Privacy notices

Croydon Council is committed to protecting your privacy when you use our services.

This Privacy Notice explains what personal information we collect about you, how and why we use it, who we disclose it to, and how we protect your privacy. We comply with our legal obligations under the General Data Protection Regulation (GDPR) 2018 and the Data Protection Act 2018 when using your personal data, for example, collecting, storing, sharing, and destroying.

Who we are

Croydon’s Adult Social Care Service aims to ensure that our residents live healthy, independent and fulfilling lives as part of our communities. We provide the support you need to achieve your own goals, get involved in the community, make informed choices about your well-being and care, and stay as independent as possible.

When providing social care services to you, we have to collect and use your personal information. We process your personal information in order to provide care and support services and to support vulnerable adults, the elderly, those with physical disabilities and carers either directly or jointly with our partners.

Whilst the majority of information provided to us is mandatory (e.g. to comply with our statutory obligations), some of it is provided by you on a voluntary basis. In order to comply with the GDPR and the Data Protection Act 2018, we will inform you whether you are required to provide certain information to us, or if you have a choice in this. We will also explain what your data rights are and what your information will be used for. Information may be collected in many different ways including on paper, by telephone, electronically or by a member of staff in person.

We may also share your personal information with third-party agencies including the NHS, domiciliary care services, care home providers and other health and care services we may buy-in to support you, or when data-sharing is necessary and mandatory under the law.

You have the right to object to some or all your information being processed (shared) under current data protection legislation (Article 21 the General Data Protection Regulations 2016, and the Data Protection Act 2018).

You are advised that whilst under this legislation you have the right to raise an objection, this right is not absolute in relation to health and care data being shared for the purposes of direct care under the lawful bases for sharing. 

All objections will be considered on an individual basis by the Data Controller.  The contact details for the DPO for each organisation can be found within this Privacy Notice as displayed by each individual organisation, or on their website.
 

Your privacy rights

This Privacy Notice tells you:

• What information we – Adult Social Care Services – hold about you
• How we use your information
• Who we share your information with within and outside the Council
• How we keep your information safe and secure
• Your right to see your social care records

The legal bases for processing your personal information are:

• Compliance with a legal obligation
• Contract for the supply of services
• Consent

Adult Social Care staff will update its systems with any details relating to your situation that will assist the Council in supporting you to meet your social care and health needs. The information we hold about you is confidential. Any records we hold can only be seen by authorised staff and others with a right to know, including you.

The law gives you a number of rights to control what personal information is used by us and how it is used by us. Additional information about your individual data rights can be found in the Council’s Corporate Privacy Notice on our website at www.croydon.gov.uk/privacy .

What information we hold about you

This may include all or some of the following:

• Your personal details
• Information about other members of your household
• Details of family relationships in and outside of your household
• The names and contact details of your close relatives and/or carers
• Your legal status and documents (e.g. immigration, power of attorney)
• Your accommodation (e.g. type, layout, details of alarms fitted, accessibility)
• Details about your personal care, eating and drinking, practical tasks, physical and emotional well-being, parenting
• Details of any risks
• Whether you need an interpreter or translator
• Any cultural, spiritual or religious beliefs we need to take these into account when providing support
• Your medical history and details of any diagnoses
• Health, social care or other services you are getting
• Goals you wish to achieve relating to your social care needs
• Support provided by any carers or others
• Information about your situation given to us by your family and/or carers
• Information that other organisations (such as health or other care services) tell us to help us understand your situation and needs to co-ordinate your care services more effectively
• Reports relating to your situation and care (e.g. assessments, support plans and reviews)
• Any documents sent to us relating to you
• Records of phone conversations relating to you (e.g. conversations between you or your carer or representative and Adult Social Care staff, or conversations between Council staff and NHS, members of your family/your representative or providers of care).

How we use your information

We use your information to help us to:

• produce statistics and reports to plan our services (e.g. to help decide what support a person needs, how often they need it and when; to support the Council to buy-in appropriate services to meet a person’s needs). Statistics are used in such a way that individuals cannot be identified from them.
• account for our decisions and investigate complaints
• make sure the service you receive is efficient and effective
• meet our statutory obligations including those related to diversity and equalities
• carry out different types of analysis, e.g. price benchmarking, placements and services, and calculation of rates for services
• review the quality of care
• research and plan new services
• identify and protect those at risk of harm or abuse, and ensure compliance with safeguarding adults policies and procedures

Who we share your information with within the Council

Your data is accessed by staff working in Croydon’s Adult Social Care Services which has a number of Services / Teams including:

• Older People Service Teams
• Disability Service Teams
• Adult Safeguarding  Service
• Deprivation of Liberty Safeguards Service
• Hospital Discharge Teams
• Occupational Therapy Service Teams
• Day Service Teams
• Children’s Service Teams
• Integrated Adult Mental Health Service Teams
• Carers Support Services
• Finance Teams

This list is not exhaustive but staff in each area will only access the personal information that is essential to carry out their work and statutory functions but may share data between the respective teams where this is necessary to provide you with services.

Other Council Teams or Services outside of Adult Social Care Services may also have access to your personal information to carry out their statutory roles or support the Teams or Services listed above and may include:

• Complaints Team
• Legal Services Department
• Business Intelligence Team
• Information Management Team
• Corporate Finance Service Teams
• Housing Service Teams
• Welfare Service Teams

Who we share your information with outside the Council

Relevant information about you may be passed to external organisations to arrange support to meet your health and social care needs. The types of organisation we may pass your information to are listed below:

• Your advocate or representative (if you have instructed one)
• Health care professionals including your GP, nurse or hospital consultants
• Mental Health Providers of domiciliary care and supported living care
• Clinical Commissioning Groups are NHS organisations created by legislation to organise the delivery of NHS services in England
• Providers of residential and nursing care services
• Housing landlords and tenancy officers when necessary to provide you with care and support, or to prevent or avoid harm to yourself
• Providers of respite services
• Providers of community services whom the Council has a contract with
• Other Local Authorities if you are placed or is transferred outside of the borough
• Government departments such as the Disclosure and Barring Service and Care Quality Commission
• We also have a legal duties to pass information to third-party organisations such as the Police and/or the Department of Work and Pensions and anti-fraud agencies for the purposes of preventing and detecting crime, or for anti-fraud purposes, or for the protection of public funds.

All organisations we pass your information to will have an information-sharing agreement with us to ensure they meet the standards of the GDPR and the Data Protection Act 2018, and will be covered by a legal basis allowing them to collect, use and share your personal information. In some circumstances, information may be shared with third parties where there is a legal obligation to do so.

Please note we may share your personal information when we feel that the risk is serious and protecting you is more important than protecting your privacy. For example, we may share your information:

• to protect adults who are thought to be at risk if they are frail, confused or cannot understand what is happening to them
• to prevent or investigate a crime
• to protect yourself, or our staff, or the public
• to protect other professionals
• if we are required to do so by any court or law.

If we are worried about your safety and believe we need to take action to protect you from being harmed, we will discuss our concerns with you and, if possible, obtain your permission to disclose this information. We may share this information with third parties if we assess the risk to you or others to be serious.

There may also be situations when the risk to you or others is so great that we believe we need to share your information without delay. If this is the case, we will make sure that we record what information we share and our reasons for doing so. We will also let you know what we have done and why if we think it is safe to do so.

How we keep your information safe and secure

We are committed to ensuring that your information is securely held.

We manage, maintain and protect all information according to legislation, our policies and best practice. All information is stored, processed and communicated in a secure manner. We provide training to staff who handle personal information and how to report and escalate when something goes wrong.  

When we no longer require to keep information about you, we will review it and archive it for any relevant legal retention period and ultimately dispose of it in a secure manner.

Requesting access to your personal data

Under GDPR and the Data Protection Act 2018, you have the right to request access to information that we hold about you. To make a request for your personal information, contact the Council’s Information Management Team at SAR@croydon.gov.uk.

Further information

The GDPR and Data Protection Act 2018 give you a number of rights to control what personal information is used by us and how it is used by us. Information about your individual data rights is listed in the Council’s Corporate Privacy Notice on our website at www.croydon.gov.uk/privacy.

If you have any questions or concerns about the way we collect, store or use your personal information, please contact us in the first instance on 020 8726 6000.

For advice about data protection issues, you can contact the Information Commissioner’s Office (ICO) at www.ico.org.uk.

We reserve the right to amend this Privacy Notice at any time and will keep it under review. If we do make any changes, we will post the current version to our website at this address.

Last updated: July 2023.