Privacy Statement Service Users - Self Funding Aspens Charities Ltd provides care and support services to individuals who are self –funded andtherefore are the Data Controllers in regards to their Personal Data. Due to the nature of our services, we hold some personal information about you. This documentexplains why we have that information, how we use it, how we manage it and how we protect it. Italso sets out your rights relating to that information. A copy of this Privacy Statement will be heldin your Support Plan. What Personal Data do we hold?Personal Data is any information relating to an identifiable person (you) who can be directly orindirectly identified by using this information. We currently hold the following Personal Data aboutyou;1. Name2. Address3. Date of Birth4. Photo identification5. Personal email address6. Personal telephone number – mobile and landline if both provided7. Bank Account details8. Next of Kina. Nameb. Contact telephone numbers – mobile and landline if both provided9. National Insurance number10. Data concerning health, personal safety and wellbeing11. Information regarding any criminal convictions12. Behavioural support information Aspens also holds Special Category Data which is processed differently. This includes data suchas;13. race;14. ethnic origin;15. politics;16. religion;17. trade union membership;18. genetics;19. biometrics (where used for ID purposes);20. health;21. sex life; or22. sexual orientation Where did we get your Personal Data from?You, your family/carer and any other named health professional who is involved in your care andsupport provide your data to Aspens. We will collect it through the referral and Support Planningprocess at the beginning of your care and support. Aspens liaises with you, your family/carer, the Local Authority (if relevant) and any other namedhealthcare professional to ensure that your Personal Data is kept accurate and up to date. What is the legal basis and purpose for Aspens to hold your Personal Data?The Personal Data we hold and process is necessary for the delivery of the care and supportservices we are contracted to provide to you within your Individual Support Plan. What do we do with your Personal Data? We use your data to facilitate the following elements of your service; Meet your needs in regards to health and social wellbeing as set out in your Support Plan. Support you to maintain your independence with paying bills, managing your finances andany other housing-related activity if relevant. Provide information to the Local Authority should your needs change in a way that makesyou eligible for Social Care or Health funding. Contact protocols in the event of a personal emergency in which your next of kin must becontacted and to meet our statutory obligations. Special Category Data is only used to ensure the care and support you received is personalisedto your needs and preferences. It is never used for profiling purposes. Aspens data is categorised within our Information Assets Register. There are three categories ofdata; Shared, Restricted and Confidential. Shared information is data that is available to everyone working for Aspens. Restricted information is data that maybe commercially, technically or otherwise sensitive andtherefore constrained to certain groups or individuals within Aspens. Confidential information includes any data that contains personally identifiable information (PII)and any other information that the Board wish to remain private. Your information is classified as Restricted and available only to the staff group that are providingyour care and support and financial support. Who else do we give access to your information and why?As part of your support planning process, we will identify the individuals/organisations who areinvolved in your care and support and confirm that you are either happy for us to share your data with them or if you would prefer us not to. We will document this within your Individual SupportPlan. Local AuthoritiesYour care and support needs may change over time. This may make you eligible for LocalAuthority funding. If this is the case, we will support you with your interactions with the LocalAuthority and may provide them with details of your care and support if you consent. Healthcare ProfessionalsAspens is committed to ensuring that we support you to maintain a good level of health andwellbeing. We will share the relevant data with the named individuals and organisations withinyour Individual Support Plans. What we don’t do with your Personal DataAspens do not use your information for profiling or automated decision making.Aspens do not transfer your information outside of the European Union. How do we protect your information?Aspens has a robust Information Security Policy to ensure that your information is kept safe inboth electronic files as well as hard copies. We also have a clear and transparent DataProtection Policy to ensure we adhere to all legislative and regulatory requirements. A copy ofthese are available on request. The review, understanding and implementation of these policies will also be part of the inductionprocess for all new members of staff, regardless of their position within the organisation. The Personal Data we hold about you has been assessed using a Data Protection Impact Analysis(DPIA) and is logged and maintained with our Information Assets Register (IAR). The DPIA isused to measure the potential risk of the personal information we hold relating to your freedomsand rights as individuals and any potential impact if the information was breached or lost. Bycompleting the DPIA and subsequently categorising the data we hold within Aspens’ IAR, Aspenshave implemented appropriate and proportionate measures to mitigate or lower those risks. How long do we keep your personal data?We will retain your information for as long as we provide you with care and support services,regularly checking to ensure that it is accurate and up to date. Due to our legal obligations as aCare Quality Commission registered Charity and the Records Management Code of Practice forHealth and Social Care, we will retain your Personal Data for a further 6 years from when youleave our services. Bank account and next of kin information will be deleted immediately when youhave left as this information is no longer required. What are your Personal Data rights?If, at any point, you believe the Personal Data we hold on you is incorrect, you want us to corrector delete that information, or you no longer want us to hold that information or contact you, you canexercise your rights under the current Data Protection Laws. These rights include; The right to be informed The right of access The right to rectification The right to erasure The right to restrict processing The right to data portability The right to object Rights in relation to automated decision making and profiling. Please note, these rights are not absolute and we may not be able to delete information that isrequired to maintain our business purpose, to comply with relevant legislation or that is required tofacilitate your care and support. You also have the right to access any information we hold about you. Please contact our DataProtection Officer who will provide you with a Subject Access Request Form and details of theprocess that will be followed to ensure we provide all the information you have requested. For more information regarding your Personal Data Rights, please visit the InformationCommissioner’s Office website: https://ico.org.uk/for-organisations/guide-to-the-general-dataprotection-regulation-gdpr/individual-rights/ Who do you contact if you have an issue with the Personal Data that we hold? Our Data Protection Officer can be contacted via email at [email protected] or by ringing 01892 822168. How do you make a complaint about how your Personal Data is being held or processed?Please contact our Data Protection Officer in the first instance. They will investigate ensuring thatdue process is followed as set out in our Complaints Policy and Procedures. If you are not satisfied with the response or believe we are processing your data not in accordancewith the law, you can complain directly to the Information Commissioner’s Office on 0303 1231113or follow the instructions on their website; https://ico.org.uk/concerns/ Manage Cookie Preferences Chat with us, powered by LiveChat