Sanctuary Supported Living’s Technology Enabled Living service provides assistive technology to support people to live independently for longer. This privacy statement is for customers and applicants using our Technology Enabled Living services, detailing how we collect, process and use your information.
1. Purpose of our privacy statement
1.1 Under the Data Protection Act 2018 and the UK GDPR, we are required to explain to you why we are asking for this information about you, how we intend to use the information you provide and whether we will share this with anyone else.
2. Who are we?
2.1 Technology enabled living is part of Sanctuary Supported Living, a trading name of Sanctuary Home Care Limited, part of Sanctuary Group (“Sanctuary”) one of the UK's leading providers of housing, care and commercial services. Our address is Centurion House, 77 Northgate Street, Chester, CH1 2HQ.
3. Our Data Protection Officer
3.1 Our Data Protection Officer is responsible for overseeing what we do with your information and monitoring our compliance with data protection laws.
3.2 If you have any concerns or questions about our use of your personal data, you can contact our Data Protection Officer by writing to The Data Protection Officer, Sanctuary House, Chamber Court, Castle Street, Worcester, Worcestershire, WR1 3ZQ or emailing dataprotection@sanctuary.co.uk.
4. Why are we collecting your information?
4.1 At application stage, we will use your personal information in order to assess the suitability of our services for you and to understand your needs.
4.2 The information that is used at application stage is the information provided to us:
- on your customer information form;
- on your personalised assessment form;
- on your direct debit form;
- on your VAT relief form (where applicable);
- on other supplementary information forms if needed;
- during initial meetings with us;
- by telephone; and
- in your electronic and written communications.
4.3 Should you become a customer of ours, we will use your personal information to provide you with personalised services in relation to:
- your telecare care and/or support;
- risk management; and
- telecare response following an activation.
4.4 The information that is used should you become a customer of ours is the information provided during the application stage and information provided during on-going:
- telecare alarm call activations;
- face-to-face meetings and interactions;
- telephone calls; and
- electronic and written communications between us.
4.5 Some of the information we collect about you is received from third parties such as other health and care organisations. Some of the information we collect will also be special categories of personal data (also called ‘sensitive personal data’), which includes information about your health and wellbeing.
5. What information are we collecting?
5.1 During your application and personalised assessment for our services, we will collect the following information:
- your name, date of birth and personal contact details;
- your language preferences and communication needs;
- the gender you identify as;
- the ethnicity you describe yourself as belonging to;
- your religion;
- whether anyone acts on your behalf and you whether you have capacity;
- details of your family, including your marital status, whether you have anybody living with you;
- personal contact details for next of kin or named responders for alarm call escalation purposes;
- your reasons for using telecare and your desired outcomes;
- details in relation to your health and wellbeing; and
- relevant information about your personal life and any care or support requirements you may have.
5.2 Should you become a customer of ours and receive services from us we will use the information provided during your application and personalised assessment in order to provide you with our services. We will also collect the following information to support you with telecare, support and action services:
- the contact details of next of kin, relatives and other named contacts;
- any home care provision you receive including visit times and frequency;
- your image to assist us in co-ordinating and personalising your care and support;
- details in relation to your telecare support requirements, including progress against your personalised outcomes;
- details in relation to your well-being, physical, and mental health;
- details of your contact and interactions with us in person, by telecare, by telephone and in electronic and written communications;
- information provided by third parties in relation to your care and support and risk management; and
- financial records about payments relating to the services you receive from us, any outstanding amounts and associated recovery action.
6. What we are going to do with your information
6.1 Your information will be stored and used by us in accordance with this privacy statement and also in accordance with your rights under the Data Protection Act 2018 and the UK GDPR.
6.2 At application and assessment stage, the information provided to us will be used for the following purposes:
6.2.1 it will be collected and used by us fairly and openly for the purpose of assessing the suitability of our services for you and understanding your care and/or support requirements;
6.2.2 it will be used to ensure that our services are fair and accessible to all; and
6.2.3 it will be used to enable us to make contact with you in the most appropriate way, for example, we can provide literature in large print if you have difficulty reading smaller print or provide documents in an alternative language if English is not your preferred language.
6.3 Should you become a customer of ours, the information provided to us will be used for the following purposes:
6.3.1 it will be used to deliver telecare support and escalation services to you to meet your personal risks and desired outcomes;
6.3.2 it will allow us to make contact with you in the most appropriate way; and
6.3.3 it will be used to understand your personal situation and individual requirements so we can provide a tailored service that meets any cultural, financial, learning, mental or physical needs that you may have. It will also be used to improve the services you receive from us.
7. What is the legal basis for using your information?
7.1 In accordance with the data protection laws, we need a "legal basis" for collecting and using information about you. There are a variety of different legal basis for processing personal data which are set out in the data protection laws.
7.2 The legal basis on which we rely in order to use the information which we collect about you at application and assessment stage and should you become a customer of ours will be:
7.2.1 that it is necessary for us to take steps at your request prior to entering into a telecare support contract with you, and to perform the contract between us once it has been entered into; and
7.2.2 that it is necessary for us to comply with a legal obligation to which we are subject.
7.3 The legal basis on which we rely in order to use the sensitive information which we collect about you at application and assessment stage and should you become a customer of ours are:
7.3.1 for information about your health, personal life and any care or support needs you may have, that it is necessary in order to provide health or social care; and
7.3.2 that it is necessary to use that information to protect someone’s vital interests (which will usually be a ‘life or death’ situation);
7.3.3 for information about your gender, race, religion or other protected characteristics, that it is necessary in order to identify or keep under review equality of opportunity or treatment of particular groups of people (e.g. equality in relation to gender, race, religion etcetera); and
7.3.4 for a limited amount of sensitive information, that you have provided explicit consent to our use of your information.
8. Sharing your information
Members of Sanctuary Group
8.1 Sanctuary Group is made up of a number of related companies. We will share your information with other members of Sanctuary Group where necessary in order to best provide telecare support and escalation services to you in accordance with the contract between us.
8.2 Your information will only be accessed by other companies in the Group where it is necessary to do so in order to provide services to you in accordance with our contract. The obligations which are set out in this notice shall apply to the other members of the Group to the same extent that they apply to us.
8.3 For more information on which companies make up Sanctuary Group, please go to www.sanctuary.co.uk.
Contractors and sub-contractors
8.4 It may be necessary to share information about you with our contractors and sub-contractors in order to provide you with telecare support and escalation services. We will only share your information with contractors and sub-contractors where it is relevant and necessary to address your individual needs. Our contractors and sub-contractors are contractually required to ensure that they adhere to the security requirements imposed by the Data Protection Act 2018 and / or the UK GDPR.
8.5 Our contractors and sub-contractors will not share your information with any other parties and will only be able to use the information when completing work on behalf of us.
Regulators and other legal obligations
8.6 We may also be required to share your information with our regulators who are permitted access to this information by law and with other organisations where we have a legal obligation to share the information with them.
Other organisations
8.7 We may from time to time share your information with other organisations, such as:
8.7.1 the emergency services, care providers and mobile responding services for the purpose of providing a response to you following an activation from your telecare technology or telephone contact;
8.7.2 the police for the purpose of detection and prevention of crime;
8.7.3 if you have provided consent for signposting to relevant support organisations;
8.7.4 organisations with a function of auditing and / or administering public funds for the purpose of detection and prevention of fraud; and
8.7.5 social services regarding safeguarding concerns we may have.
9. Transferring your information abroad
9.1 We will not transfer the information you provide to us outside of the UK.
10. Security of your information
10.1 The information that you provide will be uploaded, stored securely on our systems and the form that you complete will be shredded. Our security measures and procedures reflect the seriousness with which we approach security and the value we attach to your information.
10.2 Only relevant members of staff will access the information you provide to us and all staff are subject to duties of confidentiality.
11. Can we use your information for any other purpose?
11.1 In limited circumstances, we may use your information for a purpose other than those set out in this policy. If we intend to do so, we will provide you with information relating to that other purpose before using it for the new purpose.
12. Storing your information and deleting it
12.1 We will hold your information securely during the period of our relationship and for a set period afterwards in line with legal requirements, best practice and any follow up that may be necessary.
12.2 At application and assessment stage, if you decide not to take your application any further we will hold your personal information for 6 months after your last contact with us.
12.3 Should you become a customer of ours, we will hold the information collected at application stage and while you are a customer during the period of our relationship and for a maximum of 12 months following our last contact from you.
12.4 The exact periods that we hold your information for will depend on the type of information, as set out in our Group data retention schedule.
12.5 Once the relevant period set out in our retention schedule has come to an end, unless there is another identifiable reason for which it necessary to hold on to your information, we will delete your information.
13. Your rights
13.1 In relation to the information which we hold about you, you are entitled to:
13.1.1 ask us for access to the information;
13.1.2 ask us to rectify the information where it is inaccurate or is incomplete;
13.1.3 ask us to erase the information processed on the basis of your consent and take steps to ask others who we have shared your information with to also erase it;
13.1.4 ask us to limit what we do with your information;
13.1.5 object to our use of your information and ask us to stop that use; and
13.1.6 instruct us to provide you with the information we hold about you in a structured and commonly used format or transmit that information directly to another organisation (for example, if you want the information to be sent to another housing provider).
13.2 Our obligations to comply with the above rights are subject to certain exemptions.
13.3 Where we are using your information because you have provided your consent to that use, you are entitled to withdraw your consent at any time. The lawfulness of our use of your information before consent was withdrawn is not affected.
13.4 To exercise any of the rights referred to above, you should contact our Data Protection Officer by writing to The Data Protection Officer, Sanctuary House, Chamber Court, Castle Street, Worcester, Worcestershire, WR1 3ZQ or emailing dataprotection@sanctuary.co.uk.
13.5 You also have the right to complain to the Information Commissioner's Office (ICO) if you are not satisfied with the way we use your information. You can contact the ICO by writing to Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF.