GDPR Policy & Procedure
Privacy Notice – People who use our services

> Privacy Notice – People who use our services

This policy aims to explain how Community Crisis Care use your personal data.

BACKGROUND

C o m m u n i t y C r i s i s C a r e are committed to protecting the privacy and security of your personal information.Data protection laws require us to tell you about what information we process about you.This document explains how we will collect and use personal information about you duringand after, you receive care and treatment with us. The way we collect and store your personal information meets the requirements of dataprotection law, which is also called the General Data Protection Regulation (GDPR).

ABOUT US

The company or person who is responsible for deciding how we hold and use personal information about you is called the “data controller”, this is Community Crisis Care and our head office is Cheam House, 38 Park Road, Cheam, SM3 8PY.

DEFINITIONS AND PRINCIPLES

The company or person who is responsible for deciding how we hold and use personal information about you is called the “data controller”, this is Community Crisis Care and our head office is Cheam House, 38 Park Road, Cheam, SM3 8PY.
What is “personal data”?
Personal data is information that can identify you

WHAT ARE THE RULES ON DATA PROTECTION?

The data protection rules say that the personal information we hold about you must be

  • used lawfully, fairly and in a clear way
  • collected only for the reasons that have been clearly explained to you
  • relevant to the purposes we have told you about and only used for this purpose
  • correct and kept up to date
  • kept only as long as needed for the reasons we have told you about
  • stored in a safe place

TYPES OF PERSONAL INFORMATION

The kind of information we hold about you
The types of personal information about you that we may collect and store include

  • Personal contact details such as name, title, addresses, telephone numbers, andpersonal email addresses
  • Information about your health, including any medical condition, diagnosis, care plans, clinical notes, medication and allergies
  • Date of birth
  • Gender
  • Marital status and dependants
  • Nearest relative, next of kin and emergency contact information
  • Information about your race or ethnicity, religious beliefs and sexual orientation
  • Genetic information and biometric data
  • Information about criminal convictions and offences
  • CCTV footage and other information obtained through electronic means such asswipecard records
  • Information about your use of our information and communications systems
  • Information about your use of our information and communications systems
  • Photographs, videos, and blogs

TREATMENT OF YOUR INFORMATION

Security of your personal information

We will make sure that safety measures are in place to stop unauthorised use of your personal data, and against any accidental loss or damage to your personal data.

How is your personal information collected?

We collect personal information about you when you are referred or admitted to ourservices. This information which might include personal information, such as your medical information may be given to us by:

  • Yourself, your carers or families
  • Those involved in your care and treatment, such as the NHS, local authorities, doctorsand other clinicians and health professionals, or by those funding your care andtreatment

Personal information may also be created while you are under our care.

Your personal information can be kept as a paper record on the ward and electronically on asecure computer system.

It cannot be accessed by anyone other than us or by those involved in your care and treatment.

How we will use your personal information and why ?

We will only use your personal information when the law allows us to. We will use yourpersonal information:
  • With your consent
  • Where it is in relation to a contract we have entered into with you
  • When there is a legal reason we need to use it
  • Where it is necessary for our justifiable interests (or those of a third party) and yourinterests and rights do not override those interests
When we need to use any sensitive, personal information about you such as healthcare information, further rules apply. We can only use this information:
  • In limited circumstances, but only if you tell us it is ok to do so
  • Where it is needed for healthcare reasons
  • Where it is needed in relation to a legal matter
  • Where we need to protect your interests (or someone else's interests)
  • Where it is needed in the public interest

Why we collect and use your personal information?

We will use your personal information:

  • For medical purposes, to provide your treatment and care with us
  • Where we have to make decisions about your treatment and care
  • Where we speak with others involved in your treatment and care, such as GPs, consultants, advocates, care workers, the NHS, and local authorities
  • Where we need to meet a legal requirement
  • To gather feedback about our services
  • Where your information might be checked as part of clinical audits to help improve services
  • Where you are insured, providing information about your treatment to your insurer, so they can pay your treatment expenses

What happens if you don’t want to give us your personal information?

The information we hold about you is mainly given to us by you or those involved in your care and treatment.

We ask you to provide as much information to us as you can so that we can give you the most effective care and treatment.

You don’t have to tell us all of your personal details. You can tell us just the information you are happy for us to know, but this may mean that we might not be able to give you the full range of care and treatments that we have because we don’t know enough about you.

It is important that the personal information we hold about you is correct and up to date. Please tell us if anything changes.

Change of purpose

We will only use your personal information for the reason we collected it, unless we can use it for another reason that is similar to the original purpose. If we need to use your personal information for another reason we will let you know and explain the legal reasons which allow us to do this.

There may be times we use your personal information without you knowing or without you telling us it’s ok to do so. This will be only be done when required or when the law allows usto.

Do we need your consent?

Most of the time we will not need your consent where we are using your personal information.

When you do need to give your consent we will speak to you about it and give you the full details of what information we would like and the reasons we need to see it. You can then decide if you want to give us consent

DATA SHARING

Sometimes, other organisations involved in your care or are responsible for your funding ora legal matter, may look at information that relates to you. This includes medical practitioners, GPs, consultants, advocates, care workers, the NHS, local authorities the police, and lawyers.

Access to your information on care notes is on a “need to know” basis. This means that information is shared only if it needs to be to those involved in your care or treatment.

If you are a self-funding patient and are either late in making payments to us or fail to pay usfor the treatment you have received any information relating to outstanding money owed tous (such as copy invoices) may be shared with debt collection agencies. We would never share your health records with them.

Sometimes, we are required to share information because we are legally required to do so. This may be because of a court order or because a regulatory body can access patients’ records as part of their duties to investigate complaints, accidents or health professionals’ fitness to practise. Before we share any information we will make sure that it is a justified and legal reason. If the information is about you we will tell you as much as we can about it..

We can only share your personal information about your care and treatment with your family, friends and careers if you tell us it’s ok to do so. If you don’t want them to know then we will not tell them.

Third-party service providers

As mentioned, some of your information is held on a secure computer system. Sometimes, this is on servers operated by third parties. We also sometimes subcontract our services to other providers.

All our third-party service providers are required to take appropriate security precautions to protect your personal information.

None of our third-party service providers are allowed to use your personal data for their own purposes. We only allow them to use your personal data for certain reasons with instruction from us.

We may transfer your personal information outside the EU. If we do, you can expect a similar degree of protection in respect of your personal information.

The third-party service providers and the activities carried out by them are set out in the summary box below.

Activity Third Party
Online web-based prescription service
Ashtons Pharmacy

Sharing your personal information with others in the group or other third parties

If the hospital, clinic, home or service was ever sold to a third party, your records may transfer with that unit to that new owner, this is to reduce any disruption to service users and make sure that the new owners can provide you with the same level of care and treatment.

STORAGE & RETENTION

Where we store your personal data

The information we process about you is held securely at the unit where your care andtreatment is provided or on our secure computer systems

How long will you keep my records?

We will not keep your personal data for longer than it is needed. This helps us to your yourinformation up to date. Your data is stored for certain length of time (depending on what it is) and then securely destroyed under our document retention policy.

In some circumstances we may anonymise your personal information so that it can no longer be associated with you, in which case we may use such information without further notice toyou.

YOUR RIGHTS

Under certain circumstances, by law you have the right to:
  • Request access to your personal information (also known as a "data subject accessrequest"). This allows you to receive a copy of the personal information we hold about you and to check that we are using it lawfully. To request information please speak toa member of your care team or contact the data protection officer.
  • Request correction of the personal information that we hold about you. Thisenables you to have any incomplete or incorrect information we hold about you corrected
  • Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing tohold it. You can also ask us to delete or remove your personal information where you have told us you object to us using your information (see below).
  • Object to processing of your personal information when there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.
  • Request the restriction of processing of your personal information. This enablesyou to ask us to stop us using personal information about you, for example if you want us to check its accuracy or the reason for using it.
  • Request the transfer of your personal information to another party

If you want to review, verify, correct or request removal of your personal information, object to the processing of your personal data, or request that we transfer a copy of your personal information to someone else, please contact the Data Protection Officer. The DPO can be reached via the Operations Director at tom.ware@communitycrisiscare.com or alternatively write to the DPO at Cheam House, 38 Park Road, Cheam, SM3 8PY.

No fee usually required

You will not have to pay a fee to access your personal information (or to exercise any of the other rights).However, we may charge a reasonable fee if your request for access is not valid orunnecessary. We may refuse your request in such circumstances.

What we may need from you

We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to use any of your other rights).

This is another security measure to make sure that personal information is not disclosed toany person who shouldn’t be receiving it.

Right to withdraw consent

Where you may have provided your consent to the collection, processing and transfer of your personal information for a specific purpose, you can withdraw your consent for that specific processing at any time.

To withdraw your consent, please contact the Data Protection Officer. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legal reason for doing this.

COMPLAINTS

You may contact our Data Protection Officer using the details above if you are not happy with the way we have handled your personal information.

You also have the right to make a complaint at any time to the Information Commissioner’sOffice (ICO), the UK supervisory authority for data protection issues. You can contact the ICO by calling 0303 123 1113, emailing casework@ico.org.uk, or writing to the Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF.

CHANGES TO THIS PRIVACY NOTICE

We may update this privacy notice at any time, and we will provide you with a new privacy notice when we make any substantial updates.

We may also notify you in other ways from time to time about how we use your personal information.