Terms & Privacy

This privacy policy tells you what will happen to any personal data that you provide to Greendown Trust as a result of using this website or contacting this organisation. We fully understand that your privacy is important to you and that you care about how your personal data is used and shared online and we will take account of, and respect, your concerns.

This policy explains how we will use, and protect, the information that we gather, whether it be through this website, by way of telephone or personal conversations or through our normal business contacts with you. Please read this privacy policy carefully and ensure that you understand it. Details are given below of contacts should you wish to ask questions but please note that acceptance of this privacy policy and our cookie policy (see “Cookies” below) is required to make full use of our site.

Our Details

Organisation’s name: Greendown Trust
Address: Dyneley House, 10 Allerton Hill, Leeds, LS7 3QB
Telephone: 0113 2681812
Email address: laura.clark@greendowntrust.co.uk

We are registered with the Information Commissioner’s Office (ICO).

Laura Clark is our representative who can deal with enquiries regarding data protection and can be contacted at laura.clark@greendowntrust.co.uk

Your Rights

Under the General Data Protection Regulation (GDPR), you have the right to be informed about:

• the collection and use of your personal data

• our purposes for processing that data

• the retention periods for storing your data (or a guarantee that it will be kept only for as long as necessary)

• who it will be shared with (both in this country and, if applicable, in others: in this case, we will inform you of the safeguards which are applied in that country)

• the legal basis under which we process your data

• the right to withdraw your consent (if consent is the legal basis for processing)

• our “legitimate interest” in processing your data (if that interest is the legal basis for processing)

• details of any data we collect about you from a third party (such as publicly available information)

• the right to lodge a complaint with the ICO

• details of the existence of automated decision-making, including profiling (if applicable).

You also have the right to information that is concise, transparent, intelligible, easily accessible and presented to you in clear and plain language rather than in “legalese”. We would encourage you to get in touch with the contact given above if you have any questions about this policy statement or our procedures regarding data processing. This will not in any way affect your right (mentioned above) to complain to the ICO.

Finally, we commit to informing you if, at any time, we update our privacy information and always to seek permission if we plan to use your personal data for a new purpose.

The information we collect

Residents:

So that we can provide safe and professional care and services we need to keep records about you.

We may need to record the following kinds of data:

• Basic details such as your name, address, date of birth and next of kin.

• Financial details such as how you will pay for care and any funding arrangements.

(Special Category data)

• Health and social care data which may include information on your physical and mental health.

• Protected characterises such as race, religion or sexual orientation.

Staff:

So that we can provide a safe service we need to keep certain records about you.

We may need to know the following types of data:

• Basic details such as your name, address, date of birth, National insurance number and next of kin.

• Financial information for payroll, insurance, pension and tax.

• Your training records.

(Special Category data)

• Health and social care data about you which may include you physical and mental health data - we will only collect this if it is necessary for us to know as your employer.

• Protected characteristics such as race, ethnic origin, sexual orientation or religion.

• Criminal record data.

Friends and Relatives:

As part of our work in providing care and support it may be necessary that we gold the following information about you:

• Name and contact information such as address and telephone number.

Our website:

To provide you with the best experience whilst using our website, we will process some data about you from using our contact form. This data is logged in out enquiry database and will only be accessible to relevant staff in order to respond and fulfil and enquiry.

This information will only be retained for as long as the enquirer wishes. We also hold and process data to keep interested parties up to date with our news and services via e-mail or mail.

Why do we need this information?

We use the information that we collect and store about you to:

• provide our services

• manage invoices and accounts

• deliver marketing and events information

• comply with legal obligations and regulations such as social security and protection law, The Health and Social Care Act 2012 and Mental Capacity act as well as the Care Quality Commission.

• To fulfil a contract with you.

The legal basis under which we collect and store data

Legal basis — legitimate interests

Dyneley House may hold your personal data or contact you for legitimate interests. We have checked that

the processing is necessary and that there is no less intrusive way to achieve the same result. We will only

use your data in ways that you would reasonably expect, unless we have a very good reason. We will not

use your data in ways that you would find intrusive, or which could cause you harm and we have

considered and introduced safeguards to reduce the impact where possible.

We may also process your data with your consent. If we need to ask for your permission, we will offer you

a clear choice and ask that you confirm to us that you consent. We will also explain clearly to you what we

need the data for and how you can withdraw your consent.

Applying the data protection principles

This organisation is committed to applying the principles set out in the GDPR. To that end, we will always strive to ensure that:

• personal data is collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes

• our procedures are adequate, relevant and limited to what is necessary in relation to the purposes for which they are put in place

• the data we collect are accurate and, where necessary, kept up to date, every reasonable step will be taken to ensure that data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay

• data are kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which they are processed

• data are processed in a manner that ensures their appropriate security, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.

Better by design

In applying the above principles, Greendown Trust recognises that it has a general obligation to implement technical and organisational measures to show that it has considered and integrated data protection into all data processing activities.

We have built safeguards into products and services from the earliest stage of development and privacy - friendly default settings are the norm for all our services.

All our employees are trained in the requirements of GDPR and as far as possible we aim to ensure that contracts, website designs, publicity materials and HR policies are all in line with the GDPR requirements.

We have completed the NHS Data Protection Security Tool and will update our information to comply with this at least annually.

Access to your data

On receipt of a request for access to the data which we hold about you, we will respond without delay and at the latest within one month of receipt. Information will be provided free of charge although a reasonable fee may be applied when a request requires excessive work, particularly if it is repetitive. This fee will reflect the amount of administrative work involved.

The right to be forgotten

Also known as data erasure, the “right to be forgotten” set out in the GDPR entitles you to ask any data controllers (including this organisation) to erase your personal data and to cease further dissemination. You can make such a request either verbally or in writing and we will respond as quickly as possible, and at the latest within one month.

Please note, however, that there are certain circumstances in which the right to erasure may not apply.

These include where processing is necessary for one of the following reasons:

• to comply with a legal obligation

• to exercise the right of freedom of expression and information

• for the performance of a task carried out in the public interest or in the exercise of official authority

• for the establishment, exercise or defence of legal claims.

In addition, any organisation is allowed to refuse to comply with a request for erasure if it is manifestly unfounded or excessive, taking into account whether the request is repetitive in nature. We will, however, explain and justify any such refusal.

Right to rectification

Either verbally or in writing, you may ask for inaccurate personal data to be rectified, or to be completed if it is partial. We will respond as quickly as possible and certainly within the one-month time period allowed under the GDPR. In the unlikely event that there is disagreement over the accuracy of the data, we will do our best to resolve this and you will, of course, have right to take the matter to the ICO if we cannot reach agreement. If that situation arises, we are prepared to consider restricting processing of the contested data during the time it takes to resolve the issue with the ICO.

Right to object

You have the right to object to:

• processing based on legitimate interests or the performance of a task in the public interest/exercise of official authority (including profiling)

• direct marketing (including profiling)

• processing for purposes of scientific/historical research and statistics.

We will stop processing personal data for direct marketing purposes as soon as an objection is received.

Data breaches

While we will take all appropriate measures to prevent illegal access to your data, we have to prepare for that possibility. Should there be a significant data breach affecting your data and rights, we will notify you (and the ICO) as soon as possible. To minimise any possible danger, we will use encryption and/or pseudonymisation where it is appropriate to do so. We will also have backup systems in place in the event that an outside organisation attempts to disrupt access to our data,

Cookies

A cookie is a small text file placed on your computer or device by our site when you visit certain parts of it and/or use certain of its features. For example, we may monitor how many times you visit, which pages you go to, traffic data, location data, weblogs and other communication data whether required for billing purposes or otherwise. We may also look at the originating domain name of a user’s internet service provider, IP address, operating system and browser type. This information helps us to build a profile of our users. Where appropriate, this data will be aggregated or statistical, which means that we will not be able to identify you individually.

Cookies are also used to remember your settings (language preference, for example) and for authentication (so that you do not have to repeatedly sign in). You can set your browser not to accept cookies and there are a number of websites which explain how to remove cookies from your browser. However, it is possible that some of our website features may not function as a result.

Third party websites

Please note that there are some links on our website to other sites where you may find useful information. This does not indicate a general endorsement of those sites and, as we have no control over how data is collected, stored, or used by other websites, we would advise you to check their privacy policies before providing any data to them.