Privacy Notice
District Health respects your rights to data privacy and data protection when you communicate (online or offline) with us through our website, offices and our service user facing colleagues as they complete their important work.
Contacting District Health
If you have a question about this Privacy Policy or how we use your personal information, please email:
hello@districthealth.care
or write to us at:
District Health, Suite 17, Block, Royal William Yard, Plymouth, PL1 3RP
Privacy Notice – What Is It?
Our privacy policy is a statement which describes how we, District Health, collects, uses, retains and in certain and specific situations will share or discloses personal, sometimes sensitive information. District Health would only do this for service users personal information under the requirements of the Caldicott Principles as detailed by the National Data Guardian (NGD) for health and social care.
Different providers and organisations sometimes use different terms which effectively mean the same thing which can cause confusion. Sometimes privacy notices are referred to as a privacy statements, a fair processing notice. District Health has decided to call them privacy notices, as we believe this is a more accurate term.
Part of the requirements of a privacy notice is that we handle and process your personal information fairly and lawfully, we are therefore required to inform you of the following:
· Why we need your data.
· How it will be used and.
· Where it will be stored.
· Who it will be shared with.
This information also explains what rights you have to control how we use your information.
The law determines how organisations can use personal information. The key laws are:
· The Data Protection Act (DPA) 2018.
· The Human Rights Act (HRA) 1998.
· The UK General Data Protection Regulations (GDPR).
In addition to this there is other relevant health service legislation, and the common law duty of confidentiality.
District Health’s role or function within data security is to predominantly act as ‘Data Processor’, but there are situations where we act as a ‘Data Controller’. This is mainly when we are handling and managing our staff personal information, but it can extend at times to service user information. The Information Commissioners Office (ICO) provides some clear and concise guidance on the differences between these 2 roles and by which District Health will abide.
District Health recognises the importance of protecting all personal, confidential, and sensitive information as we conduct our business and takes great care to meet its legal duties and responsibilities at all times.
This part of the privacy notice outlines the management of the notice itself, contact details and other access to information legislation.
Complaints - about how we may control or process your personal information
In the first instance, we would invite you to contact District Health via hello@districthealth.care or by filling out the contact form which is accessible on our website.
What Information does District Health collect about you?
We only collect and use your information for the lawful purposes of administering and managing the business of District Health. These purposes include:
· Planning and booking service user’s care.
· Accounting and Auditing.
· Accounts and records.
· Advertising, marketing, and public relations.
· Crime prevention and prosecution of offenders.
· Education and sharing lessons learnt when things go wrong.
· Health & Social Care administration and services.
· Information and databank administration.
· Sharing and matching of personal information for the NHS national fraud initiative.
· Colleague employment, pay, training and general administration.
What types of personal data does District Health handle?
We process your personal information to enable us to support the provision of health and social care services to service users, maintain our internal accounts and records, promote our service, and to support and manage our colleagues in the essential work and services they provide.
We also use your information to support and monitor commissioned health and social care services in England to enable us to deliver high quality domiciliary care. This type of information will usually be provided to District Health by Integrated Care Systems (ICSs), Local Authorities (Las), Integrated Care Boards (ICBs) and NHS Trusts.
The types of personal information we use include:
· Personal details such as names, addresses, telephone numbers.
· Family details for example next of kin details.
· Education & training records of our staff.
· Employment details, for example for those that work for us either directly or are commissioned by us to provide a service on our behalf.
· Financial details, where we provide a service for payment.
· Lifestyle and social circumstances.
· Visual images, personal appearance and behaviour, for example if CCTV images are used as part of building security measures. **
· Details held in the service users personal care record required for the continued safe and effective provision of care services.
· Responses to surveys, where individuals have responded to surveys about any care and or service delivery issues.
** This excludes all images of service users without prior written permission. Permission to use any images still or video can be withdrawn at any time and without any explanation being required.
We may also process sensitive classes of information that may include:
· Racial and ethnic origin.
· Offences (including alleged offences), criminal proceedings, outcomes and sentences [Colleagues only].
· Trade union membership.
· Religious or similar beliefs.
· Employment tribunal applications, complaints, accidents, and incident details.
This information will generally relate to our colleagues. In terms of service user information, information may include, but not be limited to:
· Clinical information such as diagnoses of any relevant medical conditions, which may affect our ability to provide adequate and appropriate care.
· Infectious status.
· Allergies.
· Medications prescribed and currently being administered and what, if any, assistance is required.
· Height and weight.
· Mobility or service users and details of any special instructions or equipment required.
· Physical or mental health details including any behavioural issues or triggers.
How will District Health use information about you?
Your information is used to run and improve District Health’s services. It may be used to:
· Check and report on how effective District Health is at meeting yours and others care requirements.
· Ensure that money is used properly for services it is commissioned to provide.
· Investigate complaints, legal claims or important incidents.
· Make sure that District Health gives value for money at all times.
· Make sure our services are planned to meet service users’ needs both currently and in the future.
· Review the care we provide to sure it is of the highest possible standard.
· To improve the efficiency of our services, by sharing information with other organisations for a specific, justified purposes and approved by our Caldicott Guardian.
We may keep your information in written form or on a computer. Whenever possible all information that identifies you will be removed.
Storing and Protecting your Information
District Health only stores Personal Identifiable Information (PII) within the United Kingdom, European Economic Area (EEA) or a country deemed adequate by the UK. This is both a requirement of GDPR and NHS England Digital, standards which District Health will comply with.
Physical records that are stored in District Health premises which all have security monitoring systems in place. Digital records are secured and encrypted, for protection on District Health designated servers only. We do not share our storage facilities with other organisations. This service is managed and monitored, for District Health, by our contracted IT provider.
Sharing your Information
There are many reasons why we share information. This can be due to:
· Our obligations to comply with current legislation.
· In the best interest of a vulnerable person.
· Our duty to comply with a Court Order.
· You have consented to a disclosure after a transparent, clear, and open request from District Health.
It is essential that everyone understands that your right to privacy does not prevent District Health from its legal and regulatory responsibilities to report crimes and any situations where we feel a vulnerable person is subject to abuse and or neglect.
We do not share your data with bodies outside of the European Economic Area. We are aware of the requirements to ensure your data is protected against accidental loss or disclosure, destruction and abuse. We have implemented processes to guard against any such situation from arising.
Retaining Information
District Health will only retain information for as long as necessary, and as long as we are legally required to do so.
Records are maintained in line with our internal retention schedule which determines the length of time records should be kept. This information is available upon request.
Protecting your Information
We take our duty to protect your personal information and confidentiality seriously. We are committed to taking all reasonable measures to ensure the confidentiality and security of personal data for which we are responsible, whether computerised or on paper.
We have appointed a Senior Information Risk Owner (SIRO) who is accountable for the management of all information assets and any associated risks and incidents, and a ‘Caldicott Guardian’ who is responsible for the management of service user information and its confidentiality.
All colleagues are required to undertake annual ‘Information Governance’ training, to ensure that all levels within District Health, the importance of protecting your information and privacy is fully understood and practiced.
Under the District Health Colleague Handbook all our colleagues are also required to protect your information and inform you of how your information will be used. This includes, in most circumstances, allowing you to decide if and how your information can be shared.
Everyone working for District Health is subject to the common law duty of confidentiality. Information provided in confidence will only be used for the purposes advised and consented to by the service user, unless it is required or permitted by the law.
Your Rights
You have the following rights in relation to the personal data we hold on you:
· The right to be informed about the data we hold and what we do with it.
· The right of access to the data we hold about you. We operate a separate Subject Access Request policy, and all such requests will be dealt with accordingly and in compliance with UK Law and GDPR.
· The right for any inaccuracies in the data we hold about you, however they come to light, to be corrected. This is also known as ‘rectification’.
· The right to have data deleted in certain circumstances. This is also known as ‘erasure’.
· The right to restrict the processing of the data.
· The right to transfer the data we hold about you to another party. This is also known as ‘portability’.
· The right to object to the inclusion of any information.
· The right to regulate any automated decision-making and profiling of personal data.
In addition to the above rights, you also have the unrestricted right to withdraw consent, that you have previously provided, to our processing of your data at any time.
Withdrawing your consent means that we will stop processing the data that you had previously given us consent to use. There will be no consequences for withdrawing your consent. However, in some cases, we may continue to use the data where so permitted by having a legitimate reason for doing so.
If you wish to exercise any of the rights explained above, please contact the Data Protection Officer at District Health by emailing in the first instance: [please include in the subject line ‘for attention of the Data Protection Officer’].
DPO@districthealth.care
or write to us at:
District Health, Suite 17, Block, Royal William Yard, Plymouth, PL1 3RP
Please ensure that any written correspondence is addressed for the attention of the Data Protection Officer.
Processing of Special Categories of Personal Data
Article 9 of the EU GDPR provides some special considerations for certain types of data we may hold about you. District Health reserves the right to use these special provisions. In particular we may refer and use the special category of Section 9, Paragraph 2, sub-section H.
Paragraph 2, Sub-Section H:
Processing is necessary for the purpose or preventive or occupational medicine, for the assessment of the working capacity of the employee, medical diagnoses, the provision of health or social care or treatment or the management of health and social care systems and services on the basis of Union or Member State law or pursuant to contract with a health professional and subject to the conditions and safeguards referred to in paragraph 3 of article 9.
How to Access Your Information
The Data Protection Act and the General Data Protection Regulations (GDPR) gives you the right to see the information that DIST District Health or any organisation holds about you and why.
Right of Access (Subject Access Request)
The Data Protection Act and the General Data Protection Regulations (GDPR) gives you the right to see the information that District Health holds about you and why.
These are commonly referred to as Subject Access Requests and these requests must be made in writing to District Health and you will need to provide us with:
· Adequate information (for example your full name, address, date of birth, NHS number, employee number, etc.) so that your identity can be verified and your information located.
· We will also require specifics of what information you are requesting to enable us to locate this in an efficient manner.
We aim to comply with all requests for access to personal data as quickly as possible. We will endeavour to deal with all requests within 1 month of receipt, unless the request is highly complex, where we may need to extend this period out. If this occurs, we will contact the applicant and explain the why the extension is necessary. This provision is consistent with the requirements of Subject Access Requests under GDPR.
We also want to ensure that all your personal information is accurate and up to date. If you think any information is inaccurate or incorrect then please let us know by contacting us at:
DPO@districthealth.care
or write to us at:
District Health, Suite 17, Block, Royal William Yard, Plymouth, PL1 3RP
Cookie Policy
A cookie consists of information sent by a web server to a web browser and stored by the browser. The information is then sent back to the server each time the browser requests a page from the server. This enables the web server to identify and track the web browser.
We use “session” cookies on the website. We will use the session cookies to maintain a logged in user’s session and for order processing. Session cookies will be deleted from your computer when you close your browser.
We use Google Analytics to analyse the use of this website. Google Analytics generates statistical and other information about website use by means of cookies, which are stored on users’ computers. The information generated relating to our website is used to create reports about the use of the website. Google will store this information. Google’s privacy policy is available:
http://www.google.com/privacypolicy.html.
Most browsers allow you to reject all cookies, whilst some browsers allow you to reject just third-party cookies. For example, in Internet Explorer you can refuse all cookies by clicking “Tools”, “Internet Options”, “Privacy”, and selecting “Block all cookies” using the sliding selector. Blocking all cookies will, however, have a negative impact upon the usability of many websites, including this one.
