Cedar Care is committed to ensuring that your privacy is protected and has taken steps to ensure compliance with the 2018 General Data Protection Regulation (GDPR). Should you provide certain information by which you or other individuals can be identified, it will only be used in accordance with this privacy statement.
Data Collected & Stored
Data we collect and store falls into three categories:
- Information about applicants for care and our existing residents; their respective “Next of Kin”; or other legal representatives for the resident;
- Information about job applicants and employees; and
- Suppliers of products and services
Use of Closed Circuit Television (CCTV)
At some Homes, we use CCTV. Where located, the CCTV is used for maintaining the security of property and premises and for preventing and investigating crime, it may also be used to monitor staff when carrying out work duties. For these reasons the information processed may include visual images, personal appearance and behaviours. This information may be about staff, residents and relatives, offenders and suspected offenders, members of the public and those inside, entering or in the immediate vicinity of the area under surveillance. Where necessary or required this information is shared with the data subjects themselves, employees and agents, services providers, police forces, security organisations and persons making an enquiry.
Activities with the Data Gathered
We take your privacy seriously and we will only ever collect and use personal information where it is necessary, fair and lawful to do so. We will only use information you have given us permission and/or it is necessary to provide the product or service you require. Data is only shared with third parties, if required to fulfil our obligations to you or to meet legal requirements, as detailed below.
Uses of data might include:
- For Residents:
To inform members of the Multi-Disciplinary Teams who assist in the provision of clinical advice and support;
To allow Assessment Bodies to undertake a suitable assessment of care needs;
To allow investigating / audit bodies the opportunity to effectively evaluate the level of care provided;
To comply with the Medical Records Act.
2. Next of Kin / Other Legal Representatives
To inform you of changes in the medical condition of the resident;
To inform you of changes contractual issues either between us and the resident or between the Primary Health Provider and you.
3. For Job Applicants / Employees:
To conduct the required suitability / “fitness” tests;
To conduct DBS checks;
To monitor Visa validity and NMC approvals;
To pay salaries.
To provide information to HMRC and government agencies as required by law.
To support suppliers in providing employee benefits such as pensions.
4. For Suppliers:
To ensure payments are made for goods and services.
If you do not wish us to collect and use your individual information in these ways, we may be unable to provide you with essential care services; continue to offer employment; or use your services.
Methods of Protecting Data
We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, we have put in place robust physical, electronic and managerial procedures to safeguard and secure the information we collect and store digitally (or otherwise on computer) and on paper. Our security measures fully comply with industry standards and best practice.
Part of our security measures is to ensure that organisations with whom we share personally sensitive information, also have robust systems that ensure information we have supplied to them is securely stored and destroyed as soon as its reason for sharing the information has been achieved.
Complaints Regarding Data Storage & Use
Should you have any concerns or complaints relating to issues relating to personally sensitive information that we hold, you should contact the Data Protection Officer, identified below:
|Mr Clive Williams||Compliance Consultant|
|By Post||Cedar Care Homes, Mortimer House, Clifton Down Road, Clifton, Bristol, BS8 4AE|
Data Retention Periods and Means of Data Destruction
In the case of financial records required by HMRC or for information that is subject to the Medical Records Act, we only retain information for the minimum period required by law.
Personally Sensitive Information that is held relating to employees is retained for a maximum period of 12 months after employment has ended; and for Job Applicants information provided as part of the application is destroyed immediately unless we subsequently employ the applicant, in which case, we retain the information for a maximum period of 12 months following employment ending.
Information relating to residents is subject, in most instances, to the requirements relating to Medical Records, but general information (e.g. Enquiry Details) is held for a minimum of 3 years where the enquiry results on admission or a maximum of 12 months where the enquiry does not result in an admission.
All information held in hard copy (i.e. on paper) is shredded and disposed of by way of local council recycling and soft copy (i.e. digital or computerised) records are deleted and fragmented to prevent recovery.
Policy & Process Reviews
This policy is reviewed annually, unless it is required by internal process changes or through operation of law, where an immediate review is undertaken. Any changes to this policy will be notified to you and displayed on our web-site.
The processes that ensure data security are subject to regular audit and staff training is provided to all staff members who have access to personally sensitive information relating to residents, relatives, employees and suppliers in the provisions of the GDPR and the impact on their role