Service Users Privacy Policy

Introduction

 

Serendipity Healthcare Limited is committed to protecting the privacy and security of your personal information.

 

Serendipity Healthcare Ltd recognises that the personal information we receive is held in a position of trust. We therefore seek to fulfil that trust by adhering to general principles regarding the protection of personal information. This Privacy Policy explains how we collect, use, share, and protect information gathered through this Site and during other interactions you may have with Serendipity Healthcare Ltd in accordance with the General Data Protection Regulation (GDPR). We will also set out our data breach procedures.

 

Our registered address is Serendipity Healthcare Ltd, Unit 5 Millennium Way, Dunston, Chesterfield, S41 8ND

 

Our registered company number is: 6397807
We act as the ‘Data Controller’ for personal data. We are registered with the ICO, our number is Z2299087. This means that we are responsible for deciding how we hold and use personal information about you. We are required under data protection legislation to notify you of the information contained in this privacy notice. We only collect information required to fulfil stated purposes and where there is a lawful basis for doing it, and will not retain it for longer than is necessary.

 

Scope

 

This Privacy Statement applies to personal information collected by any means as defined below.

 

Personal Information as used herein, is any information that can be used either alone or combined with other information to identify an individual or that can be directly linked to an individual.

 

This policy sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.

 

Personal Data

 

Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).

 

There are certain types of more sensitive personal data which require a higher level of protection, such as information about a person’s health or sexual orientation. Information about criminal convictions also warrants this higher level of protection.

 

In the collection of this data we will ask you for your explicit consent for personal data to be collected and used. This consent will form the lawful basis for the processing and will be asked for at the time of application to Serendipity Healthcare Ltd.

Information we may collect from you

 

We collect, store and use personal data for the purposes of assessing your needs and ensuring that you receive appropriate ongoing care. The information we need for this are:

 

  • Personal contact details such as name, title, addresses, telephone numbers, and personal email addresses
  • Date of Birth
  • Gender
  • Marital status and dependants.
  • Next of kin and emergency contact information

 

We may also collect, store and use the following more sensitive types of personal information:

 

  • Information about your race or ethnicity, religious beliefs, sexual orientation and political opinions.
  • Information about your health, including any medical condition GP details
  • Personal preferences regarding your care

 

How we collect personal information

 

We collect personal information by completing assessments and answering questions as part of our initial and ongoing assessment processes, or through you giving further information to us as part of your ongoing care provision. We may receive information about you from third parties involved in delivering your care provision. This may include, but not be limited to, G.Ps, Hospital admission and discharge teams, local authority, and any commissioning body that funds your care provision wholly or in part. We may combine this information with information you give to us and information we collect about you. We may us this information and the combined information for the purposes set out above (depending on the types of information we receive).

 

How we use this information

 

We will use this information:

  • to carry out our obligations arising from any contracts entered into between you or any commissioning bodies and us and to provide you with the services that you request from us;
  • to provide you with information about other goods and services we offer that are similar to those that you have already enquired about;
  • to notify you about changes to our service;
  • to ensure that the service provided to you is effective and person-centred
  • to sufficiently plan your service to best meet your needs
  • to measure or understand the effectiveness of our service

 

Disclosure of your information

 

We may share your personal information with any member of our group, which means any subsidiaries, our ultimate holding company and its subsidiaries, as defined in section 1159 of the UK Companies Act 2006.

 

We may share your information with selected third parties including business partners, suppliers and sub-contractors for the performance of any contract we enter into with them or you.

 

We may disclose your personal information to third parties:

  • In the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets.
  • If Serendipity Healthcare Ltd or substantially all of its assets are acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets.
  • If we are under a duty to disclose or share your personal data in order to comply with any legal or regulatory obligation

 

Where we store your personal data

 

The data that we collect from you will be stored at our premises and may also be transferred to, and stored at, a destination outside the European Economic Area (“EEA”). It may also be processed by staff operating outside the EEA who work for us or for one of our suppliers. Such staff maybe engaged in, among other things, the provision of support services. By submitting your personal data, you agree to this transfer, storing or processing. Serendipity Healthcare Ltd will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this privacy policy.

 

All data collected will be stored digitally on secure computers and databases and paper files will be stored in locked cabinets/rooms.

 

We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal information on our instructions and they are subject to a duty of confidentiality.

 

These safeguards are evaluated on an on-going basis to help minimise risks from new security threats as they become known.

How long we keep information

 

Serendipity Healthcare Limited will retain your Personal Information for as long as reasonably necessary for legitimate business purposes or to comply with regulatory or legislative requirements.

 

Rights

 

Personal information is held in a transparent and lawful manner and can be accessed on request at any time in writing.

 

By law you have the right to:

 

  • Request access to your personal information (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
  • Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
  • Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).
  • Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.
  • Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
  • Request the transfer of your personal information to another party.

 

If you want to review, verify, correct or request erasure of your personal information, object to the processing of your personal data, or request that we transfer a copy of your personal information to another party, please contact Serendipity Healthcare Limited, in writing at the address below.

 

You have the right to ask us not to process your personal data for marketing purposes. We will usually inform you (before collecting your data) if we intend to use your data for such purposes. You can also exercise the right at any time by contacting Serendipity Healthcare Ltd at:

 

Serendipity Healthcare Ltd

Unit 5 Millennium Way

Dunston

Chesterfield

S41 8ND

 

You can also register a complaint with the Information Commissioner’s Office via the following link: https://ico.org.uk/concerns/

 

Data Breach Procedures

 

INFORMING THE INFORMATION COMMISSIONER’S OFFICE

 

  1. In the case of a personal data breach, the controller shall without undue delay and, where feasible, not later than 72 hours after having become aware of it, notify the personal data breach to the Information Commissioner’s Office in accordance with Article 55, unless the personal data breach is unlikely to result in a risk to the rights and freedoms of natural persons. Where the notification is not made to the ICO within 72 hours, it shall be accompanied by reasons for the delay.
  2. The processor shall notify the controller without undue delay after becoming aware of a personal data breach.
  3. The notification referred to in paragraph 1 shall at least:

 

  • Describe the nature of the personal data breach including where possible, the categories and approximate number of data subjects concerned and the categories and approximate number of personal data records concerned;
  • Communicate the name and contact details of the data protection officer or other contact point where more information can be obtained;
  • Describe the likely consequences of the personal data breach;
  • Describe the measures taken or proposed to be taken by the controller to address the personal data breach, including where appropriate, measures to mitigate its possible adverse effect.

 

  1. Where, and in so far as, it is not possible to provide the information at the same time, the information may be provided in phases without undue delay.
  2. The controller shall document any personal data breaches, comprising the facts relating to the personal data breach, its effects and the remedial action taken. That documentation shall enable the supervisory authority to verify compliance with this Article.

 

Serendipity Healthcare Ltd complies with the General Data Protection Regulations

 

Changes to our privacy policy

 

Any changes we may make to our privacy policy in the future will be notified to you. Please check our website frequently to see any updates or changes to our privacy policy. www.serendipity-healthcare.co.uk

 

Contact

 

Questions, comments and requests regarding this privacy policy are welcomed and should be addressed to:

 

Serendipity Healthcare Ltd

Unit 5 Millennium Way

Dunston

Chesterfield

S41 8ND

Serendipity Healthcare Ltd/Copyright 2016