Data Privacy Notice

Spring Care PAs Battle Limited is a provider of social care.

Spring Care PAs Battle Ltd (“Spring Care”, “We”, “Us”) is committed to ensuring your privacy is protected in accordance with Data Protection Standards.

This Data Privacy Notice explains what data Spring Care collects and uses through our website; in the line of our work as a provider of social care; as an employer; any links to third party and other websites; and your rights as a data subject.

Spring Care will ensure it complies with Data Protection Law when it comes to processing your data.  We will use it lawfully and in a transparent way.  We will collect data only for the purposes that we explain to you and will only use it for purposes that are compatible with and relevant to those purposes.  We will keep your data accurate and up to date and will only retain it for as long as is necessary according to need and legal and regulatory purposes.  Your data will always be kept securely.

This Data Privacy Notice has been updated to include the changes being implemented by the General Data Protection Regulations (GDPR) which are in place from 25th May 2018.  This policy will be reviewed on a regular basis and updated when required.

How to Contact Us:

Spring Care PAs Battle Limited, 5 Red Barn Mews, Battle, East Sussex TN33 0AG

Registered in England Company Number 08527106

Registered with the Care Quality Commission Provider Number 1-782436986

www.springcarepas.co.uk

enquiries@springcarepas.co.uk

01424 777135

What is the GDPR?

The General Data Protection Regulation is a new, European-wide law that places greater obligations on organisations and how they handle personal data.

Spring Care PAs Battle Limited is registered with the Information Commissioner’s Office (ICO) as a Data Controller. The ICO are the regulatory authority for Data Protection in the UK.  They can be contacted here: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF   www.ico.org.uk    Tel: 0303 123 1113

What information does the GDPR apply to?

The GDPR applies to “personal data”.  Personal data (and Sensitive Personal Data) is any information which relates to an Identified or Identifiable Natural person (a living person).

Spring Care defines personal data as follows:

Personal Data –Information relating to identifiable individuals such as: Job Applicants Current and Former Employees Agency, Contract and other staff Customers and Service Users Suppliers Marketing Contacts
Sensitive Personal DataMarital Status Nationality Racial or Ethnic Origin Political opinions Religious or Similar beliefs Trade Union membership Physical or Mental Health condition Criminal Offences (or related proceedings)

Spring Care will collect and process Personal Data and Sensitive Personal Data as part of its recruitment and employment procedures; and as part of its Service User assessment and provision of care services.

Data Sharing

We use consistent third-parties who act as data processors on our behalf to provide specific services.  We may share your data with them to enable us to undertake the activities set out above.  They themselves may then become data controllers once your data is shared with them.  They may also introduce you to us or us to you, eg: social services, patient care teams within hospitals, Clinical Commissioning Groups (CCGs).

Your Rights – Access to your information and corrections

Under the Data Protection Law (GDPR and E-Privacy) you have certain rights as a Data Subject.

Right to be Forgotten (Right to Erasure)You have the right to have information about you to be erased.  If it is legal for us to do so and does not interfere with our ability to provide services to you we will comply with your request.
Right to Confirmation and AccessYou have the right to confirm what personal data is being held, for what purpose it is being used and what the safeguards are regards to sharing of your personal data with third parties.
Subject Access RequestYou have the right to request the nature and actual information that we hold about you.
Right to object to automated decision making or profilingYou have the right not be subject to a decision based solely on automated processing, including profiling. Please see section on Automated Decision Making
Right to Object to ProcessingYou have the right to object to any processing of personal data concerning you. Please note that Spring Care will make you aware of the consequences of any objection at the time of you raising it.
Right to RectificationYou have the right to ensure that the data we hold about you is correct at all times.
Right to Data TransferYou have the right to ensure that any of your personal data that is transferred abroad is done so securely giving you the same rights as if this data was being held in the UK. Please note that Spring Care does not transfer your personal data outside the UK.
Right to ComplainYou have the right to complain at any time if you feel that we have failed to safeguard your information.

For any Subject Access Requests (SARs) or any other request under Your Rights above please contact us in writing at the address set out at the top of this notice or by email on enquiries@springcarepas.co.uk

Website Privacy Notice

Spring Care uses cookies on its website.  Cookies are text files which collect log-on information and visitor behaviour information.  Cookies track visitor use and compile statistical reports on website activity.

The reason we monitor visitor activity is to enable us to make our website more responsive to the needs and preferences of our visitors.

We do not collect any identifiable data through our website.

You can set your browser to accept or decline cookies.  Please be aware that a decline preference may mean a loss of function in some of our website features.

For further information on cookies visit: www.aboutcookies.org or www.allaboutcookies.org

Spring Care’s website is subject to Google Analytics Software. The Google Analytics Software (‘the Software’) is separate to Spring Care and operated by Google Limited. The Software produce a report which shows the number of people who have clicked on this website but does not contain any personal identifiable information. Spring Care does not pass on any information to third parties.

Links to Third Party and other Websites

This website may include links to other websites which allow you to connect to them.  The links are provided as a convenient method of accessing information that may be useful or of interest to you.  These links are beyond the control of Spring Care and we therefore cannot accept any responsibility for them.  These sites may have their own privacy policies, and Spring Care cannot guarantee the privacy practices or the security of other sites.  Upon clicking a link you have left Spring Care’s website and the privacy policy stated on our website is no longer in effect.

Children

Our website is not intended for children.

We do not provide care services to children or young persons under the age of 18.

We do not employ children (classed as those under 14) in any capacity.

We do not knowingly collect or process data relating to children.

Security

Under the rules of the GDPR, Spring Care will be operating a Privacy by Design and Privacy by Default policy.  Meaning that before we use your data we will have already considered the potential impact on you as a Data Subject if your data were to be lost, stolen, shared or compromised.

Spring Care is in the process of reviewing its Security measures, which are likely to then include encryption of data wherever possible when it is to be stored with or transmitted to third parties.  Where data is stored or transmitted to a Third Country (any country outside of the European Economic Area (EEA) we will ensure appropriate adequacy protection is in place).  

Spring Care has contracts in place with all of its privately contracted third party relationships involving data transfer, such as for payroll processing, Disclosure and Barring checks, Care Management systems.  These contracts have been reviewed to ensure your data is always processed securely.

Please note that we may also need to undertake further security and screening questions when undertaking our routine dealings with you, these are in place to protect your personal data and security.

Automated Decision Making

Spring Care holds a contract with Access UK Ltd for their People Planner and Access Care Planning Care Management Systems, specifically for the following:

  • Scheduling and Rostering
  • Payroll and Invoicing
  • Daily Records for both staff and service users
  • To store information for service users, next of kin, funders
  • For recruitment and screening
  • For HR Records
  • For Accounting
  • For Insight and Analytics

People Planner enables Automated Decision Making Processes under its planning rules for things like Maximum Working Hours, Training and Qualification Rules (eg: can individual staff deliver the care required to the Service User), staff and Service User preference lists, Clashing / Near Clashing of care visit scheduling.

This Automated Decision Making is necessary for the entry into or performance of our contract with both Service Users and Employers.

Spring Care does NOT use any Automated Decision Making Processes or Profiling for its recruitment of staff or when deciding whether we are able to deliver care services to a potential Service User.

Data Retention Schedule

Job Applicants1Not shortlisted for interviewData destroyed within 30 days
 2Shortlisted for interviewData retained for 6 months
 3Successfully appointed and start work for usSee Employee section  
In the case or 1 or 2 above you have the Right to be Forgotten and we will destroy your data at your request  
Employees1Timesheets2 years
 2Occupational Health RecordsUntil 75th Birthday or 6 years whichever is sooner
 3HR FileUntil 75th Birthday or 6 years whichever is sooner
 4Training Records (Statutory and Mandatory)Until 75th Birthday or 6 years whichever is sooner
 5Salaries paid10 years
 6Tribunal Case Records10 years
You have the Right to be Forgotten, however please note that where we are obliged to keep your personal data because of a regulatory or legal requirement we will not be able to destroy the data  
Service Users and Families1Initial enquiry information6 months
 2Post Assessment – Where we have completed a Risk Assessment, which may include Sensitive Personal Data, but no service has started6 months
 3Having received a service from us8 years
In the case or 1 or 2 above you have the Right to be Forgotten and we will destroy your data at your request
All1Subject Access Requests (SARs)3 years
 2Litigation Records10 years

Service Users and Service Users’ Families or Advocates

What information do we collect about you?

The nature of our service means that very personal and sensitive information is discussed, openly and honestly, in order to ensure we can meet your health and social care needs in ways that are unique to your individual circumstances.  This specific type of information is required in order for us to meet our legal and regulatory obligations as a registered provider and to be able to fulfil our contract with you. 

If you are a next of kin or person with power of attorney, then your details are required to ensure that we can get the necessary authority in respect of the care services we are providing to the person under your authority.

We will be collecting and processing the following information:

  • Your full name, address and contact details and next of kin information
  • Your capacity to make decisions and/or whether we need to liaise with the person(s) you have entrusted with power of attorney
  • Any specific medical conditions that may affect our staff and our ability to look after you
  • Any specific health issues that you may be required to disclose, depending on the nature of the care we will be providing to you
  • Details relating to the methods through which your care is being funded.  If you are funding your care, then we will invoice you or your specified contact and receive payment via cash, cheque or bank transfer.  If your care is being funded, then we will deal with the organisation funding this, or any other party that you have nominated or has agreed to pay for your care
  • We will record details of any medication you require in order that we can ensure we administer this and we will also record any specific medical care wishes you have
  • If you wish us to, we will record other information such as your religion, to allow us, should you request, to contact the appropriate religious representative

The Lawful bases which we use are contained within the Data Protection Act 2018 and are:

Contractual ObligationWhen we have a contract with you to provide care and/or support services. You may have contracted us directly, or this contract may have been given to us by Social Services or CCGs and you have consented to us providing you with care and support (Consent to Care is separate from consent as a legal bases for us processing your data)  
Legal ObligationWhere we have a legal obligation to comply with current law, industry compliance requirements or court order. For example, providing funding agencies with information about the services we are providing to you, to comply with the Health & Social Care Act and the Care Quality Commission standards, or where we are required to be able to demonstrate skills and competences of our staff to comply with industry or legal requirements  
Vital InterestThis is where the sharing of information is in the vital interest of you or our staff. Such as sharing appropriate identity/information with a medical provider (ambulance, doctor, hospital, etc) in the event you are taken ill.  Where your condition may represent a threat to the interests, rights or freedoms of other people, eg: if you have a communicable disease and we believe your condition may represent a risk to our staff or other healthcare professionals

How information about you will be used

We may share information regarding your care with those who have a need to know, namely Health Professionals, such as GPs, District Nurses, Hospitals, etc.  Local Authorities, which would include departments such as Social Services, Housing, Day Centres etc.  Any relevant person identified by you, such as family members, Power of Attorney; and our staff. 

We will not share your information with anyone except those indicated above, unless required by law or at your specific request. 

Personal information supplied to us is used in a number of ways, for example:

  • To agree a Care Plan
  • To review your care needs
  • To monitor your medication
  • To help us improve our services

Upon completion of your Assessment of Needs (Risk Assessment), we compile a Care Plan which sets out tasks, aspirations and outcomes in order to meet all your identified needs and this is regularly reviewed and updated.  This includes liaison with all those involved in your care such as family, your representative relevant health and social care colleagues and other professionals.

In the event you are unwell, in an emergency, this information will be passed onto medical professionals, eg: ambulance, GP, hospital services.

How long do we keep your information for?

Please see the section on Data Retention