Privacy policy
This privacy policy explains how we use any information we collect about you when you visit our web site, including any data you may provide through this website when you complete a request for support or information.
About us
CareFind is hosted by NHS North of England Care System Support (NECS).
For the purposes of the UK General Data Protection Regulation and the Data Protection Act 2018 (together, ”Data Protection Legislation”) the data controller responsible for your personal data is NHS North of England Care System Support (hosted by NHS England), John Snow House, Durham, DH1 3YG (collectively referred to as “NHS North of England Care System Support”, "NECS", "we", "us" or "our" in this privacy policy).
Your privacy is extremely important to us. We only use the information you provide about yourself when using this website to answer your enquiry or to help us to improve our service to you. We do not share this information with any third party except to the extent necessary to answer your enquiry if that enquiry requires the involvement of a third party. We use return email addresses to answer the email we receive. Such addresses are not used for any other purpose and are not shared with outside parties.
The information we collect and how we collect it
We may collect and process the following data about you:
- Information that you provide by filling in forms on our site at www.CareFind.com (our “Website”). This includes information provided when completing our enquiry form or creating an account with us. This may include your name, your organisation’s name, your position, email address, business address and contact telephone number. We may also ask you for information when you report a problem with our site.
- If you contact us, we may keep a record of that correspondence.
- NHS North of England Care System Support may ask you to complete surveys that we use for research purposes, although you do not have to respond to them.
- Details of your visits to our site including, but not limited to, web server statistics, traffic data, location data and details of the web pages and resources that you access.
Site usage
We may collect information about your computer, including where available your IP address, operating system and browser type via the web server log files, for system administration and to analyse aggregate information. This is statistical data about our users’ browsing actions and patterns and does not identify any individual.
How we protect your information
All information you provide to us is stored on our secure servers.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of data that you transmit to our site; any transmission is therefore at your own risk. Once we have received your information, we use strict internal procedures and security features to prevent unauthorised access.
There are facilities within this website which allow you to type in information and send it to NHS North of England Care System Support. You should be aware that such transmissions are not subject to any encryption and could, in theory, be intercepted and read by someone. Therefore, you may wish to avoid including information which you consider to be private. Any information you supply to NHS North of England Care System Support via this website will be handled in accordance with our policies and procedures for data protection.
We also keep your information confidential. The procedures of NHS North of England Care System Support cover the storage, access and disclosure of your information.
How we use your information
We use information held about you in the following ways:
- To provide you with information and services that you request from us. The lawful basis for processing your data is performance of a contract with you.
- To register your account with us. The lawful basis for processing your data is performance of a contract with you.
- To share your information with requested third parties such as care homes to initiate contact with you. The lawful basis for processing your data is performance of a contract with you.
If you do not want us to use your data in this way, please contact us.
Your rights
You have the right to ask us not to process your personal data for marketing purposes. We will obtain your consent (before collecting your data) if we intend to use your data for such purposes by way of your option to “opt-in”. You can also exercise the right at any time by contacting us.
Our site may, from time to time, contain links to and from the websites of our clients and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
Data Protection Legislation gives you the right to access information held about you. We have provided details to these rights at Appendix 1.
You have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK regulator for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO, so please contact us in the first instance.
Your agreement
By submitting your information, you confirm that you accept the use of that information as set out in this policy. If we change our privacy policy, we will post the changes on this page and may place notices on other pages of the website, so that you may be aware of the information we collect and how we use it at all times. Where you have created an account with us or provided an email address, we will also email you should we make any changes to keep you aware of how we use your information and make you aware of your rights to object. Continued use of our website will signify that you agree to any such changes.
We do not transfer your personal data outside the UK.
Keeping information secure and confidential
All staff have contractual obligations of confidentiality, enforceable through disciplinary procedures. All staff receive annual training on confidentiality and security of information.
We take relevant organisational and technical measures to make sure that the information we hold is secure – such as holding information in secure locations, restricting access to information to authorised personnel, secure email systems and ensuring that mobile equipment such as laptops are encrypted.
Retention of information
We retain personal information in accordance with data protection legislation and in line with the NHS Records Management Code of Practice 2021. Retention periods are recorded in our Information Asset Register.
We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.
To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.
Details of retention periods for different aspects of your personal data are available in our retention policy which you can request from us.
Contact details and Data Protection Officer (DPO)
NECS is a hosted organisation therefore we fulfil our requirement for a (DPO) through NHS England’s DPO. NHS England has appointed deputy DPOs within their Commissioning Support Units who have delegated responsibility for some of the NHS England DPO’s functions. The delegated DPO tasks are as follows:
- to inform and advise the controller or the processor and the employees who carry out processing of their obligations under data protection
- to monitor compliance with Data Protection Legislation
- to provide advice regarding Data Protection Impact Assessments
- to cooperate with the Information Commissioner’s Office (ICO) in relation to any serious incident (level 2) resulting in the unlawful loss or disclosure of personal data by the Commissioning Support Unit
- to act as the contact point for the ICO on issues relating to processing, including prior consultation and to consult, where appropriate, with regard to any other matter
The DPO for NECS can be contacted at NECSU.IG@nhs.net.
This policy was last updated in July 2024.
We welcome your views about our website and our privacy policy. If you have any queries or comments, or if any of the information that you have provided to the NHS North of England Care System Support, please contact us.
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.
Appendix 1
Your rights
Right of access to your personal information
We will tell you if we use your personal information, what that information is and why we use it. We will also tell you where we obtained the information from and with whom we share your information. Under this right we also have to tell you how long we intend to keep your information.
You are entitled to obtain a copy of the personal information held about you by NECS. Any request to access or obtain a copy of this information will be considered in line with the data protection legislation. This is generally free of charge unless your request is very complicated and/or unreasonably excessive; if you require further copies of information already provided to you we may charge a reasonable administrative fee.
To make a request for personal information which NECS holds about you as a data controller, for example personnel/employee records email NECSU.IG@nhs.net or write to:
Information Governance Team
John Snow House
University Science Park
Durham
DH1 3YG
Right to rectification
This right allows you to ask for any information you believe to be inaccurate or incomplete to be corrected and completed. We are allowed one month (30 days) from the date of your request in which to perform any such corrections or add supplementary statements.
We will communicate any rectification of information to anyone to whom it has been disclosed unless this is not possible or involves disproportionate effort. We will tell you who those recipients are if you ask us.
Right to erasure
This right is also commonly referred to as the ‘right to be forgotten’. You can request that your information be erased, subject to certain exemptions, if it is no longer needed by us for the original purpose we said we would use it for or if you decide to withdraw your consent or if you object to the use of your information. If it transpires that the information was unlawfully used or is found to infringe the law you can ask for it to be erased. We will erase your information if we have a legal obligation to do so. We will communicate any erasure of information to anyone to whom it has been disclosed unless this is not possible or involves disproportionate effort. We will tell you who those recipients are if you ask us.
Right to restrictions of processing
Restriction means marking information with the aim of limiting its processing in the future. Under this right you can request we restrict information processing for a period of time if you think the information is inaccurate, while we check its accuracy. If the information is found to have been used unlawfully you can ask for it to be restricted instead of being erased. If we no longer need to keep the information but you need us to keep it in connection with a legal claim you are involved with you can ask us to restrict it. You can also ask us to restrict processing if you have previously objected to us processing it whilst we check whether our legitimate reasons for processing it outweigh your right.
Once processing has been restricted, we can start to use the information again only if you have consented to this or where it is in connection with a legal claim or if it is to protect the rights of another person or there is a strong public interest. We will tell you before any restriction we have put in place is lifted.
We will communicate any restriction of processing to anyone to whom it has been disclosed unless this is not possible or involves disproportionate effort. We will tell you who those recipients are if you ask us.
Right to data portability
The purpose of this new right is to give a person more control over their personal information. Data Portability means you have the right to receive a copy of personal information which you have given us in a structured, commonly used, machine-readable format and to have it transferred directly to another ‘controller’ where technically possible. This right only applies to information which is processed by automated means and where you have given consent to the processing or where processing is necessary for the performance of a contract. It does not apply if the processing is needed to comply with a legal obligation, our official duties or is for a task carried out in the public interest. It is therefore unlikely to apply to any of the processing carried out by NECS.
Right to object
You can object to the processing of your personal information if the processing activity is necessary for the performance of a task carried out in connection with our lawful, official duties or those of a third party, or a task carried out in the public interest.
We could refuse to comply with a request only where we could show that there was an overriding legal reason or if we need to process the information in relation to a legal claim.
You also have a separate right to object to processing if it is for direct marketing purposes. We do not use your information in this way but if we did we would tell you about it.
This right also includes a specific right to object to research uses except where this is done in the public interest.
Automated decision-making, including profiling
Profiling means any form of automated processing (i.e. processed by a computer and not a human being) of personal information used to analyse, evaluate or predict things about someone; this can include things like someone’s health, personal preferences, interests, economic situation, reliability, performance at work behaviour, location or movements.
Under this right you can ask not to be subject to a decision made solely by automated means, including any profiling, which affects you in a legal way or has a similar significant effect. Automated decision-making and profiling is not allowed if it involves certain types of information; these ‘special categories’ of information are deemed to carry more sensitivity therefore we cannot use your health information for automated decision-making or profiling unless we have your explicit consent or there is substantial public interest allowing us to do so.
We currently do not carry out any automated decision-making, including profiling.
Cookie policy
To comply with the UK General Data Protection Regulation, Data Protection Act 2018 and the Privacy and Electronic Communications (EC Directive) (Amendment) Regulations 2003 (SI 2003/2426) we are required to tell you about the cookies used on this website.
We use cookies only because we want you to find the information you need as quickly and easily as possible.
A cookie is a small text file that is placed on your computer when you visit a website. Cookies help websites function usefully and can provide information to website owners.
Cookies do not place viruses on your computer and cannot run programs.
Our cookies do not provide us with any private or personally identifiable information about you. All data that is gathered is anonymous.
We use the following cookies:
- Strictly necessary cookies. These are cookies that are required for the operation of our website. These essential cookies are always enabled because our website won’t work properly without them. They include, for example, cookies that enable you to log into secure areas of our website, use a shopping cart or make use of e-billing services. You can switch off these cookies in your browser settings but you may then not be able to access all or parts of our website.
- Analytical or performance cookies. These allow us to recognise and count the number of visitors and to see how visitors move around our website when they are using it. This helps us to improve the way our website works, for example, by ensuring that users are finding what they are looking for easily.
Your web browser gives you the ability to accept or decline cookies. Generally, web browsers automatically accept cookies, but you can modify your browser settings to decline cookies if you prefer. However, if you choose to decline cookies, some useful features of this website will not work.
For example, there is the option to view this website as text only, with no graphics. The ‘useTextOnly’ and ‘setString’ cookies remember that you have chosen to view this site with no graphics. If you choose to decline cookies you will have to select the text only option every time you view a new page.
You can find out more about cookies, including how to see what cookies have been set and how to manage and delete them, at www.allaboutcookies.org
We do not share the information collected by the cookies with any third parties.
Except for essential cookies, all cookies will expire after 365 days.