As part of the services we offer, we are required to process personal data about our staff and residents and in some instances, the friends or relatives of the resident and staff. (“Processing” can mean collecting, recording, organising, storing, sharing or destroying data).
We are committed to being transparent about why we need your personal data and what we do with it.
This information is set out in our privacy notice below. These notices are also displayed within Dresden House for all to see.
Your individual copy is available within the Residents Pre-Admission Booklet, issued during the admission process or induction process for staff.
This notice explains your rights when it comes to your data.
Residents
What data do we have?
So that we can provide a safe and professional service, we need to keep certain records about you. We may process the following types of data:
We also record the following data which is classified as “special category”:
We need this data so that we can provide high-quality care and support. By law, we need to have a lawful basis for processing your personal data.
We process your data because we have a legal obligation to do so under the Health and Social Care Act 2012 or Mental Capacity Act 2005.
We process your special category data because
We may also process your data with your consent. If we need to ask for your permission, we will offer you a clear choice and ask that you confirm to us that you consent. We will also explain clearly to you what we need the data for and how you can withdraw your consent at any time.
So that we can provide you with high quality care and support we need specific data. This is collected from or shared with:
We do this face to face, via phone, via email, via our website and via post
Third parties are organisations we might lawfully share your data with. These include:
As part of our work providing high-quality care and support, it might be necessary that we hold the following information on you:
By law, we need to have a lawful basis for processing your personal data.
We process your data because we have a legitimate business interest in holding next of kin and lasting power of attorney information about the individuals who use our service and keeping emergency contact details for our staff.
We may also process your data with your consent. If we need to ask for your permission, we will offer you a clear choice and ask that you confirm to us that you consent. We will also explain clearly to you what we need the data for and how you can withdraw your consent.
Where do we process your data?
So that we can provide high quality care and support we need specific data. This is collected from or shared with:
We do this face to face, via phone, via email, via post, via admission forms.
Third parties are organisations we have a legal reason to share your data with. These may include:
So that we can provide a safe and professional service, we need to keep certain records about you. We may record the following types of data:
We also record the following data which is classified as “special category”:
As part of your application and ongoing employment, you are required to undergo a Disclosure and Barring Service (DBS) check.
We request your criminal records data because we have a legal obligation to do this due to the type of work you do. This is set out in the Data Protection Act 2018 and the Rehabilitation of Offenders Act 1974 (Exceptions) Order 1975. We do not keep a record of your criminal records information (if any) and once seen, we don’t not keep a copy of your DBS.
We require this data so that we can contact you, pay you and make sure you receive the training and support you need to perform your job. By law, we need to have a lawful basis for processing your personal data.
We process your data because:-
We process your special category data because
We may also process your data with your consent. If we need to ask for your permission, we
will offer you a clear choice and ask that you confirm to us that you consent. We will also
explain clearly to you what we need the data for and how you can withdraw your consent.
As your employer we need specific data. This is collected from or shared with:
We do this face to face, via phone, via email, via post, via application forms
Third parties are organisations we have a legal reason to share your data with. These include:
The data that we keep about you is your data and we ensure that we keep it confidential and that it is used appropriately.
You have the following rights when it comes to your data:
If you have any concerns or questions please contact the manager of Dresden House on 01782 343477
We will always respond to your request as soon as possible and at the latest within one month. In the event of numerous or complex requests, the period of compliance will be extended for a further one month (2 months in total).
If we need to confirm your identity, we will request this from you and the one month time frame to respond, will commence as soon as we have received your proof of ID.
If you would like to complain about how we have dealt with your request, please contact:
Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire,SK9 5AF
Policy
for Data Protection (GDPR), Records and Confidentiality and
Security
This policy includes all data that Dresden House process’s either in hard copy/manually or on the computer/electronically.
Dresden House will only process personal data that is needed for our purposes and to meet external authority requirements. All personal data is protected by our IT system and/or policies and procedures and care practices. This removes the need for individuals having to take any specific action to protect their privacy.
The policy applies to all staff, including agency staff, bank staff and volunteers.
The Data Protection Act 1998 has been repealed and the new General Data Protection Regulations (GDPR) came into force in 25th May 2018.
GDPR has introduced the system of ‘transparency and accountability’ which means that the management and nominated individual for Dresden House, will ensure that all individuals are aware of the processing of their personal data. This does not distract from the continued need for all staff to safeguard confidential information held both manually and electronically.
The purpose of this Data Protection Policy is to support those areas listed below
a) Support the 7 Caldicott principals (see appendix one for full details)
b) Support the 10 Data Security Standards (see appendix two for full details)
c) Support the General Data Protection Regulation 2016 (GDPR)
d) Support the Data Protection Act 2018
e) Support the common law duty of confidentiality and all other relevant national Legistration
f) Compliance with the Health and Social Care Act, Regulation 17 that we will “maintain securely an accurate, complete and contemporaneous record in respect of each service user, including a record of the care and treatment provided to the service user and of decisions taken in relation to the care and treatment provided”;
We recognise data protection as a fundamental right and embrace the principles of data protection by design and by default
Dresden House is required to keep and process certain data about the residents, staff and relatives/friends of the residents, within the legal obligations under the GDPR. To clarify, personal data refers to information that relates to an identifiable (either direct or indirect) living individual.
In accordance with the requirement of GDPR, personal data will be:-
To ensure that the information held is lawful, the nominated individual, supported by the manager will maintain a register of systems, documenting:-
a) what information is held and what Dresden House does with this information
b) where the information came from and on what lawful purpose (consent, contract, legal obligation, vital interest, public task or legitimate interest as stated be Information Commissioners Office (ICO)
c) who the information is shared with
d) how long the information is held for
This register is freely available to all staff, residents, visitors, Health care professionals and any registered next of kin.
This register will be reviewed at least annually to ensure that the information held is still relevant.
Individuals have the right to request the deletion of the information where it is deemed that there is no reason for Dresden House to continue to process.
This policy is underpinned by the following:-
We shall implement appropriate organisational and technical measures to uphold the principles outlined above.
We will integrate necessary safeguards to any data/record processing to meet regulatory requirements and to protect individual’s data rights.
This implementation will consider the nature, scope, purpose and context of any processing and the risks to the rights and freedoms of individuals caused by the processing.