Fair Processing Notice of Fox Care Ltd
Our Fair Processing Notice describes the categories of personal data we process and for what purposes. We are committed to collecting and using such data fairly and in accordance with the requirements of the General Data Protection Regulations (GDPR) and any related UK legislation.
You can find out more here about your privacy rights and how we gather, use and share your personal information. That includes the personal information we already hold about you now and the further personal information we might collect about you, either from you or from a third party. How we use your personal information will depend on the services we provide to you.
If you have any queries regarding our use of your personal information, please contact us at firstname.lastname@example.org or by post at Data Protection Officer, Jordanhill Care Home, 533 Anniesland Road, Jordanhill, Glasgow G13 1TP.
This Privacy Notice provides up to date information about how we use your personal information and will update any previous information we have given you about using your personal information (also referred to as personal data).
We are the controller of your personal information under the data protection legislation, unless otherwise stated in this privacy notice.
Your Privacy Rights
You can exercise any of your rights by writing to us at: Data Protection Officer, Jordanhill Care Home, 533 Anniesland Road, Jordanhill, Glasgow G13 1TP or by email to Admin@foxcare.co.uk
Any requests received by us will be considered under applicable data protection legislation. If you remain dissatisfied, you have a right to raise a complaint with the Information Commissioner's Office at www.ico.org.uk.
Right to be informed
We will use this Fair Processing Notice to inform you about the collection and use of your personal data.
Right to access
You have a right to request access to the personal information that we hold about you by making a "subject access request".
Right of rectification
If you believe that any of your personal information is inaccurate or incomplete, you have a right to request that we correct or complete your personal information.
Right of erasure
If you wish us to delete your personal information, you may request that we do so.
Right to restrict processing
You have a right to request that we restrict the processing of your personal information for specific purposes.
Right to object
You have a right to object to us processing your personal data in certain circumstances.
What kinds of personal information we use.
We use a variety of personal information depending on the services we deliver.
In all cases, we need to use your name, address, contact details and information to allow us to correspond with you and provide our services. The types of personal data we may use include:
In all cases, we need to use your name and contact details including postal address, e-mail address and phone number.
Information relating to financial status or position
We may hold information on your financial status in connection with funding of residency and care costs for residents, which may include their family members if relevant for payment.
Information relating to payments
Funds received from or in relation to your account (e.g. to pay for services).
We do not store credit or debit card details, but will use them to process payments in line with PCI-DSS regulation.
We require to hold health records of residents to ensure we can provide our services to them and to make them available to those providing medical care.
Personal information contained in communications with individuals across different channels.
Copies of letters received by or sent to us, information relating to emails received by or sent from us and other information or logs about when communication has taken place (rather than the content of that communication).
Open data and public records
Personal information relating to individuals that is, or can be, collected from public or open sources. These do not necessarily have to be collected from open data/public records, and may come from other sources (e.g. from you directly).
Personal data relating to permissions, consents or preferences given to us by individuals, including marketing permissions, contact permission and marketing preferences.
When you visit our website and use other systems, we may collect information to monitor usage. This could include IP address, operating system and browser type. This will be used to improve our website, systems and for research into service delivery.
How we gather your personal information
We obtain personal information from a wide range of sources:
Directly from you, for example when you complete a resident's or relative's details form, submit an enquiry through our website, sign up to an event or to receive marketing communications, contact us in writing, by email, in person, by telephone, or by any method.
From a resident or family member who provides your personal information to us;
From information you have made publicly available.
From other entities who have referred you or the resident to whom you are connected.
How we use your personal information
To respond and communicate
We use personal information to allow us to respond to you and communicate with you regarding your questions, comments, support needs, complaints or concerns.
Using resident information
When you or someone connected to you becomes a resident, we will collect, store and use the personal information that you provide to us in your and the resident's instructions and during the course of such relationship.
Medical records and other personal information will be used in connection with medical treatment and other services provided to residents.
To market services
We will use contact details provided by you and/or our residents and information on the services residents have used to assess what other services would be most beneficial to them.
For Financial management and debt recovery
We may give information to and receive information from third parties where that is necessary to recover debts due to us.
Our legal basis for using your personal information
We only use your personal information where that is permitted by the laws that protect your privacy rights. We only use personal information where:
we have your consent (if consent is needed);
we need to use the information to comply with our legal obligations;
we need to use the information to perform a contract with you; and/or
it is fair to use the personal information either in our interests or someone else's interests, where there is no disadvantage to you – this can include where it is in our interests to promote our services by sending communications.
Where we have your consent, you have the right to withdraw it, but this may impact on services provided to you or the resident(s) to whom you are connected.
Sharing your personal information
We may be required to share personal information with statutory or regulatory authorities and organisations to comply with statutory obligations.
We may require to share personal data, including health records with those providing medical or other treatment to you.
We may require to share personal data including financial information with a local authority or other entity providing funding to you or the resident(s) with whom you are connected.
We may also share personal data with our professional advisors for the purposes of taking advice.
We employ third party suppliers to provide services. These suppliers may process personal data on our behalf as "processors" and are subject to written contractual conditions to only process that personal data under our instructions and protect it.
In the event that we do share personal data with external third parties, we will only share such personal data strictly required for the specific purposes and take reasonable steps to ensure that recipients shall only process the disclosed personal data in accordance with those purposes.
Storing personal information
We will protect your personal information in order to prevent unauthorised access to, or use or disclosure of, your personal information through a number of physical and technical security measures. Your personal information is stored on our systems that we have both physically and electronically controlled access to.
Your personal information is processed by our staff and some sub-contractors or suppliers who provide us with services. This processing is carried out under contracts which impose strict requirements on our suppliers to keep your personal information confidential and secure to process personal data on our behalf as "processors" and only process that personal data in accordance with our instructions.
Your personal information may be processed by those providing other services, including medical treatment. In doing so much service providers may deal with such personal data in such a way e.g. to determine medical treatment, that may make them a data controller.
For the purposes of IT hosting and maintenance, the personal information we hold is located on servers within the European Union.
How long we keep your personal information for
We will retain your personal information for as long as is required to comply with our obligations set out above, unless you ask us to return any documents to you.
Employees and other staff
The remainder of this Notice applies only to current and former employees, workers and contractors.
What information do we collect?
We collect and process a range of information about you. This includes:
Your name, address and contact details, including email address and telephone number, date of birth and gender;
the terms and conditions of your employment;
details of your qualifications, skills, experience and employment history, including start and end dates, with previous employers and with us;
information about your remuneration, including entitlement to benefits such as pensions or insurance cover;
details of your bank account and national insurance number;
information about your marital status, next of kin, dependants and emergency contacts;
information about your nationality and entitlement to work in the UK;
details of your schedule (days of work and working hours) and attendance at work;
details of periods of leave taken by you, including holiday, sickness absence, family leave and the reasons for the leave;
details of any disciplinary or grievance procedures in which you have been involved, including any warnings issued to you and related correspondence;
assessments of your performance, including appraisals, performance reviews, performance improvement plans and related correspondence;
We may also collect, store and use the following “special categories” of more sensitive personal information including:
information about medical or health conditions, including whether or not you have a disability for which we need to make reasonable adjustments; and
equal opportunities monitoring information, including information about your ethnic origin, sexual orientation, health and religion or belief.
Biometric data, including fingerprints, hand geometry and samples.
How is your personal information collected?
We may collect this information in a variety of ways. For example, data might be collected through application forms or CVs; obtained from your passport or other identity documents such as your driving licence; from forms completed by you at the start of or during employment (such as benefit nomination forms); from correspondence with you; or through interviews, meetings or other assessments.
In some cases, we may collect personal data about you from third parties, such as references supplied by former employers and information from employment background check providers.
Data will be stored in a range of different places, including in your personnel file, in our Payroll and HR management system, and in other IT systems (including our email system).
Why do we process personal data?
We need to process data to enter into an employment/contractor's contract with you and to meet our obligations under your employment/contractor's contract. For example, we need to process your data to provide you with a contract, to pay you in accordance with your contract and to administer entitlements such as pension and insurance.
In some cases, we need to process data to ensure that we are complying with our legal obligations. For example, we are required to check an employee’s entitlement to work in the UK, to deduct tax, to comply with health and safety laws and to enable employees to take periods of leave to which they are entitled.
In other cases, we have a legitimate interest in processing personal data before, during and after the end of the employment relationship. Processing employee data allows us to:
run recruitment and promotion processes;
maintain accurate and up-to-date employment records and contact details (including details of who to contact in the event of an emergency), and records of employee contractual and statutory rights;
operate and keep a record of disciplinary and grievance processes, to ensure acceptable conduct within the workplace;
operate and keep a record of employee performance and related processes, to plan for career development, and for succession planning and workforce management purposes;
operate and keep a record of absence and absence management procedures, to allow effective workforce management and ensure that employees are receiving the pay or other benefits to which they are entitled;
obtain occupational health advice, to ensure that we comply with duties in relation to individuals with disabilities, meet our obligations under health and safety law, and ensure that employees are receiving the pay or other benefits to which they are entitled;
operate and keep a record of other types of leave (including maternity, paternity, adoption, parental and shared parental leave), to allow effective workforce management, to ensure that we comply with duties in relation to leave entitlement, and to ensure that employees are receiving the pay or other benefits to which they are entitled;
ensure effective general HR and business administration;
provide references on request for current or former employees;
respond to and defend against legal claims; and
maintain and promote equality in the workplace.
Some special categories of personal data, such as information about health or medical conditions, is processed to carry out employment law obligations (such as those in relation to employees with disabilities).
Where we process other special categories of personal data, such as information about ethnic origin, sexual orientation, health or religion or belief, this is done for the purposes of equal opportunities monitoring. Data that we use for these purposes is anonymised. Employees are entirely free to decide whether or not to provide such data and there are no consequences of failing to do so.
If you fail to provide personal information
If you fail to provide certain information when requested, we may not be able to perform the contract we have entered into with you (such as paying you or providing a benefit), or we may be prevented from complying with our legal obligations (such as to ensure the health and safety of our workers).
Change of purpose
We will only use your personal information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal information for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so. We may process your personal information without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
Who has access to data?
Your information may be shared internally, including with members of the HR team (including payroll), your line manager, managers in the business area in which you work and IT staff if access to the data is necessary for performance of their roles and where required by law. We share your data with third parties in order to obtain pre-employment references from other employers and to obtain employment background checks from third-party providers. We may also share your data with third parties in the context of a sale of some or all of our business. In those circumstances the data will be subject to confidentiality arrangements. We also share your data with third parties that process data on our behalf, in connection with payroll, the provision of benefits and the provision of occupational health services.
We do not allow our third-party service providers to use your personal data for their own purposes.
We only permit them to process your personal data for specified purposes and in accordance with our instructions.
Policy updated: September 2018