Last updated: 06 January 2021
Your personal information
Who we are
For the purpose of the Data Protection requirement the data controller is Home Care & Support Limited, Chatterton Works, Chantry Lane, Bromley, Kent, BR2 9QL. This is also our registered office.
If you want to request further information about this privacy notice or exercise any of your rights, you can email the team on: email@example.com.
If you want access to your health record please contact us:
Write to us:
Home Care & Support Limited
Kent, BR2 9QL
Our commitment to you
We are committed to protecting and respecting your privacy, and we take your privacy very seriously and we recognise the trust placed in us by individuals whose information we use.
To enable us to provide the best health and care we can, we collect different personal data and information required in order than we can properly fulfil the obligations set down by our NHS and Local Authority commissioners. Equally, we require data and information in order to ensure the care we deliver is person-centred, safe, effective and timely.
The information below sets out the basis on how any personal data we collect from you, or that you provide to us, or that we obtain about you will be processed by us. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it. We are committed to ensuring that we do so in a manner that is both lawful and respects your privacy.
Your data protection rights
We take the protection of your personal data very seriously and respect your privacy in accordance with data protection legislation and best practice. You have rights relating to your personal information. You can find more information about your privacy rights on the Information Commissioner’s Office website www.ico.org.uk.
The Data Protection Act 2018 and the General Data Protection Regulation 2018 (GDPR) directs how we must use the personal information we hold about you (both those we care for, and those that we employ).
You have the right to be informed about how and why we process your personal information and any time you give us personal information you have the right to be informed about why we need it and how we’ll use it.
You can find most of the information you need in this Privacy Notice.
You have right of access to any of your personal data that we hold about you
If you make a formal Subject Access request, we will respond to acknowledge your request and will first require you to prove your identity. We may also ask you for information about any specific information you are seeking to help us make sure we meet your request fully and in a timely way. If you agree, we will try to deal with your request informally, for example by providing you with the specific information you need over the telephone.
We will provide you the information that you are entitled to as soon as possible and without unreasonable delay and at the latest within one month of your identity been verified by us.
In exceptional cases we may extend the period of compliance by a further two months if the request(s) are complex or numerous. If this is the case, we will inform you within one month of the receipt of the request and explain why the extension is necessary.
In most circumstances there will be no charge for this right of this access.
The right to correct information
If you believe information, we hold about you to be inaccurate or incomplete, you can ask us to correct it at any time for example the spelling of your name or your contact information.
The right for processing of your personal information to be restricted
For example, if you are contesting the accuracy of data we are using about you. In such cases we will restrict our processing while we verify the accuracy of the data that we hold.
The right to object to certain processing
In addition to the right to restrict the use of your data, you also have a right to object to how we process it in certain circumstances.
The right to have certain information deleted
You can also ask for certain information about you to be deleted. For example, if you are moving out of the area. In some cases, we will be unable to delete your information if there are statutory grounds to retain it (i.e. HMRC or other legal requirements).
Information we collect from you and what we do with it
It is important that we inform you about the information we collect and why we collect it. The information we collect and the reason for collecting it are different for different groups of individuals.
Information can be classed as ‘personal’ for example your name, address or date of birth or ‘sensitive’ e.g. details about your health, race or ethnic origin, sexual orientation.
We do not collect more information than we need to fulfil our stated purposes and will not retain for longer than is necessary.
Our legal basis for processing personal information
As a legal entity under the Companies Act 2006 and as a provider of health and care services, we process personal information pursuant to our role in the wider healthcare economy. We have a statutory obligation to provide services that are safe, caring, effective, responsive and well-led.
As such our work is based upon statutory powers which underpin the legal bases that apply for the purposes of the GDPR. The legal bases for the majority of our processing are:
We collect and use your personal information under the following primary lawful bases:
– the processing is necessary for us to perform a task in the public interest or for our official functions, and the task or function has a clear basis in law;
– where we have the consent of the data subject;
– where it is necessary for compliance with any legal obligation, for example the processing is necessary for us to comply with legislation such as Subject Access or Freedom of Information requests;
– where processing is necessary to protect the vital interests of the data subject or another person.
Sensitive personal data
Where we process special category data, for example data concerning including health, racial or ethnic origin, or sexual orientation, we need to meet an additional condition in the GDPR.
1. Where it is necessary for the purposes of preventive or occupational medicine, for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and service;
2. processing is necessary to protect the vital interests of the data subject or of another natural person where the data subject is physically or legally incapable of giving consent;
3. processing is necessary for the purposes of carrying out the obligations and exercising specific rights of the controller or of the data subject in the field of employment and social security and social protection law;
4. processing is necessary for the establishment, exercise or defence of legal claims;
5. processing is necessary for reasons of public interest in the area of public health; or
6. where you have consented to specific processing, for example under some special projects that we may undertake.
The list below provides a general overview of the types of information we collect and why, it is not an exhaustive list but gives an indication of the general types of information we collect.
In general, the personal information that we collect, hold and share includes:
– personal information (such as name, date of birth, NHS number, addresses, contact details);
– characteristics (such as gender, ethnicity, language, medical conditions, nationality, country of birth);
– details of the medical records and health of patients including current and previous GP practice details;
– specific information relation to child protection or safeguarding.
Most of the time, anonymised data is used for research and planning so that you cannot be identified in which case your confidential patient information isn’t needed.
You have a choice about whether you want your confidential patient information to be used in this way. If you are happy with this use of information you do not need to do anything. If you do choose to opt out your confidential patient information will still be used to support your individual care.
You can also find out more about how patient information is used at https://www.hra.nhs.uk/information-about-patients/ (which covers health and care research); and https://understandingpatientdata.org.uk/what-you-need-know (which covers how and why patient information is used, the safeguards and how decisions are made.
You can change your mind about your choice at any time.
Data being used or shared for purposes beyond individual care does not include your data being shared with insurance companies or used for marketing purposes and data would only be used in this way with your specific agreement.
Who we share information with
We understand that sharing information is a sensitive topic, however on occasions it is necessary for us to allow others to see your personal data. We will never sell your information and are committed to being transparent with you about where we legally share information, the reason why and who with. The information below gives an overview of the most frequent sharing that we undertake.
We routinely share information with internal and external health professionals directly involved with your care. We may share your personal information with NHS organisations, or the Local Authority for health care purposes. This may include NHS trusts, or other providers of NHS services including for example general practitioners (GPs), ambulance services and primary care agencies.
We may need to share information with other non-NHS organisations, such as social care bodies or social services, where you receive social care.
These non-NHS organisations may include, but are not restricted to:
– Social Services
– Education services
– Local authorities
– The police
– Voluntary sector providers
– Other private sector providers
All members of staff employed by these agencies are bound by the common law duty of confidentiality which means that information that you provide to us must be held in confidence and not shared with anyone else.
We may need to share information from your health record for the purposes of evaluating the quality of care that we provide, for example with professional bodies and regulators in accordance with our statutory obligations.
We may also be asked by other statutory bodies to share basic information about you, such as your name and address – but not sensitive information from your health records. When this happens, it is normally because it will assist them to carry out their statutory duties and it is lawful for us to do so.
On occasions we may be required by law to provide information about you for any of the following purposes:
– the prevention or detection of crime,
– the apprehension or prosecution of offenders, or
– the assessment or collection of any tax or duty or of any imposition of a similar nature.
– We are not obliged to inform you when this happens.
Your information may be accessed and shared internally by our staff in the event of routine enquiries, complaints about us or where we are required to do so by law, for example processing subject access requests or maintaining our accounts and prevention of fraud. This may include members of different departmental admin teams and our IT staff if access to the data is necessary for performance of their roles, the nature of the enquiry or request and it is within the above lawful bases.
Information about the use of our IT systems is shared with technical suppliers for the purposes of support and system administration.
In the event that we share personal data with third parties, we will provide the minimum amount of personal data necessary to fulfil the purpose for which we are required to share the data.
Where we store your personal information and how we protect it
All personal information is stored on our IT systems on secure servers, in locked cabinets in protected areas of our offices. We operate a suite of IT and security policies to ensure your information is kept secure, including appropriate access and auditing controls.
We use anti-virus software and firewalls to protect against cyber-attacks. Unfortunately, the transmission of information via the internet isn’t completely secure. Although we’ll do our best to protect your personal information, we cannot guarantee the security of information you may send to us that is outside of our security arrangements, for example via your personal email accounts etc. We use the NHSmail system for transmitting email communications and sensitive data between parties that share an encrypted link with the NHSmail network.
We also operate strict physical security at all our sites and our employees all receive security and data protection awareness training.
Your information is not sent outside the United Kingdom or the European Union unless the recipient has the same level of legal responsibility as we do.
How long we keep information about you
We only keep information for as long as necessary in accordance with legislation or relevant regulations. Once we no longer need to keep your information, we remove it from our systems or securely dispose of it.
All patient and customer records are destroyed in accordance with the Records Management Code of Practice for Health and Social Care which sets out the appropriate length of time each type of record is retained for.
We do not keep personal records for longer than necessary and all records are destroyed confidentially once their retention period has been met, and we have made the decision that the records are no longer required.
Changes to this notice
This privacy notice may change from time to time, for example, if the law around privacy or personal information changes or for operational purposes. We encourage you to check for updates to this notice from time to time.
Making a complaint
Home Care & Support Limited tries to meet the highest standards when collecting and using personal information. For this reason, we take any complaints we receive about this very seriously. We encourage people to bring it to our attention if they think that our collection or use of information is unfair, misleading or inappropriate. We would also welcome any suggestions for improving our procedures. Please contact your care co-ordinator or a member of the office team.
If you believe that we have not complied with your data protection rights, you can complain to the Information Commissioner’s Office, their address is Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AFor by calling 0303 123 1113.
- Our main website: www.bromleyhomecare.co.uk
It sets out the different areas where user privacy is concerned and outlines the obligations and requirements of the users, the website and website owners. This policy also explains the way this website processes, stores and protects user data and information.
The information we collect and its use
We collect certain information and/or data about you when you use this website. This can be from questions, queries or feedback you leave, transactions you make or from cookies we may use. This helps us to monitor and improve the site, respond to any feedback you may send us – if you have asked us to or provide you with other information. While using our website, we may ask you to provide us with personally identifiable information that can be used to respond to your query. The information required can vary between items/functions and may include, but is not limited to:
– your full name
– your address
– your email address
– your date of birth
– your NHS number.
We have referral forms for a number of our services and these forms ask for a range of different information to help the service with the referral.
Like most websites, we collect non-personally identifying information about your interactions and use of www.bromleyhomecare.co.uk. Cookies are small files saved to your computer that track, save and store this information The information that cookies may collect can be about:
– your computer and your visits to and use of this website, including your IP address, geographical location, browser type and version, operating system, referral source, length of visit, page views, website navigation details
– any transactions carried out between you and us on or in relation to this website
– the details that you provide to us for the purpose of registering with us
– the details that you provide to us for the purpose of subscribing to our website services, email notifications and/or marketing materials
– any other information that you choose to send to us.
Limiting collection, use, disclosure and retention
The personal information collected will be limited to just those details necessary to achieve the intended purpose, such as processing and delivering your purchase. They will only be used or disclosed for this purpose unless you have otherwise consented, or when it is required or permitted by law. Personal information is kept private and stored securely until a time when it is no longer required or has no use, such as the purpose for which it was collected being fulfilled, as detailed in the current data protection legislation. In general this will be for a period of one year.
Keeping your data secure
Personal information will be protected by security safeguards that are appropriate to the sensitivity level of the information. We take all reasonable precautions to protect your personal information from any loss or unauthorised use, access or disclosure. Wherever we collect personal information, such as for an online purchase, this information is encrypted and transmitted in a secure way. You can verify this by looking for a closed padlock icon and/or for ‘https’ in the address bar of your browser. Your information is only accessed by those people who need it to perform a specific task, such as responding to a query or the delivery of goods ordered through the website. This is restricted solely to the service responsible for the item/product you have purchased or the individual(s) dealing with your query. We won’t share your information with other organisations for marketing, market research or commercial purposes.
Upon request, you will be informed of the existence, use and disclosure of what information we hold about you in relation to this website. You may verify the accuracy and completeness of your information and, if appropriate, may request that it be amended. However, in certain circumstances permitted by law, we will not disclose certain information to you. For example, if there are legal, security or commercial proprietary restrictions.
Social media platforms
Communication, engagement and actions taken through external social media platforms with which this website and its owners participate are custom to the terms and conditions, as well as the privacy policies held with each social media respective platform. Users are advised to use social media platforms wisely and communicate/engage upon them with due care and caution in regard to their own privacy and personal details. This website may use social sharing buttons which help share web content directly from web pages to the social media platform in question. Users are advised before using such social sharing buttons that they do so at their own discretion and note that the social media platform may track and save your request to share a web page respectively through your social media platform account.
Shortened links in social media
This website and its owners through their social media platform accounts may share web links to relevant web pages. By default some social media platforms shorten lengthy urls (web addresses). Users are advised to take caution and good judgement before clicking any shortened urls published on social media platforms by this website and its owners. Despite the best efforts to make sure only genuine urls are published, many social media platforms are prone to spam and hacking and so this website and its owners cannot be held liable for any damages or implications caused by visiting any shortened links.
Terms and conditions
These terms apply to all visitors, users and others who access or use the www.bromleyhomecare.co.uk website. Home Care & Support Limited (referred to as ‘we’, ‘us’ or ‘our’ from now on) whose registered office is Chatterton Works, Chantry Lane, Bromley, Kent BR2 9QL is the owner and operator of this website (hereafter “the Website”). The terms ‘you’ and “your” refer to the user or viewer of the Website.
These terms, together with any other policies, apply to: Home Care & Support Limited.
Use of the website
– The content of the pages of the Website is for your general information and use only. It is subject to change without notice.
– your computer and your visits to and use of the Website (including your IP, address, geographical location, browser type and version, operating system, referral source, length of visit, page views and website navigation details)
– any transactions carried out between you and us on or in relation to the Website, including information relating to any purchases you make of our goods or services
– details that you provide to us for the purpose of registering with us
– details that you provide to us for the purpose of subscribing to our website services, email notifications and/or marketing materials
– any other information that you choose to send to us.
– This is statistical data about our users’ browsing actions and patterns and does not identify any individual.
– Neither we nor any third parties provide any warranty or guarantee as to the accuracy, timeliness, performance, completeness or suitability of the information and materials found or offered on the Website for any particular purpose. You acknowledge that such information and materials may contain inaccuracies or errors and we expressly exclude liability for any such inaccuracies or errors to the fullest extent permitted by law.
– Your use of any information or materials on the Website is entirely at your own risk, for which we shall not be liable. It shall be your own responsibility to make sure that any products, services or information available through the Website meet your specific requirements.
– The Website contains material, which is owned by or licensed to us. This material includes, but is not limited to, the design, layout, look, appearance and graphics. Reproduction is prohibited other than in accordance with the copyright notice, which forms part of these terms and conditions.
– All trade-marks reproduced in the Website which are not the property of, or licensed to Kent Community Health NHS Foundation Trust, are acknowledged on the Website.
– Unauthorised use or reproduction of material on the Website may be a breach of copyright and give rise to a claim for damages and/or be a criminal offence.
– From time to time, the Website may also include links to other websites. These links are provided in good faith for your convenience to allow you to quickly access sources of further information. However the presence of these links does not signify that we endorse the website(s) and we have no responsibility for the content of the linked website(s).
– Your use of the Website and any dispute arising out of such use of the Website is subject to the laws of England and Wales.
Links to other websites
The Website may contain links to third party websites or services that are not owned or controlled by us. We have no control over, and assume no responsibility for, the content, privacy policies, or practices of any third party websites or services. You further acknowledge and agree that we shall not be responsible or liable, directly or indirectly, for any damage or loss caused or alleged to be caused by, or in connection with, use of or reliance on any such content, goods or services available on or through any such websites or services.
We reserve the right, at our sole discretion, to modify or replace these terms and conditions at any time.
We reserve the right, at our sole discretion, to modify or replace these terms and conditions at any time.
If you have any questions about these terms and conditions, please contact us at:
020 8464 8811
Kent, BR2 9QL