Privacy statements
In this section you can learn about how we manage our legal responsibilities in respect of information.
The UK General Data Protection Regulations (GDPR) forms part of the data protection regime in the UK, together with the Data Protection Act 2018 (DPA 2018) both of which applied from 25 May 2018. The Information Commissioner’s Office provides useful information about the new legislative framework which can be accessed by clicking on the following web links:
- Guide to UK GDPR.
- Guide to DPA 2018.
Data protection officer. (DPO)
One of the requirements of the legislation is to have a nominated Data Protection Officer. Our Data Protection Officer can be contacted via [email protected].
How your information is used.
Our Privacy Notice tells you about information we collect and hold about you, what we do with it, how we look after it and who we might share it with. It covers information we collect directly from you or receive from other individuals or organisations.
The UK GDPR provides the following rights for individuals:
- The right to be informed.
- The right of access.
- The right to rectification.
- The right to erasure.
- The right to restrict processing.
- The right to data portability.
- The right to object.
- Rights in relation to automated decision making and profiling.
Our Privacy Statements provide additional details beyond our standard privacy notice, outlining the specific data we gather and retain about you, our procedures for handling it, and the parties with whom we may share it. This encompasses information obtained directly from you as well as data received from other individuals or organisations.
Privacy statements
Information about care providers, registered persons, and employees.
We require personal data on individuals who supply, oversee, and are employed by primary care providers in order to fulfill our responsibilities.
The personal information we collect and utilise primarily pertains to 'registered persons' (clients who have requested our services), 'nominated individuals' (senior figures within provider organizations who act on their behalf), and senior management who oversee our client providers.
Nevertheless, during the course of our duties, we also gather and utilise certain details about other individuals who are associated with or employed by those services.
All individuals who wish to work with us must complete an application form. In addition to this, we may gather further personal information through interviews, DBS checks, or from our partner organisations or publicly available sources.
This data will be used to determine their suitability for any potential involvement with our organisation.
We may also share this information with other entities if necessary to fulfill our responsibilities or to support their operations, such as making referrals to regulatory bodies or sharing data with healthcare organisations or service commissioners.
We request email addresses from providers and managers in order to communicate with them regarding our responsibilities, such as sending bulletins, requesting necessary information, and sharing relevant guidance and information. These email addresses are not included in the public register and are not made public.
We may disclose these email addresses to other public entities when there is a lawful and legitimate reason to do so. We will not share email addresses with private organisations or for marketing purposes. In the course of our duties, we do gather information about individuals working at client providers.
We consider the records of and other information we receive from people who work at care services, to be confidential, and we handle this information in accordance with data protection law and our code of practice on confidential personal information.
There may be times when we need to share this information with others where we believe a vulnerable person is at risk of harm, or when another organisation needs to take action due to legal infringements such as probity and fraud.
Information about our associates and new applicants.
We need to process personal data about our own workers (and people applying to work for us) so that we can carry out our role (for example, by ensuring that we have the right workforce to support our client providers) and so we can meet our contractual responsibilities.
The personal data that we process includes information about racial or ethnic origin, religion, disability, gender, and sexuality.
We use this information to check we are promoting and ensuring diversity in our workforce and to make sure we are complying with equalities legislation.
Our workers decide whether to share this monitoring data with us and can choose to withdraw their consent for this at any time.
Associates who wish to withdraw their consent for us to process this data can contact our HR or Flexible Workforce Office.
Other personal data that we are required to process includes information on qualifications and experience, pay and performance, contact details, bank details, and service records. (including records of continuous service and pension contributions/entitlements)
We check that people who work for us are fit and suitable for their roles. This may include asking people to undertake disclosure and barring service (DBS) checks.
People joining our organisation are asked to complete a ‘declaration of interests’ form to identify any clients to which they have close links (for example, because they have previously worked there or because the service is run by a close relative) or any other matters which could cause a perceived conflict of interest. Workers are regularly asked to update these forms.
We share information about our associates as required to meet our contractual obligations to them – for example, by sharing relevant personal data with pension service administrators.
We also share personal data where required by law – for example, by providing information about our associates to HMRC.
Information about people who use our website
We will only collect personal information volunteered by you via our website, such as:
- Feedback from surveys and online forms.
- Email addresses.
- Preferred means of communication.
This personal information about you will be used to exercise our functions.
We use google analytics to monitor use of our website. Google analytics uses cookies to help analyse how people use our site, and this information will include your IP address and the pages you visit. You may refuse the use of cookies using your browser’s settings.
This privacy statement covers the GPS site but does not cover links to external sites.
We use a third-party supplier to provide our e-newsletter service. If you subscribe to this service, your name and email address will be shared with them.
The third-party supplier handles the data purely to provide this service on our behalf. This supplier observes the requirements of data protection law in how they obtain, handle, and process your information.
They will not make your data available to anyone other than GPS without your permission.
Other personal data that we are required to process includes information on qualifications and experience, pay and performance, contact details, bank details, and service records. (including records of continuous service and pension contributions/entitlements)
Information about people who use services and the public
How we may access and use your personal and medical records
Our client providers may require us to access sensitive information through the course of providing front line support – including personal and medical records.
For example, we may be required to supply clients with locum staff (replacement staff in the instance of staff shortages) and they will be exposed to care planning, consent, cooperating with other providers, and management of medicines.
If you do not want us to look at your personal information if providing locum services, you can tell your care provider. They can mark your records to show that you do not want us to see them, but this may result in a delay to accessing services or certain other requests, such as medical enquiries.
If we know that you don’t want us to look at your information as part of our locum services, we will respect your wishes, other than in rare circumstances which are explained in our Code of Practice on Confidential Personal Information.
Other information we receive from care services
Providers and managers of care services seeking our support will tell us about certain events and incidents, including where they have received allegations of abuse, or where someone using the service is seriously injured. Organisations also provide us with statistics including the number of complaints they have received.
This information will usually be anonymous, but we may ask for more information subject to our client’s requirements.
We sometimes look at records containing personal data, such as records relating to the handling of complaints. We only do this with the consent of our client and all the usual confidentiality disclaimers are completed.
We receive information from people who use our client providers, their families, friends and carers. For example, we may ask people to share their experiences of care with us. We also talk to people during on-site activity and receive letters, emails, telephone calls, comment cards and survey responses in which people tell us information pertaining to their service received. These often contain personal data.
Data and statistics
We may also receive data from NHS Digital, the trusted national provider of high-quality information, data and IT systems for health and social care.
We use these sources of data that contain personal information:
- Community health data.
- Emergency care data.
- Maternity data.
- Mental health data.
- Hospital episode data.
- Office of National Statistics (ONS).
- Recent CQC report data.
You can find out more information about what we hold and how we use these sources on the NHS Digital registers of approved data releases. Some of this information is unique to a person (for example, local patient identifier), while postcode cannot uniquely identify a person, but all data is stored and processed with the same robust security applied to identifiable data.