Privacy Policy
Introduction
We, East Sussex, Brighton & Hove Crossroads Care, are the ‘controllers’ of the information (‘personal data’) that we collect about you. Being controllers of your personal data, we are responsible for how your data is processed. The word ‘process’ covers most things that can be done with personal data, including collection, storage, use and destruction of that data.
As the ‘controller’ of your personal information, we will ensure that the data we hold about you is:
- Used lawfully, fairly and in a transparent way.
- Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes.
- Relevant to the purposes we have told you about and limited only to those purposes.
- Accurate and kept up to date.
- Kept only as long as necessary.
- Kept and destroyed securely.
This notice explains why and how we process your data, and explains the rights you have around your data, including the right to access it and to object to the way it is processed. Please see the section on ‘Your rights as a data subject’ for more information.
Please note when we refer to:
- A ‘public body’ we mean any organisation in the UK which delivers, commissions, or reviews a public service and includes (but is not limited to) the Ombudsman, Sussex Health and Care Integrated Care System (ICS), the National Health Service and CQC (Care Quality Commission)
- A ‘health or social care professional‘ we mean any person who provides direct services, acts as consultant, or is involved in the commission of your healthcare or social care services, including (but not limited to) your general practitioner (GP), dental staff, pharmacists, nurses and health visitors, clinical psychologists, dieticians, physiotherapists, occupational therapists, hospital staff, social workers and other care and support related professionals.
We are a registered charity and a company limited by guarantee and our contact details are:
Address: | ESBH Crossroads Care, Community Base, 113 Queens Road, Brighton, Sussex, BN1 3XG |
Email: | [email protected] |
Telephone number: | 01273 234021 |
Our Data Protection Lead can be contacted using the details above if you have any queries about this notice or anything related to data protection.
PERSONAL DATA
‘Personal data’ is any information that relates to a living, identifiable person. This data can include your name, contact details, and other information we gather as part of our relationship with you.
It can also include ‘special categories’ of data, which is information about a person’s race or ethnic origin, religious, political, or other beliefs, physical or mental health, trade union membership, genetic or biometric data, sex life or sexual orientation. The collection and use of these types of data is subject to strict controls. Similarly, information about criminal convictions and offences is also limited in the way it can be processed.
We are committed to protecting your personal data, whether it is ‘special categories’ or not, and we only process data if we need to for a specific purpose, as explained below. We collect your personal data mostly through our contact with you, and the data is usually provided by you, but, in some instances, we may receive data about you from other people or organisations. We explain when this might happen in this Notice.
Service Users
What data do we have?
When you enquire about our care and support services through our website, phone, email, post, face-to-face or social media, and during the course of providing care and support services to you, we collect the following personal information when you provide it to us:
- Your name, home address, date of birth, gender and contact details (including your telephone number, email address)
- Information about your next of kin, emergency contacts details and power of attorney. (i.e. name, relationship, home, and telephone numbers)
- Your communication needs / requirements
- Information relating to resuscitation requirements.
- Contact details for your GP
- Your likes, dislikes, and lifestyle preferences (including your religious beliefs or other beliefs of a similar nature, racial or ethnic origin, health, and sexual orientation (so far as they relate to providing you with suitable care)
- Your feedback and contributions to questionnaires and surveys about the service we offer
- Your complaints, compliments, or concerns about the service we provide.
- Any accidents and incidents or near misses you may have been involved in whilst on our premises or whilst our employees are delivering a service to you – this may include details of injuries and treatment you may have received.
We also record the following data which is classified as “special category”:
- Health and social care data about you, which might include both your physical and mental health data. This will can include health conditions, medication, mobility assistance and risk assessments.
- We may also record data about your religious beliefs or other beliefs of a similar nature, racial or ethnic origin, gender identity and sexual orientation (so far as they relate to providing you with suitable care).
We work closely with third parties such as health and social care professionals and public bodies.
We therefore also obtain personal information about you from other sources such as:
- Your allergies and any medical, physical or mental conditions, assessments and in particular your care and support needs, from any appropriate external health or social care professionals.
- Your name, home address, date of birth, contact details, needs assessments and financial assessments from any appropriate external health or social care professionals (including any relevant public body regardless of whether you are publicly funded)
- Your likes, dislikes and lifestyle preferences (including your religious beliefs or other beliefs of a similar nature, racial or ethnic origin, health and sexual orientation (so far as they relate to providing you with suitable care) from your family, friends and any other person you have nominated as your representative.
- Your legal representative (for example Lasting Power of Attorney), if applicable
Why do we have this data?
We need this data for the preparation of care and support plans and provision of your care needs, including medical, physical, or mental condition is necessary to enable us to create a care plan and to provide you with suitable care and support services. The provision of your name, home address and telephone number are required so that we can arrange a care support worker to attend your home to deliver service. Without this information, we will not be able to assess your care needs or arrange a care support worker to attend your home to deliver services to you.
We use your personal information to:
- Prepare, review and update a suitable care support plan, describing the nature and level of care and support services which you have requested
- To communicate with you, your representatives and any appropriate external health or social care professionals about your individual needs and personalise the service delivered to you
- Respond, should your care needs change, to meet your individual needs and ensure the safety of you and your Care Support Worker.
- Invoice you for the care and support services in accordance with the contractual terms and conditions
- Carry out quality visits, monitor the effectiveness of our services and improve our customer experience
- Send information about our services and events which we believe you may be interested in. You may unsubscribe from this at any time
- Notify you about changes to our services which are relevant to you
- Respond to you following an enquiry received via our website
By law, we need to have a lawful basis for processing your personal data. We process your data because we have a legal obligation to do so – generally under the Health and Social Care Act 2012 or Mental Capacity Act 2005.
We rely on the following grounds within the GDPR:
- Article 6(1)(a) – processing is conducted with your consent to process personal data for specified purposes
- Article 6(1)(b) – processing is necessary for the performance of our contracts to provide individuals with care and support services
- Article 6(1)(c) – processing is necessary for us to demonstrate compliance with our regulatory framework and the law
- Article 6 (1)(e) – for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller
- Article 6(1)(f) – to process your personal data in pursuit of legitimate interests, which include; Events and Fundraising Information – the privacy impact on you is expected to be minimal. Information will be specific to events we believe are of interest to you using information from enquiries we receive from you, you can unsubscribe at any time
GDPR recognises that additional care is required when processing special category (sensitive) data such as your health.
We process this under the following grounds within GDPR;
- Article 9(2)(h) – processing is necessary for the provision of social care or the management of social care systems and services.
We may also process your data with your consent. If we need to ask for your permission, we will offer you a clear choice and ask that you confirm to us that you consent. We will also explain clearly to you what we need the data for and how you can withdraw your consent at any time.
Where do we process your data?
So that we can provide you with high quality care and support we need specific data. This is collected from or shared with:
- You or your legal representative(s);
- Third parties.
- We may share your medical information with appropriate external health or social care professionals (including your GP and pharmacist) and any individuals you have nominated as your representative as and when required. This data sharing enables us to establish the type of care and support you need; it also allows us to work with you to design the right care package to suit your individual needs.
- We will share personal information with law enforcement or other authorities if legally required to do so. This includes information required by public bodies to evidence our compliance with the applicable regulatory framework. We are also required to share personal information with external health or social care professionals, including public bodies and local safeguarding groups (in some circumstances) to ensure your safety.
- We will share relevant personal information with Care Support Workers and the Care Management Team on a need-to-know basis in order to provide safe and effective services to you.
- We will share information with our insurance company and where applicable with the Health & Safety Executive, following accidents & incidents.
In order to deliver our service to you we rely on third parties to provide specialist support to us. To provide this support they will have access to or a duty of care over your personal information. These providers are:
- IT and Telecoms Support companies – to ensure the safe, secure and resilient operation of our IT infrastructure including computers, servers, phones and mobile devices
- Software support companies – to provide specialist support and resolve issues with the software that we run, for example the systems we use to store and manage your customer records
- Data archiving companies – responsible for the secure storage and destruction of records.
- These providers operate under a written contract to ensure the same level of privacy and security that we promise to you.
We do this face to face, via phone, via email, via our website, via post, via application forms, via apps.
We will not share, your personal information with any other third party without your consent.
We will never sell or trade your personal information with any other third party.
Staff
What data do we have?
So that we can provide a safe and professional service, we need to keep certain records about you. We may record the following types of data:
- Your basic details and contact information e.g. your name, address, date of birth, sex, National Insurance number and next of kin;
- Your financial details e.g. details so that we can pay you, insurance, pension and tax details;
- Details of your education and qualifications and previous work experience
- emergency contact details
- employment history with East Sussex, Brighton & Hove Crossroads Care
- employment terms and conditions (eg pay, hours of work, holidays, benefits, absence)
- any accidents connected with work
- any training taken during your employment with East Sussex, Brighton & Hove Crossroads Care
- any disciplinary action during your employment with East Sussex, Brighton & Hove Crossroads Care
With your permission, we may also record the following data which is classified as “special category”:
- Health and social care data about you, which might include both your physical and mental health data – we will only collect this if it is necessary for us to know as your employer, e.g. fit notes or in order for you to claim statutory maternity/paternity pay;
- Biometrics
- Political membership or opinions
- Trade union membership
- genetics
- Your race, ethnic origin, sexual orientation, sexual history or religion.
As part of your application you may – depending on your job role – be required to undergo a Disclosure and Barring Service (DBS) check (Criminal Record Check). We do not keep this data once we’ve seen it.
Why do we have this data?
We require this data so that we can contact you, pay you and make sure you receive the training and support you need to perform your job. By law, we need to have a lawful basis for processing your personal data.
We process your data because:
- We have a legal obligation under UK employment law;
- We are required to do so in our performance of a public task;
- We have a legitimate interest in processing your data – for example, we provide data about your training to Skills for Care’s Adult Workforce Data Set, this allows Skills for Care to produce reports about workforce planning.
- We are required to provide data to our regulator, the Care Quality Commission (CQC), as part of our public interest obligations.
We process your special category data because:
- It is necessary for us to process requests for sick pay or maternity pay.
If we request your criminal records data, it is because we have a legal obligation to do this due to the type of work you do. This is set out in the Data Protection Act 2018 and the Rehabilitation of Offenders Act 1974 (Exceptions) Order 1975. We do not keep a record of your criminal records information (if any). We do record that we have checked this.
We may also process your data with your consent. If we need to ask for your permission, we will offer you a clear choice and ask that you confirm to us that you consent. We will also explain clearly to you what we need the data for and how you can withdraw your consent.
Where do we process your data?
As your employer we need specific data. This is collected from or shared with:
- You or your legal representative(s);
- Third parties.
We do this face to face, via phone, via email, via our website, via post, via application forms, via apps.
Third parties are organisations we have a legal reason to share your data with. These include:
- Her Majesty’s Revenue and Customs (HMRC);
- Our pension and healthcare schemes provide details of external companies providing this resource;
- Our external payroll provider; Sage.
- Organisations we have a legal obligation to share information with i.e. for safeguarding, the CQC.
- The police or other law enforcement agencies if we have to by law or court order.
- The DBS Service provide details of the umbrella organisation used if not the DBS service directly.
Friends/Relatives
What data do we have?
As part of our work providing high-quality care and support, it might be necessary that we hold the following information on you:
- Your basic details and contact information e.g. your name and address.
Why do we have this data?
By law, we need to have a lawful basis for processing your personal data.
We process your data because we have a legitimate business interest in holding next of kin and lasting power of attorney information about the individuals who use our service and keeping emergency contact details for our staff.
We may also process your data with your consent. If we need to ask for your permission, we will offer you a clear choice and ask that you confirm to us that you consent. We will also explain clearly to you what we need the data for and how you can withdraw your consent.
Where do we process your data?
So that we can provide high quality care and support we need specific data. This is collected from or shared with:
- You or your legal representative(s);
- Third parties. Delete if you do not receive next of kin information from Third Parties
We do this face to face, via phone, via email, via our website, via post, via application forms, via apps.
Third parties are organisations we have a legal reason to share your data with. These may include:
- Other parts of the health and care system such as local hospitals, the GP, the pharmacy, social workers, and other health and care professionals.
- The Local Authority;
- The police or other law enforcement agencies if we have to by law or court order.
HOW WE STORE YOUR DATA
Your personal data is held in both hard copy and electronic formats. Hard Copy documents are kept locked and secured within our main office.
Electronic data is stored on our software supplier’s servers. For further details, the privacy notices of our software suppliers, can be found here:
birdie: https://www.birdie.care/terms/privacy-notice
Microsoft: https://www.microsoft.com/en-gb/trust-center/privacy
Sage: https://www.sage.com/en-gb/legal/privacy/
Egress: https://www.egress.com/legal/privacy-policy
OUR WEBSITE
In order to provide you with the best experience while using our website, we process some data about you.
Cookies are small files that websites store on your computer and that contain various types of information about your visit to a website. They are not viruses or malicious software, but they are generally aimed at providing you with a good experience when browsing a site by, for example, remembering your preferences so that you do not need to reset them every time you visit the website.
Cookies can record information about how you browse the internet. They can, therefore, be used by websites to advertise goods and services which, based on your browsing history, are similar to goods and services you have previously searched online. This is why some users reject or delete cookies.
Cookies normally expire after a length of time, which can vary from a few minutes to more than a year. Some cookies are ‘session cookies’ that are deleted when you close your internet browser or after a period of inactivity. Others are ‘persistent cookies’ that remain on your computer until their expiration date.
We do not store cookies on your computer without your consent, unless they have the sole purpose of carrying out the transmission of communications or they are strictly necessary for providing an online service.
You may restrict or block cookies that are set by any website through your browser settings. Your browser settings also allow you to clear your browsing history and delete cookies.
Information about how you can do this can be found on this link https://ico.org.uk/for-the-public/online/cookies. Mobile devices may have their own settings and you need to refer to the manual of the device. Please note that restricting or disabling cookies may impact the functioning of parts of our website.
Our website uses the following cookies:
cookieyes-consent
CookieYes sets this cookie to remember users' consent preferences so that their preferences are respected on subsequent visits to this site. It does not collect or store any personal information about the site visitors.
google analytics
Google Analytics sets this cookie to calculate visitor, session and campaign data and track site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognise unique visitors.
NATIONAL DATA OPT-OUT
East Sussex, Brighton & Hove Crossroads Care reviews all our processing on an annual basis to assess whether any of our service user personal data is being processed for purposes other than individual direct care (such as research or planning purposes) in which case the National Data Opt-
Out Policy applies. All new processing is also assessed. If any data falls within the scope of the National Data Opt-Out, we check if any of our service users have opted out of their data being used for this purpose.
At this time, we do not share any data for planning or research purposes for which the
National Data Opt-Out would apply. We review all of the confidential information we
process on an annual basis to see if this is used for research or planning purposes. If it is,
then individuals can decide to stop their information being shared for this purpose.
YOUR RIGHTS
The data that we keep about you is your data and we ensure that we keep it confidential and that it is used appropriately. You have the following rights when it comes to your data:
- You have the right to request a copy of all of the data we keep about you. Generally, we will not charge for this service;
- You have the right to ask us to correct any data we have which you believe to be inaccurate or incomplete. You can also request that we restrict all processing of your data while we consider your rectification request;
- You have the right to ask that we erase any of your personal data which is no longer necessary for the purpose we originally collected it for. We retain our data in line with the Information Governance Alliance’s guidelines (https://transform.england.nhs.uk/information-governance/guidance/records-management-code/records-management-code-of-practice-2021/#appendix-ii-retention-schedule)
- You may also request that we restrict processing if we no longer require your personal data for the purpose we originally collected it for, but you do not wish for it to be erased.
- You can ask for your data to be erased if we have asked for your consent to process your data. You can withdraw consent at any time – please contact us to do so.
- If we are processing your data as part of our legitimate interests as an organisation or in order to complete a task in the public interest, you have the right to object to that processing. We will restrict all processing of this data while we look into your objection.
If you would like to exercise any of these rights, please contact:
The Data Protection Lead
ESBH Crossroads Care,
Community Base
113 Queens Road
Brighton
BN1 3XG
Email: [email protected] (Subject:)
Tel: 01273 234021
Contact us using the details above making clear that you wish to exercise one of your privacy rights
- Let us have enough information to identify you (e.g. your name and address)
- Let us have proof of your identity and address (a copy of your driving licence or passport and a recent utility or credit card bill), and
- Let us know the information to which your request relates, including any account or reference numbers, if you have them
This is to make sure that data is not shared with the wrong person inappropriately. We will always respond to your request as soon as possible and at the latest within one month.
Withdrawing Consent
If we are relying on ‘consent’ to process your data, you may withdraw your consent at any time.
How to complain
We hope that we can resolve any query or concern you raise about our use of your information. You can raise any concern you may have with the Data Protection Lead using the contact details above.
If you would like to complain about how we have dealt with your request, please contact:
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
https://ico.org.uk/global/contact-us/
This privacy policy was reviewed on 3rd June 2024.
We may change this privacy policy from time to time, when changes are significant, we will draw your attention to this via our website.