sunny bank prs

Privacy Policy

Who We Are

In this privacy policy references to “we”, “us” and “our”, “Sunny Bank PRS” are to Sunny Bank Psychiatric Rehabilitation Service Ltd. References to “our Website” or “the Website” are to www.sunnybankprs.co.uk.

Introduction

This is Sunny Bank PRS’s Privacy Notice. This Privacy Notice is effective from 1st January 2024.

We will update this Privacy Notice from time to time. When we do change the notice (in a significant way),we will post an update on our website.

As part of the services we offer, we are required to process personal data about our staff, our clients and, in some instances, the friends or relatives of our clients and staff. “Processing” can mean collecting, recording, organising, storing, sharing or destroying data.

We are committed to providing transparent information on why we need your personal data and what we do with it. This information is set out in this privacy notice. It will also explain your rights when it comes to your data.  

Our Website

In order to provide you with the best experience while using our website, we process some data about you. Any personal information we collect from this website will be used in accordance with the Data Protection Act 1998, the new General Data Protection Regulations and other applicable laws.

The Information We Collect and How

The information we collect via the Website may include:

Any personal details you knowingly provide us with through forms and our email, such as name, address, telephone number, etc.

Your IP Address: this is a string of numbers unique to your computer that is recorded by our webserver when you request any page or component on the Website. This information is used to monitor your usage of the Website.

Data recorded by the Website which allows us to recognise you and your preferred settings, this saves you from re-entering information on return visits to the site. Such data is recorded locally on your computer through the use of cookies. Most browsers can be programmed to reject, or warn you before downloading, cookies – information regarding this may be found in your browser’s help facility.

What We Do With Your Information

We may need to pass the information we collect to other companies for administrative purposes. We may use third parties to carry out certain activities, such monitoring how customers use the Website and issuing our emails for us. Third parties will not be allowed to use your personal information for their own purposes.

Other Websites

This privacy policy only covers this website - www.sunnybankprs.co.uk. Any other websites which may be linked to by our website are subject to their own policy, which may differ from ours.

Clients in Our Service

What data do we have?

So that we can provide a safe and professional service, we need to keep certain records about clients. We may record the following types of data about clients:

  • Basic details and contact information e.g. name, address, date of birth and next of kin;
  • Financial details e.g. details of how clients pay us for their care or their funding arrangements.

We also record the following data which is classified as “special category”:

  • Health and social care data about clients, which might include both physical and mental health data.
  • We may also record data about race, ethnic origin, sexual orientation and religion.
Why do we have this data?

We require this data so that we can provide high-quality care and support. By law, we need to have a lawful basis for processing client personal data.

We process client data because:

  • We are required to do so in order to fulfil a contract that we have with clients;
  • We have a legal obligation to do so – generally under the Health and Social Care Act 2012 or Mental Capacity Act 2005.

We process client special category data because:

  • It is necessary due to social security and social protection law (generally this would be in safeguarding instances);
  • It is necessary for us to provide and manage social care services.
  • We are required to provide data to our regulator, the Care Quality Commission (CQC), as part of our public interest obligations.

We may also process client data with their consent. If we need to ask for permission, we will offer clients a clear choice and ask that they confirm to us that they consent. We will also explain clearly to them what we need the data for and how they can withdraw their consent.

Where do we process client data?

So that we can provide clients with high quality care and support we need specific data. This is collected from or shared with:

  1. Clients or their legal representative(s);
  2. Third parties.

We do this face to face, via phone, via email, via post, via application forms.

Third parties are organisations we have a legal reason to share client data with. These include:

  • Other parts of the health and care system such as local hospitals, the GP, the pharmacy, social workers, clinical commissioning groups, and other health and care professionals;
  • The Local Authority;
  • Organisations we have a legal obligation to share information with i.e. for safeguarding, the CQC;
  • The police or other law enforcement agencies if we have to by law or court order.

Staff Who Work For Us

What data do we have?

So that we can provide a safe and professional service, we need to keep certain records about staff. We may record the following types of data about staff:

  • Basic details and contact information e.g. name, address, date of birth, National Insurance number and next of kin;
  • Financial details e.g. details so that we can pay staff, insurance, pension and tax details;
  • Staff training record.

We also record the following data which is classified as “special category”:

  • Health and social care data about staff, which might include both physical and mental health data – we will only collect this if it is necessary for us to know as employers, e.g. fit notes or in order to claim statutory maternity pay;
  • We may also record data about staff ethnic origin.
  • Criminal Record Data.
Why do we have this data?

We require this data so that we can contact staff, pay staff and make sure they receive the training and support they need to perform their job. By law, we need to have a lawful basis for processing staff personal data.

We process staff data because:

  • We have a legal obligation under UK employment laws;
  • We have a legitimate interest in processing staff data – for example, we provide data about staff training to Skills for Care’s Adult Social Care Workforce Data Set (ASC-WDS), this allows Skills for Care to produce reports about workforce planning.

We process your special category data because

  • We have a legal obligation under UK employment laws;
  • It is necessary due to social security and social protection law - we are required to perform Disclosure and Barring Service (DBS) checks on our staff;
  • It is necessary for us to process requests for sick pay or maternity pay;
  • We are required to provide data to our regulator, the Care Quality Commission (CQC), as part of our public interest obligations.

We may also process staff data with their consent. If we need to ask for staff for permission, we will offer them a clear choice and ask that they confirm to us that they consent. We will also explain clearly to them what we need the data for and how they can withdraw their consent.

Where do we process staff data?

As employers we need specific data. This is collected from or shared with:

  1. Staff or their legal representative(s);
  2. Third parties.

We do this face to face, via phone, via email, via post, via application forms.

Third parties are organisations we have a legal reason to share staff data with. These include:

  • Her Majesty’s Revenue and Customs (HMRC);
  • Our pension and healthcare schemes (NOW Pensions Ltd);
  • Our external payroll provider (Geoffrey Beech& Co Accountants);
  • Organisations we have a legal obligation to share information with i.e. for safeguarding, the CQC;
  • The police or other law enforcement agencies if we have to by law or court order.

Friends and Relatives

What data do we have?

As part of our work providing high-quality care and support, it might be necessary that we hold the following information on friends and relatives:

  • Basic details and contact information e.g. name and address;
Why do we have this data?

By law, we need to have a lawful basis for processing personal data.

We process friends and relatives data because we have a legitimate business interest in holding next of kin and lasting power of attorney information about the individuals who use our service and keeping emergency contact details for our staff.

We may also process friends and relatives data with their consent. If we need to ask for their permission, we will offer them a clear choice and ask that they confirm to us that they consent. We will also explain clearly to them what we need the data for and how they can withdraw your consent.

Where do we process their data?

So that we can provide high quality care and support we need specific data. This is collected from or shared with:

  1. Friends and relatives or their legal representative(s);
  2. Third parties.

We do this face to face, via phone, via email, via post, via application forms.

Third parties are organisations we have a legal reason to share friends and relatives data with. These may include:

  • Other parts of the health and care system such as local hospitals, the GP, the pharmacy, social workers, clinical commissioning groups, and other health and care professionals;
  • The Local Authority;
  • The police or other law enforcement agencies if we have to by law or court order.

Clients, Staff, Friends & Relatives Rights

The data that we keep about people is their data and we ensure that we keep it confidential and that it is used appropriately. They have the following rights when it comes to their data:

  1. They have the right to request a copy of all of the data we keep about them. Generally, we will not charge for this service;
  2. They have the right to ask us to correct any data we have which they believe to be inaccurate. They can also request that we restrict all processing of their data while we consider their rectification request;
  3. They have the right to request that we erase any of their personal data which is no longer necessary for the purpose we originally collected it for. We retain our data inline with the Information Governance Alliance’s guidelines (https://digital.nhs.uk/data-and-information/looking-after-information/data-security-and-information-governance/codes-of-practice-for-handling-information-in-health-and-care/records-management-code-of-practice-for-health-and-social-care-2016)
  4. They may also request that we restrict processing if we no longer require their personal data for the purpose we originally collected it for, but they do not wish for it to be erased.
  5. They can ask for their data to be erased if we have asked for their consent to process their data. They can withdraw consent at any time – and can contact us to do so.
  6. If we are processing their data as part of our legitimate interests as an organisation or in order to complete a task in the public interest, they have the right to object to that processing. We will restrict all processing of this data while we look into their objection.

We will always respond to their request as soon as possible and at the latest within one month.
Users have the right to request a copy of personal details at any time to check the accuracy of the information held. In order to receive such information please send your contact details including address to the following address:

Sunny Bank PRS Ltd.
Sunny Bower Street.

Tottington.

Bury.

BL8 3HL.


If anyone would like to complain about how we have dealt with a request, please contact:


Information Commissioner’s Office

Wycliffe House

Water Lane

Wilmslow

Cheshire

SK9 5AF

https://ico.org.uk/global/contact-us/

Get in touch

We'll do our best to help

Contact Us