Definitions
Personal data: means any information relating to an identified or identifiable natural person (‘data subject); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental economic, cultural or social identity of that person.
Processing: means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
Data Controller or Controller: means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data, where the purposes and means of such processing are determined by Union or Member State law.
Data Protection Acts means the Data Protection Acts 1988 to 2018.
Delete for the purposes of this agreement means removing all data which is electronically held in such a way that it can never be retrieved from the device on which it is held;
Special categories of personal data mean personal data revealing the racial or ethnic origin of the data subject; the political opinions or the religious or philosophical beliefs of the data subject, or whether the data subject is a member of a trade union, genetic data; biometric data for the purposes of uniquely identifying an individual, data concerning health, or personal data concerning an individual’s sex life or sexual orientation.
Data concerning health means personal data related to the physical or mental health of a natural person, including the provision of health care services, which reveal information about his or her health.
Genetic data means personal data relating to the inherited or acquired genetic characteristics of a natural person, which give unique information about the physiology or the health of that natural person and which result in particular, from analysis of a biological sample from the natural person in question.
Freedom of Information Act means the Freedom of Information Act 2014 and any amendments to or replacements thereof, including by means of directly effective EU Regulation;
GDPR: means the EU General Data Protection Regulation, Regulation (EU) 2016/679, the effective date of which is 25th May 2018;
Third Party: means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data;
Privacy Notice Purpose
Home Care Solutions takes your data privacy very seriously and intends to process your personal data and special category data in a fair and transparent manner. Therefore, it is important that you understand the manner in which your data is processed and what it means for you. This document outlines the approach of Home Care Solutions to your data privacy.
Who is the Data Controller:
Homecare Solutions, Unit 4, Rathasker Square, Naas; The Data Controller.
Who is the Data Protection Officer:
The Data Protection Officer is an employee of Home Care Solutions.
Postal Address: Data Protection Officer
Telephone: +353(045) 579061
The category of data processed –personal data:
Home Care Solutions will process personal data - information from which you can be identified either directly or indirectly by reference to an identifier such as name or, identification through the use of the data in conjunction with other information such as but not limited to: name, e-mail, telephone number, next of kin, home address, date of birth, PPS number, bank account details, medical data.
This personal data will be processed pursuant to your:
Statutory rights under Data Protections Acts 2018.
Data that is processed – Special Categories of personal data:
Home Care Solutions will process special categories of personal data, namely:
Special category data relating to your health (health data) and fitness is a requirement for the continued assessment of your level of care and provision of service.
Special category data relating to your religion where you explicitly consent.
The lawful basis and purpose of the processing
The personal data and special categories of personal data processed are fundamental requirements necessary for your statutory and regulatory service and contractual obligations.
These requirements for processing will be, for example, in respect of matters such as:
Management and Administration of your personal data.
Management and Administration of all your health data
Management and Administration of all your personal data and special category personal data.
Certain anonymised data not specific to any member may be extracted for general statistical purposes.
The processing of your data is necessary for compliance with a legal obligation to which the controller is subject. For example, the obligation to share data with the State Claims Agency under the National Treasury Management Acts 1990 and 2000 or in defence of legal claims, or where the Courts make orders in a judicial capacity, or criminal investigations undertaken by AGS.
The use of your data is necessary to protect your vital interests. For example, to protect your life.
You have consented or explicitly consented to using your data (including special categories of data) in a specific way.
The processing is carried out in the public interest or in the exercise of official authority vested in the data controller.
The processing is necessary for the legitimate interests of the data controller BUT only where your rights do NOT outweigh such interests.
The processing is necessary for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with GDPR.
Who do Home Care Solutions share with:
This data will be retained under the control of the designated data controller and may be shared with the data controller of the HSE or third parties. For example, assisting in replies to Solicitor Queries, defence of legal claims, or administering health care services to you.
Any other third party will not further process your data unless you consent or unless the processing is necessary for compliance with a legal obligation to which the controller is subject. For example, as stated already, the obligation to share data with the State Claims Agency under the National Treasury Management Acts 1990 and 2000 or where the Courts make orders in a judicial capacity.
How the Home Care Solutions retain your data:
The data retention periods are as follows:
Your data will be retained on your personal file for the duration of Home Care Solutions providing a service to you.
Following the termination of the service, your personal file will be retained for 7 years for administrative purposes, For example, re-engagement with Home Care Solutions or for commercial reasons.
Your data rights:
You have the right, subject to any restrictions under the GDPR, to:
Access to any of your data -the designated data controller will process your request within 1 calendar month of the request. There may be grounds where that could be extended by a further two calendar months due to complexity or a number of requests. Should this be necessary, the reasons will be explained by the Data Protection Officer.
Rectification of any of your data- If your personal data is inaccurate, you have the right to have the data rectified without undue delay. If your personal data is incomplete, you have the right to have data completed, including by means of providing supplementary information.
Erasure of any of your data provided there are valid grounds for doing so.
Restriction on any processing of your data. This can occur where: (a) you have objected (see (f) below) or (b) your data is inaccurate. In these cases, the restrictions will apply until the Data Protection Officer has determined the accuracy of the data or the outcome of your objection; or, (c) the processing was unlawful, or (d) you have a legal claim and need the data. Where you have obtained a restriction on the processing of your data, the data controller must inform you before lifting the restriction.
Right to data portability. In some circumstances, you may be entitled to obtain your personal data from a data controller in a format that makes it easier to reuse your information in another context and transmit it to another data controller of your choosing without hindrance.
You have the right to object to certain types of processing of your personal data where this processing is carried out in connection with tasks in the public interest, or under official authority, or in the legitimate interests of others. You may also object to the processing of your personal data for research purposes unless the processing is necessary for the performance of a task carried out in the public interest.
Withdraw your consent at any time. If you withdraw your consent, it will not affect the lawfulness of processing based on your consent before its withdrawal. It is important to note that failure to provide specific data may affect the execution of a contract between you and Home Care Solutions.
You also have the right, in any case, to lodge a complaint to the Data Protection Commissioner or another Supervisory Authority on any matter as regards the processing of your data by Home Care Solutions’ designated data controller. You can contact the Office of the Data Protection Commissioner at: https://www.dataprotection.ie/docs/contact-us/b/11.html.
Telephone: +353(0)761 104800 or Lo Call Number 1890252231
E-mail: info@dataprotection.ie
Postal Address: Data Protection Commission, Canal House, Station Road, Portarlington, R32 AP23, Co. Laois.
The Data Protection Officer (DPO) may occasionally modify or amend this privacy notice. For all members to be aware of changes, the DPO will amend the “last updated” date at the top of the cover page. The new modified or amended privacy notice will apply from that updated date. All members must review this notice to be informed about how data is processed.