Hilton Nursing

Hilton Lodge

Hilton Nursing
Hilton Nursing

Privacy Policy

Introduction
The Stewart Partnership is committed to ensuring that your privacy is protected. We ask you to read this Privacy Policy very carefully as it sets out what personal data we collect about you, how we will use it and who your information may be shared with.

Who we are
In this Privacy Policy, “we”, “us” and “our” refer to The Stewart Partnership, Hilton Lodge, 60-62 Court Street, Haddington, East Lothian, EH41 3AF. For the purpose of UK data protection laws, The Stewart Partnership is the data controller and processes and stores information in accordance with the data protection legislation of the UK and our own policies and procedures.

This Privacy Policy applies to:
  • Our care and support services
  • All personal information obtained in the delivery of our care and support services
The Personal Information collected by us
What information do we collect?

We collect, process and store personal information in order to provide our care services. The data we collect may include:
  • Your name, home address, date of birth and contact details (including your telephone number, email address) and emergency contacts (i.e. name, relationship and home and telephone numbers)
  • Your allergies and any medical, physical or mental conditions and in particular your care needs
  • Your likes, dislikes and lifestyle preferences (including your religious beliefs or other beliefs of a similar nature, racial or ethnic origin, politics, genetics, health, sex life, marital status and sexuality trade union membership or biometrics (so far as they relate to providing you with suitable care)
  • Credit, direct debit details or other payment information (if you pay for some or all of our services using one of these methods)
  • Your feedback and contributions to questionnaires and surveys about the service we offer
  • Your complaints, compliments or concerns about the service we provide
  • Any accidents and incidents or near misses you may have been involved in whilst our employees are delivering a regulated service to you – this may include details of injuries and treatment you may have received.
We work closely with third parties such as social and healthcare professionals and public bodies. We therefore also obtain personal information from other sources such as:
  • Your allergies and any medical, physical or mental conditions, test results and in particular your care and support needs, from any appropriate external social or health care professionals (including GP’s)
  • Your name, home address, date of birth, contact details, needs assessments and financial assessments from any appropriate external social or health care professionals (including any relevant public body regardless of whether care is publicly funded)
  • Your likes, dislikes and lifestyle preferences (including your religious beliefs or other beliefs of a similar nature, racial or ethnic origin, politics, genetics, health, sex life, marital status and sexuality trade union membership or biometrics (so far as they relate to providing you with suitable care)) from your family, friends and any other person you have nominated as your representative
Failure to obtain all necessary information when required, may result in us being unable to deliver an effective and complete Care package.

How do we collect your information?
We may collect your information directly by:
  • Engagement and interaction with you in regard to our care services
  • Being provided with information as a result of a query, complaint, service or other work request or any other matter raised with us by post, email, phone or other format
  • Other correspondence with you by phone, letter, email or otherwise
We may also be provided with information about or relating to you by a third party, including:
  • Organisations for whom we are contracted to provide housing or care services (for instance local authorities and NHS clinical commissioning groups)
  • Organisations who act on behalf of organisations noted above (for instance, care brokerage services)
  • GPs, hospital trusts and other medical professionals
  • Local authorities
  • Next of kin, persons to whom you have delegated power of attorney and other persons acting in your interests
  • Professional advisors, insurance companies, solicitors and other legal providers who may be acting on behalf of you, us, our clients or other third parties
  • Social media organisations where you have permitted the organisation to share with us information you have provided to the service or made public in connection with that service
How do we use your information?
We use the information provided to us to fulfil various duties and obligations as set out below:
  • Processing necessary for our legitimate business interests for internal business processing and operations including but not limited to quality assurance, management information, audit, and financial processes, service development and innovation.
  • To comply with our legal and regulatory obligations under the Care Act, to register our services with relevant regulatory authorities (e.g. Care Inspectorate) and support inspections and other monitoring services related to this regime and processing of information where the law requires us to do so.
  • Where you give us consent - To invite you to events and social activities that we believe may provide some benefit to you and send promotional letters to you where you have agreed to this. Where we process your information for marketing purposes, the privacy impact on you is expected to be minimal. Marketing will be specific to services we believe are of interest to you using information from enquiries we receive from you, you can unsubscribe at any time.
  • We will process information when it is the vital interests of a natural person, to do so. This may be when information is required to be shared with the ambulance service in an emergency situation.
  • For private clients, information will be processed for the performance of the contract with us to deliver care services.
We will only use your information for the purpose(s) it was collected for, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose or where there is a legal requirement for us to use that information. We may process your information without your knowledge or consent only where this is required or permitted by law.

Who we share your information with
In order to deliver our services and fulfil our legal obligations, we may share your information with:

Client organisations to whom we are contracted to provide services and/or who are funding services being provided by ourselves, including -
  • Local Authorities
  • NHS Clinical Commissioning Groups (CCGs)
We are required to provide such entities with reporting around our service provision.

Third parties instructed by us to provide services on our behalf, such as –
  • Care subcontractors
  • Providers of IT services and IT hosting environments. These software providers are commissioned to provide specialist support and resolve issues with the software and individual records may need to be accessed)
  • Data archiving providers
  • Organisations who conduct customer satisfaction and feedback services
  • Our professional advisors (including legal services providers, banks, auditors)
  • Insurance companies and claims handling organisations
  • Debt collection and management agencies
  • Marketing and event management companies
  • Our quality assurance assessors
In order to deliver our services, we rely on third parties to provide specialist support to us. To provide this support they will have access to, or a duty of care over your personal information.

Individuals whom you have agreed we should share information about you with or who are acting in your interest, such as your next of kin or power of attorney

Third parties who are involved in providing healthcare and social care services and support to you, such as –
  • Your GP
  • Your Pharmacist
  • Your Social Worker
We share your medical information with appropriate external social or health care professionals (including your GP and pharmacist) and any individuals you have nominated as your representative as and when required. This data sharing enables us to establish the type of care and support you need. It also allows us to design the right care package to suit your individual circumstances, including if (in future) you decide to receive care from an alternative provider.

Third parties who have a statutory duty or perform tasks in the public interest as set out in law, including but not limited to:
  • Care Inspectorate and other health and social care regulatory authorities
  • Health and Safety Executive
  • Information Commissioners Office
  • Law enforcement and other authorities who require reporting of processing activities in certain circumstances
We will share personal information with law enforcement or other authorities if legally required to do so. This includes information required by public bodies to evidence our compliance with the applicable regulatory framework. We are also required to share personal information with external social or health care professionals, including public bodies and local safeguarding groups (in some circumstances) to ensure your safety.

Third parties to whom we may choose to sell, transfer or merge parts of our business or assets with.

This information will be shared via the most appropriate communication channels and will consist of email, secure email, in writing, phone or verbally including face to face.

Where we have to share information for statistical purposes, we take measures to ensure that individual service users cannot be identified, and anyone who receives information from us also has a legal duty to keep it confidential.

Transfer of your information outside the EEA
The Stewart Partnership is a UK based business with operational bases in the UK only.

How long your information will be kept for
We will keep your information for as long as is necessary to provide services to you, to fulfil our legitimate business interests or to meet our legal obligations. In order to meet our legal obligations, it maybe we need to keep your information even when you are no longer actively receiving services from us.

To determine the appropriate retention period for personal information, we consider the amount, nature and sensitivity of the information, the purposes for which we were originally processing it, the potential risk of harm from its unauthorised disclosure or loss and any legitimate interests or legal obligations its retention may be required to meet.

Your information will be kept in line with our Retention Policy and internal procedures.

Your Rights
You have various legal rights in relation to the personal information that we collect and process:
  • A right to access the information that we process about you, together with information about why and how we are using it, who we have shared it with and other information
  • A right to ask us to rectify any information we hold about you that is inaccurate or incomplete
  • A right to ask us to erase information if we no longer have a legal basis for processing or storing it (please note that this right can only be exercised in certain circumstances and, if you ask us to erase your information and we are unable to do so, we will explain why not)
  • A right to ask us to restrict processing your information in certain circumstances
  • A right to ask us to transmit (‘port’) information about you in a structured, commonly used and machine-readable format
  • A right to object to us using particular information, or using it in a particular way
  • A right to object to us using and storing your information for direct marketing purposes
If you would like to exercise any of the above rights, you can do so by contacting our Data Protection Officer via the contact details at the end of this privacy policy or by speaking to your local office, care or visiting officer or regular contact point. We may require you to provide proof of identity, address or other details. Where we are unable to fully action your request, we will explain why and outline any next steps.

We do not use automated decision-making processes within the scope of this privacy policy.

For more information on your privacy rights under current data protection law, including the circumstances under which they apply, we recommend you visit the Information Commissioner’s Office website at: www.ico.org.uk

Keeping your information secure
We take seriously the need to keep the personal information we process secure and have in place various organisational and technical measures to prevent information being accidently lost, stolen, accessed or disclosed in an unauthorised way. We limit access to your information to those with a genuine business need to see it so those processing your information will do so in an authorised manner and subject to a duty of confidentiality.

We maintain various industry standard security technologies and tools to prevent and detect unauthorised access and amendments to our systems, including firewalls and other perimeter devices, anti-virus and threat protection systems and email and internet security software.

We maintain policies and procedures to help ensure a consistent approach to security best practices and behaviours across our company, including keeping paper records safe, physically securing buildings, the safe transfer and handling of data and the secure use of our systems.

How to complain
If you are concerned about any aspect of how we handle your personal information or your rights as outlined above, you can contact our Data Protection Officer on the details below. Alternatively, you can log a complaint directly with the UK’s supervisory authority, the Information Commissioner. The address for the Information Commissioner’s Office is:

The Information Commissioners Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF. The ICO website is available at: www.ico.org.uk

How to contact us
Our Data Protection Officer can be contacted by email at hiltongilliland@aol.com and via post by writing to The Data Protection Officer, Hilton Lodge, 60-62 Court Street, Haddington, East Lothian, EH41 3AF.

When was this Policy updated?
This Privacy Policy was last updated on 14.02.2019. We may change this Policy from time to time and future changes will be published on our website.