Privacy Notice

We may revise this Privacy Notice from time to time. Any changes we may make to our Privacy Notice in the future will be posted on this page. The Notice was last updated on 07/10/2024.

  1. Important information

This Privacy Notice applies to patients, visitors, staff members, recruitment candidates, clinicians/consultants, contractors/agency staff, suppliers and visitors to the Home Wound Care Ltd (& its subsidiaries) website. It sets out your rights under the UK General Data Protection Regulation (also known as the UK-GDPR, alongside the Data Protection Act 2018).

This Privacy Notice states how Home Wound Care Ltd collects, uses, retains, and discloses your personal information (information that identifies you and is about you), also known as personal data.

  1. Who we are

Home Wound Care Ltd (also referred to as “we”, “us”, “our” in this Notice) is a leading private healthcare organisation working across the UK, delivering care for both NHS and private patients. Our purpose is the advancement of health and the relief of patients suffering from wounds. We do this by providing:

  • a personal approach through visiting patients at their homes or care premises via prearranged appointments to assess and dress wounds for patients.

We are incorporated in England and Wales with the registered number 14151207 whose registered office is at 86-90 Paul Street, London, EC2A 4NE.

The Data Protection Authority is the Information Commissioners Office (ICO) based in the UK and our registered number is: ZB341420

To ensure that we process your personal information fairly and lawfully we are required to inform you about:

  • Why we need your data
  • How it will be used
  • Who it will be shared with
  • What rights you have in relation to the personal data we collect from you.

Within this policy we describe instances where Home Wound Care Ltd is the “Data Controller” (the organisation which decides what information we collect and how it is used), and where we direct or commission the processing of data to help deliver better healthcare, or to assist the management of healthcare services.

There may be situations where Home Wound Care Ltd processes personal data on the instructions of another organisation (i.e., when Home Wound Care Ltd is acting as a “data processor”), but in those circumstances our use of data would be governed by that organisation.

At Home Wound Care Ltd we recognise the importance of protecting personal and confidential information in all that we do, all we direct or commission, and ensure that we meet our legal duties.

  1. What information do we collect about you?

We only collect and use your personal information according to the legal bases defined in the UK-GDPR and for the lawful purposes of administering the business of Home Wound Care Ltd. The legal bases are as follows:

  • Consent – where you have given your specific consent to the processing of your personal data.
  • Performance of a contract – where the processing of your data is necessary for the fulfilment of a contract, e.g., being employed by us
  • Compliance with a legal obligation – processing of your data is necessary by law and Home Wound Care is required to comply.
  • In the vital interest – we may process your personal data in order to protect your vital interests, for example in providing emergency treatment or care should it be required.
  • Public interest – we may process personal data in order to complete a task carried out in the public interest.
  • Legitimate interest – we may process your personal data where we have a legitimate “business” interest in processing that information.

The table below shows the purposes and the associated legal basis under which we process your personal data:

Reason for processing

Legal basis for processing

Accounting and auditing
  • Compliance with legal regulations

Advertising and PR
  • Consent

Conducting analysis and research activities
  • Consent

Consultancy and advisory services
  • Performance of a Contract

Education and training for staff members
  • Legitimate interest – we need to ensure that staff have the correct competency to fulfil their role

Employment and staff administration
  • Performance of a Contract

Healthcare administration and services
  • Performance of a Contract

Invitation to meetings and other events
  • Consent

Medical records management
  • Compliance with legal regulations that apply to us and our contractual duties

Third party delivery of services
  • Performance of a Contract

Please note that should your relationship with Home Wound Care Ltd change, the legal basis under which we hold your data may also change.

  1. What types of personal data do we handle?

We process personal information to enable us to support the provision of healthcare services to patients, maintain our own accounts, promote our services and to support and manage our employees. We also process personal information about healthcare professionals who deliver services within Home Wound Care Ltd.

The types of personal information we use:

Type of personal information

Individual group the information may apply to

Personal identity – title, name, marital status, date of birth, National Insurance number, NHS number
  • Patients, visitors, staff members, recruitment candidates, clinicians/consultants, suppliers, agency staff/contractors

Contact details – addresses, landline telephone & mobile numbers, email address
  • Patients, staff members, recruitment candidates, clinicians/consultants, suppliers.

Family details – next of kin names, addresses and telephone numbers, relationships to next of kin

 
  • Patients, members of staff, consultants

Financial details – such as bank sort code/account number, payment card number
  • Staff members, suppliers, clinicians/consultants, agency staff/contractors

Employment details – such as salary, annual leave, pension, benefits, discipline and grievance, payroll, tax information, performance data, occupational health data and security clearance data

 
  • Staff members, clinicians/consultants, contractors

Education and training such as training records, qualification verification, employment history and CVs

 
  • Staff members, clinicians/consultants, recruitment candidates

Health record
  • Patients

Lifestyle and social circumstances such as questions about smoking, drinking and general lifestyle

 
  • Patients

Responses to surveys

  • Patients, staff
   

We also process special categories of information for patients & staff, which may include:

  • Racial and ethnic origin
  • Religious or philosophical beliefs
  • Trade union membership
  • Genetic data
  • Biometric data
  • Data concerning a person’s sexual orientation
  • Offences (including alleged offences), criminal proceedings, outcomes and sentences
  • Employment tribunal applications
  • Complaints, accidents, and incident details
  • Health data (including morbidity and disability)
  1. How will we use information about you?

Your information is used to ensure the delivery and improvement of our services.

5.1. For our patients, your data may be used to:

  • Manage our relationship with you
  • Register all patients onto our Patient Administration System
  • Register new referrals for existing patients on our systems, update demographic details and health records with new referral details
  • Record telephone calls made to us in relation to appointment enquiries
  • Allow the preparation of health record folder (notes)
  • Prepare for the agreed treatment
  • Deliver the agreed treatment
  • Investigate complaints, legal claims or serious incidents
  • Service planning
  • Process anonymised statistical information on our performance
  • Address customer service enquiries

The lawful basis for processing your personal data within the organisation are as follows:

  • UK-GDPR – Article 9(2)(a) – “the data subject has given explicit consent…”
  • UK-GDPR – Article 9(2)(h) – “processing is necessary for… scientific or historical research purposes or statistical purposes in accordance with Article 89(1) based on the law which shall be proportionate to the aim pursued, respect the essence of the right to data protection and provide for suitable and specific measures to safeguard the fundamental rights and interests of the data subject’.
  • UK-GDPR – Article 6(1)(e) – “processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller…”

Patient Administration Systems

Home Wound Care Ltd is the data controller for our electronic Patient Administration System. This system holds personal details of all patients that have been referred via:

  • Third party medical organisations (private consultants)
  • Other third-party referrals

The information held on these systems is used primarily for the purpose of administering healthcare services; it may however be used for other non-health related purposes and shared with statutory bodies/organisations to enable them to fulfil their statutory obligations. ‘Non-health related purposes’ relate to processing such as contracted reporting using pseudonymised data. We may also use the information within the administration system for statistical analysis to see how the organisation is performing with respect to business targets and objectives and quality of care.

The information will only be shared with other organisations where there is a statutory or contractual obligation to do so, or with the agreement of the Home Wound Care Ltd Caldicott Guardian and Data Protection Officer. A Caldicott Guardian is a senior person responsible for protecting the confidentiality of patient and service user information and enabling appropriate information-sharing.

We may keep your information in a written form or on a computer. Whenever possible all information that identifies you will be removed.

5.2. For our staff, recruitment candidates, contractors/agency staff, consultants and suppliers, your personal data may be used to:

  • Manage our relationship with you
  • Fulfil our duty of care towards staff in the event of a major incident (e.g., in the event of a lockdown, fire)
  • Verify employment history, qualifications, and experience & validate your ‘right to work’
  • Assess suitability for employment during selection process
  • Undertake personal development of employees
  • Deliver payroll for employees
  • Fulfil our duties in respect of national insurance and tax accounting
  • Manage disciplinary and grievance procedures
  • Undertake due diligence and risk assessment of supply chain
  • To communicate with you in the event of a major incident (e.g., in the event of a lockdown, fire)
  • To promote Home Wound Care Ltd via our social media platforms on the occasions where we obtained your consent from you to include information about you in our promotions
  • Please contact us for a list of organisations we work with
  1. Sharing Your Information

We may disclose your personal information for a number of reasons (to the extent necessary). This can be due to:

  • Our obligation to comply with current UK legislation
  • Our duty to comply with a court order
  • A contractual commitment to report statutory information
  • You, having provided us with your consent to disclose your information
  • Where we are required to do so by law
  • The sharing of your data will ultimately benefit you as the data subject
  • Our obligation to comply with our regulators

In fulfilling our obligation to provide services (healthcare and other services) we may share your data with the following:

  • Regulators
  • Independent Sector Complaints Adjudication Service
  • Referral services
  • General Practitioners (your Doctor)
  • Specialist consultants (medical and non-medical)
  • Contracted third parties providing services or devices, medical and non-medical
  • Healthcare insurance providers
  • Pathology laboratories
  • Occupational health services (staff)
  • National registries with patients’ consent.
  • Communication service (Text alert)
  • Payroll service
  • Training providers
  1. Marketing Communications

From time to time, we may wish to contact you with information about our products, services, or events that we believe may be of interest to you. You have the right to opt out of receiving such marketing communications at any time. If you no longer wish to receive marketing emails, you can unsubscribe by following the instructions provided in the email or by contacting us directly

  1. Sharing your Information outside of the United Kingdom (UK)

We may from time to time be required to share your information with other service providers who are outside the UK. The sharing of your information with these providers is necessary in order to provide the necessary medical service. The transfer of personal data internationally will be conducted with the appropriate legal mechanisms in place. E.g., an International Data Transfer Agreement or Special Contract Clauses with the appropriate organisations will be in place – if appropriate.

  1. Keeping your data secure
  • We will use technical and organisational measures (TOMS) to safeguard your Data, e.g., access to your account is controlled by a password and a username that is unique and we store your Data on secure servers.
  • Technical and organisational measures include measures to deal with any suspected data breach. If you suspect any misuse or loss or unauthorised access to your Data, please let us know immediately.
  • We may also use two factor authentication if the systems we use require it
  1. How long will we keep your data for?

We will keep your personal information in accordance with our Information Retention Policy and for only as long as is lawfully necessary to conduct our business with you, and/or in accordance with our legal obligations for data retention. (These terms can be found in our Data Retention Schedule) – we also recognise the NHS Records Management Code of Practice.

  1. Your rights

The UK-GDPR provides a number of rights over your data, subject to certain criteria being met. These are:

  • Right of access to your personal information and supplementary information (for example your medical record). Once we have received your request, we will respond within a calendar month. This information will be sent to you free of charge.
  • Right to rectify/amend your personal information if it is incorrectly recorded. You have the right to question any information we hold about you that you think is wrong, out of date or incomplete. If you do, we will take reasonable steps to check its accuracy and correct it.
  • Right to object and Right to be forgotten
    You have the right to object to our use of your personal information, or to ask us to delete, remove or stop using your personal information if it is no longer needed for the purpose for which it was collected or otherwise processed. This is known as the ‘right to erasure’ or ‘right to be forgotten’. 
  • Right to restrict the use of your personal information if:
    • It is not accurate.
    • It has been used unlawfully but you do not want us to delete it;
    • It is not relevant anymore, but you want us to keep it for use in legal claims; or
    • You have already asked us to stop using your personal information, but you are waiting for us to assess your request and confirm whether we are permitted to continue using the personal information under data protection law.
  • Right to obtain your personal information in a portable format
    You have the right to get copies of your personal information from us in a format that can be easily re-used. You can also ask us to pass on your personal information to other organisations.

It is important that the Data we hold about you is accurate and current. Please keep us informed if your Data changes during the period for which we hold it.

  1. Freedom of information

Home Wound Care Ltd is not a public authority and is not governed by the Freedom of Information Act.

  1. Links to other websites
    This Website may, from time to time, provide links to other websites. We have no control over such websites and are not responsible for the content of these websites. This privacy policy does not extend to your use of such websites. You are advised to read the privacy policy or statement of other websites prior to using them.
  2. Changes to this policy

We may revise this privacy policy from time to time. Any changes we may make to our privacy policy in the future will be posted on our website (this page). The policy was last updated on 04/07/2023.

  1. Contact Us

Questions, comments, and requests regarding this privacy policy are welcomed. Please contact our Data Protection Officer via our contact page on this website.

  1. Your right to complain

If you are not satisfied with our response or the way we are processing your personal information you can contact the Information Commissioner’s Officer (also known as the ICO) at www.ico.org.uk.The ICO is the statutory body which oversees data protection law in the UK.