Prestwick Care Limited

Privacy Notice

Changes to this privacy notice

To view our  External Privacy Notice, please click here.

To view our Resident and Next of Kin Privacy Notice, please click here.

We keep this privacy notice under regular review and will communicate any significant updates to you and update our websites accordingly. This privacy notice was last updated in February 2024 and will be reviewed at least on an annual basis.

Data Protection Officer

The Data Protection Officer (DPO) for Prestwick Care is Paul Wright. You may contact the DPO if you would like to:

  • Receive a copy of your data
  • Have any questions you feel have not been covered by this Privacy Notice
  • Have any concerns about the processing of your data
  • Wish to make a complaint about the processing of your data

Please click here to view our data subject access request (DSAR) form. Completion of this form will assist in providing the data you require.

You can contact our DPO at paul@malhotragroup.co.uk or call 0191 233 0387 to speak to him at Head Office.

Data Controller

Prestwick Care Ltd (“we”, “our”, “us”) processes personal data in accordance with our obligations under the General Data Protection Regulations (‘GDPR’) and is a registered Data Controller with the Information Commissioner’s Office (‘ICO’), which is the supervisory authority responsible for the oversight and enforcement of Data Protection Legislation within the United Kingdom. 

ICO Registration Number: ZA293022 (under Malhotra Group PLC)

General

This privacy notice is a statement that describes how and why we process personal data in relation to an individual. At Prestwick Care we do all we can to respect your rights to privacy and the protection of your personal information. We pledge to handle your data fairly and legally and all times.

This notice sets out what we do with your information, but also the processes we have in place to ensure we are compliant with the GDPR.

This notice also explains how you might control the use of your personal data in accordance with your rights under the GDPR.

Prestwick Care will not disclose your personal data to any unaffiliated third parties. Furthermore, we will never sell or rent our user information to other organisations for external marketing purposes. This privacy notice provides you with information on why we collect your personal information, how we use it, the limited conditions under which we may disclose it to others, and how we keep your information secure.

Prestwick Care uses your personal data:

  • to verify your identity
  • for market research purposes (for which we will always obtain your consent)
  • where we have a legal right or duty to use or disclose your information (for example in relation to an investigation by a public authority or in a legal dispute)
  • for the protection of our employees and users
  • for crime and fraud prevention, detection and related purposes

Types of data we collect

We collect and process various categories of personal information in order to provide our services effectively. This may include (but is not limited to):

  • your name, age/date of birth and gender
  • your contact details: postal address, telephone numbers and e-mail address
  • your on-line browsing activities
  • your password(s)
  • your communication and marketing preferences
  • your feedback and survey responses
  • your location
  • your correspondence and communications with Prestwick Care
  • other publicly available personal data, including any which you have shared via a public platform (such as Twitter, Facebook, Instagram or LinkedIn).

Our websites are not intended for children and we do not knowingly collect data relating to children.

This list is not exhaustive, and in specific instances we may collect additional data for the purposes set out in this Privacy Notice. Some of the above personal data is collected directly, for example when you set up an on-line account on our websites, use our WIFI or send an email to an employee within our organisation. We may also collect personal data from third parties who have your consent to pass your details to us, or from publicly available sources. Information may be collected by:

Website Cookies

Our websites use cookies to collect information. This includes information about browsing behaviour by people who access our websites. This includes information about pages viewed and the journey around our websites.

What are cookies?

Like most websites, Prestwick Care uses cookies to collect information. Cookies are small data files which are placed on your computer or other devices (such as smart ‘phones’ or ‘tablets’) as you browse a website. They are used to ‘remember’ when your computer or device accesses our websites. Cookies are essential for the effective operation of our websites.

What are cookies used for?

The main purpose for which cookies are used are:

  • For technical purposes essential to the effective operation of our websites, particularly in relation to site navigation
  • For Prestwick Care to market to you, particularly banner advertisements and targeted updates
  • To enable Prestwick Care to collect information about your browsing patterns, including to monitor the success of campaigns etc

How do I disable cookies?

If you want to disable cookies you need to change your website browsing settings to reject cookies. How this is done will depend on the browser you use.

Google Analytics

When someone visits our websites, we use a third-party service, Google Analytics, to collect standard internet log information and details of visitor behaviour patterns. We use limited ‘Profiling’ (where information about you is used to tailor goods or services based on your interests, movement or records of your activities). This information is only processed in a way which does not identify anyone. We do not make, and do not allow Google to make any attempt to find out the identities of those visiting our websites.

Curriculum Vitae’s

We may obtain information about you when you apply for a job vacancy or when you submit a prospective CV for upcoming or potential vacancies. We will only store this information for a period of 6 months, unless you consent to your information being held for a longer duration. You can withdraw consent for this at any time.

Activities we process your personal data for and the lawful basis

Under Article 6 EU GDPR we must identify a basis for the “lawfulness of processing” of our activities involving of your data. These are broadly described as: ‘Consent’, ‘Contract’, ‘Legal Obligation’, ‘Vital Interests’, ‘Public Interest (or Public Task)’ and  ‘legitimate interests’.

When joining us

Where you have “given consent to the processing of personal data for one or more specific purposes” you can withdraw consent for or object to at any time.

These activities have been identified as processing where it is “necessary for the purposes of the legitimate interests pursued by the controller” (us) or you, as an enquirer or where you have “given consent to the processing of personal data for one or more specific purposes” which you can withdraw consent for or object to at any time:

  • Company activities and events organised for customers and partners in relation to future opportunities or associated material we think might be of interest to you, for example Surveys, feedback and similar communications.
  • We may use your data to analyse monitor and evaluate our recruitment effectiveness or other performance and effectiveness in order to maintain and improve our services.
  • We may seek your views directly through online questionnaires, invitations to participate in focus groups, or other technology-based surveys.
  • Providing a more personalised user experience when using our website or any other services, allowing us to target you with information we think you might be most relevant to you and your enquiries. 

Data is also processed for the following activities, which have been identified as necessary “for us to comply with the law”: 

  • For monitoring compliance with and enforcement of relevant policies in relation to health and safety and security (prevention and detection of crime) – including the use of CCTV, and safeguarding
  • For compliance with UK Border Agency requirements and for meeting Professional Statutory Regulatory Bodies requirements
  • Production of statistical returns required for third party government bodies or for completion of government supported surveys
  • To monitor and promote equality and diversity. This may include the production of non-identifiable statistical data for analysis

Photographs

Photographs may be taken at our events for use in communications and marketing materials, including on our website and on social media channels. Where you are not the subject of the image, i.e. if it is a “group” or “crowd” photograph, we may use such images without requiring your consent, however, where you are the subject of the photograph, you will be asked to provide your explicit consent to use the image.  Notifications will be put up in and around these ‘open’ events to inform you when such photography is taking place.  You have the right to object or restrict your image being taken or used.  If you would like to exercise this right, please contact us as set out below.

Communications

All communication with you, including in relation to updates to this privacy notice, will, where possible be made via email.  If, at any stage, you are concerned about the content (e.g. unwanted marketing), frequency (too many) or method (change preference) of these communications, you can unsubscribe or update your preferences using the link which will be provided at the bottom of the relevant correspondence. 

Should you unsubscribe from our marketing messages you will miss regular communications about our services and updates.

Coronavirus (COVID-19)

The Company may find it necessary for us to store information regarding NHS Track & Trace. The legal basis for the retention and processing of this data is the protection of our employees, residents, customers and the wider public. Under the General Data Protection Regulations (GDPR) such data can be retained and processed, if:

  • ‘Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller’. As information about health is a special category of personal information, a further section of the GDPR applies (Article 6(1)(e)); and/or
  • ‘Processing is necessary for reasons of public interest in the area of public health, such as protecting against serious cross-border threats to health or ensuring high standards of quality and safety of healthcare’ (Article 9(2)(i)).

The development of the NHS Test and Trace scheme is a key part of the Government’s plan to manage the spread of Coronavirus (COVID-19). Data will not be shared without sound legal basis, but in the interests of public safety and in order to prevent the spread of COVID-19, we will be legally obliged to share data upon request from NHS Test and Trace. Such data will only be retained as long as we are legally obliged to do so.  

How personal data is stored securely by Prestwick Care

We have implemented appropriate physical, technical, and organisational security measures designed to secure your personal data against accidental loss and unauthorised access, use, alteration, or disclosure. In addition, we limit access to personal data to those employees, agents and contractors that have a legitimate business need for such access. All of our employees, contractors and volunteers with access to personal data receive mandatory data protection training and have a contractual responsibility to maintain confidentiality and access to your data is restricted to those members of staff who have a requirement to access it.  

We utilise different storage solutions and IT systems, some of which are outsourced to third party providers. Where processing takes place with an external third party, processing takes place under an appropriate agreement outlining their responsibilities to ensure that processing is compliant with the Data Protection legislation and verified to be secure.  Where applicable, any credit/debit card details provided will be stored in full compliance with PCI-DSS requirements.

Transfers to third party countries

Where data is shared with third party countries, we ensure that these countries are either approved by the European Commission as having ‘adequate protection’ or we put in place ‘appropriate safeguards’ and contracts with these organisations, so as to maintain the security of the data and your rights under relevant Data Protection legislation.  There may also be limited sharing with organisations in third countries under specific exemptions, for example, with your explicit consent.

Your Rights under GDPR

Under the GDPR, you have a number of rights in relation to the processing of your personal information, each of which may apply to differing degrees’ dependent upon the nature of the processing and the legal basis for it. You have the right to:

  • Be informed as to how we use your data (via this privacy notice)
  • Request access (a copy) of the personal information that we hold about you
  • Correct inaccurate or incomplete data
  • Request that we stop sending you direct marketing communications

 In certain circumstances, you may also have the right to:

  • Ask to have certain data erased by us.
  • Request that we restrict certain processing of your personal data
  • Request that we provide any data you submitted to us electronically be returned to you or passed to a third party as a data file
  • Object to certain processing of your personal data by us  

In some cases, there may be specific exemptions as to why we aren’t able to comply with some of the above. Where this is the case, we will explain the reasons why.  

To exercise any of the above rights, you can contact our DPO at paul@malhotragroup.co.uk or call 0191 233 0387 to speak to him at Head Office.

Data Protection Officer

The Data Protection Officer (DPO) for Prestwick Care is Paul Wright. You may contact the DPO if you would like to:

  • Receive a copy of your data
  • Have any questions you feel have not been covered by this Privacy Notice
  • Have any concerns about the processing of your data
  • Wish to make a complaint about the processing of your data

Please click here to view our data subject access request (DSAR) form. Completion of this form will assist in providing the data you require.

You can contact our DPO at paul@malhotragroup.co.uk or call 0191 233 0387 to speak to him at Head Office.

Lodging a Complaint with the Information Commissioners Office (ICO)

If you are dissatisfied with our processing of your data, or a response to a complaint you have made to us about it, you have the right to complain to the ICO.   The contact details for the ICO are:

            Information Commissioner’s Office

            Wycliffe House Water Lane

            Wilmslow Cheshire

            SK9 5AF

            Telephone: 0303 123 1113 (local rate) or 01625 545 745

For more information you may also visit the Information Commissioner’s web site at https://ico.org.uk/