Serendipity Healthcare Limited is committed to protecting the privacy and security of your personal information.
This Privacy Statement applies to personal information collected by any means as defined below.
Serendipity Healthcare Limited is a “data controller”. This means that we are responsible for deciding how we hold and use personal information about you. We are required under data protection legislation to notify you of the information contained in this privacy notice.
Personal Information as used herein, is any information that can be used either alone or combined with other information to identify an individual or that can be directly linked to an individual.
This policy sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.
This policy applies to all employees, workers and contractors.
Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).
There are certain types of more sensitive personal data which require a higher level of protection, such as information about a person’s health or sexual orientation. Information about criminal convictions also warrants this higher level of protection.
In the collection of this data we will ask our candidates for their explicit consent for personal data to be collected and used. This consent will form the lawful basis for the processing and will be asked for at the time of application to Serendipity Healthcare Ltd.
Information we collect
We collect, store and use personal data for the purposes of assessing suitability for a position in a domiciliary care setting and to create a staff file once employed. The information we need for this are:
- Personal contact details such as name, title, addresses, telephone numbers, and personal email addresses
- Date of Birth
- Marital status and dependants.
- Next of kin and emergency contact information
- Current CV
- Qualifications for the role applied for
- Copy of driving licence.
- References from former employers
- Bank account details, payroll records and tax status information
- Salary, annual leave, pension and benefits information
- National Insurance number
- Photographic ID
- Work permit (if applicable)
- Details to carry out or update an enhanced DBS check.
We may also collect, store and use the following more sensitive types of personal information:
- Information about your race or ethnicity, religious beliefs, sexual orientation and political opinions.
- Trade union membership.
- Information about your health, including any medical condition, health and sickness records, including:
- details of any absences (other than holidays) from work including time on statutory parental leave and sick leave; and
- where you leave employment and the reason for leaving is related to your health, information about that condition needed for pensions and permanent health insurance purposes.
- Information about criminal convictions and offences.
How we collect personal information
We collect personal information about employees, workers and contactors through the application and recruitment process, either directly from candidates or sometimes from an employment agency or background check provider. We may sometimes collect additional information from third parties including former employers, credit reference agencies or other background check agencies.
We will collect additional personal information in the course of job-related activities throughout the period of you working for us.
How we store this data
All data collected will be stored digitally on secure computers and databases and paper files will be stored in locked cabinets/rooms.
Limited data such as name, address, e-mail, telephone number and next of kin contact details will be stored on a works mobile phone which is password protected and can only be accessed by authorised members of staff.
We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal information on our instructions and they are subject to a duty of confidentiality.
What rights candidates have to access their personal data
Candidate information is held in a transparent and lawful manner and can be accessed on request at any time in writing.
By law you have the right to:
- Request access to your personal information (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
- Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
- Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).
- Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.
- Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
- Request the transfer of your personal information to another party.
If you want to review, verify, correct or request erasure of your personal information, object to the processing of your personal data, or request that we transfer a copy of your personal information to another party, please contact Lee Clark, Registered Manager, in writing.
Your duty to inform us of changes
It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes during your working relationship with us.
The reasons why we are storing personal data
The reason we hold personal data on our candidates is so we can lawfully operate an Employment Business for the purposes of supplying staff to vulnerable service users in the community.
We have an obligation to our clients to provide staff with the correct qualifications, experience and personal abilities to carry out the duties required. In the case of supplying staff to vulnerable service users we are legally obliged to ensure they have an up to date DBS.
We will only use your personal information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal information for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
Please note that we may process your personal information without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
Situations in which we will use your personal information
We need all the categories of information in the list above primarily to allow us to perform our contract with you and to enable us to comply with legal obligations. In some cases we may use your personal information to pursue legitimate interests, provided your interests and fundamental rights do not override those interests. The situations in which we will process your personal information are listed below.
- Making a decision about your recruitment or appointment.
- Determining the terms on which you work for us.
- Checking you are legally entitled to work in the UK.
- Paying you and, if you are an employee or deemed employee for tax purposes, deducting tax and National Insurance contributions (NICs).
- Enrolling you in a pension arrangement in accordance with our statutory automatic enrolment duties.
- Administering the contract we have entered into with you.
- Business management and planning, including accounting and auditing.
- Conducting performance reviews, managing performance and determining performance requirements.
- Making decisions about salary reviews and compensation.
- Assessing qualifications for a particular job or task, including decisions about promotions.
- Gathering evidence for possible grievance or disciplinary hearings.
- Making decisions about your continued employment or engagement.
- Making arrangements for the termination of our working relationship.
- Education, training and development requirements.
- Dealing with legal disputes involving you, or other employees, workers and contractors, including accidents at work.
- Ascertaining your fitness to work.
- Managing sickness absence.
- Complying with health and safety obligations.
- To prevent fraud.
- To monitor your use of our information and communication systems to ensure compliance with our IT policies.
- Equal opportunities monitoring.
How we use particularly sensitive personal information
”Special categories” of particularly sensitive personal information require higher levels of protection. We need to have further justification for collecting, storing and using this type of personal information. We have in place an appropriate policy document and safeguards which we are required by law to maintain when processing such data. We may process special categories of personal information in the following circumstances:
- In limited circumstances, with your explicit written consent.
- Where we need to carry out our legal obligations or exercise rights in connection with employment.
- Where it is needed in the public interest, such as for equal opportunities monitoring or in relation to our occupational pension scheme.
Less commonly, we may process this type of information where it is needed in relation to legal claims or where it is needed to protect your interests (or someone else’s interests) and you are not capable of giving your consent, or where you have already made the information public.
We will use your particularly sensitive personal information in the following ways:
- We will use information relating to leaves of absence, which may include sickness absence or family related leaves, to comply with employment and other laws.
- We will use information about your physical or mental health, or disability status, to ensure your health and safety in the workplace and to assess your fitness to work, to provide appropriate workplace adjustments, to monitor and manage sickness absence and to administer benefits including statutory maternity pay, statutory sick pay, pensions and permanent health insurance.
- We will use information about your race or national or ethnic origin, religious, philosophical or moral beliefs, or your sexual life or sexual orientation, to ensure meaningful equal opportunity monitoring and reporting.
We do not need your consent if we use special categories of your personal information in accordance with our written policy to carry out our legal obligations or exercise specific rights in the field of employment law. In limited circumstances, we may approach you for your written consent to allow us to process certain particularly sensitive data. If we do so, we will provide you with full details of the information that we would like and the reason we need it, so that you can carefully consider whether you wish to consent. You should be aware that it is not a condition of your contract with us that you agree to any request for consent from us.
Information about criminal convictions
We may only use information relating to criminal convictions where the law allows us to do so. This will usually be where such processing is necessary to carry out our obligations and provided we do so in line with our data protection policy.
Less commonly, we may use information relating to criminal convictions where it is necessary in relation to legal claims, where it is necessary to protect your interests (or someone else’s interests) and you are not capable of giving your consent, or where you have already made the information public.
We may also process such information about members or former members in the course of legitimate business activities with the appropriate safeguards.
We envisage that due to the nature of our work we will hold information about criminal convictions.
We will only collect information about criminal convictions if it is appropriate given the nature of the role and where we are legally able to do so. Where appropriate, we will collect information about criminal convictions as part of the recruitment process or we may be notified of such information directly by you in the course of you working for us.
We are allowed to use your personal information in this way to carry out our obligations to our service users. We have in place an appropriate policy and safeguards which we are required by law to maintain when processing such data.
How long we keep personal information
Serendipity Healthcare Limited will retain your Personal Information for as long as reasonably necessary for legitimate business purposes or to comply with regulatory or legislative requirements.
Who we share this data with
By consenting to using your personal data for the purposes of recruitment we will share your information with third parties for the purposes of work assignments or in the context of the possible sale or restructuring of the business. In this situation we will, so far as possible, share anonymised data with the other parties before the transaction completes. Once the transaction is completed, we will share your personal data with the other parties if and to the extent required under the terms of the transaction.
This information will never include information such as bank account details but will include information to show your suitability for the role. We will only give full information if requested to do so by Law Enforcement Agencies.
- All computer digital records are protected with several layers of software to protect from cyber-attacks and virus attacks.
- All digital records are password protected.
If you have not used our services for seven (7) years then we will contact you and request whether you would like your information to be discarded or if you would like to remain on the database system. If we do not obtain a response then all records will be deleted.
Data Breach Procedures
INFORMING THE INFORMATION COMMISSIONER’S OFFICE
- In the case of a personal data breach, the controller shall without undue delay and, where feasible, not later than 72 hours after having become aware of it, notify the personal data breach to the Information Commissioner’s Office in accordance with Article 55, unless the personal data breach is unlikely to result in a risk to the rights and freedoms of natural persons. Where the notification is not made to the ICO within 72 hours, it shall be accompanied by reasons for the delay.
- The processor shall notify the controller without undue delay after becoming aware of a personal data breach.
- The notification referred to in paragraph 1 shall at least:
- Describe the nature of the personal data breach including where possible, the categories and approximate number of data subjects concerned and the categories and approximate number of personal data records concerned;
- Communicate the name and contact details of the data protection officer or other contact point where more information can be obtained;
- Describe the likely consequences of the personal data breach;
- Describe the measures taken or proposed to be taken by the controller to address the personal data breach, including where appropriate, measures to mitigate its possible adverse effect.
- Where, and in so far as, it is not possible to provide the information at the same time, the information may be provided in phases without undue delay.
- The controller shall document any personal data breaches, comprising the facts relating to the personal data breach, its effects and the remedial action taken. That documentation shall enable the supervisory authority to verify compliance with this Article.
Serendipity Healthcare Ltd complies with the General Data Protection Regulations
We reserve the right to update this privacy notice at any time, and we will provide you with a new privacy notice when we make any substantial updates. We may also notify you in other ways from time to time about the processing of your personal information.
Serendipity Healthcare Ltd
Unit 5 Millennium Way