Privacy Policy

Who We Are

Amesbury Abbey Group (‘we’ or ‘us’ or ‘our’) gather and process your personal information in accordance with this privacy notice and in compliance with the relevant data protection Regulation and laws. This notice provides you with the necessary information regarding your rights and our obligations, and explains how, why and when we process your personal data.

Amesbury Abbey Group’s registered office is at Centrum House, 36 Station Road, Egham, Surrey. TW20 9LF and we are a company registered in England and Wales under company number 07759860.

We are registered on the Information Commissioner's Office Register under registration number ZA375735 and act as the data controller/data processorwhen processing your data.

Our designated Data Protection Appointed Person is Naomi Cornelius-Reid, who can be contacted at Amesbury Abbey Group, Church Street, Amesbury, Wiltshire, SP4 7EX.

WEBSITE:

We are committed to safeguarding the privacy of our website visitors; this policy sets out how we will treat your personal information. Our website uses cookies. Our Cookies policy explains how this operates.

Information That We Collect

We may collect, store and use the following kinds of personal information:

information about your computer and about your visits to and use of this website (including your IP address, geographical location, browser type and version, operating system, referral source, length of visit, page views, website navigation etc.,

information that you provide to us for the purpose of registering an enquiry with us, including your e-mail address;

any other information that you choose to send to us. Before you disclose to us the personal information of another person, you must obtain that person's consent to both the disclosure and the processing of that personal information in accordance with the terms of this privacy policy.

How We Use Your Personal Data (Legal Basis for Processing)

Personal information submitted to us via this website will be used for the legitimate business purposes of Amesbury Abbey Group. We may use your personal information to:

administer the website

improve your browsing experience by personalising the website;

enable your use of the services available on the website;

send you email notifications and responses, which you have specifically requested;

send you other marketing communications relating to our business, which we think may be of interest to you (and you can inform us at any time if you no longer require marketing communications);

provide third parties with statistical information about our users – but this information will not be used to identify any individual user;

deal with enquiries and complaints made by or about you relating to the website;

keep the website secure and prevent fraud;

verify compliance with the terms and conditions governing the use of the website

We will not, without your express consent, provide your personal information to any third parties for the purpose of direct marketing.

Sharing and Disclosing Your Personal Information

We may disclose your personal information to any of our employees, officers, agents, suppliers or subcontractors insofar as reasonably necessary for the purposes set out in this privacy policy.

We may disclose your personal information to any member of our group of companies (this means our subsidiaries, our ultimate holding company and all its subsidiaries) insofar as reasonably necessary for the purposes set out in this privacy policy. In addition, we may disclose your personal information:

to the extent that we are required to do so by law;

in connection with any ongoing or prospective legal proceedings;

in order to establish, exercise or defend our legal rights (including providing information to others for the purposes of fraud prevention and reducing credit risk);

to the purchaser (or prospective purchaser) of any business or asset that we are (or are contemplating) selling; and

to any person who we reasonably believe may apply to a court or other competent authority for disclosure of that personal information where, in our reasonable opinion, such court or authority would be reasonably likely to order disclosure of that personal information.

Except as provided in this privacy policy, we will not provide your information to third parties.

Information that we collect may be stored and processed in and transferred between any of the countries in which we operate in order to enable us to use the information in accordance with this privacy policy.

Safeguarding Measures

We will take reasonable technical and organisational precautions to prevent the loss, misuse or alteration of your personal information. We will store all the personal information you provide on our servers. You acknowledge that the transmission of information over the internet is inherently insecure, and we cannot guarantee the security of data sent over the internet.

Third Parties

The website contains links to other websites. We are not responsible for the privacy policies or practices of third party websites.

Transfers Outside the EU

We do not transfer any data outside of the EU.

How Long We Keep Your Data

We do not store and data on our website, except from that related to cookies.Our Cookies policy explains how this operates.

SERVICE USERS

Information That We Collect

Amesbury Abbey Groupprocesses your personal information to meet our legal, statutory and contractual obligations and to provide you with our services. We will never collect any unnecessary personal data from you and do not process your information in any way, other than as specified in this notice.

The personal data we collect or hold about you to support the delivery of appropriate care treatment and support is:

Basic personal details (Name, Date of Birth, Home Address, next of Kin, Personal Email

Home Telephone Number, Mobile Telephone Number, National Insurance Number etc.)

Special Category Data (i.e. health/medical information, details about religion, sexuality etc)

Records containing your care, treatment and support (i.e. support planning, best interest decisions, results of blood tests, x-rays, capacity assessments, deprivation of liberty requests, photographs for the use of identification, wound healing etc.)

Information from people who care for you and know you well (i.e. health professionals, relatives, Lasting Power of Attorney etc.)

We collect information in the below ways: -

Online (i.e. Enquiries, email)

Hard copy (i.e. Waiting list, Pre-assessment forms, Care planning and information supporting documents such as risk assessments, capacity assessments, etc.)

Via other health care professionals (G.P. etc.)

Directly from you (i.e. verbally given, letter format etc.)

How We Use Your Personal Data (Legal Basis for Processing)

Amesbury Abbey Group takes your privacy very seriously and will never disclose or share your data without your consent unless we are required to do so by law. We only retain your data for as long as is necessary and for the purpose(s) specified in this notice. Where you have consented to us providing you with promotional offers and marketing, you are free to withdraw this consent at any time. 

The purposes and reasons for processing your personal data are detailed below:

We collect your personal data to ensure that enquiries are completed, information requested can be sent out to your preferred address and to maintain contact with you via a waiting list, when given explicit consent to do so.

We may occasionally correspond with you regarding specific information, where we have assessed that it is beneficial to you as a service user and in our interests. Such information will be non-intrusive and is processed on the grounds of legitimate interests

We collect and store personal and health data during pre-admission assessment to understand the level of care you require and process this data under legitimate interests and performance of a contract

We process personal and health data during your residence with Amesbury Abbey Group, in the performance of a contract and under our legal obligation to ensure we deliver appropriate health, care, treatment and support that meet your health and social care needs, (including a photograph to identify you or where required for identification of health deterioration i.e. wound / bruise / injury photograph).

Care staff will follow written information agreed by you in your support plan, and gain explicit consent from you, before any care treatment or support is undertaken. How you give this consent will be recorded in your daily care notes. Refusal of care, treatment and support will also be recorded.

Where explicit consent is required for more complex decisions, a care discussion will take place with you. We will record these discussions individually and separately within your care plan. These records will show if consent was given or withheld, who consented, when consent was given, how consent was given, and what you were told.

We may need to process your personal and or special category health data, for medical purposes or in an emergency, where you are physically or legally incapable of giving explicit consent for the processing. We make the disclosure under the lawful basis of vital interests and in accordance with article 9 of the GDPR regulations and in compliance with the Data Protection Bill’s Schedule 1 parts 1,2,3 & 4 conditions and requirements.  

We collect and store photographs of Amesbury Abbey Group events / fund raisers / in-house activities. If you are participating in these, we will only process your photograph where we have your explicit consent to do so.

Where explicit consent has been given, we will process some of your personal data for the purpose of marketing and advertisement.

We collect and store your personal data as part of our legal obligation for business accounting and tax purposes

Sharing and Disclosing Your Personal Information

We do not share or disclose any of your personal information without your consent, other than for the purposes specified in this notice or where there is a legal requirement to do so.

We have a legal obligation to share some of your information with a range of health care professionals from whom you are also receiving care (i.e. this may include but is not limited to, social services, hospital, ambulance service, Doctor, privately arranged home care agencies, etc.)

 We have a legal obligation to share your information with a range of health and Social Care Organisation’s and Regulatory Bodies (i.e. this may include but is not limited to the Care Quality Commission, Local authorities, the police, Social Services etc.)

Your Rights

You have the right to access any personal information that Amesbury Abbey Groupprocesses about you and to request information about:

What personal data we hold about you

The purposes of the processing

The categories of personal data concerned

The recipients to whom the personal data has/will be disclosed

How long we intend to store your personal data for

If we did not collect the data directly from you, information about the source

If you believe that we hold any incomplete or inaccurate data about you, you have the right to ask us to correct and/or complete the information and we will strive to do so as quickly as possible; unless there is a valid reason for not doing so, at which point you will be notified.

You also have the right to request erasure of your personal data or to restrict processing (where applicable) in accordance with the data protection laws; as well as to object to any direct marketing from us. Where applicable, you have the right to data portability of your information and the right to be informed about any automated decision-making we may use.

If we receive a request from you to exercise any of the above rights, we may ask you to verify your identity before acting on the request; this is to ensure that your data is protected and kept secure.

Safeguarding Measures

Amesbury Abbey Group takes your privacy seriously and takes every reasonable measure and precaution to protect and secure your personal data. We work hard to protect you and your information from unauthorised access, alteration, disclosure or destruction and have several layers of security measures in place, including:

Restricted access

IT authentication

Firewalls

Anti-virus/malware

Encryption where necessary

Pseudonymisation where necessary

Transfers Outside the EU

Personal data in the European Union is protected by the General Data Protection Regulation (GDPR) but some other countries may not necessarily have the same high standard of protection for your personal data. Amesbury Abbey Groupdoes not transfer or store any personal data outside the EU.

Consequences of Not Providing Your Data

You are not obligated to provide your personal information to Amesbury Abbey Group, however, as this information is required forus to provide you with care treatment and support, and or details of our services, we will not be able to offer some/all our services without it.

Legitimate Interests

As noted in the ‘How We Use Your Personal Data’ section of this notice, we occasionally process your personal information under the legitimate interests’ legal basis. Where this is the case, we have carried out a thorough Legitimate Interests’ Assessment (LIA) to ensure that we have weighed your interests and any risk posed to you against our own interests; ensuring that they are proportionate and appropriate.

We use the legitimate interests’ legal basis for correspondence with you in order to provide company information. This may include, but not be limited to, changes to the company structure and in-house promotions/marketing. We will correspond with you by email or post and have identified that our interests are to ensure current up to date information is cascaded to you in a timely manner, to avoid the disruption of your care and to maintain an open, transparent and effective communication pathway. You can opt out of this at any time by contacting the Registered Home Manager.

How Long We Keep Your Data

Amesbury Abbey Group only ever retains personal information for as long as is necessary and we have strict review and retention policies in place to meet these obligations.

We are required under UK tax law to keep your basic personal data (name, address, contact details) for a minimum of 6 years after which time it will be destroyed.

We are required under the Records Management code of practice for Health and Social care to keep your Health records for a minimum of 8 years after termination of your contract

We are required under the Records Management code of practice for Health and Social care to keep your Social Care records for a minimum of 8 years after termination of your contract

We are required under the Records Management code of practice for Health and Social care to keep records pertaining to a person cared for under the mental Health Act 183 as amended by the Mental Health Act 2007, for a minimum of 20 years or 8 years after death.

Where you have consented to us using your details for direct marketing, we will keep such data until you notify us otherwise and/or withdraw your consent.

Where a pre-admission assessment was undertaken and residence to Amesbury Abbey Group was declined, either by you or Amesbury Abbey Group, your pre-admission record will be retained for 2 years

Special Categories Data

Owing to the services or treatments that we offer; Amesbury Abbey Group sometimes needs to process sensitive personal information (known as special category data) about you. This processing is necessary for the provision of your health or social, care and treatment and supports the management of health or social care systems and services, to deliver and provide improved care, appropriate treatment and support plans to meet your needs. Where we collect such information, we will only request and process the minimum necessary for the specified purpose and do so in accordance with Article 9 of the GDPR regulations.

Consent for use of personal data, photographs and testimonials

Amesbury Abbey Group may occasionally ask to use some of your personal data and display photographs of you for the purpose of marketing via our website, brochures and or within the individual home location you are living. If you consent to the processing of your data for this purpose you will be asked to sign a consent form and have the right to withdraw your consent at any time by signing a consent withdrawal form. 

We also use explicit consent to collect your personal data to ensure that enquiries are completed, information requested can be sent out to your preferred address and to maintain contact with you via a waiting list. If you consent to us using your contact details for this purpose, you have the right to modify or withdraw your consent at any time by contacting Teresa Janes at Amesbury Abbey Groupdirectly on

01962 760573 or email enquiries@amesburyabbey.com

EMPLOYEES

Information That We Collect

Amesbury Abbey Group processes your personal information to meet our legal, statutory and contractual obligations and to enable us to recruit, employ and train you in the course of your employment with us. We will never collect any unnecessary personal data from you and do not process your information in any way, other than as specified in this notice.

The personal data that we collect from is: -

Name

Date of Birth

Home/previous Address

Personal Email

Home Telephone Number

Mobile Telephone Number

National Insurance Number

Passport Number

Bank Details

Special Category Data (i.e. health/medical information, details about religion, disabilities, Criminal convictions etc)

Photo I.D

Birth / marriage certificates

Driving license

Emergency contact details

Date of arrival in the UK

NMC Category for Registered Nurses and date of registration

Employment start date in social care

We collect information in the below ways: -

Submitted CV’s

Job Forums & Recruitment Agencies

Direct from Candidates & Employees

Electronic Vacancy Applications

Postal and Email Applications

How We Use Your Personal Data (Legal Basis for Processing)

Amesbury Abbey Group takes your privacy very seriously and will never disclose, share or sell your data without your consent; unless required to do so by law. We only retain your data for as long as is necessary and for the purpose(s) specified in this notice. The purposes and reasons for processing your personal data are detailed below:

We process your personal data in the performance of a contract as your employer, to ensure that we meet our legal employer obligations and the requirements of employment law

We process your personal data as part of our legal obligation for business accounting, payroll and tax purposes

We process special category data about you as part of our employment obligations, to ensure that any disabilities, health conditions and religious requirements are known to carry out DBS checks and to evidence COVID vaccination status

We may process personal and / or special category data about you in an emergency, where you are physically incapable of giving consent. The disclosure to the emergency services is necessary to protect your vital interests

Following explicit consent, we may process some of your personal data including photographs taken of you at company events, during the marketing of Amesbury Group on our website or within our brochures, recognising your achievements on the company Facebook page or displaying photographs within the nursing home locations.

Following explicit consent, we may process your Next of Kin details in the event of an emergency which involves yourself

We process your personal data under legitimate interests in order to provide employees with an online learning zone and contribute to the online NMDS-SC analysis of social care workforce in England.

Your Rights

You have the right to access any personal information that Amesbury Abbey Group processes about you and to request information about:

What personal data we hold about you

The purposes of the processing

The categories of personal data concerned

The recipients to whom the personal data has/will be disclosed

How long we intend to store your personal data for

If we did not collect the data directly from you, information about the source

If you believe that we hold any incomplete or inaccurate data about you, you have the right to ask us to correct and/or complete the information and we will strive to do so as quickly as possible; unless there is a valid reason for not doing so, at which point you will be notified.

You also have the right to request erasure of your personal data or to restrict processing (where applicable) in accordance with the data protection laws; as well as to object to any direct marketing from us. Where applicable, you have the right to data portability of your information and the right to be informed about any automated decision-making we may use.

If we receive a request from you to exercise any of the above rights, we may ask you to verify your identity before acting on the request; this is to ensure that your data is protected and kept secure.

Sharing and Disclosing Your Personal Information

We do not share or disclose any of your personal information without your consent, other than for the purposes specified in this notice or where there is a legal requirement.

During the usual course of business, Amesbury Abbey Group uses third parties to process day to day business functions, these include:

Amesbury Care Services

HSBC Bank

HMRC

SAGE-payroll /accounts/HR

The Peoples Pension

I.T. Services

Amesbury Abbey Group uses third-parties to provide the specific services below:

Care Skills Academy

The care skills academy provides Amesbury Abbey Group with an online learning zone for training. We will share your name and email address with the care skills academy. Care skills academy will collect, store and use these details to provide you with access to your learning zone. For the care skills academy privacy notice, please follow this link https://careskillsacademy.co.uk/privacy-policy

Skills For Care NMDS-SC

The NMDS-SC is a method of collecting & analysing information about the social care workforce in England and is operated by skills for care. They collect information from Amesbury Abbey Group about our employees and we process this data in NMDS-SC online under legitimate interests. For the NMDS-SC privacy notice please access www.NMDS-SC-online.org.uk

All processors acting on our behalf only process your data in accordance with instructions from us and comply fully with this privacy notice, the data protection laws and any other appropriate confidentiality and security measures.

Safeguarding Measures

Amesbury Abbey Group takes your privacy seriously and takes every reasonable measure and precaution to protect and secure your personal data. We work hard to protect you and your information from unauthorised access, alteration, disclosure or destruction and have several layers of security measures in place, including:

Restricted access

Encryption where necessary

Pseudonymisation where necessary

IT authentication

Firewalls

Anti-virus/malware

Transfers Outside The EU

Personal data in the European Union is protected by the General Data Protection Regulation (GDPR) but some other countries may not necessarily have the same high standard of protection for your personal data. Amesbury Abbey Groupdoes not transfer or store any personal data outside the EU.

Consequences Of Not Providing Your Data

You are not obligated to provide your personal information to Amesbury Abbey Group, however, as this information is required for us to employ you, we will not be able to offer employment without certain personal information.

How Long We Keep Your Data

Amesbury Abbey Group only ever retains personal information for as long as is necessary and we have strict review and retention policies in place to meet these obligations. We are required under UK tax law to keep your basic personal data (name, address, contact details) for a minimum of 6 years after which time it will be destroyed.

Special Categories Data

As your employer, we have a legitimate interest and, in some cases, a legal obligation to process certain special category data about you. This can include, but is not limited to information about any disabilities, health conditions and religious requirements.

Where we collect such information, we do so under the GDPR’s Article 9(2)b and the Data Protection Act Schedule 1, Part 1 (1) – Employment and Article 9(2)(c) Vital interests.

We will only request and process the minimum necessary for the specified purpose and ensure that the required protective measures and security is placed on all special category data.

Lodging A Complaint

Amesbury Abbey Grouponly processes your personal information in compliance with this privacy notice and in accordance with the relevant data protection laws. If, however you wish to raise a complaint regarding the processing of your personal data or are unsatisfied with how we have handled your information, you have the right to lodge a complaint with the supervisory authority.