Organisations name: Pendeen Community Care Ltd.
Address: Unit 4, The Wilson Building, Wilson Way.
Redruth, TR15 3RU.
Telephone Number: 01209 313032
Email Address: email@example.com
We are registered with the Information Commissioner’s Office (ICO).
Our Data Protection Officer (DPO) Lisa Nixon can be contacted at
Under the General Data Protection Regulation (GDPR), you have the right to be informed about:
- The collection and use of your personal data
- Our purposes for processing that data.
- The retention periods for storing your data (or a guarantee that it will be kept only for as long as necessary)
- Who it will be shared with.
- The legal basis under which we process your data.
- The right to withdraw your consent (if consent is the legal basis for processing).
- Details of any data we collect about you from a third party (such as publicly-available information).
- The right to lodge a complaint with the ICO.
- Details of the existence of automated decision-making, including profiling (if applicable).
You also have the right to information that is concise, transparent, intelligible, easily accessible and presented to you in clear and plain language. We would encourage you to get in touch with the contact above if you have any questions about this policy statement or our procedures with regard to data processing. This will not in any way affect your right (mentioned above) to complain to the ICO.
Finally, we commit to informing you if, at any time, we update our privacy information and always to seek permission if we plan to use your personal data for a new purpose.
The Information We Collect.
We store and process details of your
- Chosen mode of address (Mr, Ms, etc)
- Job title
- Date of birth
- National Insurance number
- Email address
- Financial Details
- Next of kin.
- Training Records.
- Special Category information (information about your health, data about your race, ethnic origin, sexual orientation and religion.)
These details will be typically collected when you apply for a job with us, or when you are taken on as a client that we will be providing a service for. We only keep the information as long as necessary and you may, at any time, contact us to ask for them to be removed (see the “right to be forgotten” below).
All information is stored electronically on a Cloud system, as well as hard copies being kept in locked cabinets.
Why Do We Need This Information?
We use the information we collect and store about you to:
- Provide our products/services
- Manage invoices and accounts.
- Comply with regulatory body, the Care Quality Commission (CQC), as part of our public interest obligations.
- Identify training needs.
The Legal Basis Under Which We Collect and Store Date.
There are six possible legal grounds under the GDPR. There are:
- Fulfilment of a contract.
- Legitimate interests.
- Vital interests.
- Public task.
- Legal obligation.
Legal Basis – Legitimate Interests and Legal Obligations.
This organisation will collect and store your information under legitimate interests, whereby the processing involves using your data in ways you would reasonably expect and have a minimal privacy impact, and also legal obligation as the processing is necessary for us to comply with the law (submitting data to Government Departments for example.)
Applying the Data Protection Principles
This organisation is committed to applying the principles set out in the GDPR. To that end, we will always strive to ensure that:
- Personal data is collected for specified, explicit and legitimate purposes and not further processed.
- Our procedures are adequate, relevant and limited to what is necessary in relation to the purposes for which they are put in place.
- The data we collect are accurate and, where necessary, kept up to date, every reasonable step will be taken to ensure that data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay.
- Data are kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which they are processed.
- Data are processed in a manner that ensures their appropriate security, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using technical or organisational measures.
Better by Design.
In applying the above principle, Pendeen Community Care recognises that we have a general obligation to implement technical and organisational measures to show that we have considered and integrated data protection into all data processing activities. We have built safeguards into products and services from the earliest stage of development and privacy friendly default settings are the norm for all our services. All of our employees are trained in requirements of the GDPR and as far as possible we aim to ensure that contracts, website designs, publicity materials and HR policies are all in line with the GDPR requirements.
Access to Your Data.
On a receipt of a request for access to the data which we hold about you, we will respond without delay and at the latest within one month of receipt. Information will be provided free of charge although a reasonable fee may be applied when a request requires excessive work, particularly if it is repetitive. This fee will reflect the amount of administrative work involved.
The Right to Be Forgotten.
Also known as data erasure, the “right to be forgotten” set out in the GDPR entitles you to ask the data controller to erase your personal data and to cease further dissemination. You can make such a request either verbally or in writing and we will respond as quickly as possible, and at the latest within one month.
Please note however, that there are certain circumstances in which the right to erasure may not apply. These include where processing is necessary for one of the following reasons.
- To comply with a legal obligation.
- To exercise the right of freedom of expression and information.
- For the performance of a task carried out in the public interest or in the exercise of official authority.
- For the establishment, exercise or defence of legal claims.
In addition, any organisation is allowed to refuse to comply with a request for erasure if it is manifestly unfounded or excessive, taking into account whether the request is repetitive in nature. We will, however, explain and justify any such refusal.
Right to Rectification.
Either verbally or in writing, you may ask for inaccurate personal data to be rectified or to be completed if it is partial. We will respond as quickly as possible and certainly with the one-month time period allowed under the GDPR. In the unlikely event that there is disagreement over the accuracy of the data, we will do our best to resolve this and you will, of course, have the right to take the matter to the ICO if we cannot reach agreement. If that situation arises, we are prepared to consider restricting processing of the contested data during the time it takes to resolve the issue with the ICO.
Right to Data Portability.
Pendeen Community Care recognises that, under the GDPR, you must be able to move, copy or transfer personal data easily from one IT environment to another in a safe and secure way, without hindrance to usability. The requested information will be provided free of charge in a structured, commonly used and machine-readable form. However, it should be noted that the right to data portability only applies:
- To personal data an individual has provided to a controller
- Where the processing is based on the individual’s consent or for the performance of a contract.
- When processing is carried out by automated means.
Right to Object.
You have the right to object to:
- Processing based on legitimate interests or the performance of a task in the public interest/exercise of official authority (including profiling)
- Direct marketing (including profiling)
- Processing for purposes of scientific/historical research and statistics.
We will stop processing personal data for direct marketing purposes as soon as an objection is received.
Automated decision-making and profiling.
Profiling refers to the automated processing of personal data to evaluate certain things about an individual, Together with making a decision solely by automated means , it is covered by the GDPR and will require the individual’s explicit consent. We will only collect the minimum amount of data needed and will retain it only for as long as it necessary. As a company we do not use that data for automatic decision making and profiling.
While we take all appropriate measures to prevent illegal access to your data, we have to prepare to that possibility. Should there be a significant data breach affecting your data and rights, we will notify you (and the ICO) as soon as possible. To minimise any possible danger, we will use encryption and/or pseudonymisation where it is possible to do so. We will have back up systems in place in the event that an outside organisation attempts to disrupt access to our data.
A cookie is a small text file placed on your computer or device by our site when you visit certain parts of it and/or use certain of its features. For example, we may monitor how many times you visit, which pages you go to, traffic data, location data, weblogs and other communication data whether required for billing purposes or otherwise. We may also look at the originating domain name of a user’s internet service provider, IP address, operating system and browser type. This information helps us to build a profile of our users. Where appropriate, this data will be aggregated or statistical, which means that we will not be able to identify you individually.
Cookies are also used to remember your settings (language preference, for example) and for authentication (so that your do not have to repeatedly sign in) You can set your browser not to accept cookies and there are a number or websites which explain how to remove cookies from your browser. However, it is possible that some of our website features may not function as a result.
Third Party Websites.
Please note that there are some links on our website to other sites where you may find useful information. This does not indicate a general endorsement of those sites and, as we have no control over how data is collected, stored, or used by other websites, we would advise you to check their privacy policies before providing any data to them.
Last updated on 16.11.2018 by Lisa Nixon- Data Protection Officer, who can be contacted at firstname.lastname@example.org