top of page
backdrop.jpg

PRIVACY POLICY

Data Privacy Notice January 2025


 

Overview


Haylie House Residential Care Home is committed to data protection and data privacy. The following privacy notice explains what data we collect from you or that you provide to us, how we process it and what we do to keep it safe.


Data Controller


Haylie House Residential Care Home provides residential care for the elderly and is the data controller of your personal information. By personal data we mean data relating to an individual by which they can be identified. On a day-to-day basis the Home Manager and the Assistant Home Manager are the designated Data Controllers.


We hold data from the following groups to allow us to undertake our business:


Employees, permanent and temporary, personal data to meet legal obligations and to perform vital internal
functions.


Residents to whom we provide services and care at Haylie House Residential Care Home.


Residents, next of kin and relatives which is shared with us to help us provide care and services.


Businesses and contractors we work with to help provide appropriate services.


100 club members who support the monthly draw.


Trustees of Haylie House Residential Care Home.


Visitors.


This notice details the personal data we may retain and process. We are committed to ensuring that information is secure, accurate and relevant. To prevent unauthorised access or disclosure, we have implemented suitable physical, electronic, and managerial procedures to safeguard and secure personal data we hold. Data that is no longer needed is archived for seven years and after that period it is securely
destroyed. Financial details are deleted as soon as they are no longer required.


We have issued this notice to describe how we handle personal information that we hold. Please read the
following carefully to understand our views and practices regarding your personal data and how we will
treat it.


We respect the privacy rights of individuals and are committed to handling personal information
responsibly and in accordance with applicable law. This notice sets out the personal data that we collect
and process about you, the purposes of the processing and the rights that you have in connection with it.
If you are in any doubt regarding this notice, please contact the Care Home Manager, 01475 673373
manager@hayliehouse.co.uk


 

Cool Care


We use Cool Care which is a double encrypted ‘cloud’ based data storage system. This is a secure and confidential data entry and data management system which will ensure consistency in the management of staff, residents, relatives and suppliers’ personal data. It also provides a secure interface to payroll.
 

 

Types of personal data we collect


 

Employees


For the purpose of this notice, the term ‘employee’ includes all staff employed at Haylie House Residential
Care Home in any capacity both permanent and temporary.

During your employment with us, or when making an application for employment, we may process
personal data about you and your dependents, beneficiaries and other individuals whose personal data has
been provided to us.


The types of personal information we may process includes, but not limited to:


 Identification data – such as your name, gender, photograph, date of birth, staff member IDs


Contact details – such as home and business address, telephone/email addresses, emergency contact details


Employment details – such as job title/position, employment contract, performance and disciplinary records, grievance procedures, sickness/holiday records


Background information – such as academic/professional qualifications, education, CV, criminal records data (for vetting purposes, where permissible and in accordance with applicable law)


 Spouse; dependents information, marital status


Financial information – such as banking details, tax information, withholdings, salary, benefits
e.g. clothing allowance


References relating to previous roles and employment conduct may be undertaken prior to commencement of employment. We will only gather references from referees provided to us by the employee, or prospective employee
 

Sensitive personal data (‘special categories of personal data’ under the General Data Protection Regulation) includes any information that reveals your racial or ethnic origin, religious, political or philosophical beliefs, genetic data, biometric data for the purposes of unique identification, trade union membership, or information about your health/sex life.

 

Generally, we try not to collect or process any sensitive personal information about you, unless authorised by law or
where necessary to comply with applicable laws. In some circumstances, we may need to collect some sensitive personal information for legitimate employment-related purposes: for example:
 

Data relating to your racial/ethnic origin, gender and disabilities for the purposes of:

a) equal opportunities monitoring;
b) to comply with anti-discrimination laws; and
c) for government reporting obligations;
 

Data relating to your physical or mental health to:
a) provide work-related accommodations,
b) health and insurance benefits to you and your dependents; or
c) to manage absences from work.

 

If you are a temporary employee, contract worker or consultant, the type of personal information we process is limited to that needed to manage your specific work assignment

 

 

Purposes for processing personal data
 

Recruitment


If you are applying for a role at Haylie House you will be asked to give your consent in writing for us to hold
personal data about you in order that we can process your employment application. The personal data we
collect and use for recruitment purposes is to determine your suitability for a specific role. This includes
assessing your skills, qualifications and verifying your information, carrying out reference and background
checks including Protecting Vulnerable Groups (PVG) with Disclosure Scotland and to generally manage the
hiring process and communicate with you about it.

If you are accepted for a role with us, the data collected during the recruitment process will form part of
your ongoing employee record. At this point you will be asked to complete a further consent form.
 

 

Employment


We collect and process personal data relating to our employees to meet our obligations under the
employment contract and to comply with our legal obligations. We take the security of your data seriously
and are committed to being transparent about how we collect and use that data and to meeting our data
protection obligations.


Once you become an employee, we collect and use this personal information for managing our
employment or working relationship with you – for example, your employment records and contract
information (so we can manage our employment relationship with you), your bank account and salary details (so we can pay you), your equity grants (for benefits plan administration) and details of your spouse and dependents (for emergency contact and benefits purposes).


Where we process special categories of personal data, such as information about ethnic origin, sexual
orientation, health or religion or belief, this is done for the purposes of equal opportunities monitoring.
Data that we use for these purposes is anonymised or is only collected with the express consent of
employees, which can be withdrawn at any time.
We have policies and controls in place to try to ensure that your data is not lost, accidentally destroyed,
misused or disclosed, and is not accessed without authorisation and only accessed or used for specific legal
purposes.
You have some obligations under your employment contract to provide the organisation with data. You may also have to provide the organisation with data in order to exercise your statutory rights, such as in relation to statutory leave entitlements. Failing to provide this data may mean that you are unable to exercise your statutory rights.

 


Residents


At Haylie House we use a digital care plan system – Person Centre Software (PCS). The types of personal information we may process for the purpose of employees creating a ‘care plan’ for each resident include, but are not limited to:
 

 

Pre-residency


Name, date of birth and contact details
Name of next of kin

 GP name
Name of social worker
Relevant health issues
 

 

Admission process

 

 Pre-assessment of care and health needs
Social worker booking form
Admission form
 

 

During residency
 

All of the above plus religion
 

Signed contract between Haylie House and resident/power of attorney

 

Power of Attorney details
 

Next of kin details
Details of dentist and other health services such as podiatrist

Financial information for the bases of Fee Notes – Local Authority, Private, Fully Private Care
 

Copy of living will
 

Funeral requests
 

Copy of burial/cremation plan and name of preferred undertaker
 

DNR wishes (signed certificate)
 

Adults with incapacity certificate (if applicable)
 

Note of medical history and medications
 

Dietary details
 

Assessments including mental health, moving and handling, falls and risk assessments
 

Support plans
 

Signed consent for sharing information and photographs, including with multi-disciplinary teams
 

Each resident’s TV licence details
 

Post residency we retain all documentation for a period of seven years when it is confidentially shredded.

 


Relatives and next of kin


The types of personal information we may process to ensure that we work closely with families for the care and well being of their relatives include, but are not limited to:


Contact details


Power of Attorney details
 

Financial details

 


Businesses and Contractors


The types of personal information we may process to maintain robust business and accountancy records
include, but are not limited to:
 

Contact details
 

Bank details
 

Invoice Remittances
 

Delivery notes
 

Lists of transactions
 

Certificates of contract

 


100 Club members


The types of personal information we may process to run and manage the 100 club include, but are not limited to:
 

Contact details including name, address, telephone number and email address
 

Financial details
 

Date of joining

 


Trustees of Haylie House Residential Home


Contact details including name, address, telephone number and email address

 


Visitors


The types of personal information we hold in the visitors’ book and which we may process for health and safety purposes include, but are not limited to:


Name
 

Car registration
 

Date and time in/time out of visit

Purpose of visit
 

 

Legitimate business purposes


We may also collect and use personal information when it is necessary for other legitimate purposes, such as to help us conduct our business more effectively and efficiently – for example, for general IT security management, accounting purposes or financial planning. We may also process your personal information to investigate violations of law or breaches of our own internal policies.

 


Legal purposes


We may also use your personal data where we consider it necessary for complying with laws and regulations, including collecting and disclosing employee personal information as required by law (e.g. for tax, health and safety, anti-discrimination laws), under judicial authorisation, or to exercise or defend our legal rights.

 


Legal basis for processing personal data


Our legal basis for collecting and using the personal data described above will depend on the personal data
concerned and the way we collect it. We will normally collect personal data from you only where we need
it to perform a contract with you e.g. to manage the employer/employee relationship or where we have
entered a care agreement with you or the local Council and where we have your freely given consent to do
so, or where the processing is in our legitimate interests and only where this interest is not overridden by
your own interests or fundamental rights and freedoms. In some cases, we may also have a legal obligation
to collect personal information from you or may otherwise need the personal information to protect your
vital interests or those of another person.


Any processing based on consent will be made clear to you at the time of collection or use. Consent can be
withdrawn at any time by contacting the Care Home Manager, 01475 673373 manager@hayliehouse.co.uk

 


Who we share your personal data with


We take care to allow access to personal data only to those who require such access to perform their tasks
and duties, and to third parties who have a legitimate purpose for accessing it. Whenever we permit a third
party to access personal information, we will implement appropriate measures to ensure the data is used in
a manner consistent with this notice and that the security and confidentiality of the data is maintained.

 


Transfers to third-party service providers


In addition, we make certain personal data available to third parties who provide services to us. We do so
on a 'need to know' basis and in accordance with applicable data protection and data privacy laws. This
may include Citation, Care Inspectors, Social Work and Scottish Social Services Council (SSSC). For example, some personal data will be available to service providers and third-party companies who provide us with employment law advice and health and safety support.

 


Transfers to other third parties


With your freely given and explicit consent we may also disclose personal data to third parties on other
lawful grounds including:


To comply with our legal obligations, including where necessary to abide by law, regulation or contract, or to respond to a court order, administrative or judicial process


In response to lawful requests by public authorities (including for national security or law enforcement purposes)

As necessary to establish, exercise or defend against potential, threatened or actual litigation


Where necessary to protect the vital interests of our employees

 


Data retention


Personal data will be stored in accordance with applicable laws and kept for as long as needed to carry out the purposes described in this notice or as otherwise required by law. Generally, this means your personal information will be retained until the end or your employment, employment application, or work relationship with us plus a reasonable period of time thereafter to respond to employment or work-related inquiries or to deal with any legal matters (e.g. judicial or disciplinary actions), document the proper termination of your employment or work relationship (e.g. to tax authorities), or to provide you with ongoing pensions or other benefits.

 


Your rights


You may exercise the rights available to you under data protection law as follows:

 

The right to be informed
 

The right of access
 

The right to rectification
 

The right to erasure of information but excluding disciplinary information
 

The right to restrict processing
 

The right to data portability
 

The right to object
 

Rights in relation to automated decision making and profiling

We respond to all requests we receive from individuals wishing to exercise their data protection rights in
accordance with applicable data protection laws.
To exercise any of these rights, please contact the Care Home Manager, 01475 673373
manager@hayliehouse.co.uk

 


Cookie Policy


The Haylie House website has a cookie policy which is a legal document that informs users about the
cookies used on the website, how they are used and how users can manage their preferences. The cookie
policy is different from the data privacy policy, which covers all data collected, processed and stored. A
cookie banner is used to collect consent from users. The banner is the pop up that asks users if they agree
to the use of cookies.

 


Issues and complaints


We try to meet the highest standards when collecting and using personal information. For this reason, we
take any complaints we receive about this very seriously. We encourage people to bring it to our attention
if they think that our collection or use of information is unfair, misleading or inappropriate. We would also
welcome any suggestions for improving our procedures.
This notice was written with clarity in mind. It does not provide exhaustive detail of all aspects of our
collection and use of personal information. However, we are happy to provide any additional information
or explanation needed.


If you want to make a complaint about the way we have processed your personal information please
contact the Home Manager in the first instance. Alternatively, you can contact the Information Commissioner’s Office in their capacity as the statutory body which oversees data protection law – www.ico.org.uk/concerns.

 


Updates to this notice


This notice is reviewed annually and may be updated periodically to reflect any necessary changes in our
privacy practices or/and to comply with the law. In such cases, we will put this information on the website.
We encourage you to check this notice periodically to be aware of the most recent version. This version is
dated January 2025.

 


Contact details

Please address any questions or requests relating to this notice to the Care Home Manager:

01475 673373
manager@hayliehouse.co.uk

bottom of page