The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) is a new regulation which replaces the Data Protection Directive (Directive 95/46/EC). The General Data Protection Regulation builds on previous legislation but enhances privacy rights for individuals. The GDPR will apply in the UK from 25th May 2018. Despite the UK’s intention to leave the European Union in March 2019, the GDPR will still apply in accordance with the Information Commissioner’s Office (ICO) guidance to continue a similar level of regulation post March 2019, together with a new Data Protection Act.
This policy will outline:
The details of the Data Controller and how to contact the Data Protection Officer (DPO)
The types of personal data we collect and how we use it
Our purpose and legal basis for processing your data
How and when we share data
How and when we use your data for marketing purposes
Your rights to request your personal data and how to do so
How you can raise a complaint with the ICO
Who controls my personal data?
The Data Controller is Papillon Home Care Ltd:
Papillon Home Care Ltd is a UK registered company - 11183121
The registered address is Suite 5, 61 High Street, New Romney, Kent TN28 8AH
The Data Controller’s representative is the Data Protection Officer (DPO)
You can contact the DPO by email: email@example.com
Papillon Home Care Ltd is registered as a Data Controller with the Information Commissioner’s Office. Certificate number A8333735
Our purpose and legal basis for processing your data
Papillon Home Care Ltd is a domiciliary and social care agency providing services to the public in their own home.
We collect the personal data on the following types of people:
All staff registered and/or employed by Papillon Home Care Ltd
Our Board members and business connections
All clients using our services
What data will you give to us or will we collect from you?
You provide us with your personal data by filling in forms, either in person or on our website www.papillonhomecare.com, and by corresponding with us by telephone and/or e-mail
The types of personal data we collect may vary according to its purpose. We typically collect information such as: your full name, telephone number, email address, postal address. We will also record any other relevant professional or personal information which is relevant to your relationship with Papillon Home Care Ltd
Personal Data may also include links to professional sites such as LinkedIn, Twitter, Facebook or our website
What information do we obtain from other sources?
What are the purposes and legal basis for our processing?
We use information held about you in the following ways:
To carry out our obligations arising from any contracts we intend to enter or have entered between you and us and to provide you with the information, products, and services that you request from us, or we think will be of interest to you because of its relevance
To provide you with information about services that we offer, or that you have enquired about
Our main legal basis for the processing of personal data is our legitimate business interests, described in more detail below, although we will also rely on contract, legal obligation, and consent for specific uses of data
We will rely on our contract if we are negotiating, or have entered into an agreement with you or contract, to provide services to you
We will rely on legal obligation if we are legally required to hold information on to you to fulfil our legal obligation, for example, our statutory obligation as an employer and CQC
We will in some circumstances rely on consent for uses of your data and you will be asked for your express consent e.g. before sharing your details with a third party
Our Legitimate Business Interests
To manage information in order to be able to provide you with a service
To manage employee and contractor relationships
To manage our organisational rights and obligations
Should we want or need to rely on consent to lawfully process your data, we will request your consent by mail, email or by an online process for the specific activity we require consent. Your response would then be held securely on our system. Where consent is the lawful basis for our processing, you have the right to withdraw your consent to this processing at any time
Other uses we will make of your data
To notify you about changes to our services
To ensure that content from our site is presented in the most effective manner for you and for your computer
To administer our site and for internal operations, including troubleshooting, security, data analysis, testing, research, statistical and survey purposes
To allow you to participate in interactive features of our service, should you choose to do so
Who will have access to your data inside and outside of European Economic Area (EEA)?
We do not foresee that we will share your personal information with any third parties outside of the EEA. In the unlikely event that changes, we will notify you in good time
Will your data be used for marketing?
We will only send you information about our services that are relevant to you
We may send the communication in several ways, including email and post
When you register your details with us we will ask your preferences on receiving marketing communications. You also have the right to change your preferences at any time by phone or email
Where will we store and process your personal data?
All information you provide to us is stored on our secure servers. Any payment transactions will be encrypted. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our site, you are responsible for keeping this password confidential. We ask you not to share this password with anyone.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access
How long will we retain your data?
We understand our legal duty to retain accurate data that you are happy for us to retain. We will only retain personal data for as long as we need it for our legitimate business interests or to satisfy legal, accounting or reporting requirements. Accordingly, we have a data retention policy and run regular data routines to remove data that we no longer have a legitimate business interest in maintaining.
We do the following to try to ensure our data is accurate:
We keep in touch with you, so you can let us know of changes to your personal data
We may archive part or all of your personal data or retain it on our financial systems. We may pseudonymise parts of your data, particularly following a request for suppression or deletion of your data, to ensure that we do not re-enter your personal data on to our database, unless requested to do so
For your information, pseudonymised Data is created by taking identifying fields within a database and replacing them with artificial identifiers, or pseudonyms
Our current retention policy is available upon request
Appropriate technical and organisational measures are taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data
We use electronic safeguards including firewalls, anti-virus and anti-malware software to protect your data
Only authorised staff have access to personal data and are appropriately trained and supported by policies and procedures for handling personal data
For payments, we do not retain your full card details and always require you to provide the last three digits of the security code to process a payment
We do not recommend or guarantee the safety of your payment details sent to us electronically via email
What are your rights to your personal data?
You have the right to request copies of any personal data held by us
To receive a copy of your personal data please send your written request to the Data Controller at Papillon Home Care Limited, Suite 5. 61 High Street. New Romney, Kent TN28 8AH
We will provide you with a hard copy of all personal data held on you
You will not be charged for your personal data request
Your data will be returned within 40 days of receiving the request.
We will require proof of identity
You also have the right to the following: