Privacy Policy

Privacy Notice

Introduction

This is MGM HEALTHCARE GROUP LTD’s Privacy Notice. Your privacy is important to us. We are committed to protecting your personal information in compliance with GDPR regulations.

As part of the services we offer, we are required to process personal data about our staff, our service users and, in some instances, the friends or relatives of our service users and staff. “Processing” can mean collecting, recording, organising, storing, sharing or destroying data.

We are committed to being transparent about why we need your personal data and what we do with it. This information is set out in this privacy notice. It also explains your rights when it comes to your data.

If you have any concerns or questions, please contact us: Mr M Kamran on 01924 654207

Service Users

What data do we have?

So that we can provide a safe and professional service, we need to keep certain records about you. We may process the following types of data:

  • Your basic details and contact information e.g. your name, address, date of birth and next of kin;
  • Your financial details e.g. details of how you pay us for your care or your funding arrangements.

We also record the following data which is classified as “special category”:

  • Health and social care data about you, which might include both your physical and mental health data.
  • We may also record data about your race, ethnic origin, sexual orientation or religion.

Why do we have this data?

We need this data so that we can provide high-quality care and support. By law, we need to have a lawful basis for processing your personal data.

We process your data because:

  • We have a legal obligation to do so – generally under the Health and Social Care Act 2012 or Mental Capacity Act 2005.

We process your special category data because

  • It is necessary due to social security and social protection law (generally this would be in safeguarding instances);
  • It is necessary for us to provide and manage social care services;
  • We are required to provide data to our regulator, the Care Quality Commission (CQC), as part of our public interest obligations.

We may also process your data with your consent. If we need to ask for your permission, we will offer you a clear choice and ask that you confirm to us that you consent. We will also explain clearly to you what we need the data for and how you can withdraw your consent at any time.

Common law duty of confidentiality

In our use of health and care information, we satisfy the common law duty of confidentiality because:

  • You have provided us with your consent (either implicitly to provide you with care, or explicitly for other uses)
  • We have a legal requirement to collect, share and use the data
  • The public interest to collect, share and use the data overrides the public interest served by protecting the duty of confidentiality (for example sharing information with the police to support the detection or prevention of serious crime).

Where do we process your data?

So that we can provide you with high quality care and support we need specific data. This is collected from or shared with:

  1. You or your legal representative(s);
  2. Third parties.

We do this face to face, via phone, via email, via our website, via post, via application forms, via apps.

Third parties are organisations we might lawfully share your data with. These include:

  • Other parts of the health and care system such as local hospitals, the GP, the pharmacy, social workers, clinical commissioning groups, and other health and care professionals;
  • The Local Authority;
  • Your family or friends – with your permission;
  • Organisations we have a legal obligation to share information with i.e. for safeguarding, the CQC;
  • The police or other law enforcement agencies if we must by law or court order.

Staff

What data do we have?

So that we can provide a safe and professional service, we need to keep certain records about you. We may record the following types of data:

  • Your basic details and contact information e.g. your name, address, date of birth, National Insurance number and next of kin;
  • Your financial details e.g. details so that we can pay you, insurance, pension and tax details;
  • Your training records.

We also record the following data which is classified as “special category”:

  • Health and social care data about you, which might include both your physical and mental health data – we will only collect this if it is necessary for us to know as your employer, e.g. fit notes in order for you to claim statutory maternity/paternity pay;
  • We may also, with your permission, record data about your race, ethnic origin, sexual orientation or religion.

As part of your application, you may – depending on your job role – be required to undergo a Disclosure and Barring Service (DBS) check (Criminal Record Check). We do not keep this data once we’ve seen it.

Why do we have this data?

We require this data so that we can contact you, pay you and make sure you receive the training and support you need to perform your job. By law, we need to have a lawful basis for processing your personal data.

We process your data because:

  • We have a legal obligation under UK employment law;
  • We are required to do so in our performance of a public task;
  • We have a legitimate interest in processing your data – for example, we provide data about your training to Skills for Care’s Adult Workforce Data Set, this allows Skills for Care to produce reports about workforce planning.
  • We are required to provide data to our regulator, the Care Quality Commission (CQC), as part of our public interest obligations.

We process your special category data because

  • It is necessary for us to process requests for sick pay or maternity pay.

If we request your criminal records data, it is because we have a legal obligation to do this due to the type of work you do. This is set out in the Data Protection Act 2018 and the Rehabilitation of Offenders Act 1974 (Exceptions) Order 1975. We do not keep a record of your criminal records information (if any). We do record that we have checked this.

We may also process your data with your consent. If we need to ask for your permission, we will offer you a clear choice and ask that you confirm to us that you consent. We will also explain clearly to you what we need the data for and how you can withdraw your consent.

Where do we process your data?

As your employer we need specific data. This is collected from or shared with:

  1. You or your legal representative(s);
  2. Third parties.

We do this face to face, via phone, via email, via our website, via post, via application forms, via apps.

Third parties are organisations we have a legal reason to share your data with. These include:

  • Her Majesty’s Revenue and Customs (HMRC);
  • Our pension and healthcare schemes
  • Our external payroll provider
  • Organisations we have a legal obligation to share information with i.e. for safeguarding, the CQC;
  • The police or other law enforcement agencies if we must by law or court order.
  • The DBS Service

Friends/Relatives

 

What data do we have?

As part of our work providing high-quality care and support, it might be necessary that we hold the following information on you:

  • Your basic details and contact information e.g. your name and address.

Why do we have this data?

By law, we need to have a lawful basis for processing your personal data.

We process your data because we have a legitimate business interest in holding next of kin and lasting power of attorney information about the individuals who use our service and keeping emergency contact details for our staff.

We may also process your data with your consent. If we need to ask for your permission, we will offer you a clear choice and ask that you confirm to us that you consent. We will also explain clearly to you what we need the data for and how you can withdraw your consent.

Where do we process your data?

So that we can provide high quality care and support we need specific data. This is collected from or shared with:

  1. You or your legal representative(s);
  2. Third parties.

We do this face to face, via phone, via email, via our website, via post, via application forms, via apps.

Third parties are organisations we have a legal reason to share your data with. These may include:

  • Other parts of the health and care system such as local hospitals, the GP, the pharmacy, social workers, and other health and care professionals;
  • The Local Authority;
  • The police or other law enforcement agencies if we must by law or court order.

How do we store your personal information?

Your information is securely stored for the time periods specified in the Records Management Code of Practice. We will then dispose of the information as recommended by the Records Management Code for example we will:

  • securely dispose of your information by shredding paper records, or wiping hard drives to legal standards of destruction

Our  Website

 

This website and its owners take a proactive approach to user privacy and ensure the necessary steps are taken to protect the privacy of its users throughout their visiting experience. This website complies to all UK national laws and requirements for user privacy.

Privacy & Cookies Policy

This website’s privacy policy is served by MGM Healthcare Group Ltd t/a MGM Healthcare and governs the privacy of users accessing this website. The policy sets out the different areas where user privacy is concerned and outlines the obligations and requirements of the users, the website and website owners. Furthermore, the way this website processes, stores and protects user data and information will also be detailed within this policy.

Use of Cookies

This website uses cookies to better the user’s experience while visiting the website; by using our website, you consent to us storing cookies.  This complies with the latest legislation requirements for websites to obtain explicit consent from users before leaving behind or reading files such as cookies on a user’s computer or device.

Cookies are small files saved to the hard drive of the user’s device, which track, save and store information about the user’s interactions and usage of the website. This allows the website, through its server to provide the users with a tailored experience within this website. Cookies typically expire after 30 days, though in some cases they may last longer. No personal information is stored, saved or collected.

Users are advised that if they wish to deny the use and saving of cookies from this website onto their device’s hard drive, they should take necessary steps within their web browsers security settings to block all cookies from this website and its external serving vendors.

Contact and Communication

Users contacting this website and/or its owners do so at their own discretion and provide any such personal details requested at their own risk. Any personal information submitted is kept private and stored securely until a time it is no longer required or has no use. Every effort has been made to ensure a safe and secure form to email submission process, but users are advised that by using such form to email processes is done so at their own risk.

This website and its owners use any submitted information to provide users with further information about the products/services offered or to assist in answering any submitted questions or queries.

External Links

Although this website only looks to include quality, safe and relevant external links, users are advised to adopt a process of caution before clicking any external web links mentioned throughout this website.

The owners of this website cannot guarantee or verify the contents of any externally linked website despite their best efforts. Users should therefore note they click on external links at their own risk and this website, and its owners cannot be held liable for any damages or implications caused by visiting any external links mentioned.

Social Media Platforms

Communication, engagement and actions taken through external social media platforms that this website and its owners participate on are custom to the terms and conditions as well as the privacy policies held with each social media platform respectively.

Users are advised to use social media platforms wisely and communicate / engage upon them with due care and caution regarding their own privacy and personal details. This website nor its owners will ever ask for personal or sensitive information through social media platforms and encourage users wishing to discuss sensitive details to contact them through primary communication channels such as by telephone or email.

This website may use social sharing buttons which help share web content directly from web pages to the social media platform in question. Users are advised before using such social sharing buttons that they do so at their own discretion and note that the social media platform may track and save your request to share a web page respectively through your social media platform account.

Shortened Links in Social Media

This website and its owners through their social media platform accounts may share web links to relevant web pages. By default, some social media platforms shorten lengthy web addresses. Users are advised to take caution and good judgement before clicking any shortened web addresses published on social media platforms by this website and its owners. Despite the best efforts to ensure only genuine website addresses are published many social media platforms are prone to spam and hacking and therefore this website and its owners cannot be held liable for any damages or implications caused by visiting any shortened links.

Your rights

The data that we keep about you is your data, and we ensure that we keep it confidential and that it is used appropriately. You have the following rights when it comes to your data:

  1. You have the right to request a copy of all the data we keep about you. Generally, we will not charge for this service;
  2. You have the right to ask us to correct any data we have which you believe to be inaccurate or incomplete. You can also request that we restrict all processing of your data while we consider your rectification request;
  3. You have the right to ask that we erase any of your personal data which is no longer necessary for the purpose we originally collected it for. We retain our data in line with the Information Governance Alliance’s guidelines.
  4. You may also request that we restrict processing if we no longer require your personal data for the purpose we originally collected it for, but you do not wish for it to be erased.
  5. You can ask for your data to be erased if we have asked for your consent to process your data. You can withdraw consent at any time – please contact us to do so.
  6. If we are processing your data as part of our legitimate interests as an organisation or to complete a task in the public interest, you have the right to object to that processing. We will restrict all processing of this data while we investigate your objection.

You may need to provide adequate information for our staff to be able to identify you, for example, a passport or driver’s licence. This is to make sure that data is not shared with the wrong person inappropriately. We will always respond to your request as soon as possible and at the latest within one month.

If you would like to complain about how we have dealt with your request, please contact:

Information Commissioner’s Office

Wycliffe House

Water Lane

Wilmslow

Cheshire

SK9 5AF

https://ico.org.uk/global/contact-us/