• Home
  • About Us
  • Services
  • Statement of Purpose
  • Philosophy of Care
  • Reviews
  • Contact Us
  • 01737 242926

Privacy policy for residents and service providers


This privacy policy provides guidance about the personal data that we collect, why we collect it and what we do with it.

We recognise the privacy and security of personal data is of great importance to our residents, their families and friends, our staff and others such as GPs, independent service providers and all those involved in looking after the welfare of our residents.

Our privacy policy is governed by the principle of only collecting and using personal data when it helps us to provide a better service to our residents and to meet our legitimate interests, including protecting our residents and staff.

What personal data do we collect about you?

As a data controller we collect information that identifies you or is about you, including:

For residents and freelance service providers:

  • Identity data such as your name, gender

  • Contact data such as your address, email address and telephone numbers

  • Financial data including your bank account details

For residents only: 

  • Marital status, date of birth, photographic images, next of kin

  • Details and records of treatment and care, including notes and reports about care, treatment, accidents and general health.

  • Results of assessments and investigations.

  • Special categories of data including information about your medical and health  background, and other categories such as sexuality, race, religion or beliefs, disabilities or allergies.

Everything we do with your personal data counts as processing it, including collecting, storing, amending, transferring and deleting it. When we process your personal data, we are legally required to comply with both the Data Protection Act 2018 (“DPA”) and the UK General Data Protection Regulation (“GDPR”), which came into effect on 1 January 2021, to make sure that your data is properly protected and used appropriately.

Why we process personal data about you?

We must have a lawful basis for processing your personal data, and that basis will include serving our legitimate interests below:

For residents and freelance service providers: 

  • To fulfil our obligations arising from contracts entered into with you

  • To comply with our legal and regulatory obligations

 For residents only:

  •  To manage the services we provide to you

  • To more widely protect our residents and staff, maintain their safety, health and welfare

  • To better understand our residents’ needs and preferences

  • To market and advertise our services, including with the use of photographs and images

For the special categories of data as mentioned above, the lawful basis for processing includes that you have provided your explicit consent to process the data, and it is necessary to allow us to develop the appropriate care and support package and documentation for you, to administer treatments and agree funding arrangements.

How we store and protect your data

For residents and freelance service providers:

 We take the privacy and security of your personal data very seriously.  Personal data is held in secure electronic and paper records, and, in accordance with the DPA and GDPR principles, is handled with the highest level of care by having clear internal policies and procedures, and only allowing access to those authorised to know.

For residents only:

As data security standards continue to evolve, we complete an annual assessment of our data security measures using the NHS Data Security and Protection Toolkit, to ensure we are aligned with current best practice and that our performance matches with the National Data Guardian’s 10 data security standards. Our staff are also required to undertake regular training in data protection, confidentiality, IT and cyber security.

Do we share personal data with others?

For freelance service providers:

 We will only share personal data with third parties where required by law, where it is necessary to administer our working relationship with a service provider or where we have another legitimate interest in doing so.

For residents only:

To provide the best possible care and welfare, we will sometimes need to share data about our residents with others such as:

  • Other health and social care professionals involved in the delivery of care

  • Funders of care packages - local commissioning teams

  • The local authority Quality Assurance and Safeguarding team

  • Regulators - this will normally be anonymized

  • The police or other law enforcement agencies if we have to by law or court order

  • Trustees of the charity itself

How long will we retain your personal data?

We will only keep your personal data for as long as necessary to fulfil the purposes we collected it for, including satisfying any legal, contractual or reporting requirements. How long we keep the data for is determined by law and is largely determined by necessity.

After the relevant retention period, your personal data covered by the particular retention period will be permanently deleted or securely destroyed.

What are your rights?

You have a number of rights in respect of the personal data we hold about you, as below. These rights apply during the period in which we are processing your data.

Right to be informed

You have the right to be informed about the collection and use of your personal data. This includes our reasons for processing your personal data, how long we will hold that personal data, and who it will be shared with.

Right to access your data

You have the right to ask us for a copy of the personal data we hold for you. We will provide the information free of charge unless your request is manifestly unfounded or excessive or repetitive, in which case we are entitled to charge a reasonable fee. We may also charge you if you request more than one copy of the same information.

We will provide the information you request as soon as possible and in any event within one month of receiving your request. If we need more information to comply with your request, we will let you know.

Right to have your data rectified

If personal data we hold about you is inaccurate or incomplete, you can ask us to rectify that information. We will comply with your request within one month of receiving it unless we do not feel it is appropriate, in which case we will explain why. We will also let you know if we need more time to comply with your request.

Right to be forgotten

You have the right to ask us to delete personal data we hold about you. This right is available to you if:

  • We no longer need your personal data for the purpose for which we collected it

  • We have collected your personal data on the grounds of consent and you withdraw that consent

  • You object to the processing and we do not have any overriding legitimate interests to continue processing the data

  • We have unlawfully processed your personal data by failing to comply with GDPR; and

  • The personal data has to be deleted to comply with a legal obligation

In certain situations we would have to refuse the request, such as where we have a continuing legal obligation, but in that case we would explain why we could not comply.

Right to restrict processing

You have the right to ask us to suppress processing of your personal data. This means we will stop actively processing your personal data but we do not have to delete it. This right is available to you if:

  • You believe the personal data we hold is not accurate, in which case we will cease processing it until we can verify its accuracy

  • You have objected to us processing the data, in which case we will cease processing it until we have determined whether our legitimate interests override your objection

  • The processing is unlawful; or

  • We no longer need the data but you would like us to keep it because you need it to establish, exercise or defend a legal claim

In certain situations we would have to refuse the request, such as where the request is manifestly unfounded or excessive, but in that case we would explain why we could not comply.

Right to data portability

You have the right to ask us to provide your personal data in a structured, commonly used and machine-readable format so that you are able to transmit the personal data to another data controller. This right only applies to personal data you provide to us when:

  • Processing is based on your consent or for performance of a contract, and

  • We carry out the processing by automated means (ie excluding paper files)

We will respond to your request as soon as possible and in any event within one month from the date we receive it. If we need more time, we will let you know.

Right to object

You are entitled to object to us processing your personal data:

  • If the processing is based on legitimate interests, or performance of a task in the public interest

  • For direct marketing purposes; and/or

  • For the purposes of scientific or historical research and statistics

We will stop processing your data unless there are compelling, legitimate grounds which override your interests, rights and freedoms, or the processing is for the establishment, exercise or defence of legal claims.

Rights relating to automated decision making

Automated individual decision-making is a decision made by automated means without any human involvement, using algorithms and machine-learning.

We do not carry out any automated decision making using your personal data.

If you have a complaint about our processing

If you think we have processed your personal data unlawfully or that we have not complied with GDPR, may we ask that you contact our Registered Manager Samantha Tobin in any of the following ways, to discuss the matter further:

  • Email: manager@ridgegatehome.org.uk

  • Post: 88 Doods Road, Reigate, Surrey RH2 0NR

  • Telephone: +44 (0)1737 242926 (opt 3)

If you feel our response is less than satisfactory, you can consider reporting your concerns to the Information Commissioner’s Office (“ICO”) at https://ico.org.uk/make-a-complaint/data-protection-complaints/dataprotection-complaints/.

Ridgegate Home Links

Home

About Us

Services

Statement of Purpose

Philosophy of Care

Reviews

Contact Us

Stay Social

Be sure to follow us on social media to keep up to date with the latest news and offers!

facebook

© 2023 Ridgegate Home

Charity no: 204859 | 88 Doods Road, Reigate, Surrey, RH2 0NR

Created By NW logoNW logo