Keeping your data safe and sound
Broomgrove makes privacy a priority:
We will collect, process, store and share your data safely and securely, by ensuring:
- You’re always in control: Your privacy will always be respected, and we will put you in control of your privacy with clear choices.
- We work transparently: We will be transparent about the data we collect and how we use that data so that you can make fully informed choices and decisions.
- We operate securely: We will protect the data that you entrust to us via appropriate security measures and controls. We’ll also ensure that other businesses we work with are just as careful with your data.
- For your benefit: When we do process your data, we will use it to benefit you, to make your experience better and to improve our products and services.
1. Business Details
“Broomgrove” (referred to in this policy as “we”, “us” or “our”) is a trading name of:
Broomgrove Trust Nursing Home
30 Broomgrove Road
Registered Company Number: 1746654
Charity Number: 514418
ICO Registration Number: ZA449877
CQC Registration Number: 1-112000698
Regulated Activity: Accommodation for persons who require nursing or personal care
We have a Data Protection Officer (DPO), who can be contacted in the following ways should you have any questions or feedback about the way your data is handled:
Data Protection Officer
Broomgrove Trust Nursing Home
30 Broomgrove Road
Sheffield S10 2LR
2. Aims of the privacy notice
Broomgrove Trust is required by law to tell you about your rights and our obligations in collecting and processing your personal information. We have a range of policies and procedures to ensure that any personal information you supply is only with your active consent, has a legal basis, is held securely and treated confidentially in line with the regulations. We list relevant documents in Section 6 and can make them available on request.
3. What personal information we collect about:
1) service users; 2) employees; 3) third parties
- Service users – as a registered provider, we must collect information on service users, including Identity data i.e name, date of birth, NHS number, next of kin, and Clinical data i.e Medical history, medications, care needs, to provide safe and effective care and support. This information is contained in Individual Kardex notes, all of which are subject to strict security and authorised access policies. The legal basis for processing this information is (in the public interest which is defined as a performance or task carried out by a public authority or private organisation acting in the public interest).
Service users are informed of their right to access information and any restrictions to the information provided.
- Employees and Volunteers – the service operates a safe recruitment policy and all information obtained i.e Name, date of birth, CV details, next of kin, bank details, are kept securely in individual Personnel files. The legal basis for processing this information is compliance with legal obligations. Employees are aware of their right to access information.
- Third parties – personal information is obtained about others associated with the delivery of care services, including contractors, visitors etc, which will be protected in the same way as information on service users and employees.
4. How we collect information
- When you request or use the services we provide;
- When you talk to us on the phone;
- When a resident or family member provides us with your information;
- When you use our website;When you make a donation to us;
- When you apply to work for us or volunteer for us;
- When you send emails or letters to us;
- When you contact us via social media;
- When you give us feedback;
Data we collect about you;
- Identity data (name, DOB)
- Contact data (address, postcode, e-mail address, telephone number)
- CV data (employment history, education, awards and references)
- Clinical data (as part of providing health or medical treatment)
5. What we do with your personal information
We are only allowed to use personal data about you if we have a legal basis to do so, and we are required to tell you what that legal basis is.
In some circumstances we can use your personal data if it is in our legitimate interest to do so, provided that we have told you what that legitimate interest is. A legitimate interest is when we have a business or commercial reason to use your information which, when balanced against your rights, is justifiable. If we are relying on our legitimate interests, we have set that out in the table below.
6. How we keep your information safe
We have a range of policies designed to keep your information safe. These include
- IT security
- HR policies
- Accessing files
- Record retention
7. Who do we share information with
Service user – information is shared with other health and social care professionals in order to provide safe and effective care in the pursuit of the public interest. We will share information to families based on consent from you or lasting power of attorney.
Employee – information will be shared as above in the public interest or with consent.
Third parties – information will only be shared with your consent
The only exception will be when we are required by law to provide information e.g. criminal investigation, or overriding legitimate interest, which overrides your rights and freedoms.
8. How can personal information held by us be accessed
There are procedures in place to enable service users, employees and third parties to access their information (see Section 6) The right to access includes both the information and any uses which we might have made of the information.
9. How long we keep information
We have a record retention policy that is strictly adhered to, that meets regulatory, statutory and good practice requirements.
10. How we keep our privacy policies up to date
The staff appointed to control the process of personal information is designated to assess all privacy risks continuously and to carry out periodic reviews of the policies annually.
We may use your personal data to tell you about relevant services and any upcoming events.
We can only use your personal data to send you marketing messages if we have either your consent or a legitimate interest to do so.
You can ask us to stop sending you marketing messages at any time – you just need to contact us via our details set out above in section 1, or use the opt-out links on any marketing message sent to you.
Where you opt out of receiving marketing messages, this will not apply to personal data provided to us as a result of purchasing our services or any other transaction between you and us.
You have certain rights which are set out in the law relating to your personal data. The most important rights are set out below.
Access to a copy of the information we hold about you
You can ask us for a copy of the personal data which we hold about you, by writing to the Data Protection Officer (see Section 1). This is known as a data subject access request.
You will not have to pay a fee to access your personal data, unless we believe that your request is clearly unfounded, repetitive or excessive. In such circumstances we can charge a reasonable fee or refuse to comply with your request.
We will try to respond to all legitimate requests within one month.
Telling us if information we hold is incorrect
You have the right to question any information we hold about you that you think is wrong or incomplete. Please contact the Data Protection Officer if you want to do this and we will take reasonable steps to check its accuracy and, if necessary, correct it.
Telling us if you want us to stop using your personal data
You have the right to:
- Object to our use of your personal data (known as the right to object); or
- Ask us to delete the personal data (known as the right to erasure); or
- Request the restriction of processing.
There may be legal reasons why we need to keep or use your data, which we will tell you if you exercise one of the above rights.
You can withdraw your consent to us using your personal data at any time. Please contact the Data Protection Officer if you want to withdraw your consent. If you withdraw your consent, we may not be able to provide you with our services.
Making a complaint
Please let us know if you are unhappy with how we have used your personal data by contacting the Data Protection Officer (details can be found in section 1).
You also have a right to complain to the Information Commissioner’s Office. You can find their contact details at www.ico.org.uk.
We would be grateful for the chance to deal with your concerns before you approach the ICO so please contact the Data Protection Officer in the first instance.