Privacy Notice for Priory Group UK No1 Limited
This Privacy Notice is effective from 1st May 2018 and is applicable to all companies under Priory Group UK No1 Limited trading as ‘Priory Group of Companies’.
We will update this Privacy Notice from time-to-time. When we do change the notice (in a significant way), we will post an update on our website.
Priory takes data protection and confidentiality very seriously. This Privacy Notice covers:
- How we collect and use personal data
- What personal data we collect
- How we store your personal information
- Protection of your personal information
- How we use your personal information
- Disclosure to 3rd parties
- Accuracy and retention of personal information
- Access to personal information
- Additional rights
We collect personal data about our service users (patients, residents or students in our care) and colleagues so please make sure that you read the relevant sections of this notice and get in touch if you have any questions.
If you have any questions or concerns about this Privacy Notice or how we process your information, or if you would like to make a complaint about a possible data breach please contact us:
Data Protection Officer
5th Floor, 80 Hammersmith Road
We take data security extremely seriously and all such communications are examined and replies issued where appropriate as soon as possible. If you are unsatisfied with the reply you receive, you may refer your complaint to the Information Commissioner’s Office (ico.org.uk)
PRIVACY NOTICE FOR PATIENTS, RESIDENTS AND STUDENTS IN OUR CARE
1. Collection and use of personal data
You may be asked to provide your personal information anytime you are in contact with Priory. Priory and its affiliates may share this personal information with each other but will always use it in accordance with this Privacy Notice. We may also combine it with other information to provide and improve our services. You are not required to provide the personal information that we may request, but, if you chose not to do so, in many cases we will not be able to provide you with our services or respond to any queries you may have.
Here are some examples of the types of personal information Priory may collect and how we may use it:
- Date of birth
- Telephone number
- Email address
- Online identifier
- Physical and mental health information
- Financial information
- Social media identifiers
- NHS number
- National Insurance number
- Passport details, residency status and nationality
- Marital status
- Racial or ethnic origin
- Political opinions
- Trades union membership
2. What personal data we collect
When you contact us, we may collect a variety of information, including your name, postal address, telephone number, email address, contact preferences or credit card information.
If our services are commissioned for you by third parties (your GP, local authorities, clinical commissioning groups, private medical insurers etc.) they will provide us with a variety of information, including your name, postal address, telephone number, email address and, medical/educational history.
During the course of your time with us we will keep information about you in your personal records like your name, address and date of birth together with details of any care and/or treatment that you are having.
3. How we store your personal information
The personal information we collect is stored in a variety of paper and electronic forms. Regardless, we have appropriate and adequate technical and administrative processes in place to make sure that all your information is kept secure.
4. Protection of your personal information
Priory takes the security of your personal information very seriously. To make sure your personal information is protected, we have a series of technical and administrative measures in place. Access is limited only to those of our employees who need to access it to provide services to you.
All members of staff are required to undertake data protection and confidentiality training every two years and our privacy and security guidelines are communicated to all Priory employees. These privacy safeguards are monitored and strictly enforced. We send any information that we need to share with any third parties either as a legal requirement or through an anonymised process securely.
All data is stored on servers within data centres in the UK, although at times they may be temporarily outside the UK but within the EU
5. How we use your personal information
The personal information we collect and store about you allows us to provide services to you. We also use it to help us develop, operate, deliver, and improve the quality of the care we provide or, more generally, the type of services that we offer. From time to time, we may use your personal information to send important notices to you or to those acting on your behalf, such as updates to your care and/or treatment plans or changes to our terms, conditions and policies. Because this information is important to your interaction with Priory, you may not opt out of receiving these communications.
We may also use personal information for internal purposes such as auditing, data analysis, and research to improve our services and our communication with you.
We may use your personal information to test our computer systems such as the software we use to store your health, social, care and education records to improve our services. If you do not wish for your information to be used for these purposes, you can let us know.
If you don’t want to be contacted by us after you are no longer using our services, you can opt out anytime by letting us know.
We will not sell, share or give information to third parties for marketing purposes.
6. Young people and education
We understand the importance of taking extra precautions to protect the privacy and safety of the young people under our care. The young person information that we collect, hold and share may include:
- Personal information (such as name, unique pupil number and address)
- Characteristics (such as ethnicity, language, nationality, country of birth and free school meal eligibility)
- Attendance information (such as sessions attended, number of absences and absence reasons)
We use the young person information to comply with the law regarding data sharing for the following:
- To support pupil learning
- To monitor and report on pupil progress
- To provide appropriate pastoral care
- To assess the quality of our services
Collecting pupil information
Whilst the majority of young person information provided to us is mandatory, some of it is provided to us on a voluntary basis. In order to comply with the law, we will inform you whether you are required to provide certain young person information to us or if you have a choice in this.
Storing pupil data
All young person information will be held on the same basis as other information outlined in this Privacy Notice.
Who we share pupil information with
We routinely share pupil information with:
- schools that the pupil’s attend after leaving us
- local authorities
- the Department for Education (DfE)
Why we share pupil information
We do not share information about the young people in our care with anyone without consent unless the law and our internal policies allow us to do so.
We share young people’s data with the DfE on a statutory basis. This data sharing underpins school funding and educational attainment policy and monitoring.
To find out more about the data collection requirements placed on us by the DfE (for example; via the school census) go to https://www.gov.uk/education/data-collection-and-censuses-for-schools.
Access to young people’s information
Parents and pupils have the right to request access to information about them that we hold. To make a request for your personal information, or be given access to your child’s educational record, contact us at the address outlined below.
Disclosure to third parties
We will only share your personal information with third parties in the following circumstances:
- Where you have given your consent to the information being shared
- Where there are issues or concerns like the health and safety of yourself or others
- Where there is a legal requirement or responsibility to share the information
Personal information of service users may also need to be shared with third parties to make arrangements for the funding and/or payment of services received.
Additionally, in the event of a reorganization, merger, or sale of Priory or any part of it, we may transfer any and all personal information we collect to the relevant third party.
Accuracy and retention of personal information
Priory makes it easy for you to keep your personal information accurate, complete, and up to date. If any of your information changes please let us know so that we can update our records.
We are legally required to hold certain information about you for a set period of time. All personal information will be deleted or securely destroyed at the appropriate time and we will not keep your personal information for longer than is required or permitted by law.
Access to personal information
You are entitled to see what personal information we hold about you at any time. This Privacy Notice outlines the information we hold about you and why. If you wish to access your personal information, please contact us at the address set out below.
We are not required to process any request for access which is frivolous or vexatious, jeopardize or otherwise affects the privacy of others, are impractical, or for which access is not otherwise required by law. We will let you know in writing if any of these circumstances apply to your request.
You may also have the right to:
- Object to processing of personal data that is likely to cause, or is causing, damage or distress
- Prevent processing for the purposes of direct marketing
- Object to decisions being taken by automated means
- In certain circumstances, have inaccurate personal data rectified, blocked, erased or destroyed
If you believe you have any of these additional rights or you wish to exercise them, please let us know.
PRIVACY NOTICE FOR PRIORY COLLEAGUES
Employee Privacy Notice in respect of Priory Group UK No 1 Limited and all its subsidiaries (the “Priory”)
What is a Privacy Notice?
We want to ensure you understand what information we collect about you, how we will use it and for what purpose. We are also required by data protection legislation to explain certain matters to you. This notice sets out and overrides anything previously communicated to you which is different.
For the avoidance of doubt, this privacy notice applies to you if you:
- are an employee or worker of the Priory;
- are an agency worker assigned to the Priory;
- are engaged by the Priory as a visiting consultant, sessional therapist or otherwise; or
- are engaged by the Priory pursuant to a contract which states that this Privacy Notice applies to you.
This Privacy Notice does not form part of your contract of employment or engagement and we may update it at any time.
What information about you will we collect and use?
During your employment/engagement with the Priory, it is routine for us to collect, process and store personal information about you.
The personal information will include:
- personal information such as name, gender, date of birth, dependants, next of kin, job title, NHS number etc.;
- contact details such as addresses, telephone numbers, email addresses and emergency contact details, social media and other online identifiers;
- identification information such as photographs, passport and/or driving licence details, etc.;
- pay and financial information such as salary, benefits (including pensions), bank account details, card details, timesheets, National Insurance numbers, etc.;
- recruitment and professional information such as application forms, CVs, academic and training-related information, records/results of any pre-employment checks (including credit and fraud checks), references, etc.;
- employment and management records such as disciplinary and grievance records, flexible working requests, performance records, appraisals and training records, holiday and attendance records, terms and conditions of employment, etc.;
- right to work documentation such as proof of eligibility to work in the UK and obtaining and maintenance of any necessary professional consents or licences;
- information relating to access to our premises and/or use of our management and IT systems such as system ID, passwords, use of websites, emails sent or received, telephone calls, entry/exit records etc; and
- recordings of phone conversations.
We also handle the following special categories of sensitive personal information:
- information collected for equal opportunities monitoring such as gender, race, ethnic origin etc.;
- any trade union memberships you hold, religious beliefs, sexual orientation and political opinions,
- information about physical and mental health, including any medical conditions, biometric records, sickness absence records, occupational health records, medical reports, pre-employment medical screening tests, insurance claims, etc.; and
- information about criminal convictions and offences.
How and why will we use your personal information
In most cases, we will use your personal information to perform your contract, to comply with our legal obligations as your employer or where we need to in order to further the Priory’s legitimate business interests. We obtain information either directly from you or sometimes from third parties such as employment agencies, your former employers, immigration consultants, the Disclosure and Barring Service and other background check agencies. In rare cases, we may need to use your personal information to protect your (or someone else’s) best interest or if it is in the public interest for us to do so. The situations in which we will use your personal information include:
- recruitment and selection;
- salary, pensions, insurance and benefits administration (including pensions);
- HR, business management and planning purposes;
- carrying out appraisals, handling disciplinary and grievance matters, performance management, career planning, training, promotion, secondments, etc.;
- managing disability, sickness or other types of leave, e.g. maternity leave;
- to facilitate settling of expenses staff have incurred in the course of the business in accordance with their employment contracts;
- to facilitate communications between employees and members within the business;
- internal record keeping purposes to enable us to maintain an audit trail in respect of approvals of decisions, voting and any internal surveys;
- managing and safeguarding our management, IT and communications systems;
- security reasons;
- health and safety reasons;
- performing workforce analysis, project management and planning;
- training and quality purposes;
- legal reasons, e.g. complying with employment and health and safety obligations, ensuring you are legally entitled to work in the UK, establishing or defending legal claims, for record keeping purposes (including, without limitation to keep pension records or records for tax purposes), to defend our legal rights etc.
- to test our computer systems to improve our services to you i.e. when there are changes to the National Minimum Wage or Living Wage. If you do not wish for your information to be used for these purposes, you can let us know.
Some of the above grounds may overlap and there may be several grounds that justify our use of your information.
We process sensitive personal information for the following purposes:
- managing sickness absence, providing reasonable adjustments in the workplace and administering benefits; and
- for legal reasons, e.g. to comply with employment and health and safety obligations.
- We will use information about your race or national or ethnic origin, religious, philosophical or moral beliefs, or your sexual life or sexual orientation, to ensure meaningful equal opportunity monitoring and reporting.
- We will use trade union membership information to pay trade union premiums, register the status of a protected employee and to comply with employment law obligations.
Change of purpose
We will only use your personal information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal information for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
Please note that we may process your personal information without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
With whom might we share your information?
We may share personal data about you with other entities and their representatives in the Priory group.
We may also from time to time appoint a third party to process personal data on our behalf for the purposes outlined above. Currently we share personal data about with the following third parties:
- other group entities and their employees, representatives, strategic investor, their respective advisors;
- our group’s service providers such as our advisers, pensions and benefits providers, payroll provider, as well as those who provide and support our management, data storage, intranet, and other IT systems;
- occupational health/other benefits provider;
- HM Revenue & Customs and any other regulatory bodies which have authority over the Priory Group or its group
- our professional advisers, such as lawyers, auditors, immigration advisers etc.;
- such third parties as we reasonably consider necessary in order to prevent crime.
When we use third parties to process information on our behalf, we require them to commit to compliance with relevant data protection legislation.
We may also share your personal data with other third parties where and to the extent that we are under a legal obligation to do so, e.g. HMRC, because of a Court Order, etc.
When might we transfer your information overseas?
Generally, your personal data will be kept within the UK and will never be transferred out of the European Economic Area (EEA). However, at times personal data stored on Priory servers may be temporarily transferred outside the UK into the EEA.
You can access the Preference Centre where you can change your preferences by clicking the "Cookie Settings" button below.
Find Out More
To opt out of being tracked by Google Analytics across all websites visit https://tools.google.com/dlpage/gaoptout.
You can change the settings on your browser to prevent cookies being stored on your computer or mobile device without your explicit consent.
The following links detail how to manage cookies on popular web browsers:
For information relating to other browsers, visit the browser developer's website, where the 'help' section will normally provide details on how to manage the cookie settings.
Transmission of Enquiry Forms
We use a third party provider SendGrid, an email delivery service provided by SendGrid, Inc. (“SendGrid”), to send website enquiry form submissions to Priory web servers. SendGrid is committed to protecting your privacy and fully compliant with respect to transfer of personal information. SendGrid is certified under the EU-U.S. Privacy Shield and the Swiss-U.S. Privacy Shield.
For details about how SendGrid protects your data, please visit https://sendgrid.com/policies/privacy/.
Contacting us Through Social Media
We use a third party provider, Hootsuite to help us manage our social media output and interactions.
If you send us a private or direct message through social media, the message will be stored by Hootsuite for three months. It will not be shared with any other organisations.