Contents
1 Introduction
2 The information we collect and when
3 How we use your information
4 Who we might share your information with
5 How we keep you updated on our products and services
6 Your rights over your information
7 How long we keep your information for
8 Giving your reviews and sharing your thoughts
9 Security
10 What happens if our business changes hands?
11 Changes to Our Privacy Policy
12 How to contact us
Revision History
Details
Initial Creation
Review
Author
M Spall, DPO
D Sayer, DPO
Introduction
Mission Care (referred to as “We, “Our” or “Us”), is committed to protecting the privacy and security of your personal information. We take care to protect the privacy of the residents and the families of those who reside in our care homes.
We have therefore developed this privacy notice to inform you of the information we collect, what we do with your information, what we do to keep it secure as well as the rights and choices you have over your personal information.
Throughout this document we refer to Data Protection Legislation which means the Data Protection Act 2018 (DPA2018), United Kingdom General Data Protection Regulation (UK GDPR), the Privacy and Electronic Communications (EC Directive) Regulations 2003 and any legislation implemented in connection with the aforementioned legislation.
Where data is processed by a controller or processor established in the European Union or comprises the data of people in the European Union, it also includes the EU General Data Protection Regulation (EU GDPR). This includes any replacement legislation coming into effect from time to time.
Mission Care is the controller for the personal information we process, unless otherwise stated.
We are registered with the Information Commissioner’s Office (the ICO) with registration number Z7488873.
You can contact us either by phone, email or post.
Our main trading/postal address:
Suite 4, Langford House
7 High Street
Chislehurst
Kent
BR7 5AB
Phone : 0303 123 3201
Email: gdpr@missioncare.org.uk
Our Data Protection Officer is:
The DPO Centre Ltd.
50 Liverpool Street
London
EC2M 7PY
Phone: 0203 797 1289
Website: www.dpocentre.com
The information we collect and when
We only collect personal information that we know we need to process to provide accommodation and care to elderly and vulnerable individuals who may suffer with mental and /or physical health conditions and to communicate with their family or relatives. We will only use the personal information in accordance with the Data Protection Legislation as stated above.
The type of personal information that we will collect, and you voluntarily provide to us for this service include some or all of the following:
• Your name
• Gender
• Address
• Telephone number(s)
• Email address
• Medical information
• Disability information
• Next of kin details
• Bank account details
• Photographs
We may, depending on our dealings with you, extend this personal information to include further personal data.
For the majority of the time, you are under no statutory or contractual requirement or obligation to provide us with your personal information; however, we require at least the information above in order for us to provide our services to you and to deal with you as a resident of our care homes in an efficient and effective manner. There may, however, be occasions when the law within the UK requires us to hold certain information about you.
Under the UK General Data Protection Regulation (UK GDPR), the lawful bases we rely on for processing this information are:
(a) Your consent
You told us that we can use your data for a specific and defined activity.
You are able to withdraw your consent anytime by contacting us at gdpr@missioncare.org.uk.
(b) We have a contractual obligation
Processing is necessary to fulfil or prepare a contract with you; for example, the information that we are required to collect in order to provide our party services.
(c) We have a legal obligation
Processing is necessary to meet a legal obligation applicable to us, for example, if we are required to retain your information to comply with tax/revenue laws.
(d) We have a vital interest
Processing is necessary to protect a person’s life or in an urgent medical situation.
(e) We need it to perform a public task
(f) We have a legitimate interest
Processing is necessary for our legitimate business interests. This condition does not apply if there is a good reason to protect your personal data which overrides our legitimate interest.
How we use your information
To contact you, following your enquiry, reply to any questions, suggestions, issues or complaints you have contacted us about
To provide you with the best possible service as a resident of one of our care homes;
To provide medical care to you based on your needs;
Take payment from you or give you a refund;
To obtain feedback on our services to help us to constantly improve our services to you;
During your participation of events hosted by us or at our premises that may include our staff or other individuals taking photographs to capture the moments during the event;
To maintain a safe and secure environment for all residents and staff within our care homes;
To liaise effectively and efficiently with other organisations and third parties to ensure our service meets your needs;
Help answer your questions and solve any issues you have;
To allow us to monitor our website usage and demand for services;
To allow us to meet our legal, regulatory and compliance requirements.
We will only use your personal information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us.
Please note that we may process your personal information without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
Who we might share your information with
We may share your personal information with other organisations in the following circumstances:
If the law or a public authority says we must share the personal data;
If we need to liaise with other third-party agencies, such as the NHS, Social Care Services, in order to provide the best possible care to residents;
If we need to employ the services of external professionals to assist with the care of our residents, such as physiotherapists, nutritionists, speech/hearing specialists; with external auditors, such as the Care Quality Commission (CQC);
If we need to share personal information to establish, exercise or defend our legal rights; or
From time to time, employ the services of other third-party service providers providing us with supporting services such as, for the operation of the Website. However, all the information we share will be collected and anonymised, so neither you nor any of your devices can be identified from it.
We will not share your information with any third parties for the purposes of direct marketing.
We may use third-party service providers to provide certain services to us. We have Data Processor Agreements in place with our data processors. This means that they cannot do anything with your personal information unless we have instructed them to do it. They will not share your personal information with any organisation apart from us or further sub-processors who must comply with our Data Processor Agreement. They will hold your personal data securely and retain it for the period we instruct.
We may also share your personal information for the purposes of preventing fraud and reducing credit risk.
How we keep you updated on our products and services
We will not send marketing material to residents of our care homes.
We may send marketing information about our services and upcoming events related to the care homes to the resident’s relatives, but only if we have received their explicit consent allowing us to do so. We will seek to obtain your or their consent at the outset of providing of our services and you can change your mind at any time and withdraw your consent by informing us by email, over the phone, or in writing.
If you wish to withdraw your consent, you can do so by contacting us at gdpr@missioncare.org.uk or 0303 123 3201.
Your rights over your information
The right to be informed about our collection and use of personal data;
You have the right to be informed about the collection and use of your personal information. We ensure we do this through our internal data protection policies and through our external website privacy notice. These are regularly reviewed and updated to ensure these are accurate and reflect our data processing activities.
Right to Access Your Personal Information
You have the right to access the personal information that we hold about you in many circumstances, by making a request to us, these requests can be made via email, letter, in person or over the telephone.
This is sometimes referred to as a ‘Subject Access Request’. If we agree that we are obliged to provide personal information to you (or someone else on your behalf), we will provide it to you or them free of charge and aim to do so within 1 month from when your identity has been confirmed.
We would ask for proof of identity and sufficient information about your interactions with us so that we can locate your personal information.
If you would like to exercise this right, please contact us as set out below.
Right to Correction Your Personal Information
If any of the personal information we hold about you is inaccurate, incomplete or out of date, you may ask us to correct it.
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal information changes during your relationship with us.
If you would like to exercise this right, please contact us as set out below.
Right to restrict processing
You have the right to ask us to restrict the processing of your personal information. For example, this may be because you have issues with the accuracy of the information we hold or the way we have processed your information. The right is not absolute and only applies in certain circumstances.
If you would like to exercise this right, please contact us as set out below.
Right to Erasure
You have the right to have personal information erased. This is also known as the ‘right to be forgotten’. The right is not absolute and only applies in certain circumstances.
If you would like to exercise this right, please contact us as set out below.
Right to Portability
The right to portability gives you the right to receive personal information you have provided to a controller in a structured, commonly used and machine-readable format. It also gives them you the right to request that a controller transmits this information directly to another controller.
If you would like to exercise this right, please contact us as set out below.
Right to object
You have the right to object to our processing of some or all of the personal information that we hold about you. This is an absolute right when we use your personal information for direct marketing, but may not apply in other circumstances where we have a compelling reason to do so, e.g., a legal obligation.
We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
For more information about your privacy rights
The Information Commissioner’s Office (ICO) regulates data protection and privacy matters in the UK. They make a lot of information accessible to consumers on their website and they ensure that the registered details of all data controllers such as us are available publicly. You can access them here https://ico.org.uk/for-the-public.
You can make a complaint to the ICO at any time about the way we use your information. However, we hope that you would consider raising any issue or complaint you have with us first. Your satisfaction is extremely important to us, and we will always do our very best to solve any problems you may have.
How long we keep your information for
We retain a record of your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements and in order to provide you with a high quality and consistent service.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
Our retention periods are set out in our internal Data Retention and Storage Policy with Schedule. When we reach the end of a period of retention, the information is reviewed and securely disposed of or deleted.
Giving your reviews and sharing your thoughts
When using our website, you may be able to share information through social networks like Facebook and Twitter. For example, when you ‘like’, ‘share’ or review our Services. When doing this, your personal information may be visible to the providers of those social networks and/or their other users.
Please remember it is your responsibility to set appropriate privacy settings on your social network accounts and to familiarise yourself with their terms and conditions and privacy notices, so you are comfortable with how your information is used and shared by these entities.
Security
Data security is of great importance to Mission Care, and to protect your information we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the personal data we collected and store about you. These measures prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.
We take the following security measures to protect your information including:
Limiting access to our buildings to those that we have determined are entitled to be there (by use of passes, key card access and other related technologies);
Implementing access controls to our information technology;
We use appropriate procedures and technical security measures (including strict encryption, anonymisation and archiving techniques) to safeguard your information across all our computer systems, networks, websites, mobile apps, offices and stores;
Never asking you for your passwords;
Advising you never to enter your account number or password into an email or after following a link from an email.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
What happens if our business changes hands?
We may, from time to time, expand or reduce our business and this may involve the sale and/or the transfer of control of all or part of our business. Any personal information that you have provided will, where it is relevant to any part of our business that is being transferred, be transferred along with that part and the new owner or newly controlling party will, under the terms of this Privacy Notice, be permitted to use that data only for the purposes for which it was originally collected by us.
Changes to Our Privacy Policy
We may change this Privacy Notice from time to time (for example, if the law changes). We recommend that you check this notice regularly to keep up to date.
How to contact us
If you would like to exercise one of your rights as set out above, or you have a question or a complaint about this policy, the way your personal information is processed, please contact us by one of the following means:
By email: gdpr@missioncare.org.uk
By post: Suite 4, Langford House, 7 High Street, Chislehurst, Kent, BR7 5AB
Thank you for taking the time to read our Privacy Notice.
Mission Care
This Notice was last updated on 18/10/2023.