Kent Adult Social Care and Health (third parties) privacy notice

We keep this privacy notice under regular review and was last updated on 26 September 2023.

Kent County Council respects your privacy and is committed to protecting your personal data. This privacy notice will inform you as to how we look after your personal data and tell you about your privacy rights and how the law protects you.

This notice is for people such as family members, carers and other people whose information we may receive through the course of working with an individual and explains what personal data (information) we hold about you, how we collect, how we use and may share information about you. We are required to give you this information under data protection law.

Who we are

Kent County Council (KCC) collects, uses and is responsible for certain personal information about you. When we do so we are regulated under the United Kingdom General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. We are responsible as ‘controller’ of that personal information. Our Data Protection Officer is Benjamin Watts.

Kent Adult Social Care and Health will work with you to promote the health and wellbeing of all persons, designing services together that both suit and meet needs. Kent aims to be a county of opportunity, where aspiration rather than dependency is supported and quality of life is high for everyone. We will work to understand and break down the barriers that stop this from happening.

Personal information we collect and use

Information collected by us

In the course of our work, we may collect and record the following personal information when it is provided to us by yourself or by others:

Personal data

• personal information e.g: your name, address, telephone number, date of birth (when relevant), NHS number, gender
• contact details for your support network, if you are registered with us as a carer or host
• information about your finances such as bank details, income, benefits (if you are considering making a Third Party Top up)
• information about you and your circumstances (if relevant)
• information relating to a person’s general background when we are approving a Shared Lives Host and explore their upbringing and significant friend and family relationships
• information relating to a person’s general background if you are asked to participate in a best interest meeting.

In some circumstances, such as when you are a carer or host, we may also collect ‘Special Categories of Personal Data’:

• information such as your racial or ethnic origin, religious or philosophical beliefs, your sexual orientation
• information about any health conditions, disabilities or carer's responsibilities that may apply to you
• information about any health and safety or safeguarding concerns that may be relevant
• information about your needs and wishes
• information relating to a person’s general background if you are asked to participate in a best interest meeting.

We will obtain personally identifiable data from other sources in order to identify people who are vulnerable to the coronavirus, may require support as a result of the coronavirus or meet eligibility to be prioritised for vaccination based on the priority groups set by the Joint Committee on Vaccination and Immunisation. This includes personal information about individuals who do not meet our normal support criteria but have had their normal support from family or friends reduced or interrupted.

We will obtain information from the Government Digital Service (this may include data from the NHS and other departments), and we will also obtain it from providers of care homes, nursing homes, and domiciliary care services. We will additionally receive information from district and borough councils, voluntary and carer organisations.

We may ask you to attend a best interest meeting if you are able to represent a person to ensure that we provide the right care and support to that person. This may be, for example, as part of the Adult Short Break Service where a best interest may be required to obtain medical record and allergen information from the NHS to ensure the person is kept from harm during an overnight stay.

Kent County Council are one of the partner organisations to the Kent and Medway Care Record (KMCR). The KMCR is an electronic care record which links your health and social care information held in different provider systems, to one platform. This allows health and social care professionals who have signed up to the KMCR to access the most up to date information to ensure you receive the best possible care and support by those supporting you. The KMCR can also be used for secondary purposes. This includes using the KMCR information for planning, population health management, audit, business intelligence and research and academia.

In order to enable this sharing of information, organisations who use the KMCR have agreements in place that allow the sharing of personal and special category data. Read further information about the Kent and Medway Care Record or read the Kent and Medway Care Record privacy notice for information about the ways in which your data is used for this system.

Collecting and sharing your personal information

In the course of working with you, we may collect information from, or share it, with some of the following third parties (non exhaustive list):

• advocates, deputies, legal power of attorney
• borough councils, housing associations and landlords
• cabinet members
• Care Quality Commission (CQC)
• central government
• county councillors
• Department for Work and Pensions (DWP)
• external providers
• family members and carers
• internal teams, such as case management, finance and Shared Lives
• Kent and Medway Safeguarding Adults Board (KMSAB)
• Kent Safeguarding Children Board (KSCB)
• legal representatives, such as solicitors
• local government ombudsman
• MPs
• 'Nearest Relative'
• NHS providers, such as GPs and hospitals
• other professionals
• partner agencies, such as volunteer organisations and statutory organisations
• schools
• Kent and Medway Care Record Partner Organisations

The Kent and Medway Safeguarding Adults Board (KMSAB) is a statutory service which exists to make sure that all member agencies are working together to help keep Kent and Medway's adults safe from harm and protect their rights.

Each health and social care organisation listed will ensure they have the relevant agreements in place to be able to process your personal information.

Where you have indicated to remain anonymous when completing the adult safeguarding concern form (as the referrer), we will always do our best to ensure that you remain anonymous. However, we cannot guarantee anonymity as there may be circumstances where the information you provide, may need to be shared. When this happens, your information will only be shared where it is strictly necessary and proportionate and will be shared in accordance with data protection obligations governed by UK GDPR and Data Protection Act 2018.

We will share personal information with law enforcement or other authorities if required by applicable law or in connection with legal proceedings.

We will share personal information with our legal and professional advisers in the event of a dispute, complaint or claim. We rely on Article 9(2)(f) where the processing of special category data is necessary for the establishment, exercise or defence of legal claims or whenever courts are acting in their judicial capacity.

How we use your personal information

For all 'third parties'

We use your personal information to:

• process complaints and compliments regarding the services we have provided
  • details contained in care records and correspondence received
• assess your financial contribution to a person’s care (if you are considering making a Third Party Top Up)
  • information about your finances such as bank details, income, benefits
• liaise with agencies, companies and charities on your behalf
  • relevant personal information held on our systems
• work with you to create a Care and Support Plan for a person
  • details contained in your care records and conversations held]
• endeavour to keep you safe from harm
  • information about any health and safety or safeguarding concerns that may be relevant
  • information relating to a person’s background if you are asked to participate in a best interest meeting

• analyse the service that we are providing
  • statistical reports output by our computer systems
• during the course of approving a Shared Lives Host
  • information provided to us by the Host we are approving/background information - including details of significant friends and family and information that relates to the Host’s upbringing
• support the delivery of the Kent and Medway Care Record
  • information identified in the specific KMCR privacy notice
  • provide better outcomes to improve your health and social care requirements and to improve your health and social care journey
  • ensure integration with health and social care providers to provide a person-centred approach for you
  • ensure you are in receipt of the right care and support throughout your social care journey
  • help to understand population needs, improve services and care and health, and understand costs of delivering services and care.

If you are a carer

We use your personal information to:

• create a secure and comprehensive record of all of the work that we do with and for you
  • your name, address, telephone number and date of birth.
  • contact details for members of your family and support network
• fully understand your needs
  • information about you and your circumstances
  • information about your needs and wishes
  • information such as your racial or ethnic origin, religious or philosophical beliefs, your sexual orientation
• endeavour to keep you safe from harm
  • information relating to a person’s background if you are asked to participate in a best interest meeting
• arrange respite
  • details contained in care records and conversations held
• promote your health and wellbeing in partnership with the Kent and Medway Partnership Trust (KMPT), the NHS and North East London Foundation Trust (NELFT)
  • information about any health conditions or disabilities that may apply to you, including your mental health
• support the delivery of the COVID-19 vaccination programme
• support the delivery of the Kent and Medway Care Record
  • information identified in the specific KMCR privacy notice
  • provide better outcomes to improve your health and social care requirements and to improve your health and social care journey
  • ensure integration with health and social care providers to provide a person-centred approach for you
  • ensure you are in receipt of the right care and support throughout your social care journey
  • help to understand population needs, improve services and care and health, and understand costs of delivering services and care.

The sharing of information facilitates a joined up approach with partner agencies, to provide you and those whom you care about, with the best possible care and support.

How long your personal data will be kept

We will only hold your personal information for as long as necessary. To work out how long we need to keep your information for we use our retention schedule (See sections AS1 – 6 (excluding AS2.1, AS2.2, AS4.4, AS4.5, AS4.9, AS4.10, AS4.11, AS4.12.15, AS4.12.16, AS4.13, AS5.2, AS6.1) which provides a breakdown of the retention periods relied on by Adult Services). The criteria for determining retention periods are statutory or other industry requirements, legal liability or other legal requirements and best business practice.

Reasons we can collect and use your personal information

When we collect your personal data, we rely on the following legal bases:

• Article 6(1)(c) - processing is necessary for compliance with a legal obligation to which the controller is subject
• Article (6)(1)(d) - processing is necessary to protect someone’s life (vital interests)
• Article 6(1)(e) - processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

When we collect your ‘special categories of personal data’, (such as health, race, ethnicity, sexual orientation) we rely on the following legal bases:

• Article 9(2)(c) - it is necessary for the protection of vital interests
• Article 9(2)(g) - processing is necessary for reasons of substantial public interest (safeguarding of children and of individuals at risk)
• Article 9(2)(h) - processing is necessary for the provision of health or social care or treatment or the management of health or social care systems and services.
• Article 9(2)(i) - Necessary for reasons of public interest in the area of public health (subject to a DPA 18 condition.
• Article 9(2)(j) - Necessary for archiving purposes in the public interest, scientific, or historical research purposes in accordance with Article 89(1) (subject to a DPA 18 condition) which shall be proportionate to the aim pursued, respect the essence of the right to data protection and provide for suitable and specific measures to safeguard the fundamental rights and the interests of the data subject

We rely on the public interest, health or social care purpose and research conditions from Schedule 1 of the Data Protection Act 2018 when relying on Article(9)(2)(h) to process your special category data.

We take the following appropriate safeguards in respect of your special category data when relying on the conditions above:

• we have an Appropriate Policy for Lawful Processing which explains how the data protection principles are secured when using special category information. This policy is retained throughout the time we use your data and for six months after we cease to use it.
• we have a retention schedule which explains how long data is retained
• we maintain a record of our processing in our ‘Record of Processing Activities’ and record for any reasons deviating from the periods in our Retention Schedule.