Should you provide us with any personal data that we can use to identify you through your visit to this website, we will only use that data for the purpose it was intended, for example, to send you marketing material (such as a brochure) or make contact with you in relation to an enquiry.
It is important that any data we hold on you is accurate and we would encourage you to inform us of any changes.
By using our website you are able to link to third party websites. Those websites are not under the control of Rose Lodge and will be subject to their own privacy notices. By providing links to third party websites it should not be assumed as an endorsement of those websites or the information contained within.
To provide our services to you we are required to hold certain data that enables us to deliver the service levels that you expect and for us to fulfil the service obligations to you in a meaningful way. Your data is important to us and we take the security and privacy of that data very seriously.
This privacy notice contains information about the type of data we hold, how we acquire it, store it, process it, the legal basis for the data, how it is secured, accessed, transferred, shared, retained and destroyed.
This policy has been developed in accordance with the General Data Protection Regulation (GDPR) 2018 and the Data Protection Act 2018.
We encourage you to read this policy carefully and should you have any questions about its content or concerns about our privacy practices then you should contact the company’s Data Protection Officer.
2. About Us
Rose Lodge Private Nursing Home and Rose Lodge Community Care Services are trading names of Rose Lodge Care Homes Ltd, further referred to as “company”, “we”, “us”, “our”, “Rose Lodge”, “Nursing Home”, “Home”, “Community Care”, “Domiciliary Care”, “Agency.”
Rose Lodge is registered in Northern Ireland under company number NI035541. Our registered office is at 185 Belsize Road, Lisburn, Co. Antrim, BT27 4LA.
Rose Lodge, for the purposes of legislation is both a Data Controller and Data Processor, dependent on our relationship with the various parties with whom we do business and the means and type of data sharing that exists. For any one relationship we will be either the Data Controller or Data Processor, but not both. Those relationships are further defined in Appendix 1.
Rose Lodge has appointed a Data Protection Officer, details of which are below.
Rose Lodge Care Homes Ltd
185 Belsize Road
Tel: 028 9267 6301
The types of data we collect and hold about you may include the following:
The list above is not exhaustive. We will gather and retain any data necessary to provide you with a service level in accordance with your assessed medical and social needs as defined by the referring Health and Social Care Trust as well as other data you or your relatives provide to us that is relevant to your placement or care package.
Rose Lodge, in the course of doing business and providing our services will gather personal data about you from various sources, including:
When it has been determined that you wish to engage us to provide a service to you we will collect further data that enables us to provide that service to meet your care needs and specific requirements. We obtain this information from various sources including:
When we hold your data we use it for specific purposes. We will process that data to fulfil our services to you in a way that meets your assessed health and social care requirements.
Your data will also be processed to fulfil our contractual obligations to you as specified in the Contract of Occupancy (Nursing Home) or Service User Agreement (Domiciliary Care).
We may process your data to fulfil legal obligations when requested by third parties such as the referring Health and Social Care Trust (HSCT) or the Regulation and Quality Improvement Authority (RQIA).
We use your data to set up paper and electronic files so that we may access the information we need to carry out those services to you.
We record data about you such as the type of service you are offered, our daily notes regarding communications with you and the level and type of service provided.
We record data that we consider to be relevant to your health and well-being, including your nutrition, fluid intake, participation, your views and feedback, medications offered and taken or refused, observational changes and contact we have with the multi-disciplinary team about your care.
We also record when we have spoken with your relatives to update them on your care.
We consider the recording of this data to be in your legitimate interests and rely on this lawful basis for processing. Specifically, it would not be possible for us to provide a holistic provision of care to you if we were unable to communicate freely with all the parties that have been involved in your care and well-being prior to becoming a service user of ours.
We also believe it is in your best interests that we are able to freely communicate with health care professionals during your stay with us in the nursing home or while you have a community care package.
If we were not able to communicate freely with other parties involved in your care it would compromise your health and well-being and prevent us from being able to deliver the service that you require based on your assessed needs as well as the social and care standards that are to be expected.
From time to time we may use your data for other purposes, such as contacting you in relation to your opinions on the services we provide or to notify you of any changes to our service.
In certain instances we may anonymise your data so that it can no longer be personally identifiable to you. For instance, when gathering feedback on service levels through annual surveys, monthly monitoring or and any feedback in between that we may use to help improve service levels.
We may also use reference codes to associate data to you so that we may communicate securely with third parties such as the Health and Social Care Trust about your care and well-being.
Your data is stored in the following places:
We use a web-based software system (Epic Care) to store, record and retrieve medical data. Data input to Epic Care is stored on a secure server through our partnered software solutions provider, Epic Solutions Ltd, and is suitably secured and encrypted to prevent its unauthorised use. We have a Data Processing Agreement in place to ensure that Epic Solutions Ltd, as the data processor, must uphold certain obligations to ensure the safe and secure storage and processing of our data.
Network Storage Devices
Our network files are held on a computer server situated on our premises in an access controlled room, accessible only to employees of the company. There are networked client computers situated around the Home which have access to files held on the computer server. Only users who require access to these files have login credentials to access the server. Passwords are used to control this access which are changed periodically to meet good security practices.
Paper Files and Folders
Some of your data is held on paper files and stored in locations accessible only to employees who require access as part of providing our service to you.
When our employees are required to hold your data off premises, this will only be for whatever data is necessary and for the shortest period of time. The data will be suitably protected from unauthorised viewing.
Instances when we may need to hold some of your data off-site include:
Specific situations in which we may use your personal data are listed below. The legal basis for processing your data may vary and is dependent upon the specific purpose for which we are using your data.
Processing Sensitive Personal Data and Financial Information
Some of the data we collect may be regarded as sensitive data, e.g. your religion, health and personal care number and bank account details.
We will take the necessary precautions to protect this data to ensure it is held securely and accessible only to authorised personnel.
Specifically, your financial data is held on our secure data server as well as our Sage Accounting software. Paper records are held in secure locked storage. All of this data is accessible only to relevant persons to process payments made to us in respect of services provided.
We will process your financial data on a contractual basis, given that it is necessary for us to be able to invoice you and receive payment in respect of services provided. You agree to this upon issuance of a Contract of Occupancy or Service User Agreement. Should you have a query about how we handle this data or our lawful basis for processing please contact our Finance Department or the company’s Data Protection Officer.
Your medical data is held on our Epic Care software – a web-based platform that is accessible only by Registered Nurses on Rose Lodge premises. Although web-based, access to the system is restricted by I.P address ensuring access is restricted outside of Rose Lodge. Furthermore, a secure server is used to hold the data and access to the system is through individualised passwords.
We also hold some of your data on paper records where it is necessary. Paper records are stored safely and securely and accessible only to those personnel who require access to deliver the care required as part of our service.
It may be necessary for us to share your personal data with third parties where we are required to do so by law or where there is a legitimate interest for us to so, for example, with other health care professionals who are involved in your care, such as the Health and Social Care Trust.
We may also share your data for regulatory reasons with the Regulation and Quality Improvement Authority (RQIA) or the Health and Safety Executive for Northern Ireland (HSENI).
We may share your data with law enforcement agencies and the Police Service of Northern Ireland (PSNI) should we be requested to do so for the purposes of investigation or prevention of crime.
Other third parties that may have access to your personal data include those third parties that control or process your data as part of our business operations. This may include our telecoms and I.T. provider, accountants, professional and legal advisory services and banking services.
Your personal digital data is held on servers within the European Economic Area (EEA) and will not be transferred outside it.
Your digital data is stored in 2 places:
Your paper files are stored within Rose Lodge and securely shredded when no longer required.
The security of your data is important to us and we have put in place appropriate measures to ensure the protection of this data through various physical and computerised means.
Digital data in Rose Lodge is stored on one central data server that is located away from the public in an access controlled room. The server is secured through a password known only to authorised personnel.
Access to data on the server is through client PC’s connected to the server and accessed through a password protected Windows login. Each user has their own username and password which they are encouraged not to share.
Any security breaches are to be reported to I.T. support as stipulated in the company’s Information and Communication Technology Policy.
Access to data on the server is on a least privilege basis to prevent unauthorised access.
The physical removal of any connected device from the premises does not compromise the security of any personal data since it is not stored on any individual device.
Our Information and Communication Technology Policy stipulates security measures that are required to protect data, including the use of strong passwords, periodic password changes and non-repeating of passwords.
Data on the server is partitioned to mitigate loss should one of the hard drives fail. Data is backed up every night with daily versions retained for one month.
Digital data that is stored on web servers through our software solutions provider, Epic Solutions Ltd, is stored on web servers in the Republic of Ireland. We have a Data Processing Agreement in place with Epic Solutions Ltd to outline the data processing requirements and specify data security measures.
In accordance with UK law we will retain data related to your care for a period of 8 years after death or discharge. After this period your paper files will be destroyed through secure shredding.
For any data that is not considered “care data” we will determine how long it is necessary for us to retain this data taking in the following considerations:
Data servers containing data that are no longer required are suitably destroyed to ensure that the data is no longer retrievable.
You have the right to view, amend and correct any data held about you. You have the right to submit a data access request to determine what data is held about you and you may do so by contacting the company’s Data Protection Officer.
You also have the right to delete any data that is not considered “healthcare data” provided that data may be isolated and has no bearing on the care provided to you. Such data may include, for example, your religion or political beliefs.
If you complete one of our annual surveys to provide feedback on our service levels then we will profile your data to compile an audit response, which may form part of a wider Annual Report.
We will also profile your data if you provide feedback to us as part of our Regulation 29 monitoring reports.
These forms of feedback help us to assess our performance levels and identify any areas we may need to improve.
Your name is not included anywhere on these documents, but we use unique identifier codes on our Regulation 29 monitoring reports to enable us to refer back to these reports if required or for regulatory purposes.
If you have any queries about the content of this Privacy Notice or our data protection measures then you may contact the Data Protection Officer, details of which are contained in Section 2 (About Us).
You may contact us with a data subject request should you wish to verify any data or request that we amend or delete any of the data we hold about you. Any amendment or deletion will be carried out in accordance with our legal obligations.
To request access to your data you should submit a written request to the Data Protection Officer outlining (if applicable) any specific data you wish to have access to including any relevant dates.
There are certain data subject requests that we may be unable to fulfil if it means that another individual may be identified as part of your request or if by disclosing data may introduce you to the risk of harm.
We may only respond to data subject requests from the individual concerned and not to any third parties. Should a third party require access to your data (or believe this to be so for some legal or medical reason) then they should obtain express permission from the individual concerned through a signed statement before we may consider this request.
In such instances we will take legal advice before disclosing your data to third parties to protect your rights to confidentiality. This will likely involve verification of their identity, their reasons for requesting the data and your permission that they may submit a data subject request on your behalf.
Data subject requests related to the deletion of medical data from our records will not be actioned in accordance with our obligations under UK law. If you believe that data held on you is inaccurate you may request for it to be amended.
Data subject requests will be acknowledged within 7 business days and responded to within 30 business days where possible. If the data request involves large volumes of data or where data is required to be gathered from various physical and digital sources we will notify you if the request is likely to take longer than 30 business days and give you an estimated date of when the request will be completed.
Should you find yourself dissatisfied with our handling of your data you may raise a complaint for the attention of the Board of Directors, Rose Lodge Care Homes Ltd, 185 Belsize Road, Lisburn, Co. Antrim, BT27 4LA.
If you remain dissatisfied with the outcome of your complaint you may wish to refer the matter to the Information Commissioner’s Office (ICO) through its Regional Office in Northern Ireland, details of which are below.
Information Commissioner’s Office
14 Cromac Place
Tel: 028 9027 8757
Any future changes to our Privacy Notice will be published on our website at http://www.roselodge.co.uk/privacy-policy/