'Business of the Year 2024' at the 'Believe In Gloucester' Awards!

Broomfield Care homecare services logo with Windmill and Greenhills

Broomfield Care Homecare Services

Broomfield Care Homecare Services

01452 730888

Facebook Instagram Tiktok

Privacy Promise

Broomfield Care Ltd (“The Company”) is committed to protecting the privacy of our service users and employees. This notice relates to current and prospective individuals who are classified as service users or employees.

The Company means Broomfield Care Ltd. Located at Unit R3, Innsworth Technology Park, Innsworth Lane, Gloucester, GL3 1DL

The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) is a new regulation replacing the Data Protection Regulation (Directive 95/46/EC) The Regulation harmonises data protection legislation across EU member states.

The Company is a Domiciliary Care business which provides support to individuals in their own home. The Company must process personal data (including sensitive personal data) so that it can provide these services – in doing so, the Company acts as a data controller.

You may give your personal details to the Company directly, such as on an enquiry form, initial assessment form if you are seeking services provided by the Company, or an application form, HR documentations, if you are seeking employment with the Company. This may be via verbal/written communication or email or via our website. The Company must have a legal basis for processing your personal data. For the purposes of providing support or for employment, the Company will only use your personal data in accordance with the terms of the following statement. 

What type of data the company collects

The Company collects the personal data of the following types of people to allow it to undertake its business:

  • Potential and active service user/family contacts, and any further information relevant to undertake safe and responsible care and support provision.
  • Potential and active employee contacts, and any other further information relevant to gain lawful employment before or during employment.
  • Supplier contacts, and contacts for other agencies that we work with.

 

As a potential or active service user, the information you give the Company, or it collects about you may include:

  • Who you are and how to contact you – Name, address, postcode, best e-mail addresses, telephone phone numbers
  • Who your Next of Kin, family contacts and other relevant professional agencies are, and how to contact them – Name, address, postcode, best e-mail addresses, telephone phone numbers
  • Information about your personal life in relation to care needs

 

To provide a fully responsive and collaborative support service Broomfield Care Ltd undertake an initial enquiry form to gain an understanding of requirements. If support is to be put in place a further, more detailed and comprehensive initial assessment takes place, and then further reviews as care provision continues.

The information here may include sensitive information with regards to an individual’s care needs, their health and welfare etc.

Compliance and due diligence

To meet CQC regulations, and current legislation that influences our working practice, sensitive, personal questions will have to be asked to gain a full understanding of an individuals circumstances and subsequent care needs.  

Information obtained from other sources

Communication may be required to take place between the Company and other professional agencies, i.e. Social Services, Occupational Health, Doctors, Pharmacies, other Care Providers etc. In this case we will inform you, within 30 days of collecting the data of the fact we hold personal data about you, the source the personal data originates from, whether it came from publicly accessible sources, and for what purpose we intend to retain and process your personal data.

As a potential or active employee, the information you give the Company, or it collects about you may include:

  • Who you are and how to contact you – Name, address, postcode, private and corporate e-mail addresses, telephone phone numbers
  • Information about your professional life – CV, photograph, employment details and preferences, professional profiles available in the public domain such as X, LinkedIn, or a corporate website.
  • Compliance and due diligence – Financial information, DBS information, documentation and references verifying your qualifications and experience and your right to work in the United Kingdom, tax and national insurance information to pay you.

 

Information obtained from other sources

This is the information we may obtain from sources such as LinkedIn, or other social media sources, corporate websites and job boards. In this case we will inform you, within 30 days of collecting the data of the fact we hold personal data about you, the source the personal data originates from, whether it came from publicly accessible sources, and for what purpose we intend to retain and process your personal data.

)    Purposes of the processing and the legal basis for the processing

The Company uses information held about you in the following way to a) provide suitable support to meet care needs or b) to employee you to meet the business need either in a care or administrative function.

The Company’s principal service is to provide care and support to individuals in their own home. For potential and active service users the Company will collect your personal data (which may include sensitive personal data) and will process your personal data for the purposes of providing you with such support. This encompasses an initial communication where basic information is gathered and then meeting service users/families/representatives/other professionals at the location where support is to be provided ideally, to fulfil an initial assessment. Then continuing in the home providing support until no longer required.

For potential and active employees, for the Company to provide such services stated above, the Company will collect your personal data (which may include sensitive personal data) and will process your personal data for the purposes of providing employment that is compliant and meets the business need.

The principal lawful basis for the processing of personal data for Broomfield Care Ltd falls under the category of contract.

This means the Company needs to process your personal data to fulfil their contractual obligations to you, for example to follow processes in order to be able to provide care and support or to process your information to pay you if an employee; Or because you have asked the company to do something before entering into a contract, for example when someone initially contacts the Company with an enquiry if potential support can be provided or applying for a job if a potential employee.

The Company will also rely on the following bases for specific uses of data:

  • legal obligation (for example to ensure CQC compliance for care and support provision or to record your right to work in the UK as an employee)
  • legitimate business interest (for example the Company is doing a leaflet drop and there is minimal privacy impact, and people would not be surprised or likely to object)
  • vital interest (for example there is a necessity to save or protect an individual’s life)
  • consent (for example to specifically use a quote or picture for marketing purposes)

2)    Disclosure of your information inside and outside of the European Economic Area (EEA)

The Company may share relevant aspects of your personal information with:

  •  Internal parties, for example service users name, address, keycode, health etc, whereby the need to know the information is pertinent to providing care and support. Or if an employee, relevant information will be shared with your line manager to ensure staff are fulfilling their roles and responsibilities fully.
  • Organisations that work collaboratively with the Company to provide a safe and appropriate service provision. For example, other agencies i.e. Social Services or rostering software providers.
  • If a potential employee, organisations that may assist the company in confirming your suitability for a role.
  •  The buyer, in the event all or part of the company was sold.
  • Organisations where the Company has a duty to disclose or share your personal data to comply with any legal obligation.
  • Organisations that may assist the company in enforcing its contractual rights or meeting its contractual responsibilities, for example the rostering software provider.

 

The lawful basis for the third-party processing will include:

  • Their legitimate business interests in processing your personal data;
  • Satisfaction of their contractual obligations to the Company as a data processor;
  • For the purpose of a contract in place or in contemplation;
  • To fulfil their legal obligations.

 

Storing and processing your personal information

We do not share your personal data with any third parties for marketing purposes, and your data will not be transferred out of the European Union.

3)    Retention of your data

Where the Company processes your personal and/or sensitive personal data to provide services or employment, we will do so in line with our retention of information policy, in brief below. Upon expiry of that period, the Company will seek further consent from you if applicable, except for continued use of photos/comments for marketing purposes (it must be noted consent will have been gained prior to use in the first instance for such use and purposes and does not have an expiration date). Your right to be forgotten can be exercised where there is no good reason for its continued processing.

The Company will retain your personal data on an active basis for as long as is necessary to undertake service provision or employment. Following this as required by contractual obligations or law.

Different laws require different retention periods. For example, for service users there is no set legal requirement under the Health and Social Care Act 2008 (Regulated Activities) Regulations 2010 to retain data for a certain period, but 3 years is the industry standard following the Data Protection Act 1998 following cease of service.  

As an employee, we must keep your payroll records, holiday pay, sick pay and pensions auto-enrolment records for as long as is legally required by HMRC, and associated national minimum wage, social security and tax legislation, this being 6 years.

For potential service users where care has not commenced we will hold records for 3 months as too with potential employees who have been unsuccessful at the initial recruitment stages, their information will be held for 3 months.

Please note the Company securely destroys any paper records by shredding all sensitive date with a professional out sourced company, who themselves meet compliance rulings. 

4)    Your rights

Please be aware that you have the following data protection rights:

  1. The right of access –  Individuals can request access to their personal data and ask how you make use of it.
  2. The right to be forgotten –  Individuals can ask you to delete or remove their personal data where there is no good reason for its continued processing.
  3. The right to data portability –  Individuals can transfer or move their personal data between service providers easily and safely, without obstacles to usability of the data.
  4. The right to be informed –  Individuals must know how you intend to use their personal data when it is being gathered, and they must freely give their consent to it. Their consent cannot be assumed or taken for granted.
  5. The right to rectification – Individuals are entitled to have personal data rectified if it is inaccurate or incomplete. If you have disclosed the data in question to third parties, you must inform them of the rectification. You should also ensure that your customers are aware of the third parties to whom you have disclosed the data, where appropriate.
  6. The right to restrict processing – This means that in some cases individuals can allow you to store their personal data but can also state that you are not allowed to process that data for any reason.
  7. The right to object – Individuals have the right to object to your usage of their data Individuals must have an objection on “grounds relating to his or her particular situation”.
  8. The right not to be subjected to automated decision making and profiling.

Should you wish to exercise any of the above rights, you may do so by contacting the following email address: care@broomfieldcare.com

5)    Links to third party websites

The company’s websites may contain links to and from third party websites. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that the Company does not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.

6)    Changes to the Company’s privacy notice

Any changes The Company makes to our privacy notice in the future will be amended and, where appropriate, notified to you.

7)    Complaints or queries
If you wish to complain about this privacy notice or any of the procedures set out in it please contact the following email address: care@broomfieldcare.com

You also have the right to raise concerns with the Information Commissioner’s Office on 0303 123 1113 or at https://ico.org.uk/concerns/, or any other relevant supervisory authority should your personal data be processed outside of the UK, if you believe that your data protection rights have not been adhered to