Data Protection Privacy Notice
In this Notice, “We”, “Us” and “Our” means The Geoghegan Group Ltd (the Company), the provider of your care. “You” means the client on whose behalf the Company are providing the service that you or your nominated third party, such as your local authority, have requested.
We are committed to maintaining the accuracy, confidentiality and security of your personal information. Data protection law provides you with a right to be informed about the processing of your personal information. This Notice describes the personal information that we collect from or about you, and how we use and to whom we disclose that information. Where it is appropriate to the delivery of the service and in accordance with our contract with you or as required by law, we may also prescribe additional purposes and longer retention periods to those set out below.
What Personal Information Do We Collect?
We collect and maintain different types of personal information in respect of those individuals who seek to be, are, or were our patients, including the personal information contained in:
- what you tell us about yourself;
- ID Information such as your name, home address, email address, telephone numbers and date of birth;
- Next of kin contact information;
- Medical records and health information (mental and physical) including medicine dosages and Covid-19 or any other pandemic infection and control data;
- Past medical history
- Your care needs;
- Personal preferences;
- Ethnicity and religious affiliation;
- NHS number;
- Risk assessments;
- Dietary requirements;
- Our records of invoicing and payment;
The personal information which we collect and maintain includes the above and any other information necessary to permit us to manage your care effectively. In addition we may collect and maintain sensitive personal information about you if that has any relevance to your care.
As a general rule, we collect personal information directly from you or from your doctor or others also involved in your care. In most circumstances where the personal information that we collect about you is held by a third party, we will obtain your permission before we seek out this information from such sources (such permission may be given directly by you, or implied from your actions or agreed under contract).
Why Do We Collect Personal Information?
The personal information collected is used and disclosed for our business purposes, including establishing and managing your relationship with us. Such uses include:
- assessing whether we are able to assist you;
- the management of your care;
- maintaining records of care and services provided to you;
- invoicing, fee collection and debt recovery;
- keeping records up to date;
- complying with the legal and regulatory obligations including as regards Covid-19 or any other pandemic or matter of public health;
- implementing best practice and guidance from the Care Quality Commission or other regulatory or governmental bodies;
- Such other purposes as are reasonably required by us.
Who is responsible?
The person responsible for the personal information about you which we collect (the “data controller”) is the Company. The Geoghegan Group Ltd.
Can we use your information for marketing our products and services?
We may send you email newsletters if you opt-in to receive such correspondence. We may also send you details of new services but only if it is within our legitimate interest to do so.
We will always let you know that you can opt out from receiving marketing material and you can let us know at any time if you no longer wish to receive direct marketing offers from us. You can do so by emailing us here, or writing to our Data Protection officer whose contact are below.
How Do We Use Your Personal Information?
We may use your personal information for the purposes described in this privacy notice, or for any additional purposes that we advise you of and, where your consent is required by law, where we have obtained your consent in respect of the use or disclosure of your personal information.
We may, in unique circumstances, use your personal information without your knowledge or consent where we are permitted or required by law or regulatory requirements to do so.
When Do We Disclose Your Personal Information?
We may share your personal information with our employees and other parties who require such information to assist us with managing the service we provide to you.
This includes but is not limited to sharing your data with the following who may in turn process your data:
- the NHS;
- your doctor;
- social services;
- the local authority;
- emergency services;
- the District Nurse;
- all clinical multi-disciplinary teams;
- specific external suppliers such as systems providers (e.g. of our health and safety reporting and financial systems), IT consultants, legal advisers and auditors.
Also, your personal information may be disclosed:
- as permitted or required by applicable law or regulatory requirements;
- to comply with valid legal processes;
- as part of our reporting activities;
- to protect the rights and property of the company;
- during emergency situations or where necessary to protect the safety of a person or group of persons;
- where the personal information is publicly available; or
- with your consent where such consent is required by law.
In any such a case, we will not disclose more personal information than is required in the circumstances and, except under compulsion of law, we will not disclose without your consent any legal advice which is the subject of a duty of confidence owed to you.
For further details of our data processors, please do not hesitate to contact your Data Protection Officer.
Notification and Consent
Privacy laws do not generally require us to obtain your consent for the collection, use or disclosure of personal information for the purpose of establishing and managing our relationship with you. In addition, we may collect, use or disclose your personal information without your knowledge or consent where we are permitted or required by applicable law or regulatory requirements to do so.
Where your consent is required, this will be requested and recorded in a clear unambiguous way. Where your consent is required for our collection, use or disclosure of your personal information, you may, at any time, subject to legal or contractual restrictions and to reasonable notice, withdraw your consent. All communications with respect to such withdrawal or variation of consent should be in writing and addressed to the Company.
How is Your Personal Information Protected?
We endeavour to maintain physical, technical and procedural safeguards that are appropriate to the sensitivity of the personal information in question. This includes the use of firewalls and encryption as well as other information security requirements, systems and procedures. These safeguards are designed to protect your personal information from loss and unauthorized access, copying, use, modification or disclosure.
Your personal information will not normally be processed outside the UK. We also use data sharing agreements, data processing agreements and the standard contractual clauses to protect your data where it is being shared, processed and/or transferred to a third country.
How Long is Your Personal Information Retained?
Except as otherwise permitted or required by applicable law or regulatory requirements, we will retain your personal information only for as long as we believe is necessary to fulfil the purposes for which the personal information was collected (including, for the purpose of meeting any legal, accounting or other reporting requirements or obligations). As a minimum that will be until one year after the expiry of the legal limitation period for bringing a legal claim against the company in respect of the services provided. However, we may notify you that we will retain your personal information for a longer period for the purposes of maintaining our records of the services provided.
In most cases personal information which is maintained by the Company will be deleted 8 years after the discharge of all fees incurred in your care or at the end of any service we have provided to you, whichever is the later.
All health records are retained in accordance with national guidelines which vary depending of the specific records held.
Updating Your Personal Information
It is important that the information contained in our records is both accurate and current. If your personal information happens to change during the course of your relationship with us, please keep us informed of such changes.
You have a right to have your personal information corrected if it is inaccurate and to have incomplete personal information completed. In some circumstances we may decide to update our record of your personal information by appending additional text without deleting the original record.
Right of Access to Your Personal Information
You can ask to see the personal information that we hold about you. If you want to review, verify or correct your personal information, please contact the Company. Please note that any such communication may be required in writing.
When requesting access to your personal information, please note that we may request specific information from you to enable us to confirm your identity and right to access, as well as to search for and provide you with the personal information that we hold about you. We may charge you a fee to access your personal information, however, we will advise you of any fee in advance. If you require assistance in preparing your request, please contact us.
Your right to access the personal information that we hold about you is not absolute. There are instances where applicable law or regulatory requirements allow or require us to refuse to provide some or all of the personal information that we hold about you. In addition, the personal information may have been destroyed, erased or made anonymous in accordance with our record retention obligations and practices.
If we cannot provide you with access to your personal information, we will try to inform you of the reasons why, subject to any legal or regulatory restrictions.
Your other legal rights
Data protection legislation also provides you with certain other rights. These are not always absolute rights and must be considered in the wider scope of the legislation. These rights are:
- right to erasure, also known as the right to be forgotten. The broad principle underpinning this right is to enable an individual to request the deletion or removal of personal data where there is no compelling reason for its continued processing. In some circumstances this is not an absolute right;
- right to restrict processing. You have the right to ‘block’ or suppress processing of personal data. Again this is not an absolute right and will depend on the circumstances and any other legal/statutory obligations we may have;
- right to data portability;
- right to object to processing based on legitimate interests or the performance of a task in the public interest/exercise of official authority (including profiling);
- rights related to automated decision making including profiling.
How to contact us & complaints
If you have any questions, concerns or complaint in respect of data protection and this privacy notice, please do not hesitate to contact us. Please contact the Registered Manager. Alternatively you may contact our Data Protection Officer. We will endeavour to address your issue as swiftly as possible.