Friends/Relatives of Heathfield Residents
This is Heathfield Residential Home Limited’s Privacy Notice.
As part of the services we offer, we are required to process personal data about our staff, our service users and, in some instances, the friends or relatives of our service users and staff. “Processing” can mean collecting, recording, organising, storing, sharing or destroying data.
We are committed to providing transparent information on why we need your personal data and what we do with it. This information is set out in this privacy notice. It will also explain your rights when it comes to your data.
What data do we have?
As part of our work providing high-quality care and support, it might be necessary that we hold the following information on you:
- Your basic details and contact information e.g. your name and address;
Why do we have this data?
By law, we need to have a lawful basis for processing your personal data.
We process your data because we have a legitimate business interest in holding next of kin and lasting power of attorney information about the individuals who use our service and keeping emergency contact details for our staff.
We may also process your data with your consent. If we need to ask for your permission, we will offer you a clear choice and ask that you confirm to us that you consent. We will also explain clearly to you what we need the data for and how you can withdraw your consent.
Where do we process your data?
So that we can provide high quality care and support we need specific data. This is collected from or shared with:
- You or your legal representative(s);
- Third parties.
We do this face to face, via phone, via email, via our website, via post, via application forms, via apps.
Third parties are organisations we have a legal reason to share your data with. These may include:
- Other parts of the health and care system such as local hospitals, the GP, the pharmacy, social workers, clinical commissioning groups, and other health and care professionals;
- The Local Authority;
- The police or other law enforcement agencies if we have to by law or court order.
Purposes of processing of personal data, categories of data, and legal base
Data is collected, processed, and used for the purposes mentioned in these privacy terms. Inter alias, the following purposes are explicitly covered by these privacy terms:
- Human Resources (Administration and Development)
- Employees (Administration and Sub-Contracting)
- Residents (Administration and Support)
- Families (Customer Service, Marketing, Customer Relationship Management)Head Office and management functions
We will process your personal data to the extent necessary for the initiation, implementation or termination of a pre-contractual or contractual relationship.
Likewise, we may process data you voluntarily provided us with, for example, when you ask for information from us.
Furthermore, we may process personal data if you consented, unless we are legally authorized or obliged to collect and further process personal data relating to you. If we process data solely based on your informed consent we will only use the data for the purposes stated in the consent procedure and within the scope outlined. For example, we will only inform you about our services after you have properly consented or indicated by other means that you would like to receive promotional information.
You may revoke or withdraw your consent at any time with immediate effect for the future. Upon receipt of your message, we will delete your data unless we are legally obliged or authorized to retain personal data relating to you. Please send your revocation notice to us. In case we process personal data based on your consent we may no longer be able to provide the respective service to you if you revoke your consent.
Automatically generated personal data
Using our website may lead to an automatic processing of personal data relating to you. Data processed may include in particular the name of your provider, your IP address, browser type, and system software, as well as the websites visited before, including keywords used for searches and the sites from which you have been transferred to our site (e.g., search engine or linked content). In all the aforementioned cases, processing is carried out in a way which does allow your identification, as we are potentially able to link between such metadata and data directly relating to you (identifiable data). Such linkage is carried out in order to monitor the technical performance, reliability and security of our system.
When we issue newsletters, we may, due to technical reasons, automatically track whether you opened our newsletter, and whether you have accessed from the newsletter content which had been linked in our newsletter (both internal and external links).
Social Media Intergration
Our website contains hyperlinks to social media (so called “social plugins”) operated by third parties. The functionality of these social plugins, in particular the transfer of information and user data is not activated by visiting our website, but only by clicking the hyperlinks (social plugins). Once you click on any of these links, the plugin of the respective social media tool will be activated and your browser will establish a direct connection with the server of this social media tool.
If you click on the social plugin while you are visiting our website, a transfer of your user data to the respective social media network and the processing of your data through the social media network may occur. If you activate any of the social media plugins on our website while you are at the same time simultaneously logged into the respective social media tool with your personal account for that social media tool, the information that you have visited our website and that you have clicked the plugin on our website may be transferred to the social media tool and may be processed and stored in relation to your account with this social media tool.
To prevent such processing in relation to your account with the respective social media tool, you need to log out of your account before clicking the plugin link. You may also prevent the activation of social media plugins by adjusting the add-on settings of your browser, for example, by installing a so-called script-blocker such as “NoScript“ (http://noscript.net/).
To learn more about the purpose and scope of data processing by social media tools, and to receive further information about the processing and use of data relating to you, as well as your rights and detailed instructions how to protect your privacy, please refer to the privacy terms of the respective social media tool. For the data processing that is initiated by clicking on the social plugin on our website, the respective social media tool is solely responsible.
To enable you to obtain more detailed information on the privacy terms of social media tools, we would like to refer you to the social media tools currently embedded into our website.
On our website, we currently use social plugins of the social media tools Facebook, Youtube and we may also use the micro-blogging service Twitter.
These services are offered by Facebook Inc., Youtube Inc and Twitter Inc. respectively. Technically, social media plugins used by these third-party providers are cookies as described under these Privacy Terms.
Facebook is operated by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA. Detailed information regarding plugins used by Facebook is available at: https://developers.facebook.com/docs/plugins
Twitter is operated by Twitter Inc., 1355 Market St, Suite 900, San Francisco, CA 94103, USA. Detailed information regarding plugins used by Twitter is available at: https://twitter.com/about/resources/buttons
Due to the integration of the social media plugins into our website, the respective social media tools may obtain personal data relating to you if you activate the plugin, even if you do not have an account with the social medial tool or if you are not logged into your account of the respective social media tool.
Such information (including your IP address) may be directly transferred from your browser to a server of the social media tool provider and will be processed there. The social media tool providers Facebook and Twitter process personal data relating to users from EU/EEA countries, according to information that has been made available publicly, within the EU. Data relating to users who reside in a country outside the EU/EEA may be processed in the United States of America or another third country.
We cannot be held accountable for the data processing of such third party providers. In case data relating to you, which have been obtained within the EU/EEA, are transferred by the third party provider to servers outside the EU/EEA, you shall be aware that we have no legal or technical influence thereon.
Marketing and Targeting
We may make use of the Facebook Custom Audience pixel. A Custom Audience pixel is a tiny piece of Java script code that we have incorporated into each of our web pages. This piece of code provides a series of functions for transmitting application-specific events and user-defined data to Facebook. We use Custom Audience pixels to record information about the way visitors use our website. For this reason, each of our web pages contains a Custom Audience pixel. This pixel records information about the user’s browser session, which it sends to Facebook along with a hashed version of the Facebook ID and the URL viewed.
We do not use the Facebook Lookalike Customs Audience service, and we do not provide Facebook with any information from our customer relationship management system or any other central database controlled by us. As such, we do not transfer or disclose any personally identifiable information to Facebook or combine any information obtained in connection with these terms with personally identifiable information. By using our site, you agree and confirm that you are aware of the use of Facebook generated pixels for targeted online advertising.
Further details on the collection and processing of data through Facebook are available in the privacy- policy section of Facebook Inc.: https://www.facebook.com/about/privacy/
You may also deactivate the remarketing-function of Custom Audiences at https://www.facebook.com/settings/. Please be aware that you must be logged in to Facebook in order to be able to adjust your settings.
We use a video marketing tool provided by Youtube. Youtube is owned by Google Inc. We embed Youtube player into our website to facilitate the viewing of our promotional videos. We use Youtube to promote our business online.
Youtube and Heathfield Residential Home both adhere to the relevant EU data-protection law. We do not receive any personally identifiable data from Youtube.
This website uses Google Analytics, a web-analytic service provided by Google, Inc. (www.google.com). Google Analytics uses “cookies”, text files which are stored on your computer and which allow an analysis of the use of the website by you. The information generated by the cookie about your use of this website is generally transferred to a Google server in the USA and stored there.
However, in the case of the activation of the IP anonymisation on this website, your IP address will have been previously abridged by Google within the member states of the European Union or in other states parties to the Agreement on the European Economic Area. Only in exceptional cases, will the full IP address be transferred to a Google server in the US and abbreviated there. IP anonymisation is active on this website.
On behalf of Heathfield Residential Home, Google will use this information to evaluate your use of the website, to compile reports on website activity, and to provide other services related to website usage and internet usage. The IP address provided by your browser as part of Google Analytics will not be merged with other Google data. You can prevent the Google cookies from being saved by setting your browser settings accordingly.
Where users have chosen to enable Google to associate their web and app browsing history with their Google account and to use information from their Google account to personalize ads, Google will use data from its signed-in users together with your Google Analytics data to build audience lists for cross-device remarketing. In order to support this feature, two things will happen: First, for users on this site, Google Analytics will collect Google-authenticated identifiers associated with users’ Google Accounts (and therefore, personal information). Second, Google Analytics will temporarily join these identifiers to this site’s Google Analytics data in order to support our audiences.
To learn more about Google Analytics, including how to opt out of it, please visit https://tools.google.com/dlpage/gaoptout
Third-party access to your personal data and cross-border transfer
The collection, processing and use of personal data is carried out by us and by other companies and organisations of the Heathfield Residential Home network, or external data processors who process data on behalf of us and who are contractually and legally obliged to comply with applicable data protection standards. In the latter two cases, we will ensure that we and external service providers comply with the relevant legal data protection rules and the obligations arising from these Privacy Terms. We adhere to the legal requirements stipulated in the EU General Data Protection Regulation (and if applicable, relevant national law), unless more stringent legal requirements are applicable, which supersede the EU legal framework.
Other than in the cases explicitly outlined, third parties will have no access to your personal data. We particularly refrain from selling your personal data. Only in case of administrative request or a legal obligation, we may be forced to transfer your personal data to the competent authority exercising such a request. The same applies in case of a court order regarding the transfer/disclosure of data relating to you. In case of an administrative, legal or judicial request for data transfer, we will assess in each individual case whether the transfer is compliant with the principles enshrined in the EU General Data Protection Regulation. If deemed necessary, we may take legal actions against such order or request.
We have taken technical and organizational measures to protect your personal data against loss, alteration, theft or access by unauthorized third parties. Our processes are compliant with Art 32 ff. of the EU General Data Protection Regulation, and/or with the applicable national laws and standards. We work with a number of external partners and have taken contractual steps to ensure that all external service providers comply with the relevant IT security standards, including but not limited to the requirements of the GDPR.
The data that we keep about you is your data and we ensure that we keep it confidential and that it is used appropriately. You have the following rights when it comes to your data:
- You have the right to request a copy of all of the data we keep about you. Generally, we will not charge for this service;
- You have the right to ask us to correct any data we have which you believe to be inaccurate. You can also request that we restrict all processing of your data while we consider your rectification request;
- You have the right to request that we erase any of your personal data which is no longer necessary for the purpose we originally collected it for. We retain our data in line with the Information Governance Alliance’s guidelines (https://digital.nhs.uk/data-and-information/looking-after-information/data-security-and-information-governance/codes-of-practice-for-handling-information-in-health-and-care/records-management-code-of-practice-for-health-and-social-care-2016)
- You may also request that we restrict processing if we no longer require your personal data for the purpose we originally collected it for, but you do not wish for it to be erased.
- You can ask for your data to be erased if we have asked for your consent to process your data. You can withdraw consent at any time – please contact us to do so.
- If we are processing your data as part of our legitimate interests as an organisation or in order to complete a task in the public interest, you have the right to object to that processing. We will restrict all processing of this data while we look into your objection.
You may need to provide adequate information for our staff to be able to identify you, for example, a passport or driver’s licence. This is to make sure that data is not shared with the wrong person inappropriately. We will always respond to your request as soon as possible and at the latest within one month.
If you would like to complain about how we have dealt with your request, please contact:
Information Commissioner’s Office