Synapse256 Privacy Policy
Please note that if you access our service using your NHS login details, the identity verification services are managed by NHS England. NHS England is the controller for any personal information you provided to NHS England to get an NHS login account and verify your identity, and uses that personal information solely for that single purpose.
For this personal information, our role is a “processor” only and we must act under the instructions provided by NHS England (as the “controller”) when verifying your identity.
To see NHS login’s Privacy Notice and Terms and Conditions, please click here. This restriction does not apply to the personal information you provide to us separately.
​
​
1.Introduction
-
This is the Synapse256 Ltd Privacy Notice. Synapse256 is a private limited company registered with companies house with the company number 14823535 (hereafter referred to as "us", "we", or "our").
-
As part of the services we offer, we are required to process personal data about our staff, our service users and, in some instances, the friends or relatives of our service users and staff. “Processing” can mean collecting, recording, organising, storing, sharing or destroying data.
-
We are committed to being transparent about why we need your personal data and what we do with it. This information is set out in this privacy notice. It also explains your rights when it comes to your data.
-
If you have any concerns or questions please contact us: info@synapse256.co.uk
2.Service Users
-
What data do we have?
-
So that we can provide a safe and professional service, we need to keep certain records about you. We may process the following types of data:
-
Your basic details and contact information e.g. your name, address, date of birth and next of kin;
-
Your financial details e.g. details of how you pay us for the services we provide
-
-
We also record the following data which is classified as “special category”:
-
Health and social care data about you, which might include both your physical and mental health data.
-
We may also record data about your race, ethnic origin, sexual orientation or religion.
-
Synapse256 collects personal data about users which:
-
The customer provides directly to Synapse256 in order to use Synapse256 products or services;
-
is provided by the data controller of the customer’s health care record, such as a GP practice for a patient, through a data sharing agreement/contract is in the public domain.
-
-
-
Why do we have this data?
-
We need this data so that we can provide high-quality care and support. By law, we need to have a lawful basis for processing your personal data.
-
We process your data because:
-
We have a legal obligation to do so – generally under the Health and Social Care Act 2012 or Mental Capacity Act 2005.
-
-
We process your special category data if we have a lawful basis for doing so, eg it is necessary for the performance of the employment contract; and one of the following special conditions for processing personal information applies:
-
the data subject has given explicit consent.
-
processing is necessary for the purposes of exercising the employment law rights or obligations of the Company or the data subject.
-
the processing is necessary to protect the data subject’s vital interests, and the data subject is physically incapable of giving consent.
-
processing relates to personal data which are manifestly made public by the data subject.
-
the processing is necessary for the establishment, exercise, or defence or legal claims; or
-
processing is necessary for reasons of substantial public interest.
-
-
We may also process your data with your consent. If we need to ask for your permission, we will offer you a clear choice and ask that you confirm to us that you consent. We will also explain clearly to you what we need the data for and how you can withdraw your consent at any time.
-
-
Where do we process your data?
-
So that we can provide you with high quality care and support we need specific data. This is collected from or shared with:
-
You or your legal representative(s);
-
Third parties.
-
-
We may do this face to face, via phone, via email, via our website, via post, via application forms or via apps depending on the specific need or situation.
-
Third parties are organisations we might lawfully share your data with. These include:
-
Other parts of the health and care system such as local hospitals, the GP, the pharmacy, social workers, clinical commissioning groups, and other health and care professionals;
-
The Local Authority;
-
Organisations we have a legal obligation to share information with i.e. for safeguarding, the CQC;
-
The police or other law enforcement agencies if we have to by law or court order.
-
-
3.Staff
-
What data do we have?
-
So that we can provide a safe and professional service, we need to keep certain records about you. We may record the following types of data:
-
Your basic details and contact information e.g. your name, address, date of birth, National Insurance number and next of kin;
-
Your financial details e.g. details so that we can pay you, insurance, pension and tax details;
-
Your training records.
-
-
We also record the following data which is classified as “special category”:
-
Health and social care data about you, which might include both your physical and mental health data – we will only collect this if it is necessary for us to know as your employer, e.g. fit notes or in order for you to claim statutory maternity/paternity pay;
-
-
As part of your application you may – depending on your job role – be required to undergo a Disclosure and Barring Service (DBS) check (Criminal Record Check). We do not keep this data once we’ve seen it.
-
-
Why do we have this data?
-
We require this data so that we can contact you, pay you and make sure you receive the training and support you need to perform your job. By law, we need to have a lawful basis for processing your personal data.
-
We process your data because :
-
We have a legal obligation under UK employment law;
-
We are required to do so in our performance of a public task;
-
-
We process your special category data because
-
It is necessary for us to process requests for sick pay or maternity pay.
-
-
If we request your criminal records data it is because we have a legal obligation to do this due to the type of work you do. This is set out in the Data Protection Act 2018 and the Rehabilitation of Offenders Act 1974 (Exceptions) Order 1975. We do not keep a record of your criminal records information (if any). We do record that we have checked this.
-
We may also process your data with your consent. If we need to ask for your permission, we will offer you a clear choice and ask that you confirm to us that you consent. We will also explain clearly to you what we need the data for and how you can withdraw your consent.
-
-
Where do we process your data?
-
As your employer we need specific data. This is collected from or shared with:
-
You or your legal representative(s);
-
Third parties.
-
-
This could be face to face, via phone, via email, via our website, via post or via application forms.
-
Third parties are organisations we have a legal reason to share your data with. These include:
-
Her Majesty’s Revenue and Customs (HMRC);
-
Our pension and healthcare schemes (if applicable)
-
Organisations we have a legal obligation to share information with i.e. for safeguarding, the CQC;
-
The police or other law enforcement agencies if we have to by law or court order.
-
The DBS Service
-
-
4.Friends / Relatives
-
What data do we have?
-
As part of our work providing high-quality care and support, it might be necessary that we hold the following information on you:
-
Your basic details and contact information e.g. your name and address.
-
-
-
Why do we have this data?
-
By law, we need to have a lawful basis for processing your personal data.
-
We process your data because we have a legitimate business interest in holding next of kin and lasting power of attorney information about the individuals who use our service and keeping emergency contact details for our staff.
-
We may also process your data with your consent. If we need to ask for your permission, we will offer you a clear choice and ask that you confirm to us that you consent. We will also explain clearly to you what we need the data for and how you can withdraw your consent.
-
-
Where do we process your data?
-
So that we can provide high quality care and support we need specific data. This is collected from or shared with:
-
You or your legal representative(s);
-
-
We do this face to face, via phone, via email, via our website, via post, via application forms, via apps.
-
Third parties are organisations we have a legal reason to share your data with. These may include:
-
Other parts of the health and care system such as local hospitals, the GP, the pharmacy, social workers, and other health and care professionals;
-
The Local Authority;
-
The police or other law enforcement agencies if we have to by law or court order.
-
-
5.Our website
-
In order to provide you with the best experience while using our website, we may, in future, process some data about you; however, this will be reflected in the privacy policy beforehand.
6.Your rights
-
The data that we keep about you is your data and we ensure that we keep it confidential and that it is used appropriately. You have the following rights when it comes to your data:
-
You have the right to request a copy of all of the data we keep about you. Generally, we will not charge for this service;
-
You have the right to ask us to correct any data we have which you believe to be inaccurate or incomplete. You can also request that we restrict all processing of your data while we consider your rectification request;
-
You have the right to ask that we erase any of your personal data which is no longer necessary for the purpose we originally collected it for. We retain our data in line with the Information Governance Alliance’s guidelines (https://digital.nhs.uk/data-and-information/looking-after-information/data-security-and-information-governance/codes-of-practice-for-handling-information-in-health-and-care/records-management-code-of-practice-for-health-and-social-care-2016)
-
7.Approval
-
This policy has been approved by Synapse256 Ltd, and will be reviewed annually.