‘Personal data’ is any information that relates to a living, identifiable person. This data can include your name, contact details, and other information we gather as part of our relationship with you. It does not cover information where your identity has been removed (anonymous data) ‘
Sensitive information’ is information about a person’s race or ethnic origin, religious, political or other beliefs, physical or mental health, sexual orientation. The collection and use of these types of data are subject to strict controls.
As the ‘controller’ of your personal information, we are responsible for how this data is managed. The General Data Protection Regulation (GDPR) and the Data Protection Act 2018 sets out our obligations to you and your rights in how we manage your personal information.
We need to collect sensitive/personal data from you because without it we won’t be able to create a suitable care plan and to provide you with suitable care services.
We collect your personal data mostly through our contact with you, and the data is usually provided by you, but in some instances, we may receive data about you from other people/organisations. We will explain more about this below.
As the ‘controller’ of your personal information, we will ensure that the data we hold about you is:
Please see the section on Your Rights for more information.
Please note when we refer to
a ‘public body‘: we mean any organisation in the UK which delivers, commissions or reviews a public service and includes (but is not limited to) Wokingham Borough Council, the National Health Service, the Ombudsman and the Care Quality Commission (CQC).
a ‘health or social care professional‘: we mean any person who provides direct services, acts as consultant or is involved in the commission of your healthcare or social care services, including (but not limited to) your general practitioner (GP), dental staff, pharmacists, nurses and health visitors, clinical psychologists, dieticians, physiotherapists, occupational therapists, hospital staff, social workers and other care and support related professionals.
Crossroads Care Wokingham is a registered charity (No. 1128216) and a Company Limited by Guarantee registered in England and Wales (No.06768350). Our contact details are:
We are also known by our trading name Crossroads Care Wokingham.
What personal data do we collect and use in relation to people who enquire about and use our services?
When you ask about our care services via our website, phone, email, post, face-to-face or on social media, and during the course of providing care services to you, we collect the following personal information when you provide it to us:
Cookies are small files which websites store on your computer and which contain various types of information about your visit to a website. They are not viruses or malicious software but they are generally aimed at providing you with a good experience when browsing a site by, for example, remembering your preferences so that you do not need to reset them every time you visit the website.
Cookies can record information about how you browse the internet. They can therefore be used by websites to advertise goods and services which, based on your browsing history, are similar to goods and services which you have previously searched online. This is why some users reject or delete cookies.
Cookies normally expire after a length of time which can vary from a few minutes to more than a year. Some cookies are ‘session cookies’ which are deleted when you close your internet browser or after a period of inactivity. Others are ‘persistent cookies’ which remain on your computer until their expiration date.
We do not store cookies on your computer without your consent unless they have the sole purpose of carrying out the transmission of communications or they are strictly necessary for providing an online service.
You may restrict or block cookies which are set by any website through your browser settings. Your browser settings also allow you to clear your browsing history and delete cookies. Information about how you can do this can be found on this link https://ico.org.uk/for-the-public/online/cookies. Mobile devices may have their own settings and you need to refer to the manual of the device. Please note that restricting or disabling cookies may impact the functioning of parts of our website.
We work closely with third parties such as health and social care professionals and public bodies. We therefore also obtain personal information about you from other sources such as:
We use your personal information to:
We may share your medical information with appropriate external health or social care professionals (including your GP and pharmacist) and any individuals you have nominated as your representative as and when required. This data sharing enables us to establish the type of care and support you need, it also allows us to work with you to design the right care package to suit your individual needs.
We will share personal information with law enforcement or other authorities if legally required to do so. This includes information required by public bodies to evidence our compliance with the applicable regulatory framework. We are also required to share personal information with external health or social care professionals, including public bodies and local safeguarding groups (in some circumstances) to ensure your safety.
We will share relevant personal information with Care Support Workers and the Care Management Team on a need to know basis, in order to provide you with safe and effective services.
We will share information with our insurance company and where applicable to the Health & Safety Executive, following accidents & incidents.
In order to deliver our service to you, we rely on certain third organisations to provide specialist support to us. To provide this support they will have access to or a duty of care over your personal information. These providers are:
We will definitely not:
Some retention periods are based on legal requirements while others take into account practical needs to keep the data.
Information about how long we process your data for can be found in our Data Retention Schedule (available on Tel: 0118 979 5324).
Once the applicable retention period expires, unless we are legally required to keep the data longer, or there are important and justifiable reasons why we should keep it, we will securely delete the data.
In general terms, we process your data in order to manage our relationship with you. The table below lists more specific purposes for processing your data, and the legal basis for each type of processing.
The confidentiality and security of your information is of paramount importance to us. We have appropriate organisational and technical security measures in place to prevent personal information from being accidentally lost, used or accessed in an unauthorised way. We limit access to your personal information to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.
Security measures in place:
We may engage third parties to process personal data on our behalf, they do so on the basis of written instructions, are under a duty of confidentiality and are obliged to implement appropriate technical and organisational measures to ensure the security of data.
We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
We rely on the following grounds within the GDPR:
GDPR recognises that additional care is required when processing special category (sensitive) data such as your health. We process this under the following grounds within GDPR:
At times, we may further process data which we have already collected. We will only do this if the new purpose for processing it further is compatible with the original purpose that the data was collected for. We will tell you about any further processing before carrying it out.
Your personal data is held in both hard copy and electronic formats.
Electronic data, including emails, is stored on our servers, which are located in the UK and may be stored on our software suppliers’ servers in the European Union. These offer the same level of legal protection and rights over your data.
As a data subject, you have the following rights, without charge, in relation to your personal data processed by us:
For further information on each of these rights, including the circumstances in which they apply, see the Guidance from the UK Information Commissioner’s Office (ICO) on individuals’ rights under the General Data Protection Regulation.
If we are relying on your consent to process your data, you may withdraw your consent at any time.
For more information on your rights, if you wish to exercise any right or for any queries you may have or if you wish to make a complaint, please our office on Tel: 0118 979 5324 and ask to speak to our Data Protection Lead who has responsibility for data protection.
You have a right to complain to the Information Commissioner's Office (ICO) about the way in which we process your personal data. You can make a complaint on the ICO’s website https://ico.org.uk/.