1. Introduction

This is the Privacy Notice of Encore Care Homes and all Care Homes which it manages or operates.

As part of the services we offer, we are required to process personal data about our staff, their relatives our residents and, in some instances, the friends or relatives of our residents. “Processing” can mean collecting, recording, organising, storing, sharing or destroying data.

We are committed to providing transparent information on why we need to process personal data and what we do with it. This information is set out in this privacy notice. It will also explain your rights when it comes to your data.

2. Residents

What data do we have?

So that we can provide a safe and professional service, we need to keep certain records about our Residents. We may record the following types of data about our Residents:

  • Their basic details and contact information e.g. name, address, date of birth and next of kin;
  • Financial details e.g. details of funding arrangements and how care is paid for.

We also record the following data which is classified as “special category”:

  • Health and social care data about our Residents, which might include both physical and mental health data.
  • We may also record data about race, ethnic origin, sexual orientation or religion.

Why do we have this data?

We require this data so that we can provide high-quality care and support. By law, we need to have a lawful basis for processing personal data.

We process personal data because;

  • We are required to do so in order to fulfil a contract that we have with our Resident;
  • We have a legal obligation to do so – generally under the Health and Social Care Act 2012 or Mental Capacity Act 2005.

We process personal data because;

  • It is necessary due to social security and social protection law (generally this would be in safeguarding instances);
  • It is necessary for us to provide and manage social care services;
  • We are required to provide data to our regulator, the Care Quality Commission (CQC), as part of our public interest obligations.

We may also process resident data with their consent. If we need to ask for permission, we will offer a clear choice and ask for confirmation of consent. We will also explain clearly what we need the data for and how consent can be withdrawn.

Where do we process data?

So that we can provide high quality care and support we need specific data. This is collected from or shared with:

  1. Residents or their legal representative(s);
  2. Third parties.

We do this face to face, via phone, via email, via our website, via post, via application forms and via apps.

Third parties are organisations we have a legal reason to share resident data with. These include:

  • Other parts of the health and care system such as local hospitals, the GP, the pharmacy, social workers, clinical commissioning groups, and other health and care professionals;
  • The Local Authority;
  • Organisations we have a legal obligation to share information with i.e. for safeguarding, the CQC;
  • The police or other law enforcement agencies if we have to by law or court order.

3. Staff

What data do we have?

So that we can provide a safe and professional service, we need to keep certain records about our staff. We may record the following types of data about our staff:

  • Basic details and contact information e.g. name, address, date of birth, National Insurance number and next of kin;
  • Financial details e.g. details so that we can pay our staff, insurance, pension and tax details;
  • Training records.

We also record the following data which is classified as “special category”:

  • Health and social care data, which might include both physical and mental health data – we will only collect this if it is necessary for us to know as employer, e.g. fit notes or in order to claim statutory maternity pay;
  • We may also record data about race, ethnic origin, sexual orientation or religion;
  • Criminal Records Data.

Why do we have this data?

We require this data so that we can contact staff, pay staff and make sure staff receive the training and support needed to perform their job. By law, we need to have a lawful basis for processing personal data.

We process staff personal data because:

  • We have a legal obligation under UK employment laws;

We process special category data because:

  • It is necessary due to social security and social protection law – we are required to perform Disclosure and Barring Service (DBS) checks on our staff;
  • It is necessary for us to process requests for sick pay or maternity pay;
  • We are required to provide data to our regulator, the Care Quality Commission (CQC), as part of our public interest obligations.

We may also process staff data with their consent. If we need to ask for staff permission, we will offer a clear choice and ask that staff confirm their consent to us. We will also explain clearly what we need the data for and how consent can be withdrawn.

Where do we process data?

As an employer we need specific data. This is collected from or shared with:

  1. Staff or their legal representative(s);
  2. Third parties.

We do this face to face, via phone, via email, via our website, via post, via application forms and via apps.

Third parties are organisations we have a legal reason to share staff data with. These include:

  • Her Majesty’s Revenue and Customs (HMRC);
  • Our pension scheme, The People’s Pension
  • Our external payroll provider, Polestar Payroll
  • Organisations we have a legal obligation to share information with i.e. for safeguarding, the CQC;
  • The police or other law enforcement agencies if we have to by law or court order.

Friends/Relatives (“Connected individuals”)

What data do we have?

As part of our work providing high-quality care and support, it might be necessary that we hold the following information on friends and relatives of both our staff and residents:

  • Basic details and contact information e.g. name and address;

Why do we have this data?

By law, we need to have a lawful basis for processing personal data.

We process data because we have a legitimate business interest in holding next of kin and lasting power of attorney information about  our residents and keeping emergency contact details for our staff.

We may also process data with consent. If we need to ask for permission, we will offer a clear choice and ask for confirmation of consent. We will also explain clearly what we need the data for and how consent can be withdrawn.

Where do we process data?

So that we can provide high quality care and support we need specific data. This is collected from or shared with:

  1. Connected Individuals or their legal representative(s);
  2. Third parties.

We do this face to face, via phone, via email, via our website, via post, via application forms and via apps. .

Third parties are organisations we have a legal reason to share data with. These may include:

  • Other parts of the health and care system such as local hospitals, the GP, the pharmacy, social workers, clinical commissioning groups, and other health and care professionals;
  • The Local Authority;
  • The police or other law enforcement agencies if we have to by law or court order.

The data that Encore keep about Individuals is personal data and Encore ensure that we keep it confidential and that it is used appropriately.  Individuals have the following rights when it comes to their personal data:

  1. The right to request a copy of all of the data Encore keeps for that Individual. Generally, Encore will not charge for this service;
  2. The right to ask Encore to correct any data Encore has which is believed to be inaccurate. An Individual can also request that Encore restrict all processing of data while we consider their rectification request;
  3. The right to request that Encore erase any personal data which is no longer necessary for the purpose originally collected it for.  Encore retain data in line with the Information Governance Alliance’s guidelines (https://digital.nhs.uk/data-and-information/looking-after-information/data-security-and-information-governance/codes-of-practice-for-handling-information-in-health-and-care/records-management-code-of-practice-for-health-and-social-care-2016).
  4. An Individual may also request that Encore restrict processing if the personal data is no longer required for the purpose originally collected for.
  5. Ask for data to be erased if Encore have asked for consent to process data. An Individual can withdraw consent at any time – please contact us to do so.
  6. If Encore are processing data as part of their legitimate interests as an organisation or in order to complete a task in the public interest, the individual has the right to object to that processing. Encore will restrict all processing of this data while they look into the Individuals objection.

An Individual may need to provide adequate information for Encore staff to be able to identify them, for example, a passport or driver’s licence. This is to make sure that data is not shared with the wrong person inappropriately. We will always respond to an Individuals request as soon as possible and at the latest within one month.

If you would like to complain about how Encore have dealt with your request, please contact:

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

https://ico.org.uk/global/contact-us/