PRIVACY NOTICE

 

At Ryde House Group we are committed to protecting and respecting your privacy.

 

This policy explains when and why we collect personal information, how we use it, the conditions under which we may disclose it and how we will keep it secure.

 

This policy is compliant with the EU General Data Protection Regulation (GDPR) and will be reviewed in line with the provisions of the UK Data Protection Bill 2018 (enacted 23rd May 2018).

 

We may need to change this policy from time to time. If we do then we will try to communicate these changes directly to you however it may not always be possible. Please check this document from time to time to see what, if any, changes have been made.

 

Any questions in relation to this policy or our privacy practices should be sent by email to dataprotection@rydehouse.com or in writing to:

 

Data Protection Team

The Centre

Ryde House Drive

Ryde,

Isle of Wight

PO33 3FE.

 

Who are we?

 

We are Ryde House Group and we provide care and support to adults and young people with learning disabilities through our network of residential homes and our domiciliary care agency.

 

The following companies oversee the day to day operation of our business:

 

Ryde House Homes Ltd

RHG Payroll Services Ltd

 

What is Personal Information?

 

The GDPR defines personal information as any information relating to an identified or identifiable natural person. An identifiable natural person is anyone that who can be identified directly or indirectly in reference to the information held. Your personal data may include but is not limited to: name, job title, date of birth, home address, telephone number/s, email addresses, emergency contact, employee number, photo.

 

‘Special categories’ of personal data (formerly called ’sensitive’ data) may relate to racial or ethnic origin, religious beliefs, data concerning physical and/or mental health data relating to sexual orientation and biometric data.

 

We may hold and use information about you because you are:

 

  • A current/former or prospective employee or volunteer

  • A representative of a current/former or prospective employee or volunteer

  • A current/former or prospective service user

  • A family member, friend or representative of a current/former/prospective service user

  • A professional involved in the care or support of any of our current/former or prospective service users

  • A professional involved in the support or welfare of a current/former or prospective employee

  • A representative of a third party agency with whom we work

  • A contractor involved in the provisions of goods or services to us

  • Any other natural person contacting us or working with us in any other capacity

 

What is Privacy?

 

Privacy is the confidentiality of your personal information. This is of paramount importance to Ryde House Group.

 

We are registered with the Information Commissioner as required under data protection law and are committed to compliance with the GDPR. 

 

What information do we collect and how?

 

Information that you give us:

 

You may provide us with information by completing one of our forms or by contacting us by phone or email.

 

If you contact us we will hold your personal information for as long as is required to deal with that request.

 

What is our legal basis for processing your personal information?

 

In order that processing is compliant with Data Protection legislation we must identify a lawful basis for processing personal data.

 

Personal Information obtain during recruitment:

 

Information related to recruitment will be obtained on the basis of legitimate interests.  For further information on our retention policy please contact the Data Protection Team using the details above.

Personal Information obtained during employment:

 

We require information in order to manage your employment with Ryde House Group. Information used for this purpose is processed on the basis of contract.

 

Information related to any aspect of payroll is processed on the basis of legal obligation.

 

Where any additional information is required we will process this under either legitimate interests on in some cases on the basis of consent. We will always make you aware of the lawful basis we are relying on.

 

Personal Information obtained for provision of care services:

 

Personal information obtained in relation to the provision of care services is processed for the performance of a contract with a commissioning body (local authority or NHS trust).

 

For further information please contact the Data Protection Team.

 

Your rights as a Data Subject

 

Under the legislation you may have the following rights depending on the lawful basis under which we process your information:

 

  1. The right to be informed about our collection and use of your personal data.

 

  1. The right to access the personal data we hold about you.

 

  1. The right to have your personal data rectified if any of your personal data held by us is inaccurate or incomplete.

 

  1. The right to be forgotten, i.e. the right to ask us to delete or otherwise dispose of any of your personal data

 

  1. The right to restrict (i.e. prevent) the processing of your personal data.

 

  1. The right to object to us using your personal data for a particular purpose or purposes.

 

  1. The right to data portability. This means that, if you have provided personal data to us directly, we are using it with your consent or for the performance of a contract, and that data is processed using automated means, you can ask us for a copy of that personal data to re-use with another service or business in many cases.

 

For further information about use of your personal data or exercising your rights please contact the Data Protection Team.

 

Further information about your rights can also be obtained from the Information Commissioners Office (ICO) or the Citizens Advice Bureau.

 

If you wish to make a complaint in relation to our use of your personal information then you may do so directly to the ICO.

 

How long will you keep my personal data?

 

We will hold your information for no longer than is necessary and in line with our retention plan. We will only process your information for the purposes that it was obtained.

 

For further information on our retention plan please contact the Data Protection Team.

 

How and where do you store my personal data?

 

Your personal information is stored securely in line with EU data protection principles. Where we use companies in the US to process data we ensure that privacy shield certification is in place.

 

For further information please contact the Data Protection Team.

 

How do you share my personal data?

 

We may share personal information with the following individuals or organisations:

 

  • Regulatory or supervisory bodies (CQC, HSE, ICO, HMRC)

  • Insurance providers

  • Police or law enforcement agencies

  • Safeguarding authorities

  • Health services and health professionals

  • Occupational Health Services

 

We will never lease, distribute or sell your personal data to any third parties.

COVID-19 PRIVACY NOTICE:

Recording customer details: how we use your information

 

To support NHS Test and Trace (which is part of the Department for Health and Social Care) in England, we have been mandated by law to collect and keep a limited record of staff, customers and visitors who come onto our premises for the purpose of contact tracing.

By maintaining records of staff, customers and visitors, and sharing these with NHS Test and Trace where requested, we can help to

identify people who may have been exposed to the coronavirus. As a visitor of Ryde House Group you will be asked to provide some basic information and contact details. The following information will be collected:

 

- the names of all visitors, or if it is a group of people, the name of one member of the group

- a contact phone number for each customer or visitor, or for the lead member of a group of people

- date of visit and arrival time and departure time

 

The venue/establishment as the data controllers for the collection of your personal data, will be responsible for compliance with data

protection legislation for the period of time it holds the information. When that information is requested by the NHS Test and Trace

service, the service would at this point be responsible for compliance with data protection legislation for that period of time.

The NHS Test and Trace service as part of safeguarding your personal data, has in place technical, organisational and

administrative security measures to protect your personal information that it receives from the venue/establishment, that it holds from loss, misuse, and unauthorised access, disclosure, alteration and destruction.

In addition, if you only interact with one member of staff during your visit, the name of the assigned staff member will be recorded alongside your information. For example, if another visitor at the venue reported symptoms and subsequently tested positive, NHS Test and Trace can request the log of customer details for a particular time period (for example, this may be all customers who visited on a particular day or time-band, or over a 2-day period).

 

We may require you to pre-book appointments for visits. Under government guidance, the information we collect may include

information which we would not ordinarily collect from you and which we therefore collect only for the purpose of contact tracing.

Information of this type will not be used for other purposes, and NHS Test and Trace will not disclose this information to any third party

unless required to do so by law (for example, as a result of receiving a court order). The information gathered by us in relation to your visit will be stored in line with our current retention period for recording ‘visitors’. We will only share information with NHS Test and Trace if it is specifically requested by them. Your information will always be stored and used in compliance with the relevant data protection legislation.

The use of your information is covered by the General Data Protection Regulations Article 6 (1) (c) – a legal obligation to which we as a

venue/establishment are subject to. The legal obligation to which we’re subject, means that we’re mandated by law, by a set of new regulations from the government, to co-operate with the NHS Test and Trace service, in order to help maintain a safe operating

environment and to help fight any local outbreak of corona virus. By law, you have a number of rights as a data subject, such as the right to be informed, the right to access information held about you and the right to rectification of any inaccurate data that we hold about you.

 

You have the right to request that we erase personal data about you that we hold (although this is not an absolute right).

You have the right to request that we restrict processing of personal data about you that we hold in certain circumstances.

You have the right to object to processing of personal data about you on grounds relating to your particular situation (also again this right is not absolute).

 

If you are unhappy or wish to complain about how your information is used, you should contact a member of staff in the first instance to

resolve your issue. If you are still not satisfied, you can complain to the Information

Commissioner’s Office. Their website address is www.ico.org.uk.

The data protection office of Ryde House Group is: Spencer Wilby.

Please contact dataprotection@rydehouse.com for more information.

We keep our privacy notice under review, and we will make new versions available on our privacy notice page on

www.rydehouse.com/privacy-notice. This privacy notice was last updated on 25 October 2020

Call us today on 01983 811629

HEAD OFFICE - Ryde House Care Group Ltd, Ryde House Drive, Ryde, Isle of Wight, PO33 3FE.  Company No: 9121796 -  © 2020 Ryde House Care Group Ltd