1.1 Flexible Respite (the Company) is an independent care company offering care and support to individuals and short-term respite to care givers across the Scottish Borders. The registered office is based at 8 Tweedbank Avenue, Tweedbank, Galashiels, TD1 3SP.
1.3 As the ‘controller’ of personal information, Flexible Respite are responsible for how your data is managed. The General Data Protection Regulations (GDPR) sets out our obligations to you and your rights in respect of how we manage your personal information. Data must be
- Used lawfully, fairly and in a transparent way
- Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes
- Relevant to the purposes we have told you about and limited only to those purposes
- Accurate and kept up to date
- Kept only as long as necessary for the purposes we have told you about
- Kept securely
1.4 The Company collects and uses personally identifiable information in order to provide care and support services. Details of how we collect and use personal information in relation to people who enquire about and use our services are set out below.
2. Information collected by us
2.1 Through the forms on the website, we may collect the following information that could identify you:
- Your name
- Contact information, including address, phone number and email address
- The IP address of the network you use to fill the form in through
2.2 When you enquire about our care and support services through our website, phone, email, post, face to face or social media; throughout the care and support assessment process and during the course of providing care and support services we also collect the following personal information for the person requiring the support when you provide it to us:
2.2.1 Name, home address, and contact details (including telephone number and email address) and emergency contacts (i.e. name, relationship and home and telephone numbers);
2.2.2 Date of birth, background information including details of family, things that are important to the individual and details of the other healthcare professionals involved in providing their care;
2.2.3 Any medical, physical or mental conditions and the care and support needs in these areas;
2.2.4 Details of medications and medication schedule and the care and support needs in these areas;
2.2.5 Details of likes, dislikes and lifestyle preferences (food, sleep and rest, spiritual and cultural wellbeing, social interests, ability to manage finance when on support visits so far as they relate to providing you with suitable care and support) and the care and support needs in these areas;
2.3 We also collect the following information as part of our service:
- Your feedback and contributions to regular reviews undertaken as part of the service;
- Your feedback and contributions to questionnaires and surveys about the service we offer;
- Your complaints, compliments or concerns about the service we provide.
2.3 We are also required to collect information on any accidents and incidents or near miss the Client may have been involved in whist in receipt of the regulated service – this may include details of injuries and treatment received as a result of these injuries.
3. Information collected from other sources
3.1 In some circumstances we work closely with third parties such as social and healthcare professionals and public bodies. We therefore may obtain personal information about the Client for whom we are providing the support from any appropriate external social or health care professionals where necessary.
3.2 A ‘public body‘we mean any organisation in the United Kingdom which delivers, commissions or reviews a public service and includes (but is not limited to) the Ombudsman, local authorities, the National Health Service and regulators.
3.3 A ‘social or health care professional‘ we mean any person who provides direct services, acts as consultant or is involved in the commission of your healthcare or social care services, including (but not limited to) your general practitioner (GP), social workers and other care and support related professionals.
3.4 Your legal representative (for example Lasting Power of Attorney), if applicable.
4 How we use your personal information
4.1 In situations where you have requested information e.g. from the contact us page or provided information to us, we will only use that information to answer your question or fulfil your request. After this, we will not use your information for any other purpose unless otherwise stated.
4.2 The provision of other personal details noted in section 3.2 above is necessary to enable, prepare, review and update suitable care and support plans, describing the nature and level of care and support services requested and supplied. Without this information, we will not be able to assess the care and support needs or provide any care services. The information also allows us to match the Client with an appropriate Respite Worker.
4.3 Information provided in respect of points 3.3 allows us to monitor how effective our services are and to make sure that the services we provide meet the care and support needs and improve our customer experience (please note that feedback can also be provided anonymously)
4.4 The provision of contact details such as names, addresses and email addresses allows us to
- Communicate with the Client, their representatives and any appropriate external social or health care professionals about individual needs and personalise the service delivered;
- To carry out an environmental risk assessment regarding the surroundings our staff will be providing the requested care and support;
- Invoice the Client or their representative for the care and support services in accordance with our terms and conditions;
- To arrange for a Respite Worker to attend the home of the Client to deliver the care and support services requested;
- For management staff to attend the home of the Client in order to carry out reviews and quality assurance checks of the support being delivered;
- Notify Clients and their representatives about changes to our services which are relevant;
- Send information about matters we believe you may be interested in, for example in-house surveys, surveys from the Care Inspectorate and Client Engagement Days;
4.5 The recording and reporting of incident and accident information is both a contractual and legal requirement for various regulatory bodies including the Health and Safety Executive and Care Inspectorate.
5. Who we share your personal information with
5.1 The Company will not sell, distribute or lease your personal information to any other company unless we have your permission or are required to do so by law. We may send personally identifiable information to other companies or individuals when we need to share the information in order to provide a service you have requested, for example when organising accessible transport as part of the support provided.
5.2 We share your information where appropriate and only with appropriate external social or health care professionals any individuals you have nominated as your representative as and when required. This data sharing enables us to establish the type of care and support you need. It also allows us to design and provide the right support package to suit your individual circumstances and adapt to changing need.
5.3 We will share personal information with law enforcement or other authorities if legally required to do so. This includes information required by public bodies to evidence our compliance with the applicable regulatory framework. We are also required to share personal information with external social or health care professionals, including public bodies and local safeguarding groups (in some circumstances) to ensure your safety.
5.4 We will share minimal and relevant information within Flexible Respite in order to provide safe and effective services to you.
6. Our Data Security
6.1 The confidentiality and security of your information is of paramount importance to us and we are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online and via other means.
6.2 Any information that you send to us through our website is sent over a secured data connection and stored on secured external cloud services.
6.3 We limit access to your personal information to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.
6.4 We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
7.2 A list of the cookies used on this website is listed below:
|__cfduid||This cookie is set by our anti hacking and website speed improvement hardware.||+1 year|
|_ga||This cookie is set by Google Analytics to analyse how our visitors use the site, it doesn’t track your personal data, just the usage of the site.||+2 years.|
|cf_clearance||This cookie is a sign that you’ve been cleared as not a ‘bot’||30 minutes from set/update.|
|wfvt__*||This is a cookie set by our firewall and security software.||+1 Year.|
|null||Typekit sets a cookie with no name to help their font delivery service.||Session|
8 Third Party Suppliers
8.1 In order to deliver our service to you we rely on third parties to provide specialist support to us. we have checked these suppliers and they are all compliant with the latest GDPR regulations. To provide this support they will have access to, or a duty of care over your personal information. These providers are:
- IT and Telecoms Support companies – to ensure the safe, secure and resilient operation of our IT systems including computers and phones
- Software support companies – to provide specialist support and resolve issues with the software that we run, for example email and rota systems we use to store and manage your customer records.
8.2 Please be aware that our website may provide you with links to other websites. If you follow a link to any other website, please note they have their own privacy policies. We do not accept any responsibility or liability for the privacy and security practices of such third-party websites and your use as such is at your own risk.
9. How long your personal information will be kept
9.1 Personal Data will not be retained by the Company for any longer than necessary in relation to the purposes for which it was originally collected, or for which it was further processed.
9.2 The length of time which Flexible Respite needs to retain personal data is set out in Flexible Respite’s Data Retention schedule.
10. Legal Basis for using your information
10.1 Processing your information is necessary for the performance of a contract with you. If you do not provide us with the information, we have asked for the we may not be able to manage the relationship of deliver services to you.
10.2 We rely on the following grounds within the GDPR:
Article 6(1)(a) – processing is conducted with your consent to process personal data for specified purposes
Article 6(1)(b) – processing is necessary for the performance of our contracts to provide individuals with care and support services
Article 6(1)(c) – processing is necessary for us to demonstrate compliance with our regulatory framework and the law
Article 6(1)(f) – to process your personal data in pursuit of legitimate interests, which include;
Marketing purposes – the privacy impact on you is expected to be minimal. Marketing will be specific to services we believe are of interest to you using information from enquiries we receive from you, you can unsubscribe at any time
Corporate due diligence and financial modelling, service development and innovation – the privacy impact on you is expected to be minimal. We will process your data internally to ensure our business is stable, trusted and innovating to provide the best possible service to you
GDPR recognises that additional care is required when processing special category (sensitive) data such as your health. We process this under the following grounds within GDPR;
Article 9(2)(h) – processing is necessary for the provision of social care or the management of social care systems and services
11 Your Rights under Data Protection Law
11.1 Under the GDPR you have the right to:
11.1.1 Access to your personal information: You have a right to request a copy of the personal information that we hold about you
11.1.2 Correcting your Information: We want to make sure that your personal information is accurate. You have the right to ask us to correct any personal information which is not correct.
11.1.3 Deletion of your Information (Erasure): You have the right to ask us to delete personal information where
- You consider that we no longer require the information for the purposes for which it was obtained
- You have validly objected to our use of your personal information for direct marketing purposes
- Our use of personal information is contrary to law or other legal obligations
11.2 Please note that if you ask us to delete any of your personal information which we believe is necessary for us to comply with our contractual or legal obligations, we may no longer be able to provide care and support services to you
11.3 Object in certain other situations to our continued processing of your personal information
11.4 Otherwise restrict our processing of your personal information in certain circumstances
11.5 For further information on each of those rights, including the circumstances in which they apply, see the Guidance from the UK Information Commissioner’s Office (ICO) on individuals’ rights under the General Data Protection Regulation.
12. To request a summary of the information we hold
12.1 If you would like to exercise any of the above rights, please contact us using the details set out below, making clear that you wish to exercise one of your privacy rights.
By email: Nicola Farrell, HR Manager at [email protected]
By post: Nicola Farrell, HR Manager, Flexible Respite, 8 Tweedbank Avenue, Tweedbank, Galashiels, TD1 3SP
12.2 Please provide us with providing us enough information to identify you. We can only supply data about email addresses when the requests have been sent via those email addresses.
13. How to complain
13.1 We hope that we can resolve any query or concern you raise about our use of your information. If you have a complaint about how we have handled your personal information please follow the steps set out in the Company’s Complaints Proceure.
13.2 The GDPR also gives you right to lodge a complaint with a supervisory authority. The supervisory authority in the UK is the Information Commissioner who may be contacted at https://ico.org.uk
14.1 This policy will be reviewed on a regular basis in the light of operating experience and/ or changes in legislation, but will also as a minimum be reviewed within a three-year cycle
Last Update: March 2018 Next Review: March 2021