This is the VCare Systems Ltd Privacy Notice.
As part of the services we offer, we are required to process personal data about service users of our software (‘service users’), who include care home residents, care home staff and any other clinical users (including, but not limited to, GPs, CCG personnel) of the software. “Processing” can mean collecting, recording, organising, storing, sharing or destroying data.
We are committed to being transparent about why we need your personal data and what we do with it. This information is set out in this privacy notice. It also explains your rights when it comes to your data.
If you have any concerns or questions please contact us:
Floor 1, Building 2,
Hertfordshire, WD18 8YA
Tel: 0208 638 7291
What data do we have?
So that we can provide a safe and professional service, we need to keep certain records about you. We may process the following types of data:
• Your basic details and contact information e.g. name, title, addresses, telephone numbers, next of kin, photographs, personal email addresses, date of birth, gender, marital status, dependants and emergency contact information.
We also record the following data which is classified as “special category”:
• Health and social care data about you, which might include both your physical and mental health data.
• We may also record data about your race, ethnic origin, sexual orientation or religion.
Why do we have this data?
We need this data so that we can provide a high-quality subscription service under the agreement. By law, we need to have a lawful basis for processing your personal data. We process your data on the following legal bases: (1) with your consent; (2) as necessary to perform a service as part of an agreed contract; and (3) as necessary for our legitimate interests in enhancing our software services.
We process your special category data because
• It is necessary for the fulfilment of the contract;
We may also process your data with your consent. If we need to ask for your permission, we will offer you a clear choice and ask that you confirm to us that you consent. We will also explain clearly to you what we need the data for and how you can withdraw your consent at any time.
Where do we process your data?
So that we can provide you with high quality services. This is collected from or shared with:
1. You or your legal representative(s);
2. Third parties.
We do this face to face, via phone, via email, via our website, via post, via application forms, via apps.
Third parties are organisations we might lawfully share your data with. We will share your personal information with third parties where required by law, where it is necessary to administer the working relationship with you or where we have another legitimate interest in doing so. "Third parties" includes third-party service providers (including contractors and designated agents) and other entities within our group. We require third parties to respect the security of your data and to treat it in accordance with the law. All our third-party service providers and other entities in the group are required to take appropriate security measures to protect your personal information in line with our policies. We do not allow our third-party service providers to use your personal data for their own purposes. We only permit them to process your personal data for specified purposes and in accordance with our instructions. These third parties include:
• Other parts of the health and care system such as local hospitals, the GP, the pharmacy, social workers, clinical commissioning groups, and other health and care professionals;
• The Local Authority;
• Resident family or friends – with necessary permission;
• Organisations we may have a legal obligation to share information with i.e. for safeguarding, the CQC;
• The police or other law enforcement agencies if we have to by law or court order.
• Third party contractors and designated agents.
The data that we keep about you is your data and we ensure that we keep it confidential and that it is used appropriately. You have the following rights when it comes to your data:
1. You have the right to request a copy of all of the data we keep about you. Generally, we will not charge for this service;
2. You have the right to ask us to correct any data we have which you believe to be inaccurate or incomplete. You can also request that we restrict all processing of your data while we consider your rectification request;
3. You have the right to ask that we erase any of your personal data which is no longer necessary for the purpose we originally collected it for. We retain our data in line with the Information Governance Alliance’s guidelines (https://digital.nhs.uk/data-and-information/looking-after-information/data-security-and-information-governance/codes-of-practice-for-handling-information-in-health-and-care/records-management-code-of-practice-for-health-and-social-care-2016)
4. You may also request that we restrict processing if we no longer require your personal data for the purpose we originally collected it for, but you do not wish for it to be erased.
5. You can ask for your data to be erased if we have asked for your consent to process your data. You can withdraw consent at any time – please contact us to do so.
6. If we are processing your data as part of our legitimate interests as an organisation or in order to complete a task in the public interest, you have the right to object to that processing. We will restrict all processing of this data while we look into your objection.
All requests are required to be sent to firstname.lastname@example.org and marked cc to email@example.com.
You may need to provide adequate information for our staff to be able to identify you, for example, a passport or driver’s licence. This is to make sure that data is not shared with the wrong person inappropriately. We will always respond to your request as soon as possible and at the latest within one month.
If you would like to complain about how we have dealt with your request, please contact:
Information Commissioner’s Office