Who we are

Our website address is: https://adefey.co.uk.

To ensure that ADEFEY GROUP LTD seeks consent from the Data Subject in a way that is UK GDPR compliant.
To ensure that when ADEFEY GROUP LTD seeks to obtain consent, ADEFEY GROUP LTD follows the Mental Capacity Act 2005 and Code of Practice where Service Users lack
To support ADEFEY GROUP LTD in meeting the following Key Lines of Enquiry:

Key Question                        Key Lines of Enquiry

 

 

WELL-LED

 W2: Does the governance framework ensure that responsibilities are clear and that quality performance, risks and regulatory requirements are understood and managed?
 

WELL-LED

 W3: How are the people who use the service, the public and staff engaged and involved?

 

  • To meet the legal requirements of the regulated activities that {ADEFEY GROUP LTD} is registered to provide:
    • HSCA 2008 (Regulated Activities) Regulations 2014
    • Mental Capacity Act 2005
    • Mental Capacity Act Code of Practice
    • Data Protection Act 2018
    • UK GDPR
  • The following roles may be affected by this policy:
    • All staff
  • The following Service Users may be affected by this policy:
    • Service Users
  • The following stakeholders may be affected by this policy:
    • Family
    • Advocates
    • Representatives
    • Commissioners
    • External health professionals
    • Local Authority
    • NHS

 

3.1 To ensure that ADEFEY GROUP LTD obtains appropriate and UK General Data Protection Regulation (UK GDPR) compliant consent from Data Subjects, including Service Users, where consent is necessary.

  • ADEFEY GROUP LTD understands that it may be able to rely on a ground other than consent under UK GDPR, such as legitimate interest, fulfilment of a contract, or the processing of special categories of data for the provision of health or social care or treatment, or the management of health or social care systems and services. ADEFEY GROUP LTD will review the guidance note entitled "GDPRG04 - Processing Personal Data" for more information about the grounds for processing under UK
  • ADEFEY GROUP LTD understands that if it is required to seek consent from Data Subjects,

including Service Users, such consent should be freely given and ADEFEY GROUP LTD will clearly explain the processing that it intends to carry out in respect of the personal data.

  • ADEFEY GROUP LTD understands that under UK GDPR, consent has to be:
  • Explicit - consent requires a very clear and specific statement of consent
  • Separate from other terms and conditions
  • Specific and ‘granular’ so that ADEFEY GROUP LTD gets separate consent for separate things. Vague or blanket consent is not enough
    • ADEFEY GROUP LTD understands that it must take extra care when processing personal data about children. ADEFEY GROUP LTD recognises that UK GDPR does not specify an age at which children are deemed to be able to consent to their personal data being processed under UK GDPR (except where online services are being provided to a child, in which case a child can provide their consent at the age of 13).
    • ADEFEY GROUP LTD shall seek consent in line with any relevant provisions in the data protection legislation and shall ensure that the ways in which it obtains consent from a child are appropriate. For example, ADEFEY GROUP LTD will obtain consent using language that is appropriate and easily understood by the child, taking into account the child's age and ability and the type of personal data being processed.

 

  • ADEFEY GROUP LTD will use the template forms provided if ADEFEY GROUP LTD determines that it is required to seek consent from Data Subjects, including Service Users, to process their personal data under UK GDPR. If ADEFEY GROUP LTD is uncertain as to whether consent is necessary or it is able to rely on an alternative ground, it will seek further
  • ADEFEY GROUP LTD will ensure that it uses the appropriate form, bearing in mind whether the Data Subject has capacity or lacks
  • ADEFEY GROUP LTD will ensure that, where children's services are provided or activities are undertaken where children might be present or involved, parental/guardian consent is obtained in advance. This would include situations such as social events where photographs might be

 

6.1  Information Commissioner's Office

  • The UK's independent authority set up to uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals

6.2  Data Subject

  • The individual about whom ADEFEY GROUP LTD has collected personal data

6.3  Personal Data

  • Any information about a living person including but not limited to names, email addresses, postal addresses, job roles, photographs, CCTV and special categories of data, defined below

6.4  Process or Processing

  • Doing anything with personal data, including but not limited to collecting, storing, holding, using, amending or transferring it. You do not need to be doing anything actively with the personal data – at the point you collect it, you are processing it

6.5  Special Categories of Data

  • Has an equivalent meaning to “Sensitive Personal Data” under the Data Protection Act 1998. Special categories of data include but are not limited to medical and health records (including information collected as a result of providing health care services) and information about a person’s religious beliefs, ethnic origin and race, sexual orientation and political views

6.6  Data Protection Act

  • The Data Protection Act 2018 implements GDPR in the UK

6.7  UK GDPR

  • The UK GDPR is the retained EU law version of GDPR that forms part of English law
  • General Data Protection Regulation (GDPR) (EU) 2016/679 is a regulation in EU law on data protection and privacy for all individuals within the European Union. It was adopted on 14 April 2016 and after a two-year transition period became enforceable on 25 May 2018. References to GDPR include references to the UK GDPR

 

Professionals providing this service should be aware of the following:

  • Personal data is any information that identifies someone or, in some cases, information that is about a person such as an opinion. It includes someone's name, email address, postal address, job role, photographs, CCTV and more sensitive personal data includes types of information such as medical and health records, care plans, information about religious beliefs, origin and race, someone's sexual orientation or political views
  • The forms attached to this policy should be used if consent needs to be obtained from a Data Subject, including Service Users

 

People affected by this service should be aware of the following:

  • This form will be used by ADEFEY GROUP LTD to obtain your consent to ADEFEY GROUP LTD processing your personal data where consent is required under UK GDPR

There is no further reading for this policy, but we recommend the 'underpinning knowledge' section of the review sheet to increase your knowledge and understanding.

To be ‘ outstanding ’ in this policy area you could provide evidence that:

  • ADEFEY GROUP LTD conducts data privacy impact assessments in respect of the ways consent is obtained, particularly if consent is being provided by a child
  • ADEFEY GROUP LTD carefully considers whether consent is the appropriate ground for processing personal data and documents its decision and the rationale behind it
  • The wide understanding of the policy is enabled by proactive use of the QCS App

The following forms are included as part of this policy:

 

Title of form

 When would the form be used?  

Created by
UK GDPR Consent Authorisation Form - Person with Capacity - GDPR10  

When the person has capacity to give consent.

  

QCS
UK GDPR Consent Authorisation Form - Person Lacking Capacity

- GDPR10

  

When the person does not have capacity to give consent.

  

QCS