This is the privacy notice of Athena Healthcare Group Limited (Athena), including its subsidiary companies:
Athena Care (Ormskirk) Limited, operator of Abbey Wood Lodge.
Athena Healthcare (Albert Road) Limited, operator of Hesketh Park Lodge.
Athena Healthcare (Park Road) Limited, operator of Parklands Lodge.
Athena Healthcare (Coombe Valley) Limited, operator of Willow Park Lodge.
Athena Healthcare (Church Road) Limited, operator of Woodlands Lodge.
Athena Healthcare (New Brighton One) Limited, operator of Lighthouse Lodge.
Athena Healthcare (New Brighton Two) Limited, operator of Marine View Lodge.
Athena Healthcare (Oxford Road) Limited, operator of Shoreside Lodge.
These subsidiary companies, once operating, are registered with the Care Quality Commission (CQC) to provide residential and/or nursing care to people residing in the care homes operated by each company in England.
Our registered office is at 14 Athol Street, Douglas, Isle of Man, IM1 1JA.
Aims of this notice
Athena is required by law to tell you about your rights and our obligations regarding our collecting and processing any of your personal information, which you might provide to us. We have a range of policies and procedures to ensure that any personal information you supply will be held securely and treated confidentially in line with the applicable regulations.
What personal information we collect:
Service Users – As a registered care provider, we must collect some personal information on our service users, including financial information, which is essential to our being able to provide effective care and support. The information is contained in individual files (hardcopy and electronic) and other record systems, all of which are subject to strict security and authorised access policies. Personal information that becomes inactive, i.e. from enquiries or prospective users who do not enter the service is also kept securely for as long as it is required, before being safely and securely disposed of.
Third Parties – All personal information obtained about others associated with the delivery of care service, including contractors, visitors, suppliers, etc will be protected in the same way as the information on service users.
How we collect information
The bulk of ‘service users’ and ‘third parties’ personal information is collected directly from them or via form filling, mainly manually, but also electronically for some purposes. i.e. when contacting the service through it’s website.
With service users, we may continue to build on the information provided in enquiry and referral forms, i.e. the need for further assessments which feed into their care plans and support plans.
All personal information is obtained to meet our regulatory requirements will always be treated in line with our explicit consent, data protection and confidentiality policies.
Our website and databases are regularly monitored by experts to ensure they meet all privacy standards and comply with our general data protection security and protection policies.
Legal basis for processing information
The legal basis for the processing of personal information/data are:
for the provision of health and social care – with regard to residents’ personal data;
for legitimate interests – with regard to direct marketing to prospective residents;
for the performance of a contract with the data subject – with regard to suppliers’ personal data; and
processing is necessary with regard to legal obligation – residents’ personal data.
What we do with personal information
All personal information obtained on service users and third parties is only used to ensure that we are able to provide a service, which is consistent with our purpose of providing a person-centered care service, which meets all regulatory standards and requirements. It will not be disclosed or shared for any other purpose.
How we keep your information safe.
Athena Healthcare Group Limited have a range of stringent policies that enable us to comply with all data protection requirements. Further details of any of our policies are available by contacting Kerry Johnson – Data Protection Officer.
With whom we might share information with.
We only share the personal information of service users and others on a “need to know basis”, observing strict protocols in doing so. Most information sharing of service users’ information is with other professionals and agencies involved with their care and treatment.
The only exceptions to this general rule would be where we are required by law to provide information, i.e. to help with a criminal investigation, where it is in the vital interests of the service user, i.e. in the event of a medical emergency. Even when seeking to notify the local authority of a safeguarding matter or the Care Quality Commission (CQC) of any incident that requires us to do so, we would ensure that the information provided is treated with the strictest of confidence.
Where we provide information for statistical purposes, the information is aggregated and provided anonymously so that there isn’t any privacy risk involved in its use.
How personal information is held by the care provider, can be accessed.
There are procedures in place to enable any service user or third party whose personal information we possess and may process, to request access to any information we may hold.
How long do we keep personal information?
There are strict protocols in place that determine how long the organisation will keep the information for, these are inline with the relevant legislation regulations.
How we keep our privacy policies up to date.
The staff appointed to control and process personal information within our organisation are delegated to assess all privacy risks on a continual basis and to carry out comprehensive reviews of our data protection policies, procedures and protocols at least annually.
Your rights and your personal data.
Unless subject to exemption under the GDPR, you have the following rights with respect to your personal data:
The right to request a copy of the personal data which we hold about you;
The right to request that we correct any personal data if it is found to be inaccurate or out of date;
The right to request your personal data is erased where it is no longer necessary to retain such data;
The right to withdraw consent to the processing, where consent was your lawful basis for processing the data;
The right to request that we provide you with your personal data and where possible, to transmit that data directly to another data controller, (known as the right to data portability), (where applicable i.e. where the processing is based on consent or is necessary for the performance of a contract with the data subject and where the data controller processes the data by automated means);
The right, where there is a dispute in relation to the accuracy or processing of your personal data, to request a restriction is placed on further processing;
The right to object to the processing of personal data, (where applicable i.e. where processing is based on legitimate interests (or the performance of a task in the public interest/exercise of official authority); direct marketing and processing for the purposes of scientific/historical research and statistics).
Transfer of Data abroad.
Our Group comprises operations in England and the Isle of Man. Your data may therefore be held and accessed in either England or the Isle of Man. The Isle of Man is not part of the EU or EEA, however the Isle of Man is implementing equivalent GDPR legislation.
Automated decision making.
We do not use any form of automated decision making in our business.
If we wish to use your personal data for a new purpose, not covered by this Data Privacy Notice, then we will provide you with a new notice explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions.
Changes to our privacy notice.
Any changes to our privacy notice in the future will be notified to you by e-mail or by letter and the latest version of our privacy notice will be available on our website.
How to make a complaint.
To exercise, all relevant rights, queries or complaints, please, in the first instance contact our Data Protection Officer Kerry Johnson – Kerry.firstname.lastname@example.org.
If this does not resolve your complaint to your satisfaction, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO), on 0303 123 1113, Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, England. For the Isle of Man’s Information Commissioner’s Office on 01624 693260, Isle of Man’s Information Commissioner’s Office, PO Box 69, Douglas, Isle of Man, IM99 1EQ.