General Data Protection
The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) is a regulation by which the European Parliament, the European Council and the European Commission intend to strengthen and unify data protection for individuals within the European Union.
We follow the regulations in UK under the Data Protection Act 2018. The GDPR specifies rights individuals have about their personal data and the rights includes:
- Right to be informed about how we use your information
- Right of access the information we hold about you
- Right to rectification of the information.
- Right to erasure of part or all of the information we hold about you.
- Right to restrict processing of your information.
- Right to data portability.
- Right to object processing of your information.
- Right to agree to automated decision making and profiling of your personal data.
What that means to us
- We comply with the regulations as we process both written and computerised information about people we work with.
- We preserve the privacy of our visitors when visiting our website or communicating electronically with us or by phone.
What that means to you
Information transmitted over the internet can be accessed by hackers, whilst we take steps to protect our clients – it is the responsibility of our clients visiting our website not to access sites that may use our name.
Lawful processing of your personal data
- We will process all personal data fairly and lawfully. We process your personal data in a structured and machine-readable format decided by us.
- The amount of data we process is done based on the type of contract we have with you
- We process the information manually and electronically.
- The information we collect and process includes:
- Your full name
- Date of birth
- Home Address
- Personal Email
- Home Telephone and mobile Number
- GP and Health contact details
- Next of Kin
- Information about your health/medical information, religion, sexuality etc
- Deputy, Appointee or Donee
Purpose of processing your personal data
- We will only use your personal data for specified and lawful purpose of fulfilling our work commitment with you.
- We will process your personal data for the purpose of completing care plans for your support.
Accuracy of your personal data
- We will endeavour to hold relevant and accurate personal data.
- We may ask for proof that confirms accuracy of your personal data before we process any of your personal data.
Duration we take keeping your personal data
- We will not keep your personal data for longer than is necessary.
- We will only keep your personal data for as long as is necessary for the purposes for which it was collected.
- We consider the amount, nature, and sensitivity of your personal data and the likelihood that we will need to support you in future in such situation you have the right to request removal of your personal data from our records
Security of your personal data
- We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorised way, altered or disclosed.
- The measures in place, includes –
Restricted access- all workers will access your information by entering individual user ID and password
All computers have Firewalls, Anti-virus software and files are Encrypted
- We have put in place procedures to deal with any suspected personal data breach by us and will notify you and any applicable regulator of a breach as required by law.
- We limit access to your personal data to only those employees, agents, contractors who have a legal business need to know only where their involvement is to fulfil our contract, we have with you. These will include Health or social care professionals aimed at improving or providing some specialised support.
- They will only process your personal data for the purpose of providing identified service or support.
- They are subject to a duty of confidentiality.
- It is their responsibility to address any breach of confidentiality as required by law.
- We will endeavour to ensure that personal data is not transferred to Third parties without your consent
- We may transfer any information which is submitted by you through the website outside the
European Economic Area (“EEA”) such as:
1. Our Cloud based Microsoft external server
2. Website and Cloud based care plan software
Accessing third part information
- Our website may contain links to other websites provided by third parties not under our control.
- When you follow such links and decide to provide your personal data to them, please know that Care Navigation Ltd is not responsible for the information provided by that third-party.
Your rights under Data Protection
We have a responsibility of protecting your rights when we process your data.
As owner of the data, you have the following rights:
Right of access to your personal information
You can request a copy of the Personal Data we hold about you and to check if we are processing or holding the data lawfully.
Right to request rectification or amendment of your personal data
You can lawfully ask us to make corrections about the data we hold about you. We will require evidence to support the request.
Right to be forgotten
You have the right to request that we erase or remove your personal data a where there is no need for use to continue holding your data or you have objected the processing of your personal data when we have processed your personal data without your consent or that of your legal representatives, or where we are required by law to do so.
Conditions where we cannot erase your data-
- Where there are legal reasons that do not allow us to delete your personal data,
- Where there is requirement to cooperate with police investigations that commenced before or on the day of when a request is made to erase your personal data.
- Where contractual agreement are not fulfilled from your end and we need to follow up this with you.
The reasons will be made clear to you at the time a request is sent to us .
Right to restriction of processing
You may request that processing of your personal data be restricted or suspended in cases where you are
- you are contesting the accuracy of your personal data with relevant authorities,
- you have no active involvement with us but do not want to be forgotten
- where we feel we have legitimate right to keep your personal data.
The restriction of data will be made in line with any legal requirement that will be preventing us to meet your request to restrict or suspend keeping of your personal data.
Right to object to processing
- You have the right to consent or refuse consent to us collecting your personal data .
- You may opt out of us processing of your personal data at any time.
- Where you do not consent, or opt out, we will not be able to provide the support.
Right to make a Complaint
You have the right to lodge a complaint with the Data Controller in the country where we operate our business or place of work or place of the alleged breach took place.
From time to time, we will review this policy to match:
- Our business activities
- Any changes in Data Protection Law or other applicable laws.
- If we make any significant changes to this policy, we will post a notice on our website and send a direct communication to you about the change