Greystones Nursing Home Ltd is registered with the Information Commissioners Office (ICO) under the provisions of the Data Protection Act 1998. Greystones takes its responsibilities under the Act very seriously. This notice provides details of how Greystones collects and uses information about you. For more general information about how we use your information.
What is this information?
Employment Records
Service User Records
Who uses this information?
Colleagues within our company use this information to assist people to receive appropriate care and support.
What authority do we have to collect and use this information?
Under the General Data Protection Regulations, we collect and use this information under authority given to us. The following categories of lawfulness apply:
6 (1) (c) processing is necessary for compliance with a legal obligation to which the controller is subject
6 (1) (d) processing is necessary in order to protect the vital interests of the data subject or of another natural person
9 (2) (c) processing is necessary to protect the vital interests of the data subject or of another natural person where the data subject is physically or legally incapable of giving consent
9 (2) (h) processing is necessary for the purposes of preventive or occupational medicine, for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services on the basis of Union or Member State law or pursuant to contract with a health professional
9 (2) (i) processing is necessary for reasons of public interest in the area of public health, such as protecting against serious cross-border threats to health or ensuring high standards of quality and safety of health care and of medicinal products or medical devices, on the basis of Union or Member State law which provides for suitable and specific measures to safeguard the rights and freedoms of the data subject, in particular professional secrecy
In the rare circumstance that we don’t have a legal authority to use your information, we will obtain your consent first.
Legal obligation under various UK laws including but not limited to:
• Care Act 2014
• Mental Capacity Act 2005
• Safeguarding legislation
• The Equality Act 2010
What is ‘person identifiable data’?
The term ‘person identifiable data’ relates to any data that could potentially identify a specific individual. The following data is classified as person identifiable: Name, age, address, postcode, place of birth, date of birth, gender, national insurance number, NHS number, contact details (including telephone numbers and e-mail addresses) any information about an individual that can be used directly, or in connection with other data, to identify, contact or locate that person.
Why do we use this information?
Process Payroll
Background Checks
Provide Care
Who are we likely to share this information with?
We may sometimes share the information we have collected about you where it is necessary, lawful and fair to do so. In each case we will only share the minimum amount of information, only when required, for the following reasons:
Local Authorities (BDMC)
Governing Body’s (CQC)
Disclosure and Barring Service (DBS)
How do we keep this information secure?
Your information is stored securely on database and document management systems with 2 step authentication to our servers, with stringent access and use policies. We also undertake quality checks and monitoring to ensure the information we hold is accurate at the time and being used appropriately.
How long do we keep this information?
This varies dependant of the information (for example, if it is personal, financial, sensitive) – a copy of our retention schedules are available. Copies of our Retention Policies are available via on request to the Registered Manager
What are your rights?
You have the right to request Greystones to stop processing your personal data in relation to any service. Wherever possible, we will seek to comply with your request but we may need to hold or process information in connection with one or more of our legal functions.
If you have any questions about our use of these data, or you wish to request a copy of the information we hold about you, or you wish to discuss your rights in relation to opting out from these processes, please contact Lisa Noble (Registered Manager)