website privacy and cookies policy and procedure

Section 1 - Policy

1.1 Bespoke Health & Social Care understands that if it operates a website, it may need to update its Privacy Policy to ensure that it is compliant with GDPR. Bespoke Health & Social Care will use this Privacy Policy as a template for its updated version. Bespoke Health & Social Care understands that this Privacy Policy only needs to be uploaded by Bespoke Health & Social Care to its website if it collects personal data via its website. Bespoke Health & Social Care will use the template Fair Processing Notice to inform all other Data Subjects, including Clients, about how Bespoke Health & Social Care processes personal data other than personal data collected via the website.

1.2 Bespoke Health & Social Care understands that the form found within the forms section of the GDPR suite of policies in the QCS management system constitutes the template Privacy Policy. Bespoke Health & Social Care understands that terms in square brackets are optional (depending on whether they apply to Bespoke Health & Social Care or not) or require completion by Bespoke Health &Social Care. Bespoke Health & Social Care will review the Privacy Policy in its entirety to determine which elements are applicable to its website, and which are not relevant.

For example:

• If the template Privacy Policy refers to personal data that is not collected by Bespoke Health & Social Care via its website, Bespoke Health & Social Care will delete references to such personal data

• If the website of Bespoke Health & Social Care does not use cookies, Bespoke Health & Social Care will delete references to cookies and the Cookie Policy at Bespoke Health & Social Care

• If Bespoke Health & Social Care does not transfer personal data outside of the EEA, Bespoke Health & Social Care will delete the section entitled "Where we store your personal data"

• If Bespoke Health & Social Care is not required to appoint a Data Protection Officer, Bespoke Health & Social Care will delete references to the Data Protection Officer or will consider replacing references to the Data Protection Officer with references to the Privacy Officer at Bespoke Health & Social Care or other person nominated to have day-to-day responsibility for data protection and GDPR

• If Bespoke Health & Social Care uses personal data collected via its website in a way that is not described in the Privacy Policy, it will consider incorporating additional sections

• This Privacy Policy directs users to a webpage with a contact form or contact details if they wish to contact Bespoke Health & Social Care. Bespoke Health &Social Care will consider whether to provide an alternative contact method instead, such as an email address and/or phone number

• If Bespoke Health & Social Care has any concerns or queries in respect of the template Privacy Policy, it will seek legal advice

1.3 GDPR has changed the way cookies should be incorporated into websites which means that Bespoke Health & Social Care must explain what cookies will be set and what the cookies will do to the users of its website. Bespoke Health & Social Care must obtain consent from individuals to store certain cookies on devices. Cookies that are not strictly necessary need consent which is GDPR compliant which means that Bespoke Health & Social Care can no longer rely on implied consent. Bespoke Health & Social Care will ensure that it uses a cookie banner on its website to obtain consent to the use of cookies in line with this policy and that if no consent is obtained, no cookies will be set.

1.4 Bespoke Health & Social Care must, therefore, update its processes for collecting consent for cookies. In practice, this means:

• Users must take a clear and positive action to consent to non-essential cookies

• The websites and apps of Bespoke Health & Social Care must tell users clearly what cookies will be set and what they do, including any third-party cookies

• Pre-ticked boxes or any equivalents, such as sliders defaulted to “on”, cannot be used for non- essential cookies.

• The users at Bespoke Health & Social Care must have control over any non-essential cookies

• Non-essential cookies must not be set on landing pages before you gain the user’s consent. Consent is not required for cookies that are defined as “strictly necessary” or that fall within the communication exemption. “Strictly necessary” cookies are those that are essential to providing the service requested by the user. Such cookies must be essential to fulfil their request. Those that are simply helpful or convenient, but not essential, or that are essential for the purposes of Bespoke Health & Social Care, will still require consent. The communication exemption is about the transmission of a communication over an electronic communications network. For the exemption to apply, the transmission of the communication must be impossible without the use of the cookie. Simply using a cookie to assist the communication is insufficient for the exemption to apply.

Bespoke Health & Social Care must note, in particular, that cookies used for analytical purposes or those used for marketing and advertising will always need consent as they are considered to be non-essential.

This guidance may change as the latest draft legislation is subject to some challenges on this point. Bespoke Health & Social Care must read the ICO’s cookie guidance available at: https://ico.org.uk/for-organisations/guide-to-pecr/cookies-and-similar-technologies/ for further information on the types of cookies that require consent.

Section 2 –Procedure

2.1 Bespoke Health & Social Care will consider whether or not it collects personal data via its website (for example, via enquiry forms, requests to be sent newsletters, requests for provision of services) and whether it needs a Privacy Policy. Bespoke Health & Social Care acknowledges that the use of cookies constitutes processing of personal data via the website.

2.2 Bespoke Health & Social Care will review the template Privacy Policy. Bespoke Health & Social Care will adapt the Privacy Policy before uploading it to its website to ensure that all aspects of the Privacy Policy are relevant and reflect the ways in which Bespoke Health & Social Care processes personal data collected via its website. Where Bespoke Health & Social Care has any concerns or queries in relation to its own Privacy Statement, Bespoke Health & Social Care will seek legal advice.

2.3 Bespoke Health & Social Care will use the template Fair Processing Notice to informall other Data Subjects, including Clients, about how Bespoke Health & Social Care processes personal data other than personal data collected via the website. 

Contact Us