be at times such as during the national census or data collection for the Office of National Statistics.
For those who become residents in our care homes, we will store your personal information as long as you remain in our care and for 7 years afterwards (with some exceptions).
We use information about those who reside in our care services to:
To provide the best possible care and welfare, we will sometimes need to share information about those receiving care with other organisations such as:
We may ask for or hold personal and confidential information to be able to evidence compliance with regulations and best practice for employment. This is to ensure we can correctly identify each employee. We also need to keep proper records of each employee’s performance during their period of employment.
The records we hold may include:
Information we hold may also include personal sensitive information such as sexuality, race, your religion or beliefs, and whether the employee has a disability, allergies or health conditions.
Personal information relating to staff members is stored as long as the individual remains in our employment and for 6 years afterwards (with some exceptions).
We use information about employees to:
We will sometimes need to share information about employees with other organisations. We may share information with a range of government or company agencies such as:
There may also be times when we are asked to share basic information about our employees such as their name and parts of their address, which does not include sensitive information; this may be at times such as during the national census or data collection for the Office of National Statistics.
When you visit this website, we will collect your IP address. This is a string of numbers that are unique to your computer or device. This information is used to measure your use of the website.
During a visit to this website, or during an enquiry call, we may ask for your personal information to allow us to respond to and deal with your enquiry.
This may include:
For job applicants this may include:
If you are unsuccessful in your job application, personal information provided during the application will be stored for a maximum of 3 years.
We use information collected from our website visitors/enquirers to:
We will only share your personal information with third parties where we are required to do so by law, or where there is a legitimate reason for doing so.
We share your personal information with third parties to help us provide you with the services as described above. We will only share data with fully compliant third parties or “Data Processors.”
This includes:
Trusted Care – They process the majority of initial telephone care enquiries on our behalf.
Cookies are small text files that are used to store small pieces of information. They are stored on your device when the website is loaded on your browser. These cookies help us make the website function properly, make it more secure, provide better user experience, and understand how the website performs and to analyze what works and where it needs improvement.
Our website uses first-party and third-party cookies for several purposes. First-party cookies are mostly necessary for the website to function the right way, and they do not collect any of your personally identifiable data.
The third-party cookies used on our website are mainly for understanding how the website performs, how you interact with our website, keeping our services secure, monitoring the effectiveness of our marketing, providing advertisements that are relevant to you, and all in all providing you with a better and improved user experience and help speed up your future interactions with our website.
Should you decide to change your preferences later through your browsing session, you can click on the “Cookie Consent” tab on your screen. This will display the consent notice again enabling you to change your preferences or withdraw your consent entirely.
You can view our full Cookie Policy, including details of the cookies we use by clicking here.
We use third-party tools that use cookies and/or device identifiers for the analytics and marketing purposes described above.
These tools may include:
Personal information is retained in secure electronic and paper records, and access is restricted to only those who need to know.
It is important that personal information is kept safe and secure, to protect confidentiality. There are a number of ways in which privacy is shielded; by removing identifying information, using an independent review process, adhering to strict contractual conditions and ensuring strict sharing or processing agreements are in place.
The Data Protection Act 2018 and General Data Protection Regulations 2018 regulate the processing of personal information. Strict principles govern our use of information and our duty to ensure it is kept safe and secure.
We are registered with the Information Commissioners Office (ICO), as an organisation that holds and processes information which is sensitive and personal.
The registration number can be found on the ‘Search the Register’ part of the ICO webpage https://ico.org.uk/esdwebpages/search.
Technology allows us to protect information in a number of ways, in the main by restricting access. Our guiding principle is that we hold information in strict confidence.
Everyone working for us is subject to the Common Law Duty of Confidentiality and the Data Protection Act 2018. Information provided in confidence will only be used for the purposes for which consent has been sought, unless there are other circumstances covered by the law.
As part of their terms of employment, all staff are required to protect information, tell people how their information will be used and allow them to decide if and how their information can be shared, except where there is a legal obligation to share information. In these circumstances, this will be noted in the records for the person concerned.
All of our staff are required to undertake regular training in data protection, confidentiality, IT/cyber security, with additional training for specialist staff, such as records, data protection officers and IT staff.
Under the Data Protection Act 2018 you have enhanced rights relating to the information we hold. This is subject to some exemptions.
This privacy policy sets out to inform you about the processing of your personal information.
Individuals have the right to refuse/withdraw consent to information sharing at any time. We will fully explain the possible consequences, and any legal obligations we have to share information where we cannot comply with a request to not share information.
Individuals have the right to request access to information (with some exemptions) that is held about them by an organisation. For more information on how to access the information we hold about you please contact the Information Governance Team using the details in the contact section below.
You have the right to have your information rectified if it is inaccurate or completed if it is not complete.
Sometimes called ‘the right to be forgotten’, enables you to request deletion of your personal information (with some exceptions).
You have the right to restrict the processing of your personal information (with some exceptions).
This allows you to obtain and reuse your personal information for your own purposes across different services.
You have the right to object to the processing of your personal information (with some exceptions). We will restrict all processing of this data while we look into your objection.
You have rights relating to automated decision making and profiling.
At this time, we do not share any data for planning or research purposes for which the national data opt-out would apply. We review all of the confidential patient information we process on an annual basis to see if this is used for research and planning purposes. If it is, then individuals can decide to stop their information being shared for this purpose. You can find out more information at https://www.nhs.uk/your-nhs-data-matters/.
We have a senior person responsible for protecting the confidentiality of information and enabling appropriate sharing. The Data Protection Lead has responsibility for advising the Company about the protection of general personally identifiable information. There is also a Caldicott Guardian who is a senior person with responsibility for protecting the confidentiality of information for those who are in receipt of care and treatment.
Should you wish to contact us with a data request, queries relating to your personal information and how it is processed, or with a concern about the way in which we manage your information please contact:
Information Governance Department
Drakes Court
302 Alcester Road
Wythall
Birmingham
B47 6JR
Email: information.governance@hcsolutions.co.uk
Phone: 01564 820140
We try to meet the highest standards when collecting and using personal information. We encourage people to bring concerns to our attention and we take any complaints we receive very seriously. You can submit a complaint through the Company’s Complaints Procedure, details of which are on display in the home, or you can write to:
The Complaints Department
Information Governance Department
Drakes Court
302 Alcester Road
Wythall
Birmingham
B47 6JR
If you remain dissatisfied with the Company’s decision regarding your complaint, you may wish to contact:
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
0303 123 1113
We may update this privacy policy from time to time to reflect, for example, changes to our practices or for other operational, legal or regulatory reasons.