Data Protection Compliance Statement – Amocura Ltd

 

  This document demonstrates our commitment to protecting the privacy and security of your personal information. It contains information regarding how we collect and use

  personal data or personal information about you in accordance with the General Data Protection Regulation (GDPR) and all other data protection legislation currently in

  force.

 

  Pursuant to that legislation, when processing data we will;

 

    •  process it fairly, lawfully and in a clear, transparent way

    •  collect your data only for reasons that we find proper in ways that have been explained to you

    •  only use it in the way that we have told you about

    •  ensure it is correct and up to date

    •  keep your data for only as long as we need it

    •  process it in a way that ensures it will not be lost or destroyed or used for anything that you are not aware of or have consented to.

  

  Amocura Ltd is a “data controller”. This means that we are responsible for determining the purpose and means of processing personal data relating to you.

 

  “Personal data”, or “personal information”, means any information relating to an identified, or identifiable individual in particular by reference to an identifier such as a name,

  an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social

  identity of that natural person.

 

  There are “special categories” of sensitive personal data, meaning data relating to racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union

  membership, physical or mental health conditions, sex life or sexual orientation, genetic data, and biometric data which require a higher level of protection.

 

  This data protection compliance statement (privacy notice) applies to current contractors and suppliers, residents at our care homes and their relatives or representatives.

 

  DETAILS OF INFORMATION WE WILL HOLD ABOUT YOU  

 

  The list below identifies the kind of data that we will hold about you:

 

  The type of data which we collect depends on our relationship with you.

 

  The type of information we collect in relation to our residents includes:

 

  •  personal contact details such as name, title, previous address, telephone numbers, and personal email addresses

  •  date of birth

  •  your photograph

  •  gender

  •  marital status

  •  dependants, next of kin and their details

  •  national Insurance number

  •  health information

  •  care plans – health and safety, wellbeing, social history, risks assessments and assessments, dols assessments, mental capacity assessments, daily records,

     communication sheets (for visiting professionals e.g. nurses and GP's, correspondence from health care professionals.

  •  Medication administration sheets

  •  Social service contract if applicable

  •  Company contract, terms and conditions

 

  The following list identifies the kind of data that that we will process and which falls within the scope of “special categories” of more sensitive personal information:

 

  •  information relating to your race or ethnicity, religious beliefs, sexual orientation, sex life and political opinions

  •  information about your health, including any medical conditions and disabilities

  •  information about criminal convictions and offences

 

  If you are a relative/representative of a resident in our care home we may collect

 

  •  Name, address, contact details email, telephone number.

  •  Correspondence letters, billing information.

 

  If you are a contractor or supplier we may collect the following information

 

  •  Name, address, contact details email, telephone number.

  •  Correspondence letters

  •  Finance and bank details where applicable


  The following list identifies the kind of data that that we will process and which falls within the scope of “special categories” of more sensitive personal information:

 

  •  information relating to your race or ethnicity, religious beliefs, sexual orientation, sex life and political opinions

  •  trade union membership

  •  information about your health, including any medical conditions and disabilities

  •  information about criminal convictions and offences

  •  genetic inf ormation and biometric data

 

  METHOD OF COLLECTION OF PERSONAL INFORMATION

 

  Your personal information is obtained if you are a resident directly from you, or relative or representative by telephone, post or email, or health care professional,

  i.e. social worker, GP.

 

  If you are a contractor or supplier or a Local Authorities Contract department we would collect information by telephone, email, post.

 

  The information we require is necessary to provide our services effectively.

 

  Personal data is kept in a locked facility or within our IT systems.

 

  PROCESSING INFORMATION ABOUT YOU   

 

  We will only administer personal information in accordance with the lawful bases for processing. At least one of the following will apply when we process personal data:

 

  •  consent: You have given clear consent for us to process your personal data for a specific purpose.

  •  contract: The processing is necessary for a contract we have with you, or because we have asked you to take specific steps before entering into a contract.

  •  legal obligation: The processing is necessary for us to comply with the law (not including contractual obligations).

  •  legitimate interests: the processing is necessary for our legitimate interests or the legitimate interests of a third party unless there is a good reason to protect your

     personal data which overrides those legitimate interests.

 

  LAWFUL BASIS FOR PROCESSING YOUR PERSONAL INFORMATION

 

  We consider that the basis for which we will process the data contained in the list above (see section above - details of information we will hold about you ) is

  necessary for the performance of the contract we have with you and to enable us to comply with our legal obligations. Occasionally, we may process personal information

  about you to pursue legitimate interests of our own or those of third parties, provided there is no good reason to protect your interests and your fundamental rights do not

  override those interests.

 

  The circumstances in which we will process your personal information if you are a resident are listed below. 

 

  •  If you are a resident and to provide your care and to allow us to maintain comprehensive up to date records about you.

  •  to ensure amongst other things, effective correspondence can be achieved and appropriate contact points in the event of an emergency are maintained

  •  gaining expert medical opinion when making decisions about your health

  •  to provide professionals GP and nurses and other health care and social care professionals with essential information

  •  to keep relatives or representatives informed.

  •  To process payments and finance information in order to comply with legislation.

  •  There may be more than one reason to validate the reason for processing your personal information.

 

  The circumstances in which we will process your personal information if you are a contractor, supplier, banks, professionals, relative or representative or Local Authorities

  are listed below.

 

  •  maintaining comprehensive up to date records about you to ensure amongst other things, effective correspondence can be achieved and appropriate contact points in

     the event of an emergency are maintained

  •  preventing fraud

  •  To collate information to effectively operate our business

  •  To process payments and finance information in order to comply with legislation.

 

  LAWFUL BASIS FOR PROCESSING “SPECIAL CATEGORIES” OF SENSITIVE DATA

 

  “Special categories” of particularly sensitive personal information require higher levels of protection. We need to have further justification for collecting, storing and using

  this type of personal information. We may process special categories of personal information in the following circumstances:

  •  consent: You have given clear consent for us to process your personal data for a specific purpose.

  •  contract: The processing is necessary for a contract we have with you, or because we have asked you to take specific steps before entering into a contract.

  •  legal obligation: The processing is necessary for us to comply with the law (not including contractual obligations) and meets the obligations under our data protection policy.

  •  vital interests: the processing is necessary to protect someone's life.

  •  legitimate interests: the processing is necessary for our legitimate interests or the legitimate interests of a third party unless there is a good reason to protect your

  personal data which overrides those legitimate interests

  •  Health Care Professionals i.e. GP's and Nurses and statutory bodies are required to comply with the company data protections policy and GDPR and our Privacy Notice

  •  Occasionally, special categories of data may be processed where you are not capable of giving your consent, where you have already made the information public or in

  the course of legitimate business activities or legal obligations and in line with the appropriate safeguards.

 

  Examples of the circumstances in which we will process special categories of your particularly sensitive personal information are listed below  

 

  •  in order to protect your health and safety

  •  to assess your physical or emotional fitness

  •  to determine if reasonable adjustments are needed or are in place

 

  Where appropriate, we may seek your written authorisation to process special categories of data. Upon such an occasion we will endeavor to provide full and clear reasons

  at that time in order for you to make an informed decision. In any situation where consent is sought, please be advised that you are under no contractual obligation to

  comply with a request. Should you decline to consent you will not suffer a detriment

 

  INFORMATION ABOUT CRIMINAL CONVICTIONS   

 

  Information regarding criminal convictions may be processed in accordance with our legal obligations. Occasionally we may process such information to protect yours,

  or someone else's interests and you are not able to give your consent or we may process such information in cases where you have already made the information public.

  We anticipate that we will process information about criminal convictions in line with the Regulators.

  

  AUTOMATED DECISION-MAKING

 

  We do not anticipate that any of our decisions will occur without human involvement. Should we use any form of automated decision making we will advise you of any

  change in writing.

 

  SHARING DATA   

 

  Your data will be shared with colleagues within the Company where it is necessary for them to undertake their duties. This includes, the Sales and Purchases department

  for maintaining records.

 

  It may be necessary for us to share your personal data with a third party or third party service provider (including, but not limited to, contractors). Data sharing may arise

  due to a legal obligation, as part of the performance of a contract or in situations where there is another legitimate interest (including a legitimate interest of a third party)

  to do so.

 

  The list below identifies which activities are carried out by third parties on our behalf:

 

  •  IT services

  •  regulatory authorities

  •  legal advisors

  •  insurance providers

 

  Data may be shared with 3rd parties in the following circumstances:

 

  •  in the process of regular reporting activities regarding our performance,

  •  with regards to a business or group reorganisation, sale or restructure,

  •  in relation to the maintenance support and/or hosting of data

  •  to adhere with a legal obligation

  •  in the process of obtaining advice and help in order to adhere with legal obligations

 

  If data is shared, we expect third parties to adhere and comply with the GDPR and protect any data of yours that they process. We do not permit any third parties to

  process personal data for their own reasons. Where they process your data it is for a specific purpose according to our instructions.

 

  We do not anticipate that we will transfer data to other countries.

 

  DATA SECURITY   

 

  As part of our commitment to protecting the security of any data we process, we have put the following measures in place robust measures/policies/binding corporate

  rules. If you would like further details please contact the office on 01226 805 152.

 

  In addition, we have put further security measures in place to avoid data from being accessed, damaged, interfered with, lost, damaged, stolen or compromised.

  Personal information is kept in locked filing cabinets or drawers or in a safe. Electronic data is pass word protected that is regularly backed up. All our computers have

  firewalls and anti virus protection. In cases of a breach, or suspected breach, of data security you will be informed, as will any appropriate regulator, in accordance with

  our legal obligations.

 

  Any data that is shared with third parties is restricted to those who have a business need, in accordance with our guidance and in accordance with the duty of confidentiality.

 

  DATA RETENTION   

 

  We anticipate that we will retain your data for no longer than is necessary for the purpose for which it was collected.

 

  We have given consideration to the following in order to decide the appropriate retention period:

  •  nature

  •  sensitivity

  •  risk of harm

  •  purpose for processing

  •  legal obligations

 

  At the end of the retention period, upon conclusion of any contract we may have with you, or until we are no longer legally required to retain it, it will be reviewed and

  deleted, unless there is some special reason for keeping it. Occasionally, we may continue to use data without further notice to you. This will only be the case where any

  such data is anonymised and you cannot be identified as being associated with that data

  

  YOUR RIGHTS IN RELATION TO YOUR DATA   

 

  We commit to ensure that any data we process is correct and up to date. It is your obligation to make us aware of any changes to your personal information.

 

  In some situations, you may have the;

 

  •  Right to be informed. This means that we must tell you how we use your data, and this is the purpose of this privacy notice.

  •  Right to request access. You have the right to access the data that we hold on you. To do so, you should make a subject access request

  •  Right to request correction. If any data that we hold about you is incomplete or inaccurate, you are able to require us to correct it.

  •  Right to request erasure. If you would like us to stop processing your data, you have the right to ask us to delete it from our systems where you believe there

     is no reason for us to continue processing it.

  •  Right to object to the inclusion of any information. In situations where we are relying on a legitimate interest (or those of a third party) you have the right to

     object to the way we use your data where we are using it.

  •  Right to request the restriction of processing. You have the right to ask us to stop the processing of data of your personal information. We

     will stop processing the data (whilst still holding it) until we have ensured that the data is correct.

  •  Right to portability. You may transfer the data that we hold on you for your own purposes.

  •  Right to request the transfer. You have the right to request the transfer of your personal information to another party.

  Where you have provided consent to our use of your data, you also have the unrestricted right to withdraw that consent at any time. Withdrawing your consent means that

  we will stop processing the data that you had previously given us consent to use. There will be no consequences for withdrawing your consent. However, in some cases,

  we may continue to use the data where so permitted by having a legitimate reason for doing so.

 

  If you wish to exercise any of the rights explained above, please contact Mrs Maureen French 

 

  Consequences of your failure to provide personal information

 

  If you neglect to provide certain information when requested, it may affect our ability to enter into or continue with a contract with you, and it may prevent us from complying

  with our legal obligations.

 

  Change of purpose for processing data

 

  We commit to only process your personal information for the purposes for which it was collected, except where we reasonably consider that the reason for processing

  changes to another reason and that reason is consistent with the original basis for processing. Should we need to process personal information for another reason,

  we will inform you of this and advise you of the lawful basis upon which we will process.

 

  Important note: We may process your personal information without your knowledge or consent, in compliance with the above rules (see above section - lawful basis

  for processing your personal information ) .

  In the event that you enter into a contract with us, any information already collected may be processed further in accordance with our data protection policy, a copy of

  which will be provided to you.

 

  QUESTIONS OR COMPLAINTS

 

  It is the responsibility of our Data Protection Officer (DPO) to oversee compliance with this statement. Should you have any questions regarding this statement, or how

  we process your personal information, please contact Mrs Maureen French on 01226 805 152 or 07503 434 921

 

  The supervisory authority in the UK for data protection matters is the Information Commissioner (ICO). If you think your data protection rights have been breached in any

  way by us, you are able to make a complaint to the ICO.