GDPR - Privacy Policy

GENERAL DATA PROTECTION REGULATIONS

PRIVACY STATEMENT

1.0 GENERAL DATA PROTECTION REGULATIONS

In accordance with the General Data Protection Regulation (GDPR), Silverline Care & Associated Companies have implemented this privacy statement to inform you of the types of data we process. We also include within this statement the reasons for processing your data, the lawful basis that permits us to process it, how long we keep your data for and your rights regarding your data.

1.1 Lawful Basis for Processing

The law on data protection allows us to process your data for certain reasons only. In the main, we process your data in order to comply with a legal requirement or in order to manage the contract/potential contract we have with you. We will normally collect personal information only when we have your consent to do so or where the processing is in our legitimate interests and not overridden by your data protection interests or fundamental rights and freedoms. In some cases, we may also have a legal obligation to collect personal information from you or may otherwise need the personal information to protect your interests or those of another person.

1.2 Data Protection Rights

You have the following rights in relation to the personal data we hold on you:

  • the right to be informed about the data we hold on you and what we do with it
  • the right of access to the data we hold on you. More information on this can be found in our separate policy on Subject Access Requests
  • the right for any inaccuracies in the data we hold on you, however they come to light, to be corrected. This is also known as ‘rectification’
  • the right to have data deleted in certain circumstances. This is also known as ‘erasure’
  • the right to restrict the processing of the data
  • the right to transfer the data we hold on you to another party. This is also known as ‘portability’
  • the right to object to the inclusion of any information

1.3 Special Categories of Data

Special categories of data are data relating to your health, sex life, sexual orientation, race, ethnic origin, political opinion, religion, trade union membership, genetic and biometric data. We process this data when you have given explicit consent to the processing, in order to carry out our legal obligations, to meet regulatory body requirements, for reasons of substantial public interest and where you have already made the data public.

1.4 Collecting Your Data

We ask you to provide several pieces of data to us voluntarily, however, we may also receive information from third party sources. Information provided in confidence or information that could identify you will not be released without your consent, unless in certain circumstances, this is judged to be in your best interests or required by law. If you disclose something which relates to any harm, or risk of harm, then this needs to be disclosed in full to the appropriate Manager as soon as any disclosure is made to meet regulatory body requirements.

1.5 Who We Share Your Data With

We will share your data with relevant employees within our company for the purpose of carrying out their job role. We also share data with third parties for HR and business administration purposes and to comply with legislative and/or regulatory body requirements.

1.6 Protecting Your Data

We are aware of the requirement to ensure your data is protected against accidental loss or disclosure, destruction and abuse. We have implemented processes to guard against such. We do not share your data outside of the European Economic Area in which the GDPR apply, however, your data may be stored and processed out with the UK and we have taken appropriate steps to ensure your data is protected under the GDPR.

1.7 Retention Periods

We only keep your data for as long as we need it for, some data retention periods are set by the law. When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymise it or, if this is not possible (for example, because your personal information has been stored in backup archives) then we will securely store your personal information and isolate it from processing until deletion is possible.

2.0 MAKING A COMPLAINT

If you think your data rights have been breached, you are able to raise a complaint with the Information Commissioner’s Office (ICO). You can contact the ICO at Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF.

3.0 DATA PROTECTION COMPLIANCE

If you have any questions or concerns about our use of your personal or confidential information, or you would like further information, please refer to our Privacy Policy, a copy of which can be obtained from Home Managers or by emailing our Information Governance Team at dataprotection@silverlinecare.com.