GDPR PRIVACY NOTICES
General web enquiries
Please read this privacy notice carefully as it explains how we comply with the Data
Protection Act 2018 and the UK General Data Protection Regulation (UK GDPR).
At LIFEWAYS HEALTHCARE, we take privacy very seriously and are currently updating all our
records and processes to ensure that we are fully meeting the data protection standards
introduced by the General Data Protection Regulation (GDPR) on 25 May 2018.
We are registered as data processors with the Information Commissioner’s Office (ICO). In
order to respond to your enquiry, we need to collect information that identifies you and use
it. This information about you is called “Personal information”.
The categories of information that we collect, hold and may share include:
- personal information (such as name, address, date of birth)
- characteristics (such as ethnicity, language, nationality, country of birth).
The lawful basis on which we use this information.
We collect and use information under the following lawful bases established by the GDPR. - Consent- At this stage, in responding to your enquiry, we will rely on the lawful basis
of consent under Article 7(1) to process your personal information. We do not share
information with anyone without your consent unless the law and our policies allow
us to do so. - Legitimate interests: the processing involves using your data in ways you would
reasonably expect, and which have a minimal privacy impact. - Legal obligation: the processing is necessary for us to comply with the law
(submitting data to Government Departments for example).
How we use your personal information
We will use your personal information to make contact with you and respond to your
enquiry. We may also use your personal information for our own analysis e.g., in reviewing
how quickly and effectively we deal with enquiries.
Who we share information with
We routinely share information with: - local authorities
- suppliers and contractors
- government departments
- other companies within our partnership
Why we share information.
We are required to share certain data with official bodies (such as HMRC or the Department
for Work and Pensions (DWP)) on a statutory basis.
Data collection requirements
To be granted access to any information we hold, we comply with strict terms and
conditions covering the confidentiality and handling of the data, security arrangements and
retention and use of the data.
Keeping your personal information secure
- We have appropriate security measures in place to prevent personal information
from being accidentally lost or used or accessed in an unauthorised way. We limit
access to your personal information to those who have a genuine need to know it.
Those processing your information will do so only in an authorised manner and are
subject to a duty of confidentiality. - We also have procedures in place to deal with any suspected data security breach.
We will notify you and any applicable regulator of a suspected data security breach
where we are legally required to do so or where we otherwise think you should
know about it.
How long your personal information will be kept.
We do not keep data for any longer than necessary and do not allow its use for any purpose
other than that for which it has been collected. Should new processes be introduced into
the organisation or innovative uses of the data we hold, you will be kept informed at each
stage.
Your rights- Requesting access to your personal data
Under the GDPR, you have the right to request access to information about you that is held
by this LIFEWAYS HEALTHCARE. To make a request for your personal information, contact our
Data Protection Officer on provided information, who will deal with the request within 30
days.
You also have the right to: - object to processing of personal data that is likely to cause, or is causing, damage or
distress. - prevent processing for the purpose of direct marketing.
- object to decisions being taken by automated means and
- in certain circumstances, have inaccurate personal data rectified, blocked, erased or
destroyed
How to Contact Us
If you have a concern or complaint about the way we are collecting or using your personal
data, we request that you raise your concern with our Data Protection Officer in the first
instance as follows.
The Data Protection Officer
Lifeways Healthcare
Gresley House
Ten Pound Walk
Doncaster
DN4 5HX
Email: dataprotection@lifewayshealth.co.uk
Telephone: 0333 567 1797
Note that we may ask you to provide proof of your identity before we can discuss your
personal information with you.
We hope that we can resolve any concern you raise, but if this does not work and
you want to do so; you also have the right to complain to the Information Commissioner
(ICO) at:
Information Commissioner’s Office
Wycliffe House
Water Lane, Wilmslow
Cheshire
SK9 5AF
Telephone: 0303 123 1113.
Website: https://ico.org.uk/make-a-complaint/
Extra help
If you would like this notice in another format such as; audio, large print or braille, please
contact us using above Lifeways Healthcare address.
PRIVACY NOTICE FOR PEOPLE RECEIVING CARE
Please read this privacy notice carefully as it explains how we comply with the Data
Protection Act 2018 and the UK General Data Protection Regulation (UK GDPR).
Lifeways Healthcare is committed to being transparent and open about why personal data
is required and how this is managed. A copy of this privacy notice can be found on our
website.
This privacy notice explains your rights as a person receiving care regarding the data opt-out
policy, how data is collected, used, retained and disclosed in line with UK data protection
laws. See Data Protection and Compliance with the General Data Protection Regulation
(England, Scotland, Wales) Policy.
How and why personal information is collected?
As part of the services offered, we are required to process personal information or data
about you.
“Processing” can mean collecting, recording, organising, storing, sharing or destroying data.
‘Lawful basis for processing’ your information
We must have a lawful basis for processing personal data and as a home care provide. We
rely on the following grounds within the UK GDPR for this lawful basis:
- Article 6(1)(b) – processing is necessary for the performance of our contracts to
provide individuals with care and support services. - Article 6(1)(c) – processing is necessary for us to demonstrate compliance with
our regulatory framework and the law. - Article 9(2)(h) – processing is necessary for the provision of social care or the
management of social care systems and services.
It is essential this is collected, including financial information, to enable us to provide
ongoing quality care and support.
Information is contained in individual files, electronic and manual and other record systems
which are subject to strict security and authorised access policies.
This data is held because we have a legal obligation to do so, usually under the Health and
Social Care Act 2012 or Mental Capacity Act 2005.
We process “special category” data because: - It is necessary due to social security and social protection law, mostly in safeguarding
situations and where it is necessary to protect your fundamental interests when you are
physically or legally incapable of providing consent. - It is needed for provision and management of social care services.
- We are required to provide data to the Care Quality Commission (CQC), our regulator, as
part of public interest obligations
Special category data can be said to be personal data that needs more protection because it
is sensitive.
- Data may be processed with your consent. If we need to ask for your permission, you will be
given a choice and ask that confirmation is provided. - We will also explain clearly to you what we need the data for and how you can withdraw
your consent at any point.
What data do we have?
We may process the following types of data: - basic details and contact information, such as name, address, date of birth and next of kin,
email address that you or your power of attorney have asked we hold. - Photographs of you (if we need these to manage any risks to your safety, e.g. that you might
go missing). - financial details, such as how you fund care or funding arrangements, Payment card or direct
debit details (if you pay us for some or all of your services using one of these methods).
We also record the following data which is classified as “special category”: - Health and social care data, which may include physical and mental health data
- Data may be recorded about your race, ethnic origin, sexual orientation or religion.
- Data is retained in line with the Information Governance Alliance’s guidelines.
Where is data processed?
This is done face-to-face, via telephone, email, our website, by post, application forms
and/or apps.
Data is collected from or shared with: - The person receiving care or their legal representative(s)
- Third parties.
Third parties are organisations we might lawfully share data with, which include other parts
of the health and care system such as local hospitals, the GP or other health and care
professionals for the person receiving care, the pharmacy, social workers, clinical
commissioning groups, the Local Authority and family or friends, with the individual’s
permission.
There is a legal obligation to share information with some organisations, such as for
safeguarding purposes, the CQC, police or other law enforcement agencies if requested by
law or a court order.
Data is retained in line with the Information Governance Alliance’s guidelines.
Your rights
You have the right to refuse/withdraw consent to information sharing at any time. The data
kept about you is your data, kept confidential and used appropriately.
Rights regarding personal data:
- You have the right to access personal data and can request a copy of all data held and will
not normally be charged for this - Incorrect information can be updated if any personal data is inaccurate or incomplete.
- You can request any personal data which is no longer necessary for the purpose we
originally collected it for to be deleted. - You can request that we restrict processing data if we no longer require your personal data
for the purpose, we originally collected it for, but you do not wish it to be deleted. - If we have asked for your consent to process data, this can be withdrawn at any time.
- If we are processing your data as part of our legitimate role or to complete a task in the
public interest, you have the right to object to that processing.
Identification may be required to support data requests to ensure personal data is not
shared inappropriately and requests will be acted on as soon as possible, usually within one
month.
What does this mean for me as someone who uses services?
As a person receiving care, information collected about you could be provided to other
approved organisations, where there is a legal basis to do so, to help plan services, improve
care provision and for research into developing new treatments and preventing illness.
Information is only used where allowed by law and never for insurance or marketing
purposes without explicit consent. The care service will always seek written permission from
you before sharing personal information with anyone else, for purposes other than direct
care
However, if you do not want your personal date to be used for planning or research, you can
stop this.
National Data Opt-Out
The national data opt-out gives everyone the choice to stop health and social care
organisations sharing their “confidential patient information” with other organisations
where it is used for reasons beyond individual treatment and care, such as research and
planning purposes.
The term “confidential patient information” is used as the NHS do and where the opt-out is
in force. In this context “confidential patient information” relates to information about
people’s health or social care that may identify them.
Adult Social Care providers, in line with your wishes and the National data opt-out, are
required to apply national data opt-outs to use or disclose confidential patient information
for purposes other than your direct care.
As a care service, we have an obligation to inform you about your right to choose regarding
opting out of data sharing and are clear about how and when such a preference has been
applied and a record of any decision regarding data opt-out kept.
Most care services do not use or share people’s information beyond direct care and this
care service does not share the information of people who use it with any pharmaceutical,
medical or other researchers and do not use sensitive information for purposes beyond your
care and treatment.
We only share personal information on a “need to know” basis, observing strict protocols
when doing so. Most of the data sharing is with other professionals and agencies involved
with care and treatment.
The only exceptions to this general rule would be where we are required by law to provide
information, e.g., to help with a criminal investigation.
Following completion of data processing checks, if certain national data opt-out do not
apply the following clause may be added:
“At this time, we do not share any data for planning or research purposes for which the
national data opt-out would apply. We review all of the confidential patient information we
process on an annual basis to see if this is used for research and planning purposes. If it is,
then individuals can decide to stop their information being shared for this purpose.” (Digital
Social Care).
If you are happy with this use of personal information, you do not need to do anything but
can change this decision at any time.
If you choose to opt out, your confidential patient information will still be used as necessary
to support your individual care delivery.
As National Data Opt-Outs are set or changed by individuals themselves, this must be done
by you, or someone legally able to act on your behalf. More details about the wider use of
confidential personal information and to register your choice to opt out can be found at:
https://digital.nhs.uk/services/national-data-opt-out or by phone: 0300 303 5678.
To Opt Out by post on behalf of someone who lacks capacity, fill out and print off Manage
Another Person’s Choice on Their Behalf, NHS Data Opt-Out by Post. It can only be done by
an individual who holds an LPA.
All health and social care CQC-registered organisations in England must be compliant with the
national data opt-out by 31 July 2022.
Information is available on request from the manager for people receiving care, next of kin
or appointed Lasting Power of Attorney (LPA).
Raising concerns and complaints
If you have concerns regarding how personal data is processed, our Data Protection Officer
can be contacted via:
Lifeways Healthcare
Gresley House
Ten Pound Walk
Doncaster
DN4 5HX
Email: dataprotection@lifewayshealth.co.uk
Telephone: 0333 567 1797
If you feel care services have not complied with requirements regarding your personal data
rights, a complaint can be submitted to the Information Commissioner’s Office:
Information Commissioner’s Office
Wycliffe House
Water Lane, Wilmslow
Cheshire
SK9 5AF
Telephone: 0303 123 1113.
Website: https://ico.org.uk/make-a-complaint/
The notice was last revised on 1st October 2023 and will be further revised from time to
time.