External Privacy Notice
This Privacy Notice explains what happens with any personal data we gather from you in relation to:
- your use of this website;
- your contract with us, e.g. your residency contract with us;
- any enquiries or information you submit to us.
We recognise our obligations under data protection legislation and we are committed to keeping your personal data safe and secure.
You should read this Privacy Notice so that you understand how we will handle your personal data.
Our aim is to only use and hold your personal data in ways that you would reasonably expect us to.
We reserve the right to amend this Privacy Notice from time to time. If we amend this Privacy Notice we will make you aware of this via updates posted on our website.
Who we are
- Maria Mallaband Care Group Limited, based at Westcourt, Gelderd Road, Leeds, West Yorkshire, United Kingdom, LS12 6DB, company registered number 3135910, registration number with the Information Commissioner’s Office Z7524256;
- Countrywide Care Homes Limited, based at Westcourt, Gelderd Road, Leeds, West Yorkshire, United Kingdom, LS12 6DB, company registered number 7590616, registration number with the Information Commissioner’s Office Z2888993;
- MMCG (2) Limited, based at Westcourt, Gelderd Road, Leeds, West Yorkshire, United Kingdom, LS12 6DB, company registered number 10622354, registration number with the Information Commissioner’s Office ZA271705;
- MMCG Limited, based at Westcourt, Gelderd Road, Leeds, West Yorkshire, United Kingdom, LS12 6DB, company registered number 7187186, registration number with the Information Commissioner’s Office ZA192086;
- Liss Care Limited, based at Westcourt, Gelderd Road, Leeds, West Yorkshire, United Kingdom, LS12 6DB, company registered number 9962938, registration number with the Information Commissioner’s Office ZA289094.
If you have any questions regarding this Privacy Notice or how we process your personal data please contact our Data Protection Officer using the details below:
Leeds, LS12 6DB
What personal data do we gather about you?
“Personal data” is any information about an individual from which that individual can be identified. It does not include data from which an individual cannot be identified, for example anonymised data.
The types of personal data we may collect, use, store and transfer in relation to you may consist of the following:
|Data Subject||Types of Personal Data||Types of Special Category Data|
|Website visitor / user||IP address, e-mail, telephone number||N/A|
|Resident||Name, address, telephone number, date of birth, next of kin||Health records, racial/ethnic details, religious beliefs|
|Individual making enquiries / submitting information||Name, address, e-mail, telephone number||N/A|
How do we collect your personal data?
We may collect personal data about you from the following sources:
- Information you provide to us via our website or in person;
- Information provided to us by third parties, e.g. your GP, Hospital, relatives, carer.
How do we store your personal data and keep it secure?
We use reasonable and up to date security methods to:
- keep your data secure;
- prevent unauthorised or unlawful access to your personal data;
- prevent the accidental loss of or damage to your personal data.
All personal data you provide to us is stored on our secure servers and in secure filing systems.
We have in place policies, procedures and technologies to maintain the security of all personal data from the point of collection to the point of destruction including procedures to deal with a security breach.
We will ensure your personal data is only accessible by those who need to see it for their specific role.
We will only transfer your personal data to a third party if that third party agrees to comply with our procedures and policies or if they have put in place equivalent policies and procedures of their own.
How and why we will use your personal data?
We will usually only process your personal data where:
- you have given your consent;
- the processing is necessary for the performance or entry of a contract between us;
- the processing is necessary to comply with our legal obligations;
- the processing is necessary to protect your vital interests;
- the processing is necessary for the provision of health or social care;
- the processing is necessary for our legitimate interests or the legitimate interests of third parties.
The table below sets out all the ways we plan to use your personal data and which of the legal reasons we rely on when processing your personal data. We have also identified what our legitimate interests are where this is relevant.
|Data Subject||Purpose of Processing||Legal Reason for Processing||Legal Reason for Processing Special Category Data|
|Website visitor/user||To assist or improve the individual’s use of the website
To provide information on our services
|Resident||To enter into and perform a residency contract||Contract
Provision of health / social care
Establishment or exercise of legal claims
|Resident||Sharing data with third party agencies, such as government bodies (e.g. emergency services; care and support providers and health professionals)||Contract
Provision of health / social care
Establishment or exercise of legal claims
|Individual making enquiries / submitting information||To provide information on our services
To assist with our care of a resident
|Legitimate Interests||Provision of health / social care|
Where the legal reason for processing is the performance of a contract with you, if you do not provide relevant personal data we will not be able to fulfil our contractual obligation(s) to you and this may have a detrimental impact on you.
We do not sell or rent personal data which you provide to us.
How we keep your personal data accurate?
We will keep the personal data we store about you accurate and up to date.
We will take every reasonable step to erase or rectify inaccurate data without delay.
Please tell us if your personal details change or if you become aware of any inaccuracies in the personal data we hold about you.
We will contact you if we become aware of any event which is likely to result in a change to your personal data.
How long will we keep your personal data?
We will not keep your personal data for longer than is necessary for the purpose(s) for which we process it.
This means that data will be destroyed or erased from our systems when it is no longer required.
For guidance on how long certain data is likely to be kept before being destroyed, contact our Data Protection Officer.
What rights do you have in respect of your personal data?
You have the right to:
- request access to any personal data we hold about you;
- request for any inaccurate personal data which we hold about you to be rectified;
- request to have your personal data erased;
- request to have the processing of your personal data restricted (for example, if you think the personal data we hold about you is inaccurate you can ask us to stop processing it until we will either correct it or confirm it is accurate);
- request the transfer of your personal data to another data controller;
- object to certain types of processing, including processing based on legitimate interests, automated processing (which includes profiling) and processing for direct-marketing purposes; and
- withdraw consent to the processing of your personal data (where the legal reason for the processing of your personal data was your consent).
If you wish to exercise any of the rights set out above, you must make the request in writing to our Data Protection Officer. Please note some of these rights are restricted in some circumstances.
We do not conduct automated decision making (including profiling) in connection with your personal data.
Who will have access to the data we hold?
Our personnel who need to access your personal data will view it in order that we can provide our services to you.
All of our personnel have received data protection training and understand the need to keep your personal data confidential and to use it only for legitimate purposes.
In addition to our own personnel, other personnel from our service providers and group companies may process your personal data on our behalf (for example, third party IT providers).
We may disclose your personal information to third parties:
- if we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets;
- if we or substantially all of our assets are acquired by a third party, in which case personal data held by us will be one of the transferred assets; and
- if we are under a duty to disclose or share your personal data in order to comply with legal obligations or to protect the rights, property or safety of others. This includes exchanging personal data with other companies and organisations for the purposes of fraud protection and credit risk reduction.
If your personal data is provided to any third parties you are entitled to request details of the recipients of your personal data or the categories of recipients of your personal data.
We carry out due diligence on our service providers/group companies/other third parties and make sure we have a contract with them which satisfies the requirements of data protection legislation.
Apart from the situations referred to above, we will not disclose your personal data to a third party without your consent unless we are satisfied that they are legally entitled to access your personal data.
Transferring your data outside the European Economic Area (EEA)
We will not transfer your personal data outside the EEA unless such transfer is compliant with data protection legislation.
This means that we cannot transfer any of your personal data outside the EEA unless:
- the EU Commission has decided that another country or international organisation ensures an adequate level of protection for your personal data;
- the transfer of your personal data is subject to appropriate safeguards, which may include binding corporate rules or standard data protection clauses adopted by the EU Commission; or
- an exception applies (including if you explicitly consent to the proposed transfer).
Right to make a complaint
If you have any issues with our processing of your personal data and would like to make a complaint, you may contact our Data Protection Officer or the Information Commissioner’s Office on 0303 123 1113.