Privacy Notice
Introduction
We, Oxfordshire Crossroads, trading as Crossroads Care Oxford & Crossroads Care West Berkshire, are the ‘controllers’ of the information (‘personal data’) that we collect about you. Being controllers of your personal data, we are responsible for how your data is processed. The word ‘process’ covers most things that can be done with personal data including collection, storage, use and destruction of that data.
This notice explains why and how we process your data, and explains the rights you have around your data, including the right to access it and to object to the way it is processed. Please see the section on ‘Your rights as a data subject’ for more information.
We are a Care and Support service and our contact details are:
Crossroads Care
Crossroads Centre
Harberton Mead
Marston
Oxford OX3 0EA
Telephone: 01865 260280
email: care@oxfordshirecrossroads.org.uk
Alternatively, please call if you receive your services in the West Berkshire and RBWM area you can telephone your local office 01635 30008 or write to Crossroads Care West Berkshire, Broadway house, North Brook Street, Newbury, West Berkshire RG14 1BA.
Our Data Protection lead is K. Bultrowicz whom you can contact by email on kbultrowicz@oxfordshirecrossroad.org.uk if you have any queries about this notice or anything related to data protection.
Personal Data
‘Personal data’ is any information that relates to a living, identifiable person. This data can include your name, contact details, and other information we gather as part of our relationship with you.
It can also include ‘special categories’ of data, which is information about a person’s race or ethnic origin, religious, political or other beliefs, physical or mental health, trade union membership, genetic or biometric data, sex life or sexual orientation. It may also include information about disability, pregnancy and gender reassignment in so far as these may reveal information about a person’s health.
The collection and use of these types of data is subject to strict controls. Similarly, information about criminal convictions and offences is also limited in the way it can be processed.
We are committed to protecting your personal data, whether it is ‘special categories’ or not, and we only process data if we need to for a specific purpose, as explained below. We collect your personal data mostly through our contact with you, and the data is usually provided by you, but, in some instances, we may receive data about you from other people or organisations. We explain when this might happen in this Notice.
What information do we collect about you?
Oxfordshire Crossroads may collect the following personal information about you:
- Basic information such as name, date of birth, address, phone number and email – contact data
- Financial information such as how your care is paid for, and any past payments made – financial data
- Information about you and your family such as your next of kin, your partner or spouse, children and how to get in touch with them – third party data
- Information about your preferences, likes, dislikes, hobbies, and interests
- Visual images such as copies of identification and photographs of you and may help us deliver better services that are specific to you
- Information we receive from other sources such as GPs social workers and other healthcare professionals
- Dates and times of visits that your family have made to you
- Letters we have sent to your family about you
- Information about how you use our website or other technology including IP addresses or other device information – technical data
- Any enquiries you have made with us / printed newsletters, brochures, telephone, email, social media, intranet, staff communications – marketing data
Collecting sensitive data about you
Oxfordshire Crossroads may also need to collect some information about you which is particularly sensitive. This type of information is called special category personal data whereby the law states that we can only collect and use this kind of information for very specific legal reasons, such as providing your care or supporting other organisations with their enquiries such as safeguarding or the police.
Types of special category personal data that Oxfordshire Crossroads may collect and use under Article 9 of the UK GDPR:
- Information about your heath, including any medication condition, health and sickness records
- Information about your religion or beliefs
- Information about your race or ethnicity
- Information about your relationships
- Information about your sexual orientation
We may also need to collect your data from other people such as:
- National regulators
- The National Health Service (NHS), your doctor and healthcare providers
- Organisations such as the local authority who are responsible for funding and organising your care
- The Emergency Services
How do we use information about you?
We need to use personal information to ensure we are delivering the most appropriate safe care and support. The information we use will be held on a computer, handheld electronic device or as a paper record.
People will only be allowed to access your information when they have the correct level of authorisation to do so.
We use your personal information can be used for any of the following purposes:
- Prepare, review, and update a suitable care plan, describing the nature and level of care and support services which you have requested we supply to you
- To communicate with you, your representatives and any appropriate external social health care professionals about your individual needs and personalise the service to delivered to you
- Invoice you for care and support services in accordance with our terms and conditions
- Carry out quality assurance procedures, review our service and improve our customer experience (please note that the feedback can also be provided anonymously)
- Disclosing information to an appropriate regulator to inform them of certain incidents as required under the law
- Supplying you with information by email and/or post that you have opted into (you may opt out at any time by contacting us)
Legal reasons for obtaining and using your personal information
Oxfordshire Crossroads Care must have a legal reason to collect and use your information. We will use different reasons, depending upon its purpose. This must be explained to you when, or as soon as possible after, we collect your information, or when it is given to us by someone else.
There a few reasons why we can collect and use your personal information. We rely on the following grounds with GDPR:
Article 6(1)(b) – processing is necessary for the performance of our contacts to provide individuals with care and support services.
Article 6(1)(c) – processing is necessary for us to demonstrate compliance with our regulatory framework and the law.
Article 9(2)(h) – processing is necessary for the provision of Social Care or the management of social care systems and services as the lawful basis on which we collect and use your personal data and special category data (such as your health).
We also rely on Article 6(1)(f) of GDPR to process your personal information in pursuit of legitimate interest, which may include marketing purposes, corporate due diligence and financial modelling, service development and innovation. This will help us to improve the services we already deliver to you and also develop new services.
- To comply with our legal obligations with regards to health and safety
- To protect your life in an emergency
- To act in the public interest
- To fulfil Oxfordshire Crossroads Care accepted interests
- We have your permission to use your information
Where Oxfordshire Crossroads must use information that is particularly sensitive, we must have additional legal reasons to collect and use your information.
These are:
- In order to protect the health and safety of everyone, including you
- In order to protect your life when you cannot give permission
- In order to act in a significant public interest, such as safeguarding
- In order to allow fairness in legal matters
- We have explicit consent to use your information
Sharing your personal information
On occasions, we may be asked to give your personal information or need to collect it from other organisations. These can include:
- Local authorities or Clinical Commissioning Groups
- National regulators
- Your doctor
- The Emergency services
Any companies we employ who use your personal information are responsible to you through legal agreements with Oxfordshire Crossroads around Data Protection such as:
- Care Quality Commission (England)
- Disclosure & Barring Service (England & Wales)
- Health & Safety Executive
- Information Commissioners Office
- NHS England
Do you have to consent to the use and sharing of information?
Oxfordshire Crossroads will only seek consent/permission to collect, use and share your personal information where you have freedom of choice about how your information is used, such as when you are completing a care plan, assessments, or questionnaires.
Where you do not have such freedom over how your information is used, we will use a different legal reason to collect, use and store your information.
If you decide not to provide us with your information, this can make it difficult for the organisation to assist you and in some circumstances we may no longer be able to provide care and support.
National Data Opt-Out
Crossroads Care reviews all our processing on an annual basis to assess whether any of our service user personal data is being processed for purposes other than individual direct care (such as research or planning purposes) in which case the National Data Opt-Out Policy applies. All new processing is also assessed. If any data falls within the scope of the National Data Opt-Out, we check if any of our service users have opted out of their data being used for this purpose.
At this time, we do not share any data for planning or research purposes for which the National Data Opt-Out would apply. We review all the confidential information we process on an annual basis to see if this is used for research or planning purposes. If it is, then individuals can decide to stop their information being shared for this purpose.
How We use Information
On occasion we may be legally required to share certain personal information with a third party by law, and sometimes without your knowledge. For example, we are required by law to tell the care regulators if certain incidents have happened. We will always look to provide this information in a way that reduces any risks to your privacy, but this is not always possible.
Your Rights under Data Protection
Under GDPR law, you have certain rights in relation to your personal data processed by us:
- The right to be informed
- The right of access
- The right to rectification
- The right to erasure (to “be forgotten”)
- The right to restrict processing
- The right to data portability
- The right to object
- The right not to be subject to automated decision-making, including profiling
Withdrawing consent
If we are relying on your consent to process your data, you may withdraw your consent at any time.
Is information sent outside the UK?
We do not routinely transfer data outside the European Union (EU), however one exception would be if we need to contact your family member(s) who reside out of the EU. Should this be the case we will do so in line with data protection laws.
Such countries do not have the same data protection laws as the United Kingdom and EEA. Any transfer of your personal information will be subject to appropriate or suitable relevant safeguards that are designed to help safeguard your privacy rights and give you remedies in the unlikely event of a misuse of your personal data. If personal data is sent outside of the United Kingdom or to any organisation (or subordinate bodies) it will be sent electronically and safely. Transferring of data may also be needed to local authorities and the NHS, this will be done using the NHS secure encrypted email platform or other secure method.
How long do we keep your personal data?
Personal information that we are no longer using is kept securely only for as long as it is needed, or is required by law, before being safely destroyed.
The duration for which your personal information is kept will depend on our reason for collecting it and is defined in Oxfordshire Crossroads Care Records Retention and Destruction Policy”.
Data security
We apply high security standards to the information we handle (including personal data) to prevent information from being accidentally lost, or used, accessed, or disclosed in an unauthorised way. These measures include the use of technology and other precautions such as the control of access to our care homes, offices, and systems.
Our IT service providers have secure access to data although strictly limited to IT support and we have contracts in place detailing confidentiality obligations. Our systems are regularly checked to ensure we comply with privacy standards.
Social media
Oxfordshire Crossroads uses social media such as Facebook and Twitter to keep families and the public up to date with what is going on in our homes. We will never use photographs of families or staff without seeking explicit consent to do so.
How to complain
We hope that we can resolve any query or concern you raise about our use of your information.
If you have any concerns about the way which we are using your personal information, please contact the head office.
Oxfordshire Crossroads Care, Crossroads Centre, Harberton Mead. Marston, Oxford OX3 0EA.
care@oxfordshirecrossroads.org.uk
Telephone: 01865 260280
Complaints to the Information Commissioner
You have a right to complain to the Information Commissioner’s Office (ICO) about the way in which we process your personal data. You can make a complaint on the ICO’s website https://ico.org.uk/.
Third party links and cookies on our website
Cookies are small files that websites store on your computer and that contain various types of information about your visit to a website. They are not viruses or malicious software, but they are generally aimed at providing you with a good experience when browsing a site by, for example, remembering your preferences so that you do not need to reset them every time you visit the website.
Cookies can record information about how you browse the internet. They can, therefore, be used by websites to advertise goods and services which, based on your browsing history, are similar to goods and services you have previously searched online. This is why some users reject or delete cookies.
Cookies normally expire after a length of time, which can vary from a few minutes to more than a year. Some cookies are ‘session cookies’ that are deleted when you close your internet browser or after a period of inactivity. Others are ‘persistent cookies’ that remain on your computer until their expiration date.
We do not store cookies on your computer without your consent, unless they have the sole purpose of carrying out the transmission of communications or they are strictly necessary for providing an online service.
You may restrict or block cookies that are set by any website through your browser settings. Your browser settings also allow you to clear your browsing history and delete cookies.
Information about how you can do this can be found on this link https://ico.org.uk/for-the-public/online/cookies. Mobile devices may have their own settings and you need to refer to the manual of the device. Please note that restricting or disabling cookies may impact the functioning of parts of our website.
Privacy review
Oxfordshire Crossroads reserves the right to update and amend any of the policy content in line with changes to our business or any regulatory changes which inform our practice.
Please note if you would like this notice in another format for example: large print and audio format please contact the following:
Oxfordshire Crossroads: Telephone 01865 260280
Newbury Crossroads: Telephone 01635 3008
Windsor: Telephone 07833449031