FAIR PROCESSING NOTICE FOR CLIENTS (AND THEIR REPRESENTATIVES) – CASE MANAGEMENT
OFH Care collect data and information about our clients and their representatives so that we provide a high quality service. We are the data controller for all data that we process.
This Fair Processing Notice explains what data we process, why we process it, our legal basis, how long we keep it and the rights of clients and their representatives
We will always make sure that our clients’ information is protected and treated securely. Any information that we process will be held in accordance with the UK General Data Protection Regulation (GDPR) and the Data Protection Act 2018.
Our contact details
The Legacy Centre
Hanworth Trading Estate
Hampton Road West
Tel: 0333 939 8032
What data do we process?
- Browsing our website
Every time someone visits our web site, a log file is generated on our computer. The log file records the time and date of your visit, the files that were requested, your IP (Internet Protocol) address, the referrer URL (if provided) and the browser version. We collect this information to help us diagnose problems and administer our systems. This is a legitimate interest in ensuring that our website works properly.
- Case management assessment
In order to complete a case management assessment for a client, we need to collect and process personal data. The assessment involves a discussion with the client, and/or those who know the client well, to look at how the client, their family and carers have been impacted by the client’s injuries/condition, what the client’s goals are, and how the client, and/or those close to the client, wish to be supported. As part of the assessment, the Case Manager will also review medical and other reports, and where appropriate speak with other professionals about the client’s needs.
Following an assessment of need, the Case Manager will make recommendations to manage the identified needs and provide an estimate of costs to meet such needs. Such recommendations will go to the legal team/deputy for approval. Once approved, the Case Manager will set out a realistic plan with the client and the deputy to ensure such needs are met.
We will process personal data for the initial assessment and as part of the on-going case management service, including:
- client name
- phone number
- date of birth
- name of referrer
- nature of injury
- date of injury
- diagnosis and prognosis
- date of assessment
- background (e.g. medical reports, therapy reports, GP letter, a referral form or information from another individual, details of the claim)
- family and social situation
- current accommodation
- daily routine
- physical, psychological, sensory and perceptual presentation
- medical treatment
- mobility, wheelchairs and seating requirements
- equipment requirements
- personal care
- domestic activities
- social and leisure support
- finance and/or benefits
- technology requirements
- transport requirements
- other assistance
We also process information in relation to the payment for our services, such as name, address, email and phone number of the party that we have a contract with.
Our legal basis for processing personal data
By law, we need a legal basis for processing the personal data of a client. We process the data necessary for the assessment with the consent of the client and the referrer. We process the information necessary to obtain payment for our services because we have a contract.
We process personal data concerning the health of the person being assessed with the explicit consent of that person or, without their explicit consent, if he/she is physically or legally incapable of giving consent and the processing is in the vital interests of that person (essential for his/her life).
When a client is asked for their consent, information about the proposed assessment will be provided in a way that they can understand. Where a client lacks mental capacity to make an informed decision, or give consent, we will act in accordance with the requirements of the Mental Capacity Act 2005 and associated Code of Practice.
In the case of any disputes, all personal data will be shared, as required, with our legal advisors and our insurers. This is because the processing is necessary for the establishment, exercise or defence of legal claims and we have a legitimate interest.
All personal data is stored securely on servers and in the cloud and this is a legitimate activity of a business. Any information received in print is stored securely in a locked filing cabinet, within a locked office building.
We have legal safeguarding obligations and should we become aware that our client or someone else is at risk of harm, neglect or abuse, we must inform the relevant authorities, such as the police or social services. We also have an obligation to inform the police and/or the courts if we become aware of any miscarriage of justice and we must inform the police of any acts of terrorism.
How long do we hold the personal data of our clients?
We retain all client records, including any complaint files, for eight years from the date of the last interaction with the client or their representative in relation to their case.
We retain all referrals/quotations for work that were not accepted for two years from the date of the proposal.
Due to HMRC requirements, we store any invoices or other financial data for seven years.
Who do we share client data with?
We share client data with:
- others at the client’s or their referrer’s request, such as solicitors or health and care professionals, like GPs, hospitals and care homes;
- The client’s school or other educational establishments
- The client’s employer as part of our role to support the client with meeting their employment needs.
- Therapists instructed to work with the client.
- Equipment providers.
- Payroll and Human resources (where the client directly employs support workers).
- Domestic organisations (e.g. cleaners, transport providers, builders, gardeners) instructed to work with the client.
- organisations we have a legal obligation to share information with i.e. for safeguarding;
- courts, police or other law enforcement agencies if we have to by law or court order; and
- our legal advisors and insurance providers, if necessary.
We securely store data using cloud service providers.
Data transfers out of the UK
We do not transfer any personal data of clients out of the UK.
Rights of clients or their representative
You have rights in respect of our processing of your personal data which are:
- To access to your personal data and information about our processing of it. You also have the right to request a copy of your personal data (but we will need to remove information about other people).
- To rectify incorrect personal data that we are processing.
- To request that we erase your personal data if:
- we no longer need it;
- if we are processing your personal data by consent and you withdraw that consent;
- if we no longer have a legitimate ground to process your personal data; or
- we are processing your personal data unlawfully
For example, we are unable to delete an assessment because the client does not like the outcome (our opinion) or the assessment does not suit their legal claim.
- To object to our processing if it is by legitimate interest.
- To restrict our processing if it was by legitimate interest.
- To request that your personal data be transferred from us to another company if we were processing your data under a contract or with your consent and the processing is carried out automated means.
If you want to exercise any of these rights, please contact us.
If you have a concern about the way we are collecting or using your personal data, please raise your concern with us in the first instance. You may also contact the Information Commissioner’s Office at https://ico.org.uk/concerns/.