Internal
1. INTRODUCTION
During the course of our activities we, FCMS NW Ltd, will process personal data (which may be held on paper, electronically, or otherwise) about our staff and we recognise the need to treat it in an appropriate and lawful manner, in accordance with the Data Protection Act 2018 (DPA) and the General Data Protection Regulation (EU) 2016/679 (GDPR). The purpose of this notice is to make you aware of how we will collect and use your personal information both during and after your working relationship with FCMS NW Ltd.
This notice applies to all prospective, current and former employees, workers, contractors, consultants, apprentices, work experience and others. It is non-contractual and does not form part of any employment contract, casual worker agreement, consultancy agreement or any other contract for services.
The Controller is FCMS NW Ltd of Newfield House, Vicarage Lane, FY4 4EW.
FCMS NW Ltd has an appointed a data protection officer.
2. DATA PROTECTION PRINCIPLES
We will comply with the six data protection principles in the DPA and GDPR, which say that personal data must be:
- Processed lawfully, fairly and in a transparent manner.
- Collected only for specified, explicit and legitimate purposes.
- Adequate, relevant and limited to what is necessary in relation to the purposes for which it is processed.
- Accurate and where necessary kept up to date.
- Not kept in a form which permits your identification for no longer than is necessary for the purposes for which the data is processed.
- Processed in a manner which ensures appropriate security of the data.
Personal data” means recorded information we hold about you from which you can be identified. It may include contact details, other personal information, photographs, expressions of opinion about you, made by you or indications as to our intentions about you. “Processing” means doing anything with the data, such as accessing, disclosing, destroying or using the data in any way.
3. FAIR AND LAWFUL PROCESSING
We will usually only process your personal data where you have given your consent or where the processing is necessary to comply with our legal obligations. In other cases, processing may be necessary for the protection of your vital interests, for our legitimate interests or the legitimate interests of others. The full list of conditions is set out in the GDPR.
We will only process “special category data” also called “sensitive personal data” about racial or ethnic origin, political opinions, religious or similar beliefs, trade union membership, physical or mental health conditions, sexual life, sexual orientation, biometric or genetic data and personal data relating to criminal proceedings or convictions, where a further condition is also met. Usually this will mean that you have given your explicit consent, or that the processing is legally required for employment purposes. The full list of conditions is set out in the GDPR.
4. WHAT TYPES OF PERSONAL DATA DO WE COLLECT ABOUT YOU.
FCMS NW Ltd collects and processes a range of personal information about you. This may include: –
- Your contact details including name, address, telephone number and email address.
- Emergency contact details and next of kin.
- Date of birth and national insurance number.
- Your gender, marital status and dependants.
- Right to work in the UK and passport.
- Recruitment records, application form and covering letter, CV, interview notes, references, qualification certificates, any professional memberships, any background checks, termination letters and interview notes including exit interviews.
- Details of skills, qualifications, experience and work history.
- Salary, entitlement to any benefits, pension information, HMRC information and bank account details.
- Any disciplinary, complaints, grievance and capability records.
- Any information relating to appraisals including information at meetings.
- Information about your use of IT systems, including use of telephone and email and any recording we make.
- Health including medical conditions, disabilities, sickness absence records, medical reports and related records.
- Racial or ethnic origin, religious or similar beliefs and sexual orientation.
- Criminal proceedings or convictions.
- Bank account details.
- Driving licence and car insurance details.
- Professional indemnity insurance cover.
- CCTV images
- Details of Professional Registration
- Voice recordings from telephone calls
- Image and audio recordings from dashcam devices
- Information recorded by a tracker on a vehicle
5. HOW DO WE COLLECT YOUR PERSONAL DATA
We collect personal data in a variety of ways. It is collected during the recruitment process, either directly from you or sometimes from a third party, such as an employment agency, former employer, background check providers, credit reference agencies and from the DBS. We also collect information throughout the period of your working relationship with us. This may be collected during your work-related activities. Some of the information you provide will be a statutory requirement and others contractual. We will inform you whether you are required to provide certain personal information statutory or contractually or whether you have a choice.
6. HOW DO WE USE YOUR PERSONAL DATA
We will process data about staff for legal, contractual, personnel, administrative and management purposes and to enable us to meet our legal obligations as an employer, for example to pay you, monitor your performance and to confer benefits in connection with your employment. We will also process data where it is necessary for our legitimate interest such as training, profiling staff and advising staff of benefits from third parties. We may also use your data where it is necessary to protect your vital interests. This processing may include:
- To maintain accurate records and contact details.
- Assessing suitability for employment, promotion, conferring benefits and pay reviews.
- Complying with statutory and contractual requirements.
- Maintaining records of employment, grievance, complaints, disciplinary, performance, appraisal, training, career and professional development and needs.
- Operating staff schedules, leave, sickness absences, workforce management, maternity leave, paternity leave, adoption leave and any other unpaid leave.
- Payment to you of any entitlements and payment to any third party such as
- HMRC or a pension provider.
- Reviewing sick leave or fitness to work.
- Preventing fraud.
- Monitoring use of IT systems.
- Ensuring effectiveness of HR polices, data protection polices, business administration and other business policies and procedures.
- Establishing or defending complaints and legal claims.
- To fulfil laws which apply to us and any third parties we work with.
- For statistical research and analysis and to enable us to we can monitor and improve services.
- To monitor how we are meeting our clinical and non-clinical performance.
- Managing our relationships with you and third parties who assist us to provide the services or information to you.
We may process special category data relating to staff including, as appropriate:
- Information about an employee’s physical or mental health or condition to monitor sick leave and take decisions as to the employee’s fitness for work;
- the employee’s racial or ethnic origin or religious or similar information to monitor compliance with equal opportunities legislation;
- to comply with legal requirements and obligations to third parties.
- The above is not a restrictive list and we may process all the special category data set out in clause 3.2 above.
7. WHO WILL SEE YOUR PERSONAL DATA
Your personal data may be shared internally within FCMS NW Ltd including members of HR, payroll department, management and IT where your personal data is necessary for the performance of their roles. It may also be shared with the wider work force where this is necessary for our legitimate interest.
FCMS NW Ltd may also share your personal data with third parties which may include:
- External organisations for conducting pre-employment reference and background checks.
- To any organisation requesting a reference when you have applied for a position with the organisation or to join the organisation in some capacity.
- Payroll providers.
- Benefits providers such as insurance and pensions.
- Occupational health providers.
- External IT support.
- Auditors, accountants, lawyers and other professional providers.
- HMRC and other government bodies.
- DBS checking agencies.
- If we merge or restructure or sell the organisation
- With regulators or to comply with any legal obligation.
- When you request that we supply personal data to another party you wish to supply services or products to you.
- Where we use other companies to provide services on our behalf for training, processing, mailing, delivering, answering questions about products or services, sending mail and emails, data analysis, assessment and profiling or processing credit/debit card payments.
- With our subsidiaries, affiliates or associated organisations or companies.
- When you join or take part in any social media platforms managed by us.
- When you feature in any promotional video for such purposes for example recruitment, or advertising
8. PROTECTING YOUR PERSONAL DATA
We will ensure that appropriate measures are taken against unlawful or unauthorised processing of personal data, and against the accidental loss of, or damage to, personal data.
We have in place procedures and technologies to maintain the security of all personal data from the point of collection to the point of destruction. We will only transfer personal data to a third party if they agree to comply with those procedures and policies, or if they put in place adequate measures themselves.
Maintaining data security means guaranteeing the confidentiality, integrity and availability (for authorised purposes) of the personal data.
9. DATA RETENTION
We will retain your personal data for as long as is necessary to fulfil the purposes for which it was collected and processed including satisfying any legal, tax, health and safety, reporting or accounting requirements.
We will generally retain your data for the duration of your employment or contract with us and for a period of 7 years after termination of your employment or contract. This is subject to any minimum statutory or other legal requirement.
Personal data which is no longer retained will be securely and effectively destroyed.
10. PROCESSING IN LINE WITH YOUR RIGHTS
You have the right to:
- Request access to any personal data we hold about you.
Ask to have inaccurate data held about you amended. - Request the erasure of your personal data – this enable you to ask us to delete or remove your personal data where there is no compelling reason for its continued processing.
- Request us to restrict the processing of your personal data.
- Object to the processing of your personal data.
- Request data portability – this is a request to transfer personal data to a third party so it can be reused.
- Request a review of automatic decision making – we do not envisage that any employment decisions will be taken solely on automated decision making.
- However, we will notify you is this position changes.
If you wish to know what personal data we hold about you, you must make the request in writing to Sam Marsh, Head of Quality and Risk. All such written requests should be forwarded to Head of Quality and Risk.
If you are not satisfied with the way in which we deal with your request you can contact the Information Commissioners Office on 0303 123 1113 or at their website www.ico.org.uk.
11. TRANSFERRING DATA OUTSIDE THE EEA
All the personal data is processed in the UK however for IT hosting and maintenance your information may be situated outside the European Economic Area (EEA).
12. CHANGES TO THIS PRIVACY NOTICE
FCMS NW Ltd reserves the right to update or amend this privacy notice at any time, including where FCMS NW Ltd intends to further process your personal data for a purpose other than that for which the personal data was collected or where we intend to process new types of personal data. We will issue you with a new privacy notice when we make significant updates or amendments.
13. CONTACT
If you have any questions about this privacy notice or how we handle your personal data please contact Samantha Marsh, Head of Quality and Risk, Newfield House, Vicarage Lane, Blackpool, FY4 4EW
If you consider that the data protection principles have not been followed in respect of personal data about yourself or others you should raise the matter with your line manager or contact Sam Marsh. Any breach of the DPA will be taken seriously and may result in disciplinary action.
This policy was last updated on 23/12/2019
External
1. Introduction
This privacy policy sets out the way FCMS process your personal information. It deals with how we collect information, what we do with it, how we protect it and what controls or rights you have.
We are committed to protecting the privacy of our patients [and anyone who interacts with us] and will treat all information you give us with care.
We promise to:
- Tell you why we collect personal information, how we do this and what we use it for.
- Only collect the information we need to deliver the service to you.
- Keep the personal information up to date and ensure it is safe and secure.
Please read this Privacy Policy carefully to understand how we process your personal data. By providing your personal data to us or by using our services or this website you are accepting or consenting to the practices in this Privacy Policy.
We may change this policy from time to time. The date this policy was last updated is shown at the end of this document.
As a data controller, we fully comply with the Data Protection Act 2018, the Privacy and Electronic Communications Regulations 2003 and the UK General Data Protection Regulations (UKGDPR). We will also comply with all applicable clinical confidentiality guidelines.
We are recorded on the ICO Data Protection Register under registration number Z1140444 and Z9872485.
2. Who we are
In this policy references FCMS (NW) Ltd Newfield Company Reg Number 05085990 Newfield House, Vicarage Lane, Blackpool FY4 4EW
3. What information we collect
We collect personal information about you to enable us to provide the services or fulfil a role with us. This may include:
- Name and address, marital status, family history and details of any lasting power of attorney
- Email address and telephone numbers.
- The country you live in, date of birth, national insurance number, passport number and where relevant the language you speak.
- Details of your employment.
- The name and contact details of your next of kin. It is your responsibility to ensure that if you provide us with any information about another person that they are aware of the terms of this privacy policy.
- Details about associated people, for example, children, partners, carers and relatives.
- From your parent or guardian if you are under 16. This may include details of any educational establishment you attend.
- Recordings of telephone calls we receive or make.
- Your photograph.
- Video and sound recordings on our premises and in our vehicles
- Details of services and treatments you may have received from us.
- Reports or notes on your health or any treatment and care you have received or need.
- Patient feedback and treatment outcome information, you provide.
- Information about complaints and incidents.
- When you visit our website, we collect information about your IP address and pages you visit. This does not tell us who you are or your address, unless you choose to provide that information.
- Your payment information (e.g. credit card details) provided when you make a payment to us.
- Information from customer surveys that you take part in.
- The result of any credit or anti-fraud checks we have made on you.
We will also collect Special category data – sometimes called sensitive personal information. This includes: - Information about your race, ethnic origin and religion.
- Information about your physical or mental health, genetic data or biometric data.
- Information about your sex life or sexual orientation.
- Information about risk and safeguarding.
4. How do we collect Personal Information?
We collect the personal information in the following ways:
- When you enquire about one of our services or treatments.
- When you provide information by filling in a paper or digital form on registration or information provided at any other time.
- When you correspond with us by email, phone or other ways.
- During the course of the provision of services to you.
- Contact us by email, telephone, social media or in any other way.
- When you visit our website.
- Fill in a form or survey for us.
- Information from emergency services, local authority and other public organisations.
- From video and sound recordings in our vehicles.
- Information from third parties including business partners, service providers, technical sub-contractors, payment and delivery services, advertisers when you have given permission to share it with us
- From publicly available services to keep your information up to date for example the NHS national data base.
- When you participate in discussion forums or other social media on our site or sites managed by us.
- When you take part in a social event
- Enter a competition, promotion or survey
5. Personal Information Provided by other Sources
We may collect personal data about you from other sources and these can include:
- From your next of kin or other family member.
- Provided by doctors, other clinicians and health care professional, hospitals, clinics and other health care providers.
- Your employer when they provide information.
- Translators and interpreters.
- Any health professional or organisation who provides information for the continuity of your care.
- Information from a Local Authority or the Police.
- Fraud and credit reference agencies and on DBS checks.
6. How we use the information and why we need it
We use the personal information to provide the direct health services to individual patients and to meet our contractual commitments to you. This may include:
- Processing – this will include using the information to fulfil any request made by you or someone on your behalf to receive one of our health or care services.
- Contract – If we have a contract with you, we will process your personal information to fulfil that contract.
- Consent – generally we will only ask for your consent to process your personal information if there is no other legal ground to process. Where we need your consent, we will ensure you are as fully informed as possible and use that consent solely for the reason you have given it to us. You will be able to change your mind at any time by contacting us at the address in paragraph 15.
- Public interest Task – we will process your personal information when carrying out the performance of a task in the public interest which includes the provision of direct health care or social care. This also includes processing personal information to train and educate health care professionals.
- Necessary for the purpose of preventative or occupational medicine – to assess whether you are able to work, the provision to you of health or social
care, a medical diagnosis, or the management of health and social care systems. - Necessary to defend legal claims or a court action.
- Vital interests – where it is necessary to protect your vital interests or those of another person.
- Public interest – this is usually in line with any applicable laws such as protecting against dishonesty, malpractice or other seriously improper behaviour.
- Information you have made public.
- Marketing – in addition to processing we will use your personal information to provide you with information about services you have requested or would reasonably expect to receive from us. You will be able to change your mind at any time and we will keep your preferences up to date. Any email to you about marketing will have a link to let you unsubscribe.
- Profiling – we may make use of profiling and screening methods to provide a better service to patients. Profiling helps us target resources more effectively through gaining an insight into the background of patients and helping us build relationships that are appropriate to their needs.
- Automated Decision Making – We use computers to make some limited automatic decisions. For example: when registering at reception.
7. Legitimate interests
FCMS also process your data when it is in our legitimate interest to do this and when these interests do not override your rights. These legitimate interests include:
- Providing you with information on services.
- Keeping our records up to date.
- For statistical research and analysis and to enable us to monitor and improve services.
- To monitor how we are meeting our clinical and non-clinical performance in the case of health care providers.
- Sharing your personal information with people or organisations in order to comply with any legal or regulatory obligations or to enable us to run our organisation.
- To fulfil laws that apply to us and the third parties we work with.
- Managing our relationships with you and third parties who assist us to provide the services to you.
8. Who will see the information?
Your information will only be accessible to our staff and only where it is appropriate in respect of the role they are carrying out. We will never sell your information or let other organisations use it for their own purposes.
We will only share your personal information:
- If consent is necessary we will have taken your consent to us doing so and will provide information for the specific reason your consent was given. You
will have the opportunity to withhold consent when you complete the form on which we collect the data or you can do so by contacting us at the address in paragraph 15, at any time. - Doctors, clinicians, hospitals, clinics, diagnostic and treatment centres and other health care providers to provide our services and continuity of health care. This also includes processing personal information to enable organisations to carry out research and medical trials and processing personal information to train and educate health care professionals.
- Your GP – where clinically necessary we may share your information with your GP. You can ask us not to do so and we will respect this unless legally required to provide the information. You should be aware it may be detrimental to your health if your GP does not have your full medical history.
- First responders, ambulance service, safeguarding, undertakers, coroner and care homes.
- Where it is necessary to protect your vital interest (i.e. your life or health)
- Other organisations you belong to confirm your entitlement to our services.
- Organisations or people who by law or regulations we must share your personal information with. This can be national data bases, screening registers government authorities and NHS organisations.
- The police or other law enforcement agencies to assist them perform their duties if we must do this by law or under a court order.
- Social Care Services, Education Services, Local Authorities and Voluntary and Private Sector providers working with the NHS.
- Where we use other organisations to provide services on our behalf for processing, mailing, delivering, answering patient’s questions about services, sending mail and emails, external reception services, data analysis, assessment and profiling or processing credit/debit card payments.
- To organisations who you have requested us to supply information so that they can provide services or products you have requested.
- Organisations providing IT systems, IT support and hosting in relation to IT systems on which information is stored.
- To any Primary Care Network (PCN), we work with [or are a member of] and the individual member GP Practices of the PCN.
- When using auditors and professional advisors.
- When we are legally required to, or because of a lawful request by a governmental or law enforcement authority.
- If we merge with another organisation or form a new entity.
- To any organisation requesting a reference when you have applied for a position with the organisation or to join the organisation in some capacity.
Where a third-party data processor is used, we ensure they operate under a contract which includes confidentiality and security of personal data and their obligations under the Data Protection legislation.
9. National Opt Out
Whenever you use a health or care service, important information about you is collected in a patient record. Collecting this information helps to ensure you get the best possible care and treatment.
The information collected about you when you use these services can also be provided to other organisations for purposes beyond your individual care, for instance to help with:
- improving the quality and standards of care provided
- research into the development of new treatments
- preventing illness and diseases
- monitoring safety
- planning services
Most of the time, anonymised data is used for research and planning so that you cannot be identified in which case your confidential patient information is not needed.
Sometimes, for research and planning your confidential patient information will be needed. You have a choice about whether you want your confidential patient information to be used in this way. If you are happy with this use of your information you do not need to do anything. If you do not wish your information to be used, you can opt out. If you do choose to opt out your confidential patient information will still be used to support your individual care.
To find out more or to register your choice to opt out, please visit www.nhs.uk/your-nhs-data-matters. On this web page you will:
- See what is meant by confidential patient information
- Find examples of when confidential patient information is used for individual care and examples of when it is used for purposes beyond individual care
- Find out more about the benefits of sharing data
- Understand more about who uses the data
- Find out how your data is protected
- Be able to access the system to view, set or change your opt-out setting
- Find the contact telephone number if you want to know any more or to set/change your opt-out by phone
- See the situations where the opt-out will not apply
You can change your mind about your choice at any time.
Our organisation is compliant with the national data opt-out policy.
10. Security
The security of your personal information is very important to us. We protect all personal data we hold and ensure we have appropriate organisational and technical
measures in place to prevent unauthorised access or unlawful processing of personal data and to prevent data being lost, destroyed or damaged.
All information you provide to us is stored on our secure servers.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
All the personal data is processed in the UK however for IT hosting and maintenance your information may be situated outside the European Economic Area (EEA).
You might find links to third party websites on our website. These websites should have their own privacy policies, which you should check. We do not accept any responsibility or liability for their policies whatsoever as we have no control over them.
11. Your rights
You have the following rights:
- Transparency over how we use your personal information (right to be informed).
- To request a copy of the personal information we hold about you, which will be provided to you within one month (right of access).
- An update or amendment of the personal information we hold about you (right of rectification).
- To ask us to stop using personal information (right to restrict processing).
- Ask us to remove your personal information from our records (right to be forgotten).
- Request us to remove your personal information for marketing purposes (right to object).
- To obtain and reuse your personal data for your own purposes (right to portability).
- Not to be subject to a decision based on automated processing.
You can contact to us about any of these rights at the address in paragraph 15. To protect your privacy, we may ask you to prove your identity before we agree to respond to any request. There is no charge for a request and we will respond to the request within one month.
If you are not satisfied with the way in which we deal with your request you can contact the Information Commissioners Office on 0303 123 1113 or at their website www.ico.org.uk.
12. Cookies
Our website uses cookies to distinguish you from other users of our website. This helps us to provide you with a good experience when you browse our website and allows us to improve our site. By continuing to browse the site, you are agreeing to our use of cookies.
A cookie is a small file of letters and numbers that we store on your browser or the hard drive of your computer if you agree. Cookies contain information that is transferred to your computer’s hard drive.
We use the following cookies:
- Strictly necessary cookies. These are cookies that are required for the operation of our website. They include, for example, cookies that enable you to log into secure areas of our website, use a shopping cart or make use of e-billing services.
- Analytical/performance cookies. These allow us to recognise and count the number of visitors and to see how visitors move around our website when they are using it. This helps us to improve the way our website works, for example, by ensuring that users are finding what they are looking for easily.
- Functionality cookies. These are used to recognise you when you return to our website. This enables us to personalise our content for you, greet you by name and remember your preferences (for example, your choice of language or region).
- Targeting cookies. These cookies record your visit to our website, the pages you have visited and the links you have followed. We will use this information to make our website and the advertising displayed on it more relevant to your interests. We may also share this information with third parties for this purpose.
13. Retention of information
We hold your information only for as long as necessary for each purpose we use it.
We use the following guidelines:
- Any time limits set by law or recommended by regulators professional bodies or associations.
- Time limits for making a claim.
- For as long as we have a reasonable need for managing our relationship with you or running our organisation.
14. CCTV
Our premises are monitored by CCTV for the safety of visitors and staff. Images are retained for 30 days in accordance with ICO guidelines.
15. How to contact us
If you have any questions about this privacy policy or your rights regarding processing your personal information, or wish to make a complaint please contact:
Samantha Marsh
Newfield House
Vicarage Lane
Blackpool
FY4 4EW
This policy was last updated on 17/05/2023