Disclaimer

Despite careful control we take over the content of external links with no liability.

For the content of linked pages their operators. A liability or guarantee for the topicality , correctness and completeness of the provided information and data.

This also applies to all other Internet pages referred to via hyperlinks. The by us for you information provided on our website does not represent any legal assurances.

We reserve the right to amend or supplement the information or data. From our Internet site described topics and offers no legal claims can be derived.

We shall not be liable for any direct or indirect damages resulting from the use of the information or data that can be found on our website

Privacy Policy

Personal data is collected by us through our website only for technical purposes and stored automatically in server log files . These are : browser type and version, operating system , used search engine , referrer URL (previously visited) , Host name of accessing computer (IP address) , time of request.

These data, we can not assign specific people and not be merged with data from other data sources of our house.

An exception to contacts us dar. via email or contacted directly via our contact forms of this website for inquiries and order this case, however , only the data stored, the confirm. This data is used to answer your question and their processing.

Our website uses some cookies, which are small text files that are stored on the user's computer . Most of the cookies we use are "session cookies ". They are automatically deleted after the call of our website. Of course, our website will be considered without cookies. cookies from being saved , it must "accept cookies" selected in the browser settings. If cookies are accepted by the browser, the functionality of our web site may be limited.

Our employees and the firms we service companies are bound to secrecy and to compliance with the provisions of the Data Protection Act and other professional legal data protection regulations

Point House Protecting Personal Data under the General Data Protection Regulation Policy

Aim and Scope of Policy

This policy shows how Point House complies with the requirements of the data protection requirements found in Regulation 17: Good Governance of the Health and Social Care Act 2008 (Regulated Activities) Regulations 2014, which expects service providers to have effective governance of their record keeping with records that are comprehensively fit for purpose and securely maintained.

The policy applies to all manual and electronic records kept by Point House in relation to service users, including those involved with them, whose personal data might be found on their records, all staff, and any third parties (agencies and professionals), with whom anyone’s personal data information held by the service might have to be disclosed or shared.

The policy should be used with other relevant record-keeping policies on:

Policy Statement

Point House recognises it must keep all records required for the protection and wellbeing of service users, and those for the effective and efficient running of the care service such as staff records to comply currently with the Data Protection Act 1998 and its successor Act, when passed by Parliament, and the EU General Data Protection Regulation (GDPR), which comes into force from May 2018 (and which is likely to apply post-Brexit).

In line with its registration under the Data Protection Act, and to comply with the GDPR, Point House understands that it will be accountable for the processing, management and regulation, and storage and retention of all personal data held in the form of manual records and on computers.

This means that all personal data obtained and held by Point House to carry out its activities as a registered care provider must:

  • have been obtained fairly and lawfully
  • held for specified and lawful purposes as an organisation that is carrying out a public duty
  • processed in recognition of persons’ data protection rights, which are described in the GDPR in terms of the right:
    –            to be informed
    –            to have access
    –            for the information to be accurate and for any inaccuracies to be corrected
    –            to have information deleted (eg if inaccurate or inappropriately included)
    –            to restrict the processing of the data to keep it fit for its purpose only
    –            to have the information sent elsewhere as requested or consented to (eg in any transfer situation)
    –            to object to the inclusion of any information (eg if considered to be irrelevant)
    –            to regulate any automated decision-making and profiling of one’s personal data
  • be adequate, relevant and not excessive in relation to the purpose for which it is being used
  • be kept accurate and up to date, using whatever recording means are used or agreed (eg manual or electronic)
  • not be kept for longer than is necessary for its given purpose (eg in line with agreed retention protocols for each type of record)
  • have appropriate safeguards against unauthorised use, loss or damage with clear procedures for investigating any breaches of the data security
  • comply with the relevant GDPR procedures for international transferring of personal data.

Procedures

The service has taken the following steps to protect everyone’s personal data, which it holds or to which it has access so that it complies with current data protection laws and the GDPR.

  1. It appoints or employs staff with specific responsibilities for:
    1.          the processing and controlling of data (data controller)
    2.          the comprehensive reviewing and auditing of its data protection systems and procedures (data protection manager or auditor)
    3.          overviewing the effectiveness and integrity of all the data that must be protected (data protection officer)
  2. There are clear lines of responsibility and accountability for these different roles.
  3. It provides information to its service users and others involved in their care on their data protection rights, how it uses their personal data, and how it protects it. The information includes the actions service users and staff can take if they think that their data has been compromised in any way (eg through the complaints procedure or grievance procedure in the case of staff).
  4. It provides its staff with information and training to make them aware of the importance of protecting people’s personal data, to teach them how to do this, and to understand how to treat information confidentially.
  5. It can account for all personal data it holds, where it comes from, and who it is and might be shared with.
  6. It carries out risk assessments as part of its reviewing activities to identify any vulnerabilities in its personal data handling and processing, and to take measures to reduce the risks of mishandling and potential breaches of data security. The procedure includes an assessment of the impact of both use and potential misuse of personal data in and by the service.
  7. It recognises the importance of seeking individuals’ consent for obtaining, recording, using, sharing, storing and retaining their personal data, and regularly reviews its procedures for doing so, including the audit trails that are needed and are followed for all consent decisions.
  8. It has policies and procedures for enabling service users and/or staff to have access to their personal information, and for the making of subject access requests that are in line with the GDPR.
  9. It has the appropriate mechanisms for detecting, reporting and investigating suspected or actual personal data breaches, including security breaches. It is aware of its duty to report significant breaches that cause significant harm to the affected individuals to the Information Commissioner, and is aware of the possible consequences (eg fine).
  10. It is aware of the implications of the CDPG for the transfer of personal data internationally and, where necessary, will follow the processes that it has established.

Training

All new staff must read and understand the policies on data protection and confidentiality as part of their induction.

All staff receive training covering basic information about confidentiality, data protection and access to records.

Training in the correct method for entering information in service users’ records is given to all care staff.

The nominated data controller/auditors/protection officers for Point House are trained appropriately in their roles under the GDPR.

All staff who need to use the computer system are trained to protect individual’s private data, to ensure data security, and to understand the consequences to them as individuals and the organisation of any potential lapses and breaches of the service’s policies and procedures.