Privacy Policy

Privacy and our Website

Below are some quick access summaries of our privacy policies for our website. Jump to ‘General Privacy Notice’ for full details.

Information that is gathered from visitors

In common with other websites, log files are stored on the web server saving details such as the visitor’s IP address, browser type, referring page and time of visit.

Cookies may be used to remember visitor preferences when interacting with the website.

Where registration is required, the visitor’s email and a username will be stored on the server.

How the Information is used

The information is used to enhance the visitor’s experience when using the website to display personalised content and possibly advertising.

E-mail addresses will not be sold, rented or leased to 3rd parties.

E-mail may be sent to inform you of news of our services or offers by us or our affiliates.

Visitor Options

If you have subscribed to one of our services, you may unsubscribe by following the instructions which are included in e-mail that you receive.

You may be able to block cookies via your browser settings but this may prevent you from access to certain features of the website.

Cookies

Cookies are small digital signature files that are stored by your web browser that allow your preferences to be recorded when visiting the website. Also they may be used to track your return visits to the website.

3rd party advertising companies may also use cookies for tracking purposes.

Google, as a third party vendor, uses cookies to serve ads.

Google’s use of the DART cookie enables it to serve ads to visitors based on their visit to sites they visit on the Internet.

Website visitors may opt out of the use of the DART cookie by visiting the Google ad and content network privacy policy.

General Privacy Policy

Introduction

As part of the services we offer, we are required to process personal data about our staff, our service users and, in some instances, the friends or relatives of our service users and staff. “Processing” can mean collecting, recording, organising, storing, sharing or destroying data.

We are committed to being transparent about why we need your personal data and what we do with it. This information is set out in this privacy notice. It also explains your rights when it comes to your data.

If you have any concerns or questions please contact us

These policies apply to all the services we provide, such as when using our software, our consultancy or scientific support services.

Service Users

What data do we have?

So that we can provide a safe and professional service, we need to keep certain records about you. We may process the following types of data:

  • Your basic details and contact information e.g. your name, address, date of birth and next of kin;
  • Your financial details e.g. details of how you pay us for your care or your funding arrangements. We also record the following data which is classified as “special category”:
  • Health and social care data about you, which might include both your physical and mental health data.
  • We may also record data about your race, ethnic origin, sexual orientation or religion.

Why do we have these data?

We need these data so that we can provide high-quality care and support. By law, we need to have a lawful basis for processing your personal data.

We will process your data because…

When supplying security and defence services
  • We will provide assistance to those who have either warrantry powers, or a legal obligation to do so.
When supplying healthcare and scientific research services

  • We have a legal obligation to do so – generally under the Health and Social Care Act 2012 or Mental Capacity Act 2005.

  • It is necessary for us to facilitate our clients (usually healthcare providers in England) in the provision and management of health and social care provision.

  • We are required to provide data to our regulator, the Care Quality Commission (CQC), as part of our public interest obligations.

We may also process your data with your consent. If we need to ask for your permission, we will offer you a clear choice and ask that you confirm to us that you consent. We will also explain clearly to you what we need the data for and how you can withdraw your consent at any time.

Where possible, we process data anonymised, and using the minimal set of data to provide the required services.

Common law duty of confidentiality

In our use of information we have collected or which has been shared with us, we satisfy the common law duty of confidentiality because:

  • You have provided us with your consent (either implicitly to provide you with care, or explicitly for other uses).

  • We have a legal requirement to collect, share and use the data.

  • The public interest to collect, share and use the data overrides the public interest served by protecting the duty of confidentiality (for example sharing information with the police to support the detection or prevention of serious crime).

Where do we process your data?

Your data will always be processed within the UK and by Polygeist, or by a care provider (such as an NHS Trust) or by a government department or agency (such as the Ministry of Defence, or the Police).

Third party organisations we might lawfully share your data with include:

  • The Local Authority.
  • Organisations we have a legal obligation to share information with (e.g. for safeguarding, the CQC).
  • The police or other law enforcement agencies if we have to by law or court order.

Opting Out

At this time, we do not share any data for planning or research purposes for which the national data opt-out would apply. We review all of the confidential patient information we process on an annual basis to see if this is used for research and planning purposes. If it is, then individuals can decide to stop their information being shared for this purpose. You can find out more information at https://www.nhs.uk/your-nhs-data-matters/.

When we are no longer providing services to our clients, your data will be destroyed. However, you can always opt-out by contacting us

If any data processing falls within scope of the National Data Opt-Out we use MESH to check if any of our service users have opted out of their data being used for this purpose. Under these circumstances, see ‘Going beyond individual care’.

Going beyond individual care

The information collected about you when you use health and care services can also be used and provided to other organisations for purposes beyond your individual care, for instance to help with:

  • improving the quality and standards of care provided
  • research into the development of new treatments
  • preventing illness and diseases
  • monitoring safety
  • planning services

This may only take place when there is a clear legal basis to use this information. All these uses help to provide better health and care for you, your family and future generations. Confidential patient information about your health and care is only used like this when allowed by law.

Most of the time, the data used for research and planning is anonymised, so that you cannot be identified and your confidential patient information is not accessed.

You have a choice about whether you want your confidential patient information to be used in this way. If you are happy with this use of information you do not need to do anything. If you do choose to opt out, your confidential patient information will still be used to support your individual care.

To find out more or to register your choice to opt out, please visit www.nhs.uk/your-nhs-data-matters.

You can change your mind about your choice at any time.

Staff & Relatives

What do we have?

So that we can provide a safe and professional service, we need to keep certain records about you and your relatives and those connected to you. We may record the following types of data:

  • Your basic details and contact information e.g. your name, address, date of birth, National Insurance number and next of kin;
  • Your financial details e.g. details so that we can pay you, insurance, pension and tax details;
  • Your training records.

We also record the following data which is classified as “special category”:

  • Health and social care data about you, which might include both your physical and mental health data – we will only collect this if it is necessary for us to know as your employer, e.g. fit notes or in order for you to claim statutory maternity/paternity pay, and for our corporate health care insurance policies.

  • We may also, with your permission, record data about your race, ethnic origin, sexual orientation or religion.

For more details about what we can legally collect, see here

As part of your application you may – depending on your job role – be required to undergo a Disclosure and Barring Service (DBS) check (Criminal Record Check); or a more extensive vetting check such as Security Clearance (SC) or Developed Vetting (DV). We do not keep the results of these checks once they expire, or once you leave the company.

Why do we have these data?

We require these data so that we can contact you, pay you and make sure you receive the training and support you need to perform your job. By law, we need to have a lawful basis for processing your personal data.

We process your data because:

  • We have a legal obligation under UK employment law.
  • We are required to do so in our performance of a public task.
  • We have a legitimate interest in processing your data – for internal services and training.
  • It is necessary for us to process requests for sickness payments, maternity or paternity payments or other specific payments (such as expenses).

If we request your criminal records data it is because we have a legal obligation to do this due to the type of work you do. This is set out in the Data Protection Act 2018 and the Rehabilitation of Offenders Act 1974 (Exceptions) Order 1975. We do not keep a record of your criminal records information (if any). We do record that we have checked this. We may also process your data with your consent. If we need to ask for your permission, we will offer you a clear choice and ask that you confirm to us that you consent. We will also explain clearly to you what we need the data for and how you can withdraw your consent.

Where do we process your data?

As your employer we need specific data. This is collected from or shared with:

  • You and your representatives
  • Third parties.

We do this face to face, via phone, via email, via our website, via post, via application forms, and via apps.

Third parties are organisations we have a legal reason to share your data with. These include:

  • His Majesty’s Revenue and Customs (HMRC)
  • Our pension and healthcare schemes
  • Our external payroll provider
  • Our clients, for vetting purposes.
  • Organisations we have a legal obligation to share information with (e.g. for safeguarding).
  • The police or other agencies where we have to by law, or under order.
  • Vetting services, such as DBS and other organisations (we will ask your express permission in this instance).

Storing your personal information

Your data is stored on our systems, and on remote systems within the UK and EU. These systems are encrypted, and are only stored while they are required, for specified periods of time. When it is time to dispose of the information, we will:

  • securely dispose of your information by shredding paper records and wiping hard drives to the required standards specified in law.

Your rights

The data that we keep about you is your data and we ensure that we keep it confidential and that it is used appropriately. You have the following rights when it comes to your data:

  1. You have the right to request a copy of all of the data we keep about you. Generally, we will not charge for this service;
  2. You have the right to ask us to correct any data we have which you believe to be inaccurate or incomplete. You can also request that we restrict all processing of your data while we consider your rectification request;
  3. You have the right to ask that we erase any of your personal data which is no longer necessary for the purpose we originally collected it for.
  4. You may also request that we restrict processing if we no longer require your personal data for the purpose we originally collected it for, but you do not wish for it to be erased.
  5. You can ask for your data to be erased if we have asked for your consent to process your data. You can withdraw consent at any time – please contact us to do so.
  6. If we are processing your data as part of our legitimate interests as an organisation or in order to complete a task in the public interest, you have the right to object to that processing. We will restrict all processing of this data while we look into your objection.

You may need to provide adequate information for our staff to be able to identify you, for example, a passport or driver’s licence. This is to make sure that data is not shared with the wrong person inappropriately. We will always respond to your request as soon as possible and at the latest within one month.

If you would like to complain about how we have dealt with your request, please contact:

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

https://ico.org.uk/global/contact-us/