(GDPR) Privacy Notice
General Data Protection Regulation (GDPR) Privacy Notice
1. Business details
This is the privacy notice of Autonomy Care Group Limited.
Our registered office is at 67 Roundpond, Melksham, Wiltshire SN12 8EB.
Each of our services within the Autonomy Care Group Limited are registered as independent companies:
Autonomy Care Limited has an operational office at 67 Roundpond, Melksham, Wiltshire SN12 8EB that runs services to people in their own homes.
Autonomy Life Limited has three residential homes. These are situated at:
- The Willows, 72 Boreham Road, Warminster, Wiltshire, BA12 9JN,
- Willow View, 63b Boreham Road, Warminster, Wiltshire, BA12 9JX
- The Oaks, 165 Worcester Road, Malvern, Worcestershire, WR14 1ET that supplies housing and personal care.
Autonomy Plus Limited is a home for children and young adults which is situated at Haresfield, Corsham Road, Lacock, Wiltshire, SN15 2ND
2. Aims of this notice
We have issued this notice to describe how we handle personal information that we hold about our service users, staff and job applicants.
We respect the privacy rights of individuals and are committed to handling personal information responsibly and in accordance with applicable law. This notice sets out the personal data that we collect and process, the purposes of the processing and the rights that you have in connection with it.
3. What personal information we collect about: a) service users b) employees and c) third parties
We hold personal data on all our service users and employees to meet legal obligations and to perform vital internal functions. This notice details the personal data we may retain and process relating to your employment and vital business operations. We are committed to ensuring that your information is secure, accurate and relevant. To prevent unauthorised access or disclosure, we have implemented suitable procedures to safeguard and secure personal data we hold. All personal data will be stored in accordance with applicable laws and kept for as long as needed to carry out the purposes described in this notice or as otherwise required by law. Types of personal information we may process include, but are not limited to:
- Service users. As a registered care provider, we must collect some personal information on our service users, including financial information, which is essential to our being able to provide effective care and support. The information is contained in individual files (manual and electronic) and other record systems, all of which are subject to strict security and authorised access policies. Personal information that becomes inactive, eg from enquiries or prospective users who do not enter the service is also kept securely for as long as it is needed, before being safely disposed of.
- Employees and volunteers. The service operates a safe recruitment policy to comply with the regulations in which all personal information obtained, including CVs and references, is, like service users’ information, securely kept, retained and disposed of in line with data protection requirements. All employees are aware of their right to access any information about them.
- Third parties. All personal information obtained about others associated with the delivery of the care service, including contractors, visitors, etc will be protected in the same ways as information on service users and employees.
- Sensitive Personal Data. This includes any information that reveals your racial or ethnic origin, religious, political or philosophical beliefs, genetic data, biometric data for the purposes of unique identification, trade union membership, or information about your health/sex life. We may need to collect some sensitive personal information for legitimate employment-related purposes, for example:
- Data relating to your racial/ethnic origin, gender and disabilities for the purpose of equal opportunities monitoring, to comply with anti-discrimination laws and for government reporting obligations.
- Data relating to your physical or mental health to provide work-related accommodations, health and insurance benefits to you and your dependants and to manage absences from work.
4. How we collect information
The bulk of service users’, employees’ and thirds parties’ personal information is collected directly from them or through form filling, mainly manually, but also electronically for some purposes, eg when contacting the service through its website.
With service users, we might continue to build on the information provided in enquiry and referral forms, and, for example, from needs assessments, which feed into their care and support plans. We also use Caredocs, Quikplan, Quickbooks for financial purposes.
With employees, personal information is obtained directly and with consent through such means as references, testimonials and criminal records (DBS) checks. When recruiting staff, we seek applicants explicit consent to obtain all the information needed for us to decide to employ them. We also use Quikplan, Quickbooks and Brightpay for financial purposes.
All personal information obtained to meet our regulatory requirements will always be treated in line with our explicit consent, data protection and confidentiality policies.
Any processing based on consent will be made clear at the time of collection or use - consent can be withdrawn at any time by contacting the HR Department.
Our website and databases are regularly checked by experts to ensure they meet all privacy standards and comply with our general data protection security and protection policies.
5. What we do with personal information
All personal information obtained on service users, employees and third parties is used only to ensure that we provide a service, which is consistent with our purpose of providing a person-centred care service, which meets all regulatory standards and requirements. It will not be disclosed or shared for any other purpose.
We process our employees’ personal information through Atlas, which is a tool that helps us to administer HR which allows staff members to manage their own personal information in some cases. This is provided by Citation who utilise third-party servers via Microsoft Azure to hold its HR System data and other business services; these are both based in the United Kingdom and have been assessed against stringent security requirements to ensure that all appropriate security controls are in place to protect personal information.
Personal data, images and videos will be used for marketing purposes; this could be used for, but not limited to, print and digital media formats including print publications, websites, e-marketing, posters, banners, advertising, film, social media platforms, support planning and research purposes. Personal data will refer to employees either by first or full name and service users / family members by first name only, publications / posts may include but not limited to birthdays, appreciation and shout outs, long service awards, new starters and leavers.
Signed: Trina Carey
Date: Monday 8th June 2020
Policy review date: June 2021