Privacy Notice
We may revise this Privacy Notice from time to time. Any changes we may make to our Privacy Notice in the future will be posted on this page. The Notice was last updated on 07/10/2024.
Important information
This Privacy Notice applies to patients, visitors, staff members, recruitment candidates, clinicians/consultants, contractors/agency staff, suppliers and visitors to the Home Wound Care Ltd (& its subsidiaries) website. It sets out your rights under the UK General Data Protection Regulation (also known as the UK-GDPR, alongside the Data Protection Act 2018).
This Privacy Notice states how Home Wound Care Ltd collects, uses, retains, and discloses your personal information (information that identifies you and is about you), also known as personal data.
Who we are
Home Wound Care Ltd (also referred to as “we”, “us”, “our” in this Notice) is a leading private healthcare organisation working across the UK, delivering care for both NHS and private patients. Our purpose is the advancement of health and the relief of patients suffering from wounds. We do this by providing:
a personal approach through visiting patients at their homes or care premises via prearranged appointments to assess and dress wounds for patients.
We are incorporated in England and Wales with the registered number 14151207 whose registered office is at 86-90 Paul Street, London, EC2A 4NE.
The Data Protection Authority is the Information Commissioners Office (ICO) based in the UK and our registered number is: ZB341420
To ensure that we process your personal information fairly and lawfully we are required to inform you about:
Why we need your data
How it will be used
Who it will be shared with
What rights you have in relation to the personal data we collect from you.
Within this policy we describe instances where Home Wound Care Ltd is the “Data Controller” (the organisation which decides what information we collect and how it is used), and where we direct or commission the processing of data to help deliver better healthcare, or to assist the management of healthcare services.
There may be situations where Home Wound Care Ltd processes personal data on the instructions of another organisation (i.e., when Home Wound Care Ltd is acting as a “data processor”), but in those circumstances our use of data would be governed by that organisation.
At Home Wound Care Ltd we recognise the importance of protecting personal and confidential information in all that we do, all we direct or commission, and ensure that we meet our legal duties.
What information do we collect about you?
We only collect and use your personal information according to the legal bases defined in the UK-GDPR and for the lawful purposes of administering the business of Home Wound Care Ltd. The legal bases are as follows:
Consent – where you have given your specific consent to the processing of your personal data.
Performance of a contract – where the processing of your data is necessary for the fulfilment of a contract, e.g., being employed by us
Compliance with a legal obligation – processing of your data is necessary by law and Home Wound Care is required to comply.
In the vital interest – we may process your personal data in order to protect your vital interests, for example in providing emergency treatment or care should it be required.
Public interest – we may process personal data in order to complete a task carried out in the public interest.
Legitimate interest – we may process your personal data where we have a legitimate “business” interest in processing that information.
The table below shows the purposes and the associated legal basis under which we process your personal data:
Reason for processing
Legal basis for processing
Accounting and auditing
Compliance with legal regulations
Advertising and PR
Consent
Conducting analysis and research activities
Consent
Consultancy and advisory services
Performance of a Contract
Education and training for staff members
Legitimate interest - we need to ensure that staff have the correct competency to fulfil their role
Employment and staff administration
Performance of a Contract
Healthcare administration and services
Performance of a Contract
Invitation to meetings and other events
Consent
Medical records management
Compliance with legal regulations that apply to us and our contractual duties
Third party delivery of services
Performance of a Contract
Please note that should your relationship with Home Wound Care Ltd change, the legal basis under which we hold your data may also change.
What types of personal data do we handle?
We process personal information to enable us to support the provision of healthcare services to patients, maintain our own accounts, promote our services and to support and manage our employees. We also process personal information about healthcare professionals who deliver services within Home Wound Care Ltd.
The types of personal information we use:
Type of personal information
Individual group the information may apply to
Personal identity - title, name, marital status, date of birth, National Insurance number, NHS number
Patients, visitors, staff members, recruitment candidates, clinicians/consultants, suppliers, agency staff/contractors
Contact details - addresses, landline telephone & mobile numbers, email address
Patients, staff members, recruitment candidates, clinicians/consultants, suppliers.
Family details – next of kin names, addresses and telephone numbers, relationships to next of kin
Patients, members of staff, consultants
Financial details – such as bank sort code/account number, payment card number
Staff members, suppliers, clinicians/consultants, agency staff/contractors
Employment details – such as salary, annual leave, pension, benefits, discipline and grievance, payroll, tax information, performance data, occupational health data and security clearance data
Staff members, clinicians/consultants, contractors
Education and training such as training records, qualification verification, employment history and CVs
Staff members, clinicians/consultants, recruitment candidates
Health record
Patients
Lifestyle and social circumstances such as questions about smoking, drinking and general lifestyle
Patients
Responses to surveys
Patients, staff
We also process special categories of information for patients & staff, which may include:
Racial and ethnic origin
Religious or philosophical beliefs
Trade union membership
Genetic data
Biometric data
Data concerning a person’s sexual orientation
Offences (including alleged offences), criminal proceedings, outcomes and sentences
Employment tribunal applications
Complaints, accidents, and incident details
Health data (including morbidity and disability)
How will we use information about you?
Your information is used to ensure the delivery and improvement of our services.
5.1. For our patients, your data may be used to:
Manage our relationship with you
Register all patients onto our Patient Administration System
Register new referrals for existing patients on our systems, update demographic details and health records with new referral details
Record telephone calls made to us in relation to appointment enquiries
Allow the preparation of health record folder (notes)
Prepare for the agreed treatment
Deliver the agreed treatment
Investigate complaints, legal claims or serious incidents
Service planning
Process anonymised statistical information on our performance
Address customer service enquiries
The lawful basis for processing your personal data within the organisation are as follows:
UK-GDPR – Article 9(2)(a) – “the data subject has given explicit consent…”
UK-GDPR – Article 9(2)(h) – “processing is necessary for… scientific or historical research purposes or statistical purposes in accordance with Article 89(1) based on the law which shall be proportionate to the aim pursued, respect the essence of the right to data protection and provide for suitable and specific measures to safeguard the fundamental rights and interests of the data subject’.
UK-GDPR – Article 6(1)(e) – “processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller…”
Patient Administration Systems
Home Wound Care Ltd is the data controller for our electronic Patient Administration System. This system holds personal details of all patients that have been referred via:
Third party medical organisations (private consultants)
Other third-party referrals
The information held on these systems is used primarily for the purpose of administering healthcare services; it may however be used for other non-health related purposes and shared with statutory bodies/organisations to enable them to fulfil their statutory obligations. ‘Non-health related purposes’ relate to processing such as contracted reporting using pseudonymised data. We may also use the information within the administration system for statistical analysis to see how the organisation is performing with respect to business targets and objectives and quality of care.
The information will only be shared with other organisations where there is a statutory or contractual obligation to do so, or with the agreement of the Home Wound Care Ltd Caldicott Guardian and Data Protection Officer. A Caldicott Guardian is a senior person responsible for protecting the confidentiality of patient and service user information and enabling appropriate information-sharing.
We may keep your information in a written form or on a computer. Whenever possible all information that identifies you will be removed.
5.2. For our staff, recruitment candidates, contractors/agency staff, consultants and suppliers, your personal data may be used to:
Manage our relationship with you
Fulfil our duty of care towards staff in the event of a major incident (e.g., in the event of a lockdown, fire)
Verify employment history, qualifications, and experience & validate your ‘right to work’
Assess suitability for employment during selection process
Undertake personal development of employees
Deliver payroll for employees
Fulfil our duties in respect of national insurance and tax accounting
Manage disciplinary and grievance procedures
Undertake due diligence and risk assessment of supply chain
To communicate with you in the event of a major incident (e.g., in the event of a lockdown, fire)
To promote Home Wound Care Ltd via our social media platforms on the occasions where we obtained your consent from you to include information about you in our promotions
Please contact us for a list of organisations we work with
Sharing Your Information
We may disclose your personal information for a number of reasons (to the extent necessary). This can be due to:
Our obligation to comply with current UK legislation
Our duty to comply with a court order
A contractual commitment to report statutory information
You, having provided us with your consent to disclose your information
Where we are required to do so by law
The sharing of your data will ultimately benefit you as the data subject
Our obligation to comply with our regulators
In fulfilling our obligation to provide services (healthcare and other services) we may share your data with the following:
Regulators
Independent Sector Complaints Adjudication Service
Referral services
General Practitioners (your Doctor)
Specialist consultants (medical and non-medical)
Contracted third parties providing services or devices, medical and non-medical
Healthcare insurance providers
Pathology laboratories
Occupational health services (staff)
National registries with patients’ consent.
Communication service (Text alert)
Payroll service
Training providers
Marketing Communications
From time to time, we may wish to contact you with information about our products, services, or events that we believe may be of interest to you. You have the right to opt out of receiving such marketing communications at any time. If you no longer wish to receive marketing emails, you can unsubscribe by following the instructions provided in the email or by contacting us directly
Sharing your Information outside of the United Kingdom (UK)
We may from time to time be required to share your information with other service providers who are outside the UK. The sharing of your information with these providers is necessary in order to provide the necessary medical service. The transfer of personal data internationally will be conducted with the appropriate legal mechanisms in place. E.g., an International Data Transfer Agreement or Special Contract Clauses with the appropriate organisations will be in place – if appropriate.
Keeping your data secure
We will use technical and organisational measures (TOMS) to safeguard your Data, e.g., access to your account is controlled by a password and a username that is unique and we store your Data on secure servers.
Technical and organisational measures include measures to deal with any suspected data breach. If you suspect any misuse or loss or unauthorised access to your Data, please let us know immediately.
We may also use two factor authentication if the systems we use require it
How long will we keep your data for?
We will keep your personal information in accordance with our Information Retention Policy and for only as long as is lawfully necessary to conduct our business with you, and/or in accordance with our legal obligations for data retention. (These terms can be found in our Data Retention Schedule) – we also recognise the NHS Records Management Code of Practice.
Your rights
The UK-GDPR provides a number of rights over your data, subject to certain criteria being met. These are:
Right of access to your personal information and supplementary information (for example your medical record). Once we have received your request, we will respond within a calendar month. This information will be sent to you free of charge.
Right to rectify/amend your personal information if it is incorrectly recorded. You have the right to question any information we hold about you that you think is wrong, out of date or incomplete. If you do, we will take reasonable steps to check its accuracy and correct it.
Right to object and Right to be forgotten
You have the right to object to our use of your personal information, or to ask us to delete, remove or stop using your personal information if it is no longer needed for the purpose for which it was collected or otherwise processed. This is known as the ‘right to erasure’ or ‘right to be forgotten’.Right to restrict the use of your personal information if:
It is not accurate.
It has been used unlawfully but you do not want us to delete it;
It is not relevant anymore, but you want us to keep it for use in legal claims; or
You have already asked us to stop using your personal information, but you are waiting for us to assess your request and confirm whether we are permitted to continue using the personal information under data protection law.
Right to obtain your personal information in a portable format
You have the right to get copies of your personal information from us in a format that can be easily re-used. You can also ask us to pass on your personal information to other organisations.
It is important that the Data we hold about you is accurate and current. Please keep us informed if your Data changes during the period for which we hold it.
Freedom of information
Home Wound Care Ltd is not a public authority and is not governed by the Freedom of Information Act.
Links to other websites
This Website may, from time to time, provide links to other websites. We have no control over such websites and are not responsible for the content of these websites. This privacy policy does not extend to your use of such websites. You are advised to read the privacy policy or statement of other websites prior to using them.Changes to this policy
We may revise this privacy policy from time to time. Any changes we may make to our privacy policy in the future will be posted on our website (this page). The policy was last updated on 04/07/2023.
Contact Us
Questions, comments, and requests regarding this privacy policy are welcomed. Please contact our Data Protection Officer via our contact page on this website.
Your right to complain
If you are not satisfied with our response or the way we are processing your personal information you can contact the Information Commissioner’s Officer (also known as the ICO) at www.ico.org.uk.The ICO is the statutory body which oversees data protection law in the UK.