Our website uses cookies to deliver you the best experience.
By continuing to browse you accept our cookie policy
Privacy Notice
This Privacy Notice tells you what NWCare and Support Ltd , NWCare and NWRecruitment will do with your personal information when you contact us or use our services. Given the complexity of NWCare, the requirements of the legislation and our desire to ensure full compliance with the legislation, this Privacy Notice is lengthy. The contents are as follows:
We’ll tell you:
- why we are able to process your information.
- what purpose we are processing it for;
- whether you have to provide it to us;
- how long we store it for;
- whether there are other recipients of your personal information;
- whether we intend to transfer it to another country (we do not!); and
- whether we do automated decision-making or profiling (we do not!).
Data Protection Officer
Our Data Protection Officer can be contacted at NWCare Roe Business Centre Room F2 Killane Road Limavady BT49 0DNor via our postal address. Please mark the envelope ‘Data Protection Officer’.
How do we get information?
Most of the personal information we process is provided to us directly by you or by our social care partners, such as:
- You have been referred to our services.
- Your information has been passed to us by our partners, such as results of tests and information from people who care for you, including health professionals and relatives
- You have requested us to care for you.
- You have applied for a job or secondment with us.
- You are representing your organisation.
- The professionals caring for you keep records about your health and any care you receive to ensure that you are provided with the best possible treatment.
How your personal information is used:
Your records are used to direct, manage and deliver the care you receive to ensure that:
- The care professionals involved in your care have accurate and up to date information to assess your health and decide on the most appropriate treatment for you
- Your concerns can be properly investigated if a complaint is raised
- Appropriate information is available if you require healthcare another doctor or are require additional support.
How your information helps us improve services:
Your information may also be used to help us improve services by:
- Reviewing the care, we provide to ensure it is of the highest standard and quality
- Ensuring our services can meet service user needs in the future
- Investigating service user queries, complaints and legal claims.
Please let us know if you do not wish for us to contact you to ask for your views on our services.
Children’s Information
We do not process children’s personal data.
How long we keep it
Data is kept according to our retention guidelines, which are largely set by statute. Retention guidelines are available from the Data Protection Officer.
What are your rights?
Your rights depend on the nature of the data that is held. Details are listed below.
How you can access your data
You can submit a request for the data that we hold on to you; this is known as a Subject Access Request (SAR). This request can be completed in writing, by email, or verbally. You do not have to make any mention of legislation, or use specific wording, although we may ask you for clarification. The request can be made to any member of staff, who will forward the details to the Data Protection Officer, who will coordinate the response. Alternatively, you can contact the Data Protection Officer directly at Head office Roe Business Centre Room F2 4-6 Killane Road Limavady BT49 0DN. We will need to confirm your identification.
You can also ask a third party (e.g., a relative, friend or solicitor) to make a Subject Access Request (SAR) on your behalf. We will need to be satisfied that the third party making the request is entitled to act your behalf, and it will be your and the third party’s responsibility to provide evidence of their authority.
We have to supply the data within one month and, in most circumstances, we cannot charge a fee for this service. If the request is complex, or if we receive a number of requests, we can extend the time limit by a further two months.
The data will be supplied to you in an accessible, concise and intelligible format, usually using the same means by which the request was made; thus, if the request has been made by email, the response will be sent by email.
We can refuse to provide the information if an exemption or restriction applies, or if your request is manifestly unfounded or excessive.
Sharing Information
Everyone working within NWCare and NWRecruitment receives training and knows that they have a legal duty to keep information about you confidential. Under the DHSSPS Domiciliary Care Agencies Minimum Standards 2011 , Nursing Agencies Minimum Standards and the Data Protection Act 2018, all our staff are also required to protect your information, inform you of how your information will be used, and allow you to decide if and how your information can be shared. Equally anyone who receives information from us also has a legal duty to keep it confidential. Any information we share is processed under secure conditions to give you peace of mind that your personal data is protected, and we ensure that any NHS or care organisation that we share your details with handles your data with the same high level of confidence.
We will share information with the following main partner organisations:
- General Practitioners
- Other NHS bodies such as ambulance services
- Police (if a crime has been committed) or if we are concerned about your safety.
We will not disclose your information to any other third parties without your permission unless there are exceptional circumstances, such as when the health and safety of others is at risk or where the law requires it.
Sharing Confidential Information Without Consent
It may sometimes be necessary to share confidential information without consent or where the individual has explicitly refused consent. There must be a legal basis for doing so (e.g. to safeguard a child) or a court order must be in place.
Where there is a legal requirement to disclose, for example, a direction under the Health and Social Care Act 2012 or disclosures under public health legislation, the lawful basis for processing would be: ‘… for compliance with a legal obligation…’ (Article 6(1)(c)). 9(2)(b) ‘…is necessary for the purposes of carrying out the obligations and exercising the specific rights of the controller or of the data subject in the field of …social protection law in so far as it is authorised by Union or Member State law.’.
For issues such as notifiable diseases, the most appropriate special category condition for processing in the face of a legal requirement to disclose is ‘…for the purpose of preventative…medicine…the provision of health or social care or treatment or the management of health or social care systems and services…’ (Article 9(2)(h)).
In deciding on any disclosure certain considerations and steps need to be taken:
- Discuss the request with the appropriate personnel
- Disclose only that information which is necessary or prescribed by law.
- Ensure recipient is aware that they owe a duty of confidentiality to the information.
- Document and justify the decision to release the information.
- Take advice in relation to any concerns you may have about risks of significant harm if information is not disclosed.
Requests may be received by other agencies which are related to law enforcement such as:
- The Police or another enforcement agency where the appropriate section 29 request form (in line with the Access to Records Procedure) needs to be submitted from the law enforcement agency in order for the CCGs to consider the request.
- The Local and National Counter Fraud specialists in relation to any actual or suspected fraudulent activity.
Staff will also take into account DHSSPS Domiciliary Care Agencies Minimum Standards 2011,DHSSPS Nursing agencies Minimum Standards and Information Governance Alliance guidance if there is a clear legal basis to share.
In some circumstances we are legally obliged to share information. In any scenario, we’ll satisfy ourselves that we have a lawful basis on which to share the information and document our decision making and satisfy ourselves we have a legal basis on which to share the information. The organisation will ensure that information sharing takes place within a structured and documented process and in line with the Information Commissioner’s Code of Conduct and in accordance with the Health and Social Care Act 2012 and Health and Social Care (Safety and Quality) Act 2015.
Data Processors
We use data processors who are third parties who provide elements of services for us. We have contracts in place with our data processors. This means that they cannot do anything with your personal information unless we have instructed them to do it. They will not share your personal information with any organisation apart from us. They will hold it securely and retain it for the period we instruct.
The data is all held in United Kingdom. We do not process data outside United Kingdom.
North West Care and Support Ltd utilise the services of ‘Mail Chimp’ and ‘Survey Monkey’ to communicate and gather professional information from professional stakeholders/stakeholder agencies, clients, client family members, internal staff and other job applicants who have adopted into communicating and receiving information (in acceptable formats and with professional discretion) North West Care and Support Ltd/North West Care/NWCare. This can be in the format of Newsletters, surveys, questionnaires, feedback forms, ezines, digital postcards and emails.
We will not share your information with any third parties for the purposes of direct marketing.
Disclosure of information
You have the right to restrict how and with whom we share the personal information in your records. This must be noted explicitly within your records so all healthcare professionals and staff treating you are aware of your decision.
By choosing this option, unfortunately it may make the provision of treatment or care more difficult or unavailable. You can also change your mind at any time about a disclosure decision.
The Legal Bit
Your Data Protection Rights
Under data protection law, you have rights we need to make you aware of. The rights available to you depend on our reason for processing your information.
Your right of access
You have the right to ask us for copies of your personal information. This right always applies. There are some exemptions, which means you may not always receive all the information we process. You can read more about this right here.
Your right to rectification
You have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete. This right always applies. You can read more about this right here.
Your right to erasure
You have the right to ask us to erase your personal information in certain circumstances. You can read more about this right here.
Your right to restriction of processing
You have the right to ask us to restrict the processing of your information in certain circumstances. You can read more about this right here.
Your right to object to processing
You have the right to object to processing if we are able to process your information because the process forms part of our public tasks or is in our legitimate interests. You can read more about this right here.
Your right to data portability
This only applies to information you have given us. You have the right to ask that we transfer the information you gave us from one organisation to another or give it to you. The right only applies if we are processing information based on your consent or under, or in talks about entering into a contract and the processing is automated. You can read more about this right here.
Lawful Basis
The General Data Protection Regulations (GDPR) sets out conditions for lawful processing of personal data (Article 6) and further conditions for processing special categories of personal data (Article 9). These are similar to the conditions in Schedules 2 and 3 of the Data Protection Act 1998 (DPA98) with sensitive personal data now called ‘special categories’ of personal data. As personal data concerning health is one of the special categories, organisations that process such data must be able to demonstrate that they have met a condition in both Article 6 and Article 9 of the GDPR.
Provision of Healthcare
The lawful basis for processing special category health data for direct care is that processing is: ‘necessary… in the exercise of official authority vested in the controller’ (Article 6(1)e). Additionally, sometimes ‘processing is necessary for compliance with a legal obligation to which the controller is subject’ (Article 6(1)c). For these bases, we need to demonstrate that we do have the official authority. This comes under a variety of legislation, including DHSSPS Domiciliary Care Agencies Minimum Standards 2011 and Health and Social Care Reform Act (NI) 2009.
The special category condition for processing for direct care is that processing is: ‘necessary for the purposes of preventative or occupational medicine for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services…’ (Article 9(2)(h)).
In addition to a GDPR Article 9 condition for processing, it is also necessary to identify an additional condition in Schedule 1 of the DPA 2018. For the provision of direct care, the relevant condition is ‘Health or social care purposes’ (Schedule 1, Part 1 (2)).
Where there are concerns about public health, such as for notifiable diseases, then the lawful basis is for processing personal data is: 9(2)(j) ‘…necessary for reasons of public interest in the area of public health…or ensuring high standards of quality and safety of health care and of medicinal products or medical devices…
For suspected or actual safeguarding issue, we will share information that we hold with other relevant agencies whether or not the individual or their representative agrees. The purpose of the processing is to protect a vulnerable adult.
The lawful basis for processing personal information is: 6(1)(c) legal obligation and 9(2)(b) ‘..is necessary for the purposes of carrying out the obligations and exercising the specific rights of the controller or of the data subject in the field of …social protection law in so far as it is authorised by Union or Member State law.
Where there is a request for personal confidential data from an insurance company, solicitor, or employer (or similar third party) the lawful basis and lawful condition for processing will be explicit consent under both Articles 6(1)(a) and Article 9(1)(a).
Sometimes, we may rely on 6(1)f legitimate interests as a basis for processing carried out not in the performance of our official tasks, such as for system backup and recovery processes.
Service Improvement
The purpose for implementing the above is to maintain and monitor the performance of our services and to constantly look to improve the site and the services it offers to our users. The lawful basis we rely on to process your personal data is either Article 6(1)(a) of the GDPR, for example when we require your consent for surveys, or Article 6(1)(f) which allows us to process personal data when it’s necessary for our legitimate interests. You have the right to opt out of your data being processed for these purposes.
Representation of Organisation
We process small amounts of data for those representing other organisations, such as partners organisations and suppliers. This will usually be limited to, for example, contact details, as is covered by Article 6(1)b whereby processing is necessary for the performance of a contract to which the data subject is party, or in order to take steps at the request of the data subject prior to entering into a contract.’
Application and Employment
The lawful basis for processing data for job applications and employment is covered by Article 6(1)b whereby processing is necessary for the performance of a contract to which the data subject is party, or in order to take steps at the request of the data subject prior to entering into a contract’, and 6(1)c, ‘processing is necessary for compliance with a legal obligation wo which the controller is subject’.
Right to Complain
We work to high standards when it comes to processing your personal information. If you have queries or concerns, please contact us at NWCare and Support Ltd Roe Business Centre Room F3 4-6 Killane Road Limavady BT49 0DN and we’ll respond.
If you remain dissatisfied, you can make a complaint about the way we process your personal information to the Information Commissioner’s Office. Please follow this link to see how to do that.
Visitors to our website
Our website uses cookies to enhance your browsing experience. A cookie is a small text file of data stored by our website within your browser. These cookies allow us to distinguish you from other users of our website, which helps us to provide you with a good experience when you browse our website and also allows us to improve our site.
We use a cookie control system which allows you to accept the use of cookies, and control which cookies are saved to your device / computer. Some cookies will be saved for specific time periods, where others may last indefinitely. Your web browser should provide you with the controls to manage and delete cookies from your device, please see your web browser options.
If you have previously browsed to our website and no longer wish to accept cookies, please be aware that some cookies may have already been set. You may delete these cookies at any time via your browser by following these instructions here
You can control cookies via your browser settings by following the instructions at this address, however if you choose to block cookies then your browsing experience may be affected.
Read more about the individual cookies we use and how to recognise them by looking at the table below….
| Provider | Expiry | ||
|---|---|---|---|
| Statistics | – | – | NW Care Statistic cookies help website owners to understand how visitors interact with websites by collecting and reporting information anonymously. |
| _ga TYPE: HTTP | nwcare.co.uk | 2 years | Registers a unique ID that is used to generate statistical data on how the visitor uses the website. First found URL: https://www.nwcare.co.uk/ Initiator: Page source line number 1 Source: In line script Data is sent to: United Kingdom |
| _gat TYPE: HTTP | nwcare.co.uk | 1 day | Used by Google Analytics to throttle request rate First found URL: https://www.nwcare.co.uk/ Initiator: Page source line number 1 Source: In line script Data is sent to: United Kingdom |
| _gid TYPE: HTTP | nwcare.co.uk | 1day | Registers a unique ID that is used to generate statistical data on how the visitor uses the website First found URL: https://www.nwcare.co.uk/ Initiator: Page source line number 1 Source: In line script Data is sent to: United Kingdom |
| Marketing | – | – | NW Care Marketing cookies are used to track visitors across websites. The intention is to display ads that are relevant and engaging for the individual user and thereby more valuable for publishers and third-party advertisers. |
| _fbp TYPE: HTTP | nwcare.co.uk | 3 months | Used by Facebook to deliver a series of advertisement products such as real time bidding from third party advertisers URL: https://www.nwcare.co.uk/ Initiator: Page source line number 1 Source: In line script Data is sent to: United Kingdom |
| _fr TYPE: HTTP | facebook.com | 3 months | Used by Facebook to deliver a series of advertisement products such as real time bidding from third party advertisers URL:https://www.nwcare.co.uk/ Initiator: Page source line number 1 Source: In line script Data is sent to: United Kingdom |
| r/collection TYPE: Pixel | doubleclick.net | 3 months | This cookie is used to send data to Google Analytics about the visitor’s device and behaviour. It tracks the visitor across devices and marketing channels URL: https://www.nwcare.co.uk/ Data is sent to: United States |
| tr TYPE: Pixel | facebook.com | Used by Facebook to deliver a series of advertisement products such as real time bidding from third party advertisers Data is sent to: United States |
Linking to other websites / third party content
We have links to other websites that are connected to North West Care and Support Ltd these include www.nwrec.wsini.com – Shared recruitment information is monitored and managed by North West Care and Support Ltd for both NW Care and NW Recruitment using a central CMS administration system.
Data security and protection
We ensure the security of any personal information we hold by using secure data storage technologies and precise procedures in how we store, access and manage that information. Our methods meet the GDPR compliance requirement.
Purpose and lawful basis for processing
The purpose for implementing the above is to maintain and monitor the performance of our website and to constantly look to improve the site and the services it offers to our users. The lawful basis we rely on to process your personal data is either Article 6(1)(a) of the GDPR, for example when we require your consent for the optional cookies we use, or Article 6(1)(f) which allows us to process personal data when it’s necessary for our legitimate interests. For example, in order to maintain the integrity of our IT systems and the continuity of our business.
What are your rights?
As we are processing your personal data for our legitimate interests as stated above, you have the right to object to our processing of your personal data. There are legitimate reasons why we may refuse your objection, which depend on why we are processing it.