Data Protection law is changing. On 25th May 2018 with the introduction of the General Data Protection Regulation 2016 (the GDPR). The GDPR applies to “personal data” and our Privacy Notice sets out your rights on how we collect, use and store your data which may enable you to be identified either on its own or in conjunction with other data we may come into possession of.
Care Response Ltd is already pledged to comply with the Personal Information Promise via the ICO, please see Appendix 1.
Diane Brown at Care Response Ltd , Company Registration Number 6161098, (registered in England and Wales) is the data controller and will decide how your personal data is processed and for what purposes. Care Response Ltd complies with its obligations under the GDPR by:
- keeping your personal data up to date
- storing and securely destroying it after use
- not collecting or retaining excessive amounts of data
- protecting personal data from loss, misuse, unauthorised access and disclosure and by ensuring that appropriate technical measures are in place to protect your personal data
How will we use your personal data?
Your data will be used for the following purposes:
- Provide the contracted services of our clients, for example providing Care
- Comply with regulatory or statutory obligations, for example CQC
- Improve the quality of our service and maintain our administrative records
- Communicate news and information which we believe you may find of interest
Your data will not be passed onto third parties for any reason (for example marketing), outside of statutory or compliance Regulation
Who is collecting your data?
Selected Managers of Care Response staff will have the authority to collect and have access to your data.
Data will be collected via our assessment process, this will then be stored on our Rosta system (Staff plan)
Staff Plan is hosted in the cloud and is GDPR compliant.
Access to Staff Plan is restricted to Senior Members of staff through password protected computers. All laptops used out of office hours are password protected and have security protection installed.
Staff have paper copies of timesheets (this will be replaced by paperless copies by Dec 2018) Timesheets only show first and last names and times of arrival. No other information is visible on the timesheets.
Currently Care plans are printed and a hard copy kept in a secure cabinet at our offices , a copy is also kept at the clients home. We are in the process of implementing a new system and all data will be filed online by the end of 2018. Clients have the choice to view the records and can give consent to family members to have access to this information
Once Care Response go paperless information will be accessed via an app on the Care Workers phones via a system called Karantis. This information is stored in the cloud and is GDPR compliant. No information entered onto the app is stored on the Carers phones.
We may at times need to share information with other health professionals, this consent is requested on assessment, if you refuse and we later find it necessary to speak to other health professionals we will seek consent on an individual basis , unless we are required by law to provide the information
What data is collected?
The following data will be directly collected by a senior member of the Care Response team or will be provided by yourself through a family member of your choice. This also includes other information we may learn about you during the course of performing the assessment.
The following are included in the care assessment carried out at the time of setting up a care plan:
- Your name (first and last plus any middle / other names you choose to provide)
- Your marital status
- Your gender
- Your home address
- Your date of birth
- Your preferred method of contact , i.e. Telephone/Email
- Your medical History (including GP Details)
- Your next of Kin including any (POA – clients)
- Your preferred method of payment (no card details are retained if paying by card)
- Your specific requirements (planned package of care)
- Your bank details (Staff only)
- Your employment history & references (Staff)
- DBS (disclosure and barring service – staff only)
- Identity checks, i.e. passport, driving licence and Car documents (Staff only)
The above list is not exhaustive and may vary according to the level of care you require (Clients) , we will only ask for information that relative or due to legislative changes.
Invoices are sent in the post as standard, we are happy to send invoices via Email, however we cannot guarantee the security of the recipients email.
Our website (www.careresponse.co.uk)
Our website is hosted by My Website Solutions. When someone visits www.careresponse.co.uk we use Google Analytics to collect internet log information to determine visitor behaviour patterns. This information includes the number of visitors to various parts of the site but will not identify anyone and we do not allow Google to make or attempt to determine the identities of anyone visiting our site.
Care Response have a face book page , no personal information will be posted without prior consent.
How long will your data be stored for?
Data we hold on you will be stored only for as long as we need it (& ensuring any regulations are met as appropriate); that is to perform the function it was collected for in the first place. Once we no longer need your data to perform the function(s) it will be securely destroyed, either permanently deleted or shredded.
Clients / staff should be made aware of the following requirements to keep data:
Client files 7 years
Staff Files 5 years
What rights do you have?
How the law protects you….
- We will keep your data secure and private
- We will not sell your data
- If your personal data changes, you have the option to update us at any time
You are entitled to view, the personal information that we hold. Email your request to our data protection officer, Diane Brown at firstname.lastname@example.org or alternatively call on 01344 876099.
How can you raise a complaint?
If you believe your data is not being used for the purposes set out in this Privacy Notice,……
You may raise a complaint using Care Response Complaints procedure or alternatively you can contact :
Information Commissioners Office (ICO)
0303 123 1113 (local rate – calls to this number cost the same as calls to 01 or 02 numbers).
Appendix 1: Personal Information Promise (ICO)
I, Diane Brown on behalf of Care Response Ltd, promise that we will:
- Value the personal information entrusted to us and make sure we respect that trust.
- Go further than just the letter of the law when it comes to handling personal information, and adopt good practice standards.
- Consider and address the privacy risks first when we are planning to use or hold personal information in new ways, such as when introducing new systems.
- Be open with individuals about how we use their information and who we give it to.
- Make it easy for individuals to access and correct their personal information.
- Keep personal information to the minimum necessary and delete it when we no longer need it.
- Have effective safeguards in place to make sure personal information is kept securely and does not fall into the wrong hands.
- Provide training to staff who handle personal information and treat it as a disciplinary matter if they misuse or don’t look after personal information properly.
- Put appropriate financial and human resources into looking after personal information to make sure we can live up to our promises.
- Regularly check that we are living up to our promises.
Signed, Diane Brown