Technology Enabled Living – Application and Service Delivery Privacy Statement
1. Purpose of our privacy statement
1.1 Under the Data Protection Act 2018 and the UK General Data Protection Regulation (UK GDPR), we are required to explain to you why we are asking for this information about you, how we intend to use the information you provide and whether we will share this with anyone else.
2. Who are we?
2.1 Sanctuary LumaLiving is a brand name used by Sanctuary Home Care Limited and Sanctuary Housing Association, each a part of Sanctuary Group (“Sanctuary”). We are one of the UK’s leading providers of housing, care and commercial services. Our address is Chamber Court, Castle Street, Worcester, Worcestershire, WR1 3ZQ.
3. Our data protection officer
3.1 Our Data Protection Officer is responsible for overseeing what we do with your information and monitoring our compliance with data protection laws.
3.2 If you have any concerns or questions about our use of your personal data, you can contact our Data Protection Officer by writing to The Data Protection Officer, Sanctuary House, Chamber Court, Castle Street, Worcester, Worcestershire, WR1 3ZQ or emailing dataprotection@sanctuary.co.uk.
4. Why are we collecting your information?
4.1 At application stage, we will use your personal information to assess the suitability of our services for you and to understand your care and/or support requirements. This will also allow us to ensure that our services are fair and accessible to all.
4.2 Should you become a customer of ours, we will use your information to understand your personal circumstances and individual needs so that we can provide a tailored service that meets any cultural, financial, learning, mental or physical needs that you may have and enable us to deliver telecare support and escalation services to meet your desired outcomes.
4.3 We will also use your information to improve the services we provide, and you receive from us.
4.4 Your information will also be used to enable us to contact you in the most appropriate way, for example, we can provide literature in large print if you have difficulty reading smaller print or provide documents in an alternative language if English is not your preferred language.
4.5 For information about your gender, race, religion or other protected characteristics, we collect this as it is necessary in order to identify or keep under review equality of opportunity or treatment of particular groups of people (e.g. equality in relation to gender, race, religion etcetera).
4.6 We may also receive personal information indirectly, from the following sources in certain circumstances:
• other health and care organisations;
• police and other emergency services.
5. What information are we collecting?
5.1 During your application and personalised assessment for our services, we will collect the following information:
• your name, date of birth and personal contact details;
• your language preferences and communication needs;
• the gender you identify as;
• whether anyone acts on your behalf and whether you have capacity;
• details of your family, including your marital status, whether you have anybody living with you;
• personal contact details for next of kin or named responders for alarm call escalation purposes;
• your reasons for using telecare and your desired outcomes; and
• relevant information about your personal life and any care or support requirements you may have.
5.2 Some of the information which we collect will be special categories of personal data (also called sensitive personal data), which includes the following information:
• the ethnicity you describe yourself as belonging to;
• your religion; and
• details in relation to your health and wellbeing.
5.3 Should you become a customer of ours and receive services from us we will use the information provided during your application and personalised assessment to provide you with our services. We will also collect the following information to support you with telecare, support and action services:
• the contact details of next of kin, relatives and other named contacts;
• your image to assist us in co-ordinating and personalising your care and support;
• details in relation to your telecare support requirements, including progress against your personalised outcomes;
• details of your contact and interactions with us in person, by telecare, by telephone and in electronic and written communications;
• information provided by third parties in relation to your care and support and risk management; and
• financial records about payments relating to the services you receive from us, any outstanding amounts and associated recovery action.
5.4 When you become a customer, we will also collect additional special category information about any home care provision you receive, including visit times, frequency as well as details about your well-being, physical and mental health.
6. What is our lawful basis for using your information?
6.1 Under Article 6 of the UK GDPR, the lawful basis we rely on for processing this information is:
(b) Performance of a contract – using your information in this way it is necessary for us to take steps at your request prior to entering into a telecare support contract with you, and to perform the contract between us once it has been entered into.
6.2 In accordance with Article 9 (UK GDPR) the conditions we rely on for processing special categories of personal data are:
(a) Explicit consent; and
(h) Health or social care.
6.3 Our basis in Law is Section 2 of Schedule 1, of the Data Protection Act 2018 as the processing is necessary for health or social care purposes.
7. Sharing your information
Members of Sanctuary Group
7.1 Sanctuary Group is made up of several related companies. We will share your information with other members of Sanctuary Group where necessary to best provide the services to you.
7.2 For more information on which companies make up Sanctuary Group, please go to www.sanctuary.co.uk/about-sanctuary.
Contractors and sub-contractors
7.3 It may be necessary to share information about you with our contractors and sub-contractors in order to provide you with telecare support and escalation services. We will only share your information with contractors and sub-contractors where it is relevant and necessary to address your individual needs. Our contractors and sub-contractors are contractually required to ensure that they adhere to the security requirements imposed by the Data Protection Act 2018 and the UK GDPR.
7.4 Our contractors and sub-contractors will not share your information with any other parties and will only be able to use the information when completing work on behalf of us.
Regulators and other legal obligations
7.5 We may also be required to share your information with our regulators who are permitted access to this information by law and with other organisations where we have a legal obligation to share the information with them.
Other organisations
7.6 We may from time to time share your information with other organisations, such as:
• the emergency services, care providers and mobile responding services to protect your vital interests and for the purpose of providing a response to you following an activation from your telecare technology or telephone contact;
• the police for the purpose of detection and prevention of crime;
• if you have provided consent for signposting to relevant support organisations; and
• organisations with a function of auditing and/or administering public funds for the purpose of detection and prevention of fraud.
Data processors and Transfers
7.7 To facilitate the delivery of services to you, information may be shared with system providers for technical IT support and trouble shooting.
7.8 We also use a separate third-party processor for technical IT support with our internal systems, who may transfer your data outside the UK to India.
7.9 This transfer is made in accordance Article 46 of the UK GDPR as we have ensured a similar degree of protection is afforded to it through our processor implementing an International Data Transfer Agreement.
7.10 For further information on the safeguards implemented, or to access a copy please email dataprotection@sanctuary.co.uk.
8. Can we use your information for any other purpose?
8.1 In limited circumstances, we may use your information for a purpose other than those set out in this policy. If we intend to do so, we will provide you with information relating to that other purpose before using it for the new purpose.
9. Security of your information
9.1 The information that you provide will be stored securely. Our technological and organisational security measures and procedures reflect the seriousness with which we attach to the confidentiality, integrity and availability of your information.
9.2 Only relevant members of staff will access the information you provide to us.
10. Storing your information and deleting it
10.1 We will not keep your personal data for longer than we need it or are required to by law.
10.2 At application stage, if you decide not to take your application any further, we will hold your personal information for 6 months after your last contact with us or your application is closed.
10.3 After entering a contract with us we will keep your information for 12 months from the date you end your tenancy.
11. Your rights
11.1 In relation to the information which we hold about you, you are entitled to:
11.2 Ask us for access to the information;
11.3 Ask us to rectify the information where it is inaccurate or is incomplete;
11.4 Ask us to limit and restrict what we do with your information;
11.5 Ask us to provide the data you have provided us in a structured, commonly used, and machine-readable format (for example, a CSV file) in order transmit the data to another data controller.
11.6 Our obligations to comply with the above rights are subject to certain exemptions.
11.7 To exercise any of the rights referred to above, you should contact our Data Protection Officer by writing to The Data Protection Officer, Sanctuary House, Chamber Court, Castle Street, Worcester, Worcestershire, WR1 3ZQ or emailing dataprotection@sanctuary.co.uk.
12. How to complain
12.1 If you have any concerns about our use of your personal information, you can contact our Data Protection Team on dataprotection@sanctuary.co.uk.
12.2 You also have the right to complain to the Information Commissioner’s Office (the ‘ICO’) if you are not satisfied with the way we use your information. You can contact the ICO by writing to Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF.