1.0 GENERAL DATA PROTECTION REGULATIONS
In accordance with the General Data Protection Regulation (GDPR), Silverline Care & Associated Companies have implemented this privacy statement to inform you of the types of data we process. We also include within this statement the reasons for processing your data, the lawful basis that permits us to process it, how long we keep your data for and your rights regarding your data.
1.1 Lawful Basis for Processing
The law on data protection allows us to process your data for certain reasons only. In the main, we process your data in order to comply with a legal requirement or in order to manage the contract/potential contract we have with you. We will normally collect personal information only when we have your consent to do so or where the processing is in our legitimate interests and not overridden by your data protection interests or fundamental rights and freedoms. In some cases, we may also have a legal obligation to collect personal information from you or may otherwise need the personal information to protect your interests or those of another person.
1.2 Data Protection Rights
You have the following rights in relation to the personal data we hold on you:
1.3 Special Categories of Data
Special categories of data are data relating to your health, sex life, sexual orientation, race, ethnic origin, political opinion, religion, trade union membership, genetic and biometric data. We process this data when you have given explicit consent to the processing, in order to carry out our legal obligations, to meet regulatory body requirements, for reasons of substantial public interest and where you have already made the data public.
1.4 Collecting Your Data
We ask you to provide several pieces of data to us voluntarily, however, we may also receive information from third party sources. Information provided in confidence or information that could identify you will not be released without your consent, unless in certain circumstances, this is judged to be in your best interests or required by law. If you disclose something which relates to any harm, or risk of harm, then this needs to be disclosed in full to the appropriate Manager as soon as any disclosure is made to meet regulatory body requirements.
1.5 Who We Share Your Data With
We will share your data with relevant employees within our company for the purpose of carrying out their job role. We also share data with third parties for HR and business administration purposes and to comply with legislative and/or regulatory body requirements.
1.6 Protecting Your Data
We are aware of the requirement to ensure your data is protected against accidental loss or disclosure, destruction and abuse. We have implemented processes to guard against such. We do not share your data outside of the European Economic Area in which the GDPR apply, however, your data may be stored and processed out with the UK and we have taken appropriate steps to ensure your data is protected under the GDPR.
1.7 Retention Periods
We only keep your data for as long as we need it for, some data retention periods are set by the law. When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymise it or, if this is not possible (for example, because your personal information has been stored in backup archives) then we will securely store your personal information and isolate it from processing until deletion is possible.
2.0 MAKING A COMPLAINT
If you think your data rights have been breached, you are able to raise a complaint with the Information Commissioner’s Office (ICO). You can contact the ICO at Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF.
3.0 DATA PROTECTION COMPLIANCE