Hadrian Healthcare Privacy Policy

Introduction

Welcome to the Hadrian Healthcare Ltd privacy notice.

Hadrian Healthcare Ltd respects your privacy and is committed to protecting your personal data. This privacy notice will inform you as to how we look after your personal data if you are a visitor to this website; and, if you are a resident, or a prospective resident, at one of our homes.

This notice is to inform you about your privacy rights and how the law protects you.

Index

  1. Important information and who we are
  2. The data we collect about you
  3. How your personal data is collected
  4. How we use your personal data
  5. Disclosures of your personal data
  6. How the NHS and care services use your information
  7. International transfers
  8. Data security
  9. Data retention
  10. Your legal rights

1. Important information and who we are

Purpose of this privacy notice

This privacy notice aims to give you information on how Hadrian Healthcare Ltd collects and processes your personal data, including any data you may provide:

  • when contacting us in relation to our care home services;
  • if you are a resident; and/or
  • as a user of this website.

This website is not intended for children and we do not knowingly collect data relating to children.

It is important that you read this privacy notice together with any other privacy notice or fair processing notice we may provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your data. This privacy notice supplements the other notices and is not intended to override them.

Controller

Hadrian Healthcare Ltd ("we", "us" or "our") is the controller and responsible for your personal data. We are a subsidiary of Hadrian Healthcare Limited (CRN: 10179227).

We have appointed data privacy officers who are responsible for overseeing questions in relation to this privacy notice. If you have any questions about this privacy notice, including any requests to exercise your legal rights, please contact a data privacy officer using the details set out below.

Morag Purvis, Operations Director
Dan Brown, Group Finance Manager

Hadrian Offices,
3 Keel Row,
The Watermark,
Gateshead, NE11 9SZ
Email: headoffice@hhcare.co.uk

Changes to the privacy notice and your duty to inform us of changes

This version was last updated on 27th July 2020 and a copy can be obtained by contacting us.

It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.

Third-party links

This website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit.

2. The data we collect about you

Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).

Website users

If you contact us using the details on our website, or via our contact us form, we will use the contact information you provide to respond accordingly to your query, and for any subsequent correspondence. We do not collect any other data that identifies visitors to our website.

We may collect, use and share Aggregated Data such as statistical or demographic data for research purposes. Aggregated Data may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity. For example, we may use this data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy notice.

Residents

We may collect, use, store and transfer different kinds of personal data about you and your family members or representatives, which we have grouped together follows:

  • Identity Data includes name, gender, date of birth, nationality, religious beliefs;
  • Contact Data includes previous address, telephone numbers and photographs;
  • Financial Data includes bank account and payment card details together with your fee contract;
  • Medical Information includes GP contact details, NHS number, medication records, allergy information, care plans and accident forms;
  • Next of Kin Data includes names, addresses and contact details of your next of kin;
  • Legal Data includes lasting powers of attorney and DOIs;
  • Residency Data includes your residency agreement and CQC notifications;
If you fail to provide personal data

Where we need to collect personal data by law, or under the terms of a contract we have with you and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with care home services). In this case, we may have to cancel our service but we will notify you if this is the case at the time.

3. How your personal data is collected

We use different methods to collect data from and about you.

We collect personal information from you of your contact with us, including by phone (we may record or monitor phone calls to make sure we are keeping to legal rules, codes of practice and internal policies, and for quality assurance purposes), by email, through our websites, by post, by filling in forms, through social media or face-to-face (for example, in medical consultations, diagnosis and treatment).

We also collect information from other people and organisations. For all our residents, we may collect information from:

  • a family member, or someone else acting on your behalf;
  • doctors, other clinicians and health-care professionals, hospitals, clinics and other health-care providers;
  • any service providers who work with us in relation to your care, if we don’t provide it to you direct, such as providing you with apps, medical treatment, dental treatment or health assessments;
  • fraud-detection and credit-reference agencies;
  • sources which are available to the public, such as the edited electoral register or social media;
  • those paying for the products or services we provide to you, including other insurers, public-sector commissioners and embassies.

4. How your personal data is used

We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:

  • where we need to perform the contract we are about to enter into or have entered into with you;
  • where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests;
  • where we need to comply with a legal or regulatory obligation;
  • where it is necessary for the purposes of preventive or occupational medicine, medical diagnosis, to provide health or social care or treatment, or to manage health-care or social-care systems (including to monitor whether we are meeting expectations relating to our clinical and non-clinical performance);
  • we have your permission - as is best practice, we will only ask you for permission to process your personal information if there is no other legal reason to process it. If we need to ask for your permission, we will make it clear that this is what we are asking for and ask you to confirm your choice to give us that permission. If we cannot provide a service without your permission (for example, we can’t manage and run a health service without health information), we will make this clear when we ask for your permission. If you later withdraw your permission, we will no longer be able to provide you with a product or service that relies on having your permission.

We process your personal information for a number of legitimate interests, including managing all aspects of our relationship with you, for marketing, to help us improve our services and products, and in order to exercise our rights or handle claims. More detailed information about our legitimate interests is set out below.

Legitimate interest is one of the legal reasons why we may process your personal information. Taking into account your interests, rights and freedoms, legitimate interests which allow us to process your personal information include:

  • to respond to any queries, request or complaints you make directly to us, via our website or otherwise, which may include directing you to brochures or our marketing information if we believe this will assist your query;
  • to manage our relationship with you, our business and third parties who provide products or services for us (for example, to check that you have received a service that you’re covered for, to validate invoices and so on);
  • to provide health-care services on behalf of a third party;
  • to make sure that claims are handled efficiently and to investigate complaints (for example, we may ask your treatment provider for information to make sure we receive accurate information and to monitor the quality of your treatment and care);
  • to keep our records up to date and to provide you with marketing as allowed by law;
  • to develop and carry out marketing activities and to show you information that is of interest to you, based on our understanding of your preferences (we combine information you give us with information we receive about you from third parties to help us understand you better);
  • for statistical research and analysis so that we can monitor and improve products, services, websites and apps, or develop new ones;
  • to contact you about market research we are carrying out;
  • to monitor how well we are meeting our clinical and non-clinical performance expectations in the case of health-care providers;
  • to report to the local authority or CQC where required to do so;
  • to enforce or apply our website terms of use, our policy terms and conditions or other contracts, or to protect our (or our customers’ or other people’s) rights, property or safety;
  • to exercise our rights, to defend ourselves from claims and to keep to laws and regulations that apply to us and the third parties we work with; and
  • to take part in, or be the subject of, any sale, purchase, merger or takeover of all or part of the business.
Cookies

A cookie is a small text file which is placed onto your computer (or other electronic device) when you access our website, that track, save and store information about your interactions and usage of our website. The cookies we use do not store, save or collect your personal information.

We use cookies to better your experience while visiting our website. Our website uses a cookie control system allowing you on your first visit to allow or disallow the use of cookies on your computer and/or device.

How to turn off cookies

If you do not want to accept cookies, you can change your browser settings so that cookies are not accepted. If you do this, please be aware that you may lose some of the functionality of this website. For further information about cookies and how to disable them please go to: www.aboutcookies.org or www.allaboutcookies.org.

Change of purpose

We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us.

If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

5. Disclosures of your personal data

We share your information within Hadrian Healthcare Group, with funders arranging services on your behalf, with people acting on your behalf (for example, your next of kin) and with others who help us provide services to you (for example, health-care providers and medical-assistance providers) or who we need information from to allow us to handle or confirm claims or entitlements (for example, professional associations). We also share your information in line with the law. For more information about who we share your information with, please see below.

We sometimes need to share your information with other people or organisations for the purposes set out in this privacy notice.

For all our residents, we share your information with:
  • other members of the Hadrian Healthcare Group;
  • doctors, clinicians and other health-care professionals, hospitals, clinics and other health-care providers;
  • suppliers who help deliver services on our behalf;
  • people or organisations we have to, or are allowed to, share your personal information with by law (for example, for fraud-prevention or safeguarding purposes, including with the Care Quality Commission);
  • the police and other law-enforcement agencies to help them perform their duties, or with others if we have to do this by law or under a court order;
  • if we (or any member of the Hadrian Healthcare group) sell or buy any business or assets, the potential buyer or seller of that business or those assets;
  • a third party who takes over any or all of the Hadrian Healthcare Group’s assets (in which case personal information we hold about our residents or visitors to the website may be one of the assets the third party takes over);
  • those paying for your care, including insurers, public-sector commissioners and embassies;
  • those providing your treatment and other benefits;
  • national registries such as the Cancer Registry;
  • national screening databases, such as the NHS Cervical Screening recall system;
  • government authorities and agencies, including the Health Protection Agency (for infectious diseases such as TB and meningitis); and
  • organisations that carry out patient surveys on our behalf.

If we share your personal information, we will make sure appropriate protection is in place to protect your personal information in line with data-protection laws.

6. How the NHS and care services use your information

Hadrian Healthcare is one of many organisations working in the health and care system to improve care for patients and the public.

Whenever you use a health or care service, such as attending Accident & Emergency or using Community Care services, important information about you is collected in a patient record for that service. Collecting this information helps to ensure you get the best possible care and treatment.

The information collected about you when you use these services can also be used and provided to other organisations for purposes beyond your individual care, for instance to help with:

  • improving the quality and standards of care provided
  • research into the development of new treatments
  • preventing illness and diseases monitoring safety
  • planning services

This may only take place when there is a clear legal basis to use this information. All these uses help to provide better health and care for you, your family and future generations. Confidential patient information about your health and care is only used like this where allowed by law.

Most of the time, anonymised data is used for research and planning so that you cannot be identified in which case your confidential patient information isn’t needed.

You have a choice about whether you want your confidential patient information to be used in this way. If you are happy with this use of information you do not need to do anything. If you do choose to opt out your confidential patient information will still be used to support your individual care.

To find out more or to register your choice to opt out, please visit www.nhs.uk/your-nhs-data-matters. On this web page you will:

  • See what is meant by confidential patient information
  • Find examples of when confidential patient information is used for individual care and examples of when it is used for purposes beyond individual care
  • Find out more about the benefits of sharing data
  • Understand more about who uses the data
  • Find out how your data is protected
  • Be able to access the system to view, set or change your opt-out setting
  • Find the contact telephone number if you want to know any more or to set/change your opt-out by phone
  • See the situations where the opt-out will not apply

You can also find out more about how patient information is used at: https://www.hra.nhs.uk/information-about-patients/ (which covers health and care research); and https://understandingpatientdata.org.uk/what-you-need-know (which covers how and why patient information is used, the safeguards and how decisions are made)

You can change your mind about your choice at any time.

Data being used or shared for purposes beyond individual care does not include your data being shared with insurance companies or used for marketing purposes and data would only be used in this way with your specific agreement.

Our organisation is currently compliant with the national data opt-out policy.

7. International transfers

We may transfer personal outside of the European Economic Area (EEA). Where we transfer personal data outside of the EEA it is only with appropriate safeguards in place, to ensure your personal information is treated by those third parties in a way that is consistent with and which respects the EU and UK laws on data protection.

8. Data security

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

9. Data retention

How long will you use my personal data for?

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

Details of retention periods for different aspects of your personal data are set out below:

Type of data

 

Length of time

Website queries and corresponding contact details

 

2 years


Residents’ data

Date of birth

 

8 years

Previous address

 

8 years

Medical history/Allergies

 

8 years

Special  categories    of   data;    nationality, sex, ethnicity, religion, marital status, sexuality

 

8 years

NHS number

 

8 years

GP contact details

 

8 years

Photograph for care and medication files

 

8 years

Next of kin contact details

 

8 years

Medication records

 

8 years

Lasting Power of Attorney details

 

8 years

Fee contracts

 

8 years

Residency agreements

 

8 years

Pre-admission assessments

 

8 years

Care plan and associated documents

 

8 years

Financial contact details

 

8 years

Fee invoices and financial records

 

8 years

Bank details

 

8 years

Deprivation of Liberty documentation

 

8 years

CQC notifications

 

8 years

Safeguarding documentation

 

8 years

Duty of Candour records

 

8 years

Accident records

 

8 years

10. Your legal rights

It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your working relationship with us.

Under certain circumstances, you have the right to:

  • Request access to your personal information (commonly known as a "data subject access request").
  • Request correction of the personal information that we hold about you.
  • Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it.
  • Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.
  • Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
  • Request the transfer of your personal information to another party.
  • Withdraw consent in the limited circumstances where you may have provided your consent to the processing of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time.

If you would like to make a request with regard to any of your data subject rights, please contact:

Hadrian Healthcare Ltd, Hadrian Offices, 3 Keel Row, The Watermark, Gateshead, NE11 9SZ. headoffice@hhcare.co.uk