PRIVACY NOTICE FOR SERVICE USERS
(and information for relatives and representatives)
The Maple Group is a company providing social care services in England. Most of our work is commissioned by local authorities but we also have some privately funded clients.
We have branches specialising in the following:
• Domiciliary Care services
• Specialist dementia services
• Specialist Mental Health services
We employ over 100 staff covering a range of expertise and specialisms.
What is a privacy notice?
A Privacy Notice is a statement by the company to our service users, their relatives and representatives as well as the wider stakeholder community, that describes how we collect, use, retain and disclose personal information which we hold. This privacy notice is part of our commitment to ensure that we process your personal information/data fairly and lawfully.
Why issue a privacy notice?
The Maple Group recognises the importance of protecting personal and confidential information in all that we do and takes care to meet our legal and regulatory duties. This notice is one of the ways in which we can demonstrate our commitment to our values, and to being transparent and open. This notice also explains what rights you have to control how we use your information.
What are we governed by?
The key pieces of legislation/guidance we are governed by are:
• The Data Protection Act 2018 and the General Data Protection Regulation (GDPR)
• Human Rights Act 1998 (Article 8)
• Access to Health Records Act 1990
• Health and Social Care Act 2012, 2015
• Public Records Act 1958
Why and how we collect information?
We may ask for or hold personal confidential information about you which will be used to support delivery of appropriate care and treatment. These records may include:
• Basic details, such as name, address, date of birth, next of kin.
• Information about your health and mobility, and medication you are taking.
• Contact we have had with health professionals on your behalf.
• Details and records in your Care Plan relating to treatment and care.
• Information from people who care for you and know you well, such as relatives.
• They may also include personal sensitive information such as sexuality, race, your religion or beliefs, like and dislikes and whether you have a disability, allergies or health conditions.
It is important for us to have a complete picture, as this information assists staff involved in your care to deliver and provide improved care, create appropriate care plans and to meet your needs.
Information is collected in a number of ways, e.g. from your initial pre-assessment conducted by your local authority, referral details from your GP or details directly given by you or your family.
How your information will be used?
To help inform decisions that we make about your care.
• To ensure that your treatment is safe and effective.
• To work effectively with other organisations who may be involved in your care.
• To ensure our services can meet future needs.
• To review care provided to ensure it is of the highest standard possible.
• To inform healthcare professionals and the local authority.
• To share best practice within our company to deliver care and improve health and care across our company.
• To understand more about care risks and the causes of those and how to prevent risks occurring elsewhere.
• To improve your safety.
It helps you because accurate and up-to-date information assists us in providing you with the best possible care.
Where possible, when using information to plan future services and provision, information that does not identify an individual will be used.
How information is retained and kept safe?
Information is retained in secure electronic and paper records and access is restricted to only those who need to know. It is important that information is kept safe and secure, to protect your confidentiality. The Data Protection Act 2018 regulates the processing of personal information. Strict principles govern our use of information and our duty to ensure it is kept safe and secure.
Our guiding principle is that we are holding your information in strict confidence. Everyone working for the company is subject to the Common Law Duty of Confidentiality and the Data Protection Act 2018.
Under the Confidentiality Code of Conduct, all staff are required to protect information, inform you of how your information will be used and allow you to decide if and how your information can be shared. This will be noted in your records.
How long do we keep your personal data?
We will only retain your information for as long as we need to support the purposes for which it was collected. Records are maintained in line with The Maple Group’s retention schedule which determines the length of time records should be kept. At the end of this period the information is destroyed or deleted in line with our confidential destruction procedures.
We retain de-personalised statistical information to help inform our work, but no individuals are identifiable from that data.
Who will the information be shared with?
To provide the best care possible, sometimes we will need to share information about you with others. We may share your information with a range of Health and Social Care related organisations and regulatory bodies including your local authority. You may be contacted by any one of these organisations for a specific reason; they will have a duty to tell you why they have contacted you.
Information sharing is governed by specific rules and law. However, we will not disclose any identifiable and personal information to third parties without your explicit consent, unless there are exceptional circumstances, such as when the health or safety of others is at risk or where the law requires the disclosure of information.
We may also be asked to share basic information about you, such as your name and parts of your address. This does not include sensitive information from your records. In these circumstances, where it is not practical to obtain your explicit consent, we are informing you through this notice, which is referred to as a Privacy Notice, under the Data Protection Act. Where your information is shared with other organisations and agencies, an information sharing agreement is drawn up to ensure information is shared in a way that complies with relevant legislation.
You have the right to refuse/withdraw consent to information sharing at any time. We will fully explain the possible consequences to you, which could include delays in you receiving care. Under the General Data Protection Regulation (GDPR) which has been enacted as part of The Data Protection Act 2018 (DPA) you have a number of rights with regard to your personal data. You have the rights to:
• be informed about how your data is being used
• access your personal data
• have incorrect data updated
• have data erased
• stop or restrict the processing of your data
• data portability (allowing you to get and reuse your data for different services)
• object to how your data is processed in certain circumstances.
If you have provided consent for the processing of your data you have the right (in certain circumstances) to withdraw that consent at any time. This will not affect the lawfulness of the processing before your consent was withdrawn.
Can I access my information?
At The Maple Group we promote person-centred values, therefore, you will be directly involved in creating and devising the plans of care which we will hold and these will always be available for you to consult, change or adapt. Under the Data Protection Act 2018 a person may request access to information (with some exemptions) that is held about them by an organisation. This is known as a “subject access request.”
Identity and contact details of data controller and data protection officer
The Maple Group is the controller and processor of data for the purposes of the DPA 2018 and GDPR. If you have any concerns as to how your data is processed, you can contact: Rozmina Pabani firstname.lastname@example.org
Or you can write using the address:
The Maple Group
384 Stratford Road
You have the right to lodge a complaint to the Information Commissioner’s Office if you believe that we have not complied with the requirements of the GDPR or DPA 2018 with regard to your personal data.
Their website is: https://ico.org.uk/
Phone number: 0303 123 1113