Privacy Notice For Patients and Service Users
Oakhaven is committed to maintaining the accuracy, confidentiality and security of your personal information. This Privacy Notice describes the personal information that we collect from or about you, how we use it and to whom we disclose that information.
Who we are
Oakhaven Care a company incorporated in England and Wales (company number 08409572) whose registered office is Lower Pennington Lane, Lymington, Hampshire, SO41 8ZZ (“Oakhaven Care”)
We are committed to protecting your privacy and will only use personal data that we collect in line with all applicable laws, including the General Data Protection Regulation (GDPR).
In this Notice, “We”, “Us” and “Our” means Oakhaven Care (the Orgranisation), the provider of your care. “You” means the client on whose behalf the Company are providing the service that you or your nominated third party, such as your local authority, have requested.
We are committed to maintaining the accuracy, confidentiality and security of your personal information. Data protection law provides you with a right to be informed about the processing of your personal information. This Notice describes the personal information that we collect from or about you, and how we use and to whom we disclose that information. Where it is appropriate to the delivery of the service and in accordance with our contract with you or as required by law, we may also prescribe additional purposes and longer retention periods to those set out below.
What Personal Information Do We Collect?
We collect and maintain different types of personal information in respect of those individuals who seek to be, are, or were our clients, including the personal information contained in:
- what you tell us about yourself;
- ID Information such as your name, home address, email address, telephone numbers and date of birth;
- Next of kin contact information;
- Medical records and health information including medicine dosage;
- Personal preferences;
- Ethnicity and religious affiliation;
- NHS number;
- Telephone call recording;
- Risk assessments;
- Door access codes;
- Dietary requirements;
- Our records of invoicing and payment.
The personal information which we collect and maintain includes the above and any other information necessary to permit us to manage your care effectively. In addition, we may collect and maintain sensitive personal information about you if that has any relevance to your care.
As a general rule, we collect personal information directly from you or from the local authority or others also involved in your care. In most circumstances where the personal information that we collect about you is held by a third party, we will obtain your permission before we seek out this information from such sources (such permission may be given directly by you, or implied from your actions or agreed under contract).
Where permitted or required by applicable law or regulatory requirements, we may collect information about you without your knowledge or consent.
Why Do We Collect Personal Information?
The personal information collected is used and disclosed for our business purposes, including establishing and managing your relationship with us. Such uses include:
- assessing whether we are able to assist you;
- the management of your care;
- maintaining records of services provided to you;
- invoicing, fee collection and debt recovery;
- keeping records up to date;
- complying with the legal and regulatory obligations;
- implementing best practice and guidance from the Care Quality Commission or other regulatory or governmental bodies;
- Such other purposes as are reasonably required by us.
Who is responsible?
The person responsible for the personal information about you which we collect (the “data controller”) is the Organisation.
Some of our premises are equipped with CCTV. Where in use, CCTV cameras are there for the protection of visitors and employees and members of staff, and to protect against theft, vandalism and damage to goods and property on the premises. Generally, recorded images are routinely destroyed and are not shared with third parties unless there is suspicion of a crime, in which case they may be turned over to the police or other appropriate government agency or authority.
This section is not meant to suggest that clients will in fact be monitored or their actions subject to constant surveillance. It is meant to bring to your attention the fact that such monitoring may occur.
Can we use your information for marketing our products and services?
We may send you email newsletters if you opt-in to receive such correspondence. We may also send you details of new services but only if it is within our legitimate interest to do so.
We will always let you know that you can opt out from receiving marketing material and you can let us know at any time if you no longer wish to receive direct marketing offers from us. You can do so by emailing us at email@example.com, or writing to us.
How Do We Use Your Personal Information?
We may use your personal information for the purposes described in this Policy, or for any additional purposes that we advise you of and, where your consent is required by law, where we have obtained your consent in respect of the use or disclosure of your personal information.
We may use your personal information without your knowledge or consent where we are permitted or required by law or regulatory requirements to do so.
When Do We Disclose Your Personal Information?
We may share your personal information with our employees and other parties who require such information to assist us with managing the service we provide to you.
This includes but is not limited to sharing your data with the following who may in turn process your data:
- our clients;
- the NHS;
- your doctor;
- social services;
- the local authority;
- emergency services;
- the District Nurse;
- specific external suppliers such as systems providers (e.g. of our rostering, H&S reporting and financial systems), IT consultants, legal advisers and auditors.
Also, your personal information may be disclosed:
- as permitted or required by applicable law or regulatory requirements;
- to comply with valid legal processes;
- as part of our reporting activities;
- to protect the rights and property of the company;
- during emergency situations or where necessary to protect the safety of a person or group of persons;
- where the personal information is publicly available; or
- with your consent where such consent is required by law.
In any such a case, we will not disclose more personal information than is required in the circumstances and, except under compulsion of law, we will not disclose without your consent any legal advice which is the subject of a duty of confidence owed to you.
Notification and Consent
Privacy laws do not generally require us to obtain your consent for the collection, use or disclosure of personal information for the purpose of establishing and managing our relationship with you. In addition, we may collect, use or disclose your personal information without your knowledge or consent where we are permitted or required by applicable law or regulatory requirements to do so.
Where your consent is required this will be requested and recorded in a clear unambiguous way. Where your consent is required for our collection, use or disclosure of your personal information, you may, at any time, subject to legal or contractual restrictions and to reasonable notice, withdraw your consent. All communications with respect to such withdrawal or variation of consent should be in writing and addressed to the Organisation.
How is Your Personal Information Protected?
We endeavour to maintain physical, technical and procedural safeguards that are appropriate to the sensitivity of the personal information in question. These safeguards are designed to protect your personal information from loss and unauthorized access, copying, use, modification or disclosure.
Your personal information will not normally be processed outside the European Economic Area. Where it is necessary or desirable to do so, we will seek your prior consent and we will take steps to ensure that suitable safeguards apply.
How Long is Your Personal Information Retained?
Except as otherwise permitted or required by applicable law or regulatory requirements, we will retain your personal information only for as long as we believe is necessary to fulfil the purposes for which the personal information was collected (including, for the purpose of meeting any legal, accounting or other reporting requirements or obligations). As a minimum that will be until one year after the expiry of the legal limitation period for bringing a legal claim against the organisation in respect of the services provided. However, we may notify that we will retain your personal information for a longer period for the purposes of maintaining our records of the services provided.
In most cases personal information which is maintained by the organisation will be deleted 7 years after the discharge of all fees incurred in your care or at the end of any service we have provided to you, whichever is the later.
Updating Your Personal Information
It is important that the information contained in our records is both accurate and current. If your personal information happens to change during the course of your relationship with us, please keep us informed of such changes.
You have a right to have your personal information corrected if it is inaccurate and to have incomplete personal information completed. In some circumstances we may decide to update our record of your personal information by appending additional text without deleting the original record.
Right of Access to Your Personal Information
You can ask to see the personal information that we hold about you. If you want to review, verify or correct your personal information, please contact the organisation. Please note that any such communication may be required in writing.
When requesting access to your personal information, please note that we may request specific information from you to enable us to confirm your identity and right to access, as well as to search for and provide you with the personal information that we hold about you. We may charge you a fee to access your personal information; however, we will advise you of any fee in advance. If you require assistance in preparing your request, please contact us.
Your right to access the personal information that we hold about you is not absolute. There are instances where applicable law or regulatory requirements allow or require us to refuse to provide some or all of the personal information that we hold about you. In addition, the personal information may have been destroyed, erased or made anonymous in accordance with our record retention obligations and practices.
If we cannot provide you with access to your personal information, we will try to inform you of the reasons why, subject to any legal or regulatory restrictions.
Your other legal rights
Data protection legislation also provides you with certain other rights. These are not always absolute rights and must be considered in the wider scope of the legislation. These rights are:
- right to erasure, also known as the right to be forgotten. The broad principle underpinning this right is to enable an individual to request the deletion or removal of personal data where there is no compelling reason for its continued processing. In some circumstances this is not an absolute right;
- right to restrict processing. You have the right to ‘block’ or suppress processing of personal data. Again this is not an absolute right and will depend on the circumstances and any other legal/statutory obligations we may have;
- right to data portability;
- right to object to processing based on legitimate interests or the performance of a task in the public interest/exercise of official authority (including profiling);
- rights related to automated decision making including profiling.
How to contact us & complaints
If you have any questions, concerns or complaints in respect of data protection and this privacy notice, please do not hesitate to contact us. Please contact the Registered Manager at Oakhaven Care, Lower Pennington Lane, Lymington, Hampshire, SO41 8ZZ. Alternatively you may contact our Data Protection Officer at firstname.lastname@example.org.
We will endeavour to address your issue as swiftly as possible.