
Living with Motor Neurone Disease (MND)
Living with Motor Neurone Disease (MND) The diagnosis of Motor Neurone Disease [...]
You currently have JavaScript disabled. This site requires JavaScript to be enabled. Some functions of the site may not be usable or the site may not look correct until you enable JavaScript. You can enable JavaScript by following this tutorial. Once JavaScript is enabled, this message will be removed.
Complete Care Agency Ltd is registered with the Information Commissioners Office (ICO) under the provisions of the Data Protection Act 1998. The Company takes its responsibilities under the Act very seriously. This policy and procedures provides details of how Complete Care Agency collects and uses information about you.
For more general information about how we use your information, please refer to our Company Website – https://completecareagency.co.uk/
We ask that you read this document carefully, as it contains important information on how and why we collect, store, use and share personal information, your rights in relation to your personal information; and on how to contact us and other organisations in the event you have a complaint.
You may also be interested in our;
Introduction
In order to identify, select, train and recruit new employees we collect and process personal information about you.
Personal information means any information about you from which you can be identified, but it does not include information where your identity has been removed (anonymous data).
As the ‘controller’ of personal information, we are responsible for how that data is managed. The General Data Protection Regulation (GDPR), which applies in the United Kingdom and across the European Union, sets out our obligations to you and your rights in respect of how we manage your personal information.
As the ‘controller’ of your personal information, we will ensure that the personal information we hold about you is:
This document provides the information as required by GDPR under your right to be informed.
Security of data
All personal data must be kept:
Responsibilities of Management and Data Users
All management and data users have a responsibility to ensure compliance with the GDPR, the DPA and this policy, and to develop and encourage good information handling practices within their areas of responsibility. All users of personal data within Complete Care Agency have a responsibility to ensure that they process the data in accordance with the Principles and the other conditions set down in the legislation.
Personal data we process
In our role as an employer, and because of the nature of our business, we process a number of different categories of data from our employees during and after your working relationship with us. This includes:
What information does the Company collect?
We may also collect, store and use the following “special categories” of more sensitive personal information including:
Purposes of processing your personal information
In order to employ and support you during your employment with Complete Care Agency we will process personal data.
Purpose of processing | Examples |
Maintaining employee files | • Records of recruitment with Complete Care Agency including application forms, CV’s, interview assessments and references; • To maintain accurate and up to date personal details; • Managing training and development needs, delivering or arranging training and assessing competencies; • To receive and record records of absence; • To record performance management activities; • To record and manage statutory meetings including communication with our employees (including disciplinary or grievance and investigations); • To process and maintain up to date criminal conviction and caution information (CRB checks), where relevant to your role; • To receive and process records of resignation from employment with Complete Care Agency. |
Finance and Payroll | • To record and process payroll for employees, including tax, NI, Pension, SSP, SMP and any bonus allowances; • To record and process expense payments for employees. |
Provision of service | • Providing access to company equipment and facilities (including phones, IT equipment) and; • To issue and renew ID badges to all relevant employees; • The provision of care (including covering placements, communication, annual leave and shift rostering records, training and competency assessment, reporting incidents); • The provision of service (including arranging travel and accommodation, records, communication). |
Investigations and regulatory compliance | • To receive, record and process notifications, accidents and incidents as required with the appropriate external regulators (including RIDDOR, CQC, CIW); • To receive, record and investigate complaints received about the service; • To monitor and ensure compliance with National Minimum Wage Standards; • To register a manager or location and to make changes to registered managers or locations with our regulators; • To receive, record and process insurance claims; |
Reporting and business analysis | • To conduct and support internal and external audits; • To monitor and report on the performance of the business and compliance; • To send, receive and analyse employee feedback. |
Who has access to your personal data
In order to operate our business and run our recruitment we rely on third parties to provide specialist support to us. To provide this support they will have access to, or a duty of care over your personal information. These third parties are:
We will share relevant information within Complete Care Agency during and after your employment where this is necessary, and in line with our purpose for processing.
Due to the nature of our business and the service we provide we may share minimal personal data with our customers to enable the safe and effective delivery of care, for example we may share your name with a customer who you have agreed to work with.
We will not share, sell or trade your personal information with any other third party without your consent, unless there is a legal reason to do so.
International transfer
All your personal data is stored and processed on systems that are within the European Economic Area (EEA) and offer the same level of legal protection and rights over your data.
In certain situations, we transfer your personal information to the following countries which are located outside the European Economic Area (EEA):
This will be for the purposes of communicating with you about your employment and the services we provide while you are outside of the UK.
This international transfer is under Article 49(1)(b) – the transfer is necessary for the performance of a contract between the data subject and the controller. Such countries do not have the same data protection laws as the United Kingdom and EEA. Any transfer of your personal information will be subject to appropriate or suitable relevant safeguards that are designed to help safeguard your privacy rights and give you remedies in the unlikely event of a misuse of your personal information.
Transfers of Personal Data Outside the EEA
Personal data can only be transferred out of the European Economic Area when there are safeguards in place to ensure an adequate level of protection for the data. For transfers of personal data to a receiving party in the United States of America, the Privacy Shield Agreement between the European Union and the United States of America provides sufficient protection. Before transferring data, the Privacy Shield website should be consulted to determine whether the receiving party is on the Privacy Shield List. Staff involved in transferring personal data to other countries must ensure that an appropriate safeguard is in place before agreeing to any such transfer.
Retention and disposal
Complete Care Agency discourages the retention of personal data for any longer than necessary. Considerable amounts of data are collected, and some data will be kept for longer periods than others, however every effort should be made to review the need to keep it and safely dispose of data as soon as possible.
CCTV
Monitoring and Recording
Legal basis for processing
We rely on the following grounds within the GDPR:
GDPR recognises that additional care is required when processing special category (sensitive) data such as your health. We process this under the following grounds within GDPR:
Data breaches
Your rights
Under the GDPR you have important rights free of charge. In summary, those include rights to:
Subject access requests
To make a subject access request, the individual should send the request to data@completecareagency.com or use the Company’s form for making a subject access request. In some cases, the Company may need to ask for proof of identification before the request can be processed. The organisation will inform the individual if it needs to verify his/her identity and the documents it requires.
The Company will normally respond to a request within a period of one month from the date it is received. In some cases, such as where the Company processes large amounts of the individual’s data, it may respond within three months of the date the request is received. The Company will write to the individual within one month of receiving the original request to tell him/her if this is the case.
If a subject access request is manifestly unfounded or excessive, the Company is not obliged to comply with it. Alternatively, the Company can agree to respond but will charge a fee, which will be based on the administrative cost of responding to the request. A subject access request is likely to be manifestly unfounded or excessive where it repeats a request to which the Company has already responded. If an individual submits a request that is unfounded or excessive, the Company will notify him/her that this is the case and whether or not it will respond to it.
Your duty to inform us of changes
It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes during your working relationship with us. Under certain circumstances, by law you have the right to:
If you would like to exercise any of these rights, please contact the HR department.
If you believe that the Company has not complied with your data protection rights, you can complain to the Information Commissioner.
For further information on each of those rights, including the circumstances in which they apply, see the Guidance from the UK Information Commissioner’s Office (ICO) on individuals’ rights under the GDPR.
Keeping your personal information secure
The confidentiality and security of your information is of paramount importance to us. We have appropriate organisational and technical security measures in place to prevent personal information from being accidentally lost, or used or accessed in an unauthorised way. We limit access to your personal information to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.
We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
If you want detailed information from Get Safe Online on how to protect your information and your computers and devices against fraud, identity theft, viruses and many other online problems, please visit www.getsafeonline.org. Get Safe Online is supported by HM Government and leading businesses.
Right to complain
If at any time you feel that we have failed to safeguard your information appropriately you have the right to complain. In the first instance we would ask you to contact us and allow us to investigate and identify any issues you have by contacting us below.
How to complain
We hope that we can resolve any query or concern you raise about our use of your information. The GDPR also gives you right to lodge a complaint with a supervisory authority, in particular in the European Union (or European Economic Area) state where you work, normally live or where any alleged infringement of data protection laws occurred. The supervisory authority in the UK is the Information Commissioner who may be contacted at ico.org.uk/concerns/ or by phoning 0303 123 1113.
You can contact us by;
Online; https://completecareagency.co.uk/
Email; data@completecareagency.com
Post; 1 Airport West, First Floor, Lancaster Way,Leeds LS19 7ZA
Telephone; 0333 200 0441
If you would like to exercise any of those rights, please:
Review of this Policy;
Date: 19 February 2019
This policy will be reviewed every 3 years, or earlier as required.