Who are we?

We are Lincolnshire Home Independence Agency, Registered Office: Suite 3, Saracen House, Crusader Road, City Office Park, Tritton Road, Lincoln, LN6 7AS. Telephone: 01522 516300 Email: [email protected]

If you have any questions about this Policy, or about how we look after your data generally, please contact the CEO, who is also the designated Records Manager, by email: [email protected]

Introduction

Lincolnshire Home Independence Agency (‘we’ or ‘us’ etc), is a ‘controller’ of data. This means that, under the Data Protection Act 2018 and the EU General Data Protection Regulation (GDPR), we may control and process your personal data and, in certain circumstances, special categories of data (previously known as sensitive data).

We take privacy very seriously. We are committed to keeping your data secure and processing it fairly and lawfully. We ask that you read this policy very carefully because it contains important information about how we process your personal data.

This policy is aimed at our clients, service users, staff and any other third parties interacting with us.

Personal Data we may collect about you

We may obtain personal data about you whenever you complete a form for us, whether online or in person. This may include:

  • your name, home address, date of birth and contact details (including your telephone number, email address) and emergency contacts (i.e. name, relationship and home and mobile numbers)
  • your health and social care information, including any medical, physical or mental health conditions or care / adaptation needs
  • your likes, dislikes and lifestyle preferences, so that we can provide you with an appropriate
  • credit or direct debit details (if you pay for some or all of our services using one of these methods, or are making a donation to us)

We may also collect information about you when our staff speak to you about our services.

We also collect information about you from third parties, including:

  • your medical, physical or mental health information and in particular your care and support needs, from any appropriate external social or health care professionals (including your GP)
  • your name, home address, date of birth, contact details, needs assessments and financial assessments from any appropriate external social or health care professionals (including any relevant public body regardless of whether you are publicly funded)
  • information about you from our strategic partners providing services to you as part of a consortium or partnership
  • any of the above information from your family, friends and any other person you have nominated as your representative, your Attorney or Deputy (if applicable)

Cookies

In addition, we may monitor your use of our website through the use of cookies and similar tracking devices. For example, we may monitor how many times you visit, which pages you go to, traffic data, location data and the originating domain name of a user’s internet service provider. This information helps us to build a profile of our users. Some (but not all) of this data will be aggregated or statistical, which means that we will not be able to identify you individually. Please see further the section on ‘Use of cookies’ below.

We may also receive information about you from other sources (such as relatives, referral agencies, commissioning bodies, strategic partners or your solicitors or accountants) which we will add to the information which we already hold about you.

Our Obligations to You

As the ‘controller’ of your personal information, we will ensure that the personal information we hold about you is:

  1. used lawfully, fairly and in a transparent way.
  2. collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes.
  3. relevant to the purposes we have told you about and limited only to those purposes.
  4. accurate and kept up to date.
  5. kept only as long as necessary for the purposes we have told you about.
  6. kept securely.

How we use your Personal Data

We use your personal information to:

  • prepare, review and provide you with our services: this may include assessing your needs for funding and other purposes and attending your home to assess or carry out work
  • to communicate with you, your representatives and any appropriate external social or health care professionals about your individual needs and personalise the service delivered to you
  • make reasonable adjustments, when required, to meet your individual needs
  • invoice you for the care and support services in accordance with our terms and conditions
  • carry out quality assurance procedures, review our service and improve our customer experience (please note that feedback can also be provided anonymously).
  • as part of our legal and safeguarding obligations we may share information with regulatory bodies.
  • as part of our contractual obligations to provide information to our commissioning bodies, such as Lincolnshire County Council, and our strategic partners, such as through the Lincs Independent Living Partnership
  • We may also share your personal information, including medical information, with appropriate external social or health care professionals and any individuals you have nominated as your representative.

In addition, we may use your personal data for the following circumstances:

  • Where we consider it necessary to be in your vital interests
  • For the purposes of assessing your application for services
  • Administration
  • Research, statistical analysis and behavioural analysis
  • Direct marketing, where you have specifically consented
  • Fraud prevention and detection
  • Taking and processing payments
  • Customising our website and its content to your particular preferences
  • To notify you of any changes to our website or to our services which may affect you
  • Security vetting
  • Improving our services

Reasons we Collect and use your Personal Information

We rely on the following grounds within the GDPR:

  • Article 6(1)(a) – processing is conducted with your consent to process personal data for specified purposes
  • Article 6(1)(b) – processing is necessary for the performance of our contracts to provide individuals with care and support services
  • Article 6(1)(c) – processing is necessary for us to demonstrate compliance with our regulatory framework and the law
  • Article 6(1)(f) – to process your personal data in pursuit of our legitimate interests

The GDPR recognises that additional care is required when processing special category (sensitive) data such as your health. We process this under the following grounds within GDPR;

  • Article 9(2)(a) – where you have given your explicit consent
  • Article 9(2)(h) – processing is necessary for the provision of social care or the management of social care systems and services

Marketing and Opting Out

We will not contact you for the purposes of direct marketing unless you have asked us to do so. However, if you have asked us to do so and later your change your mind, you can opt-out at any time with no hassle. To do this, just let us know. See further ‘Your rights’ below for details about how to contact us.

Who has access to your Personal Information?

We will not sell or rent your information to third parties.

We will not share your information with third parties for marketing purposes.

We may pass your information to our wholly-owned subsidiary, LHIA Adaptations Ltd, for the purpose of providing services to you on our behalf. However, we disclose only the personal information that is necessary to deliver the service.

Third Party Service Providers working on our behalf: We may pass your information to our third-party service providers, agents, subcontractors and other associated organisations for the purposes of completing tasks and providing services to you on our behalf. However, when we use third party service providers, we disclose only the personal information that is necessary to deliver the service and we have a contract in place that requires them to keep your information secure and not to use it for their own direct marketing purposes.

We may provide information to our commissioning bodies and strategic partners where it is necessary to do so because of a contract between us.

Please be reassured that we will not release your information to third parties for them to use for their own direct marketing purposes, unless you have requested us to do so, or we are required to do so by law, for example, by a court order or for the purposes of prevention of fraud or other crime.

We may transfer your personal information to a third party as part of a sale of some or all of our business and assets to any third party or as part of any business restructuring or reorganisation, or if we’re under a duty to disclose or share your personal data in order to comply with any legal obligation or to enforce or apply our terms of use or to protect the rights, property or safety of our supporters and customers. However, we will take steps with the aim of ensuring that your privacy rights continue to be protected.

We share transaction data with our payment services providers, but only to the extent necessary for the purposes of processing your payments, refunding such payments and dealing with complaints and queries relating to such payments and refunds. You can find information about the payment services providers' privacy policies and practices at:

          Your data may also be available to our website provider to enable us and them to deliver their service to us, carry out analysis and research on demographics, interests and behaviour of our users and supporters to help us gain a better understanding of them to enable us to improve our services. This may include connecting data we receive from you on the website to data available from other sources. Your personally identifiable data will only be used where it is necessary for the analysis required, and where your interests for privacy are not deemed to outweigh their legitimate interests in developing new services for us. In the case of this activity the following will apply:

  1. Your data will be made available to our website provider
  2. The data that may be available to them include any of the data we collect as described in this policy.
  3. Our website provider will not transfer your data to any other third party, or transfer your data outside of the EEA.
  4. They will store your data for a maximum of 7 years.
  5. This processing does not affect your rights as detailed in this privacy policy.

Keeping your data secure

We will use technical and organisational measures to safeguard your personal data, for example:

  • Access to our systems is controlled by password and username which are unique to the user;
  • We store your electronic personal data on secure servers;
  • We store your paper records in locked cabinets;
  • We train our staff in good records management;
  • Payment details are encrypted

Non-sensitive details (your contact details and preferences for example) are transmitted normally over the Internet, and this can never be guaranteed to be 100% secure. As a result, while we strive to protect your personal information, we cannot guarantee the security of any information you transmit to us, and you do so at your own risk. Once we receive your information, we make our best effort to ensure its security on our systems. Where we have given (or where you have chosen) a password which enables you to access certain parts of our websites, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.

Transferring your information outside of Europe

We may store your data temporarily on our cloud service operated by Microsoft. This may include limited special categories of data. We have taken appropriate steps to satisfy ourselves that your data will be secure during this process; we have a contractual relationship with Microsoft that underpins this. As part of that security, Microsoft may store your data in one or more or its international data centres, meaning that your data may be stored temporarily outside the European Economic Area.

We have also contracted The F1 Group (our external information technology suppliers) to perform online back-ups on our behalf. During this process, it is again possible that your data may be stored temporarily outside the European Economic Area.

If you have any concerns about our data storage arrangements, please contact us using the details below.

Information about other individuals

If you give us information on behalf of someone else, you confirm that the other person has appointed you to act on his/her behalf and has agreed that you can:

  • Give consent on his/her behalf to the processing of his or her personal data
  • Receive on his/her behalf any data protection notices

How long do we keep your data for?

As a general rule, we will not keep your data for any longer than is necessary to complete tasks or provide you with services. We have a separate policy setting out retention periods for specific types of data. You can ask to see this policy by writing to us, using the contact details under the “Your Rights” section below. You also have the right to ask us to delete your data (sometimes known as ‘the right to be forgotten’.)

Cookies

A cookie is a small text file which is placed onto your computer (or other electronic device) when you access our website. If you use our website, we may use cookies to:

  • Track your use of the site;
  • Recognise you whenever you visit this website (this speeds up your access to the site as you do not have to log on each time);
  • Obtain information about your preferences, online movements and use of the internet;
  • Carry out research and statistical analysis to help improve our content, products and services and to help us better understand our visitor/customer requirements and interests
  • Target our marketing and advertising campaigns more effectively
  • Make your online experience more efficient and enjoyable

If you do not want to accept cookies, you can change your browser settings so that cookies are not accepted. If you do this, please be aware that you may lose some of the functionality of this website. For further information about cookies and how to disable them please go to: www.aboutcookies.org or www.allaboutcookies.org

If you visit our website when your browser is set to accept cookies, we will interpret this as an indication that you consent to the use of cookies. This includes cookies that are essential in order to enable you to move around the site and use its features and cookies that are not essential but gather information about your use of the site.

Your Rights

You have various rights under the GDPR, including the following rights:

  • Right to object: If we are using your data because we deem it necessary for our legitimate interests to do so, and you do not agree, you have the right to object. We will respond to your request within 30 days (although we may be allowed to extend this period in certain cases). Generally, we will only disagree with you if certain limited conditions apply.
  • Right to withdraw consent:Where we have obtained your consent to process your personal data for certain activities (for example, providing you with services), or consent to market to you, you may withdraw your consent at any time.
  • Data Subject Access Requests (DSAR):Just so it’s clear, you have the right to ask us to confirm what information we hold about you at any time, and you may ask us to modify, update or delete such information. At this point we may comply with your request or, additionally do one of the following:
    • – we may ask you to verify your identity, or ask for more information about your request; and
    • – where we are legally permitted to do so, we may decline your request, but we will explain why if we do so.
  • Right to erasure: In certain situations (for example, where we have processed your data unlawfully), you have the right to request us to “erase” your personal data. We will respond to your request within 30 days (although we may be allowed to extend this period in certain cases) and will only disagree with you if certain limited conditions apply.
  • Right of data portability: If you wish, you have the right to transfer your data from us to another data controller. We will help with this – either by directly transferring your data for you, or by providing you with a copy in a commonly used machine-readable format.
  • Right to lodge a complaint with a supervisory authority: You also have the right to lodge a complaint with your local supervisory authority, details of which can be found below.

To exercise any of your rights concerning your information, please send an email to the following address: [email protected] Or write to us at the following postal address: Suite 3, Saracen House, Crusader Road, City Office Park, Tritton Road, Lincoln, LN6 7AS

We may ask you to provide us with proof or your identity. Please do not be offended; this may occur even if we know you. It is a requirement of the GDPR in some cases.

Review

This Policy was last reviewed on 7th June 2019.

We may change this privacy policy from time to time. You should check this policy occasionally to ensure you are aware of the most recent version which will apply each time you access our website.

The Information Commissioner’s Office

More information about privacy laws can be found at www.ico.org.uk
Details of your local supervisory authority: The Information Commissioner’s Office. You can contact them in the following ways:

  • Phone: 0303 123 1113
  • Email: [email protected]
  • Live chat, via the ICO website
  • Post: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF