Ndima Healthcare

Introduction

This is Ndima Healthcare’s  Privacy Notice.

At Ndima Healthcare, we are committed to protecting the privacy and confidentiality of personal information. This privacy policy outlines how we collect, use, disclose, and protect personal information in accordance with the General Data Protection Regulation (GDPR).

As part of the services we offer, we are required to process personal data about our staff, our service users and, in some instances, the friends or relatives of our service users and staff. “Processing” can mean collecting, recording, organising, storing, sharing or destroying data.

We are committed to being transparent about why we need your personal data and what we do with it. This information is set out in this privacy notice. It also explains your rights when it comes to your data.

If you have any concerns or questions please contact us:

Ndima Healthcare Ltd (Company Number): 12288528
Registered Office: Pinnacle House, 34 Newark Road, PE1 5YD:
info@ndimahealthcare.co.uk

Service Users

What Data Do We Have?

So that we can provide a safe and professional service, we need to keep certain records about you. We may process the following types of data:

  • Your basic details and contact information e.g. your name, address, date of birth and next of kin;
  • Your financial details e.g. details of how you pay us for your care or your funding arrangements.

We also record the following data which is classified as “special category”:

  • Health and social care data about you, which might include both your physical and mental health data.
  • We may also record data about your race, ethnic origin, sexual orientation or religion.
Why Do We Have This Data?

We need this data so that we can provide high-quality care and support. By law, we need to have a lawful basis for processing your personal data.

We process your data because:

  • We have a legal obligation to do so – generally under the Health and Social Care Act 2012 or Mental Capacity Act 2005.

We process your special category data because

  • It is necessary due to social security and social protection law (generally this would be in safeguarding instances);
  • It is necessary for us to provide and manage social care services;
  • We are required to provide data to our regulator, the Care Quality Commission (CQC), as part of our public interest obligations.

We may also process your data with your consent. If we need to ask for your permission, we will offer you a clear choice and ask that you confirm to us that you consent. We will also explain clearly to you what we need the data for and how you can withdraw your consent at any time. 

Common Law Duty Of Confidentiality

In our use of health and care information, we satisfy the common law duty of confidentiality because:

  • You have provided us with your consent (either implicitly to provide you with care, or explicitly for other uses)
  • We have a legal requirement to collect, share and use the data
  • The public interest to collect, share and use the data overrides the public interest served by protecting the duty of confidentiality (for example sharing information with the police to support the detection or prevention of serious crime).
Where Do We Process Your Data?

So that we can provide you with high quality care and support we need specific data. This is collected from or shared with:

  1. You or your legal representative(s);
  2. Third parties.

We do this face to face, via phone, via email, via our website, via post, via application forms, via apps

Third parties are organisations we might lawfully share your data with. These include:

  • Other parts of the health and care system such as local hospitals, the GP, the pharmacy, social workers, clinical commissioning groups, and other health and care professionals;
  • The Local Authority;
  • Your family or friends – with your permission;
  • Organisations we have a legal obligation to share information with i.e. for safeguarding, the CQC;
  • The police or other law enforcement agencies if we have to by law or court order.

National Data Opt-Out

We review our data processing on an annual basis to assess if the national data opt-out applies. This is recorded in our Record of Processing Activities. All new processing is assessed to see if the national data opt-out applies.

If any data processing falls within scope of the National Data Opt-Out we use MESH to check if any of our service users have opted out of their data being used for this purpose.

At this time, we do not share any data for planning or research purposes for which the national data opt-out would apply. We review all of the confidential patient information we process on an annual basis to see if this is used for research and planning purposes. If it is, then individuals can decide to stop their information being shared for this purpose. You can find out more information at

Staff

What data do we have?

So that we can provide a safe and professional service, we need to keep certain records about you. We may record the following types of data:

  • Your basic details and contact information, e.g. your name, phone number, address, date of birth, National Insurance number and next of kin;
  • Your financial details, e.g. details so that we can pay you, insurance, pension and tax details;
  • Your training records.
  • Professional Qualifications, certifications and work experience
  • References and background checks, e.g Disclosure barring checks, overseas police checks and professional references
  • Right to Work Documentation
  • Other relevant information necessary for the recruitment and staffing processes

We also record the following data which is classified as “special category”:

  • Health and social care data about you, which might include both your physical and mental health data – we will only collect this if it is necessary for us to know as your employer, e.g. fit notes or in order for you to claim statutory maternity/paternity pay;
  • We may also, with your permission, record data about your race, ethnic origin, sexual orientation or religion.

Depending on your job role, you may be required to undergo a Disclosure and Barring Service (DBS) check (Criminal Record Check) as part of your application.

Why Do We Have This Data?

We require this data so that we can contact you, pay you and make sure you receive the training and support you need to perform your job. By law, we need to have a lawful basis for processing your personal data.

We process your data because  

  • We have a legal obligation under UK employment law;
  • We are required to do so in our performance of a public task;
  • We have a legitimate interest in processing your data – for example, we provide data about your training to Skills for Care’s Adult Workforce Data Set, this allows Skills for Care to produce reports about workforce planning.
  • We are required to provide data to our regulator, the Care Quality Commission (CQC), as part of our public interest obligations.
  • We are also audited by organisations in which we provide care staff as part of our obligation to provide quality compliant staff.

We process your special category data because

  • It is necessary for us to process requests for sick pay or maternity pay.

If we request your criminal records data it is because we have a legal obligation to do this due to the type of work you do. This is set out in the Data Protection Act 2018 and the Rehabilitation of Offenders Act 1974 (Exceptions) Order 1975.

We may also process your data with your consent. If we need to ask for your permission, we will offer you a clear choice and ask that you confirm to us that you consent. We will also explain clearly to you what we need the data for and how you can withdraw your consent. 

Where do we process your data?

As your employer we need specific data. This is collected from or shared with:

  1. You or your legal representative(s);
  2. Third parties.

We do this face to face, via phone, via email, via our website, via post, via application forms, via apps

Third parties are organisations we have a legal reason to share your data with. These include:

His Majesty’s Revenue and Customs (HMRC);

Our pension and healthcare schemes

  • National Employment Savings Trust (NEST)
    Nene Hall
    Lynch Wood Business Park
    Peterborough
    PE2 6FY

     

Our external payroll provider;

  • 3 Sixty Accountants Ltd
    Laxton House
    191 Lincoln Road
    Peterborough
    PE1 2PN

Organisations we have a legal obligation to share information with, i.e. for safeguarding, the CQC;

  • The police or other law enforcement agencies if we have to by law or court order.

The DBS Service

UCHECK LIMITED
First Floor, Chiltern House,
Sigford Road,
Marsh Barton,
Exeter,
EX2 8NL

Friends/Relatives

What Data Do We Have?

As part of our work providing high-quality care and support, it might be necessary that we hold the following information on you:

  • Your basic details and contact information e.g. your name and address, email and phone number.
Why Do We Have This Data?

By law, we need to have a lawful basis for processing your personal data.

We process your data because we have a legitimate business interest in holding next of kin and lasting power of attorney information about the individuals who use our service and keeping emergency contact details for our staff.

We may also process your data with your consent. If we need to ask for your permission, we will offer you a clear choice and ask that you confirm to us that you consent. We will also explain clearly to you what we need the data for and how you can withdraw your consent. 

Where Do We Process Your Data?

So that we can provide high quality care and support we need specific data. This is collected from or shared with:

  1. You or your legal representative(s);
  2. Third parties.

We do this face to face, via phone, via email, via our website, via post, via application forms, via apps

Third parties are organisations we have a legal reason to share your data with. These may include:

  • Other parts of the health and care system such as local hospitals, the GP, the pharmacy, social workers, and other health and care professionals;
  • The Local Authority;
  • The police or other law enforcement agencies if we have to by law or court order.

How Do We Store Your Personal Information?

Your personal information is securely stored in compliance with the Records Management Code of Practice. We utilize both internal systems and trusted third-party providers to manage and safeguard your data.

Storage Locations:

  • Internal Systems: Personal information is kept on secure servers within our organization’s IT infrastructure, which are protected by robust security measures.
  • Third-Party Providers: In some instances, we use third-party services to store data on our behalf. These providers are carefully selected to ensure they meet our stringent security and privacy standards.

Retention Periods: We adhere to the retention periods outlined in the NHS Records Management Code of Practice, which also applies to adult social care records. These periods vary depending on the type of record, but they are all designed to ensure that information is kept only as long as necessary.

Disposal and Destruction: When your personal information is no longer needed, we will securely dispose of it as recommended by the Records Management Code of Practice. This may involve:

  • Paper Records: Shredding documents to prevent unauthorized access.
  • Electronic Records: Wiping hard drives and other electronic media to legal destruction standards, ensuring that data cannot be recovered.

Archiving and Anonymization: In some cases, rather than disposing of data, we may archive it securely or anonymize it so that it can no longer be linked to an individual. This allows us to retain useful information without compromising privacy.

For more detailed information, you can refer to our organisation’s records management policy, which outlines our procedures and practices in greater detail.

Our Website

In order to provide you with the best experience while using our website, we process some data about you.

We collect device identifiers such as internet protocol (IP) addresses and information about the web pages visited, the type of device and the software. This is used for statistical and analytical purposes to improve your customer journey and experience.

We also collect personal information when you submit a web -based form or use the ‘Live Chat’ window to have text-based conversations with our customer support team. These are retained only for as long as it is necessary and for no more than 12 months. See our full cookie policy.

Our website may also provide links to other websites which have their own privacy policies. We do not accept any responsibility or liability should you access or use these links.

Your Rights

The data that we keep about you is your data and we ensure that we keep it confidential and that it is used appropriately. You have the following rights when it comes to your data:

  1. You have the right to request a copy of all of the data we keep about you. Generally, we will not charge for this service;
  2. You have the right to ask us to correct any data we have which you believe to be inaccurate or incomplete. You can also request that we restrict all processing of your data while we consider your rectification request;
  3. You have the right to ask that we erase any of your personal data which is no longer necessary for the purpose we originally collected it for. We retain our data in line with the Information Governance Alliance’s guidelines.
  4. You may also request that we restrict processing if we no longer require your personal data for the purpose we originally collected it for, but you do not wish for it to be erased.
  5. You can ask for your data to be erased if we have asked for your consent to process your data. You can withdraw consent at any time – please contact us to do so.
  6. If we are processing your data as part of our legitimate interests as an organisation or in order to complete a task in the public interest, you have the right to object to that processing. We will restrict all processing of this data while we look into your objection.

You may need to provide adequate information for our staff to be able to identify you, for example, a passport or driver’s licence. This is to make sure that data is not shared with the wrong person inappropriately. We will always respond to your request as soon as possible and at the latest within one month.

If you have any concerns about our handling of your personal data, you have the right to lodge a complaint with the Information Commissioner’s Office (“ICO”) by visiting https://ico.org.uk/concerns/ or by telephoning the ICO helpline on 0303 123 1113.

Information Commissioner’s Office

Wycliffe House

Water Lane

Wilmslow

Cheshire

SK9 5AF

Are you seeking care for yourself, a friend, a client, or a family member? *

Are you looking for short-term or long-term care? *

What type of care are you looking for? *

How many days a week is the care required? *

Which of the following do you need help with? *

When is the care required? *

Please provide your contact details.

Name

Email

Phone Number

How would you describe your current situation in finding a care provider? *