My Care My Home Limited is an independently owned care services provision company which assists the elderly population with care services and free care advice. It operates domiciliary care provision; hospital discharges services, care assessments and free advice for any elderly care related needs.
The Head Office consists of Customer Care, Finance, Human Resources, Management and the Domiciliary Care function for the Monmouth branch. These departments and their employees provide support across the wider business and the Cardiff office is essentially the hub.
The IT and finance infrastructure is currently operated by Shaw Healthcare Group under an SLA agreement. From the MCMH offices, we are able to log in to certain Shaw systems to access information but are solely dependent on their connections and infrastructure.
The EU General Data Protection Regulation (GDPR) becomes operative on 25 May 2018. It replaces the 1995 EU Data Protection Directive (European Directive 95/46/EC), strengthening the rights that EU individuals have over their data, and creating a uniform data protection law across Europe. These provisions supplement the requirements of the Data Protection Act (The Act).
My Care My Home Limited’s Services and Approach
In order to perform the daily duties of running services on behalf of our clients, My Care My Home Limited collects and uses certain types of information relating to our clients.
This personal information is collected and dealt with appropriately whether it is collected on paper, stored in a computer database or recorded on other material. My Care My Home Limited has put in place safeguards to ensure this information is protected under the Data Protection Act 1998 and General Data Protection Regulation (GDPR).
Our data protection policy outlines what My Care My Home Limited does with the data that is collected, who it will be shared with and how it will be stored.
My Care My Home Limited’s Commitment
My Care My Home Limited complies with the GDPR regulations as a ‘Data Processor’ and where applicable as a ‘Controller’. We will assist our clients wherever possible to meet their GDPR obligations.
This policy sets out My Care My Home Limited’s approach to the protection of data for all clients and other service users with whom we interact including our employees. My Care My Home Limited wishes to stress the high level of importance that it places upon complying with the requirements of GDPR.
Data Controller and Data Processor
My Care My Home Limited can be both a Data Processor and a Data Controller under the regulations.
My Care My Home Limited is a Data Controller as it collects and uses personal data. It determines how and when data will be processed.
My Care My Home Limited is a Data Processor when data is being processed on behalf of our clients.
My Care My Home Limited is also responsible for notifying the Information Commissioners Office (ICO) of the data it holds or is likely to hold, and the general purposes that this data will be used for. The current registration shows the nature of our work as General Business and the reasons we hold and process data. (See Appendix 1. For details)
My Care My Home Limited’s Chief Executive Officer is responsible for ensuring that we comply with all provisions within this policy and the Act.
Data Protection Principles
My Care My Home Limited regards the lawful and correct treatment of personal information as critical to maintaining the confidence of those with whom we deal.
To this end, My Care My Home Limited will adhere to the Principles of Data Protection, as detailed in the Data Protection Act 1998.
Specifically, the Principles require that personal information:
- Shall be processed fairly and lawfully and, in particular, shall not be processed unless specific conditions are met
- Shall be obtained only for one or more of the purposes specified in the Act, and shall not be processed in any manner incompatible with those purposes
- Shall be adequate, relevant and not excessive in relation to those purposes,
- Shall be accurate and, where necessary, kept up to date
- Shall not be kept for longer than is necessary
- Shall be processed in accordance with the rights of data subjects under the Act,
- Shall be kept secure by the Data Controller who takes appropriate technical and other measures to prevent unauthorised or unlawful processing or accidental loss or destruction of, or damage to, personal information
- Shall not be transferred to a country or territory outside the European Economic Area and Chanel Islands.
My Care My Home Limited may share data that it could reasonably be expected to with other agencies such as local authorities or the police. Staff are encouraged to not discuss work related matters whilst away from the office where other external parties could overhear or with third parties, unless the requirement is specific to the job.
There are circumstances where the law requires My Care My Home Limited to disclose data (including sensitive data) without the data subject’s consent. These are:
- Carrying out a legal duties or as authorised by the Secretary of State
- Conducting any legal proceedings, obtaining legal advice or defending any legal rights
- Data can be shared with clients’ (the auditors, regulators or a client company director) where necessary in order for them to monitor our work and maintain the Data Processing obligation of the client and agent relationship.
My Care My Home Limited will ensure that data is collected within the terms set out in this policy. This applies to data that is collected in person or in the written word from the completion of a form.
When collecting data, My Care My Home Limited will ensure that the client clearly understands what the data will be used for and what the consequences are should the Individual/Service User decide not to give consent to processing.
My Care My Home Limited Staff Roles and Responsibilities
My Care My Home Limited Managers are responsible for:
- Ensuring that data protection requirements are observed
- Providing clear messages to their staff regarding appropriate processing of the personal data that they handle
- Identifying and addressing training needs within the team
All employees are responsible for:
- Complying with the data protection principles, as supported by the Policy, guidance on the application of the Policy and associated policies and guidance, such as the My Care My Home Limited IT Security Policy and Procedures
- Contacting their manager for guidance if they are in any doubt about how they should deal with certain personal data
- Only processing personal data in the manner that is authorised for the purpose of carrying out their responsibilities or with management authorisation.
My Care My Home Limited takes data protection compliance very seriously; any breach of data protection legislation, local data protection procedures and/or the provisions of the Data Protection Policy may render staff liable to internal disciplinary proceedings. Staff should be aware that it is a criminal offence to breach certain provisions of the Act and GDPR regulations. Knowingly or recklessly obtaining or disclosing personal data may leave an individual employee liable to prosecution
My Care My Home Limited is accountable to maintain control of confidentiality of its and its clients’ records. My Care My Home Limited must therefore take steps to ensure that personal data is kept secure at all times against unauthorised or unlawful loss or disclosure.
My Care My Home Limited will ensure that data is collected and stored safely and securely. This may include:
- Using lockable cupboards (restricted access to keys)
- Archived data is kept off site with a secure third-party storage company, The Maltings in Cardiff
- Password protection on IT systems, which users are expected to change frequently.
- Emails are to be routinely deleted after a period of 6 months and archived.
- Setting up computer systems to allow restricted access to certain areas
- Copies of programs or data must not be taken or removed from My Care My Home Limited’s premises without the express permission of a Line Manager. However, when data is taken off site on laptops and mobiles, My Care My Home Limited aims to protect the data on these medias by instructing staff to log-on to the network using your own account and keeping their passwords confidential.
- Back up of data on computers kept on separate hard drives on a secure server on site
- A restriction on use of personal memory sticks
- A restriction on staff logging into non work related internet sites
Information will be stored for only as long as it is needed or required by statute and will be disposed of appropriately.
It is My Care My Home Limited’s responsibility to ensure all personal and company data is non- recoverable from any computer system previously used within the organisation, which has been passed to a third party.
Access and Accuracy
Service users whose personal information are processed by My Care My Home Limited have the right to know:
- What information we hold and process on them
- How to gain access to this information
- How to keep it up to date
- What controls we have in place to ensure we comply with the Act.
Service users also have the right to prevent processing of their personal data in some circumstances and the right to correct, rectify, block or erase information determined to be wrongfully collected.
Service users have a right under the Act to access certain personal data being kept about them on computer and certain files.
The following information will be required before access is granted:
- Full name and contact details of the person making the request
- Their relationship with My Care My Home Limited
- Any other relevant information – e.g. timescales involved
Queries about handling personal information will be dealt with swiftly and politely.
My Care My Home Limited will aim to comply with requests for access to personal information as soon as possible, but will ensure it is provided within the one month required by the Act from receiving the written request. This policy was last updated in May 2018 and will be reviewed regularly and updated as necessary to reflect any additional regulatory requirements as well as best practice in data management, security and control.
My Care My Home respects your privacy.
Any personal information you provide to us including and similar to your name, address, telephone number and e-mail address will not be released, sold, or rented to any entities or individuals outside of My Care My Home.
Remember the risks whenever you use the internet
While we do our best to protect your personal information, we cannot guarantee the security of any information that you transmit to My Care My Home and you are solely responsible for maintaining the secrecy of any passwords or other account information. In addition other internet sites or services that may be accessible through My Care My Home have separate data and privacy practices independent of us, and therefore we disclaim any responsibility or liability for their policies or actions.
Please contact those vendors and others directly if you have any questions about their privacy policies.