Scribd
Upload
8 views7 pages

Privacy Notice V 5

Privacy-Notice-v-5

Uploaded by

Suria Rao
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
8 views7 pages

Privacy Notice V 5

Privacy-Notice-v-5

Uploaded by

Suria Rao
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 7

Privacy Notice Template

Your privacy notice may need to contain more information than this
template. If you are relying on different lawful bases than the ones
listed here, you will need to review and update the “Your Rights”
section at the end of this notice.

We recommend that you refer to the ‘How to Document your Data


Processing’ guidance document to check on legal bases for sharing
information and more information about privacy notices.

You do not need to provide this whole document to each individual as


long as the full document is readily available and you tell people where
it can be found. We recommend providing service users with a copy
without the staff section, staff without the service user section etc.
This means the document is more appropriately tailored to its
audience.

If you require more information about documenting your privacy


information, the ICO has extensive guidance here.

Introduction
This is insert organisation name here’s Privacy Notice.

As part of the services we offer, we are required to process personal data about
our staff, our service users and, in some instances, the friends or relatives of our
service users and staff. “Processing” can mean collecting, recording, organising,
storing, sharing or destroying data.

We are committed to being transparent about why we need your personal data
and what we do with it. This information is set out in this privacy notice. It also
explains your rights when it comes to your data.

If you have any concerns or questions please contact us: provide contact
details/methods here.

Service Users
What data do we have?
So that we can provide a safe and professional service, we need to keep certain
records about you. We may process the following types of data:

www.digitalsocialcare.co.uk
 Your basic details and contact information e.g. your name, address, date
of birth and next of kin;
 Your financial details e.g. details of how you pay us for your care or your
funding arrangements.
We also record the following data which is classified as “special category”:

 Health and social care data about you, which might include both your
physical and mental health data.
 We may also record data about your race, ethnic origin, sexual orientation
or religion. Delete if you do not record this information.

Why do we have this data?


We need this data so that we can provide high-quality care and support. By law,
we need to have a lawful basis for processing your personal data.

We process your data because: you may not use all of these lawful bases
or may use different ones, change as appropriate.

 We have a legal obligation to do so – generally under the Health and


Social Care Act 2012 or Mental Capacity Act 2005.
We process your special category data because

 It is necessary due to social security and social protection law (generally


this would be in safeguarding instances);
 It is necessary for us to provide and manage social care services;
 We are required to provide data to our regulator, the Care Quality
Commission (CQC), as part of our public interest obligations.
We may also process your data with your consent. If we need to ask for your
permission, we will offer you a clear choice and ask that you confirm to us that
you consent. We will also explain clearly to you what we need the data for and
how you can withdraw your consent at any time.

Where do we process your data?


So that we can provide you with high quality care and support we need specific
data. This is collected from or shared with:

1. You or your legal representative(s);


2. Third parties.
We do this face to face, via phone, via email, via our website, via post, via
application forms, via apps delete or insert as appropriate all of the
methods you use to communicate with your service users.

Third parties are organisations we might lawfully share your data with. These
include:

www.digitalsocialcare.co.uk
 Other parts of the health and care system such as local hospitals, the GP,
the pharmacy, social workers, clinical commissioning groups, and other
health and care professionals;
 The Local Authority;
 Your family or friends – with your permission;
 Organisations we have a legal obligation to share information with i.e. for
safeguarding, the CQC;
 The police or other law enforcement agencies if we have to by law or
court order.

Staff
What data do we have?
So that we can provide a safe and professional service, we need to keep certain
records about you. We may record the following types of data:

 Your basic details and contact information e.g. your name, address, date
of birth, National Insurance number and next of kin;
 Your financial details e.g. details so that we can pay you, insurance,
pension and tax details;
 Your training records.
We also record the following data which is classified as “special category”:

 Health and social care data about you, which might include both your
physical and mental health data – we will only collect this if it is necessary
for us to know as your employer, e.g. fit notes or in order for you to claim
statutory maternity/paternity pay;
 We may also, with your permission, record data about your race, ethnic
origin, sexual orientation or religion. Delete if you do not record this
information.

There is detailed information on what employee data you can


keep here.

As part of your application you may – depending on your job role – be required
to undergo a Disclosure and Barring Service (DBS) check (Criminal Record
Check). We do not keep this data once we’ve seen it.

Why do we have this data?


We require this data so that we can contact you, pay you and make sure you
receive the training and support you need to perform your job. By law, we need
to have a lawful basis for processing your personal data.

We process your data because you may not use all of these lawful bases
so delete as appropriate

www.digitalsocialcare.co.uk
 We have a legal obligation under UK employment law;
 We are required to do so in our performance of a public task;
 We have a legitimate interest in processing your data – for example, we
provide data about your training to Skills for Care’s Adult Workforce Data
Set, this allows Skills for Care to produce reports about workforce
planning. Delete if you do not complete the AWDS or change to a
different lawful basis if necessary.
 We are required to provide data to our regulator, the Care Quality
Commission (CQC), as part of our public interest obligations.
We process your special category data because

 It is necessary for us to process requests for sick pay or maternity pay.

If we request your criminal records data it is because we have a legal obligation


to do this due to the type of work you do. This is set out in the Data Protection
Act 2018 and the Rehabilitation of Offenders Act 1974 (Exceptions) Order 1975.
We do not keep a record of your criminal records information (if any). We do
record that we have checked this.

We may also process your data with your consent. If we need to ask for your
permission, we will offer you a clear choice and ask that you confirm to us that
you consent. We will also explain clearly to you what we need the data for and
how you can withdraw your consent.

Where do we process your data?


As your employer we need specific data. This is collected from or shared with:

1. You or your legal representative(s);


2. Third parties.
We do this face to face, via phone, via email, via our website, via post, via
application forms, via apps delete or insert as appropriate all of the
methods you use to communicate with your staff.

Third parties are organisations we have a legal reason to share your data with.
These include:

 Her Majesty’s Revenue and Customs (HMRC);


 Our pension and healthcare schemes provide details of external
companies providing this resource;
 Our external payroll provider; delete if not applicable;
 Organisations we have a legal obligation to share information with i.e. for
safeguarding, the CQC;
 The police or other law enforcement agencies if we have to by law or
court order.

www.digitalsocialcare.co.uk
 The DBS Service provide details of the umbrella organisation used
if not the DBS service directly

Friends/Relatives
What data do we have?
As part of our work providing high-quality care and support, it might be
necessary that we hold the following information on you:

 Your basic details and contact information e.g. your name and address.

Why do we have this data?


By law, we need to have a lawful basis for processing your personal data.

We process your data because we have a legitimate business interest in holding


next of kin and lasting power of attorney information about the individuals who
use our service and keeping emergency contact details for our staff.

We may also process your data with your consent. If we need to ask for your
permission, we will offer you a clear choice and ask that you confirm to us that
you consent. We will also explain clearly to you what we need the data for and
how you can withdraw your consent.

Where do we process your data?


So that we can provide high quality care and support we need specific data. This
is collected from or shared with:

1. You or your legal representative(s);


2. Third parties. Delete if you do not receive next of kin information
from Third Parties
We do this face to face, via phone, via email, via our website, via post, via
application forms, via apps delete or insert as appropriate all of the
methods you use to communicate with your service users.

Third parties are organisations we have a legal reason to share your data with.
These may include:

 Other parts of the health and care system such as local hospitals, the GP,
the pharmacy, social workers, and other health and care professionals;
 The Local Authority;
 The police or other law enforcement agencies if we have to by law or
court order.

www.digitalsocialcare.co.uk
Our Website
In order to provide you with the best experience while using our website, we
process some data about you.

If you do not have a website, you can delete this section. To develop
this section of your privacy notice you should communicate with your
website designer. You may wish to include or link to your cookie policy
here as this is information you should be providing to people who use
your website.
Consider if you hold personal information about people – including the
IP address of visitors. Do you have a contact form? Can people apply
online? Do people leave reviews on your website?

Your rights
The data that we keep about you is your data and we ensure that we keep it
confidential and that it is used appropriately. You have the following rights when
it comes to your data:

1. You have the right to request a copy of all of the data we keep about you.
Generally, we will not charge for this service;
2. You have the right to ask us to correct any data we have which you
believe to be inaccurate or incomplete. You can also request that we
restrict all processing of your data while we consider your rectification
request;
3. You have the right to ask that we erase any of your personal data which is
no longer necessary for the purpose we originally collected it for. We
retain our data in line with the Information Governance Alliance’s
guidelines (https://digital.nhs.uk/data-and-information/looking-after-
information/data-security-and-information-governance/codes-of-practice-
for-handling-information-in-health-and-care/records-management-code-of-
practice-for-health-and-social-care-2016) If you do not follow these
guidelines, you must provide people with your own retention
schedule as you need to tell people how long you hold their data
for.
4. You may also request that we restrict processing if we no longer require
your personal data for the purpose we originally collected it for, but you
do not wish for it to be erased.
5. You can ask for your data to be erased if we have asked for your consent
to process your data. You can withdraw consent at any time – please
contact us to do so.
6. If we are processing your data as part of our legitimate interests as an
organisation or in order to complete a task in the public interest, you have
the right to object to that processing. We will restrict all processing of this
data while we look into your objection.

www.digitalsocialcare.co.uk
You may need to provide adequate information for our staff to be able to
identify you, for example, a passport or driver’s licence. This is to make sure
that data is not shared with the wrong person inappropriately. We will always
respond to your request as soon as possible and at the latest within one month.

If you would like to complain about how we have dealt with your request, please
contact:

Information Commissioner’s Office


Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
https://ico.org.uk/global/contact-us/

www.digitalsocialcare.co.uk

You might also like