Certain businesses are required under the Data Protection Act 1998 and subsequent introduction of the EU General Data Protection Regulations (GDPR) from the 25th May 2018 to have a Data Controller. The Data Controller is a person who (either alone or jointly or in common with other persons) determines the purposes for which and the manner in which any personal data are to be, processed. The principle Data Controller for the company is John Sykes who has responsibility for the content and day to day management of the company website.
It is important to note that we do not use or operate any google analytics or similar software packages to analyse our website traffic or store information about your preferences or when you might return to the website. This type of Cookie allows to count page visits and traffic sources to measure and help improve the performance of organisational websites. A cookie is a small file placed on your computer’s hard drive. It enables the provider of the website to identify your computer as you view different pages on a website.
Cookies allow websites and applications to store your preferences in order to present content, options or functions that are specific to you. They also enable the provider to see information like how many people use the website and what pages they tend to visit.
2.0 Information that we may collect from you.
In operating our website we may collect and process the following data about you:
Information that you provide by filling in forms on our website, such as when you register to receive information such as a newsletter, request a job application form or other marketing communications or contact us via the contact page.
Information that you freely provide to us when communicating with us for any reason.
This information may include;
Name and or job title
Your email address, telephone number and address if you choose to receive email communications.
2.1 How we use this data.
Collecting this data helps us understand what you are looking for from the company.
Specifically, we may use data;
For our own internal records
To improve the products and the service that we provide
To contact you in response to a specific enquiry.
2.2 Storing your personal data
Once we have received your information we will use strict procedures and security features to try to prevent unauthorised access.
3.0 Controlling information about you.
We will specifically ask you for consent to communicate with you. When you fill in a form or provide your details on our website, you will see one or more tick boxes allowing you to optin to receive information from us by email, telephone or post.
You have a right not to ask us to process your personal data for marketing and other purposes.
If you choose not to receive updates from us your request will be dealt with quickly and your details removed. We respect every individual’s right to have their details removed at any time, this includes unsubscribing from our email communications.
We may publish images on the company website of people we support, staff and others. We will not use any personal details or full names (which means first name or surname together) in a photographic image, on video, on the website or in any other marketing or publicity materials used by the company unless we have obtained an individual’s (Data Subjects) written consent.
This is particularly important because images published on the website could be viewed by people all over the world with internet access and not just in the United Kingdom,
where UK law applies.
If you have agreed that we can use your information or image, you can still change your mind easily, by contacting the Data Controller Shane Parnell, in writing using the address details set out in point 7.0 below.
4.0 Controlling and Blocking Cookies
Firefox – http://support.mozilla. org/en-us/kb/cookies
Internet Explorer – http://support.microsoft.com/kb/196955
Safari – http://support.apple.com/kb/PH5049
4.1 Deleting Cookies
The majority of web browser will allow you to delete selected if not all cookies currently installed on your device. Similarly, mobile phone users may have to refer to their handset manual for details on how to delete cookies using their mobile browser. Please note that this will usually only remove any cookies currently installed on your device, you must also change your browser settings if you wish to prevent cookies being installed in the future.
We will always hold your information securely. To prevent unauthorised disclosure or access to your information, we have implemented strong physical and electronic security features. We also follow stringent procedures to ensure we work with all personal date in line with the General Data Protection Regulations (GDPR).
6.0 Links to our Website
Our website may contain links to other websites for example the Care Quality commission. Please note that we have no control of websites outside of our domain. If you provide
information to a website to which we link, we cannot be responsible for its protection and privacy.
6.1 Access to Information
The General Data Protection Regulations (GDPR) gives you the right to ask us not to process your personal data for marketing or other purposes and to access the information that we hold about you and to have any inaccuracies in this data corrected. Should you wish to exercise this right should apply in writing to the Data Protection Controller using the Subject Access Request Form (SAR). The Data Protection Manager will consider each such request in accordance with all applicable data protection laws and regulations. There will be no administration charge for considering and or complying with a Subject Access Request although the Company reserves the right to charge a fee for data subject access requests (currently £10) if requests are ‘manifestly unfounded’ or deemed to be excessive in nature. The Data Protection Manager will endeavour to respond to any such written requests as soon
as possibly practicable and in any event, within 30 days of receipt of the written request for access to records and 14 working days to provide a reply to an access to information request.
7.0 Complaints Handling
Data Subjects with a complaint about the processing of their personal data, should put forward the matter in writing to the Data Controller. An investigation of the complaint will be carried out to the extent that is appropriate based on the merits of the specific case. The Data Controller will inform the Data Subject of the progress and the outcome of the complaint within a reasonable period. If the issue cannot be resolved through consultation between the Data Subject and the Data Controller, then the Data Subject may, at their option, seek redress through mediation, binding arbitration, litigation or have a right to apply directly to the information commissioner for a decision.
7.1 Breach Reporting
Any individual who suspects that a personal data breach has occurred due to the theft or exposer of personal data must immediately notify the Data Controller providing a description of what occurred. The Data Controller will investigate all reported incidents to confirm whether or not a personal data breach has occurred. If a personal data breach is confirmed the Data Controller will follow the relevant authorised procedure based on the criticality and quantity of the personal data involved. For severe personal data breaches, the company will initiate and chair an emergency response team to co-ordinate and manage the personal data breach response. The Data Controller is responsible for reporting any unauthorised disclosures of personal information, this must be reported to the Information Commissioners Office (ICO) within 72 hours, and the individuals impacted must also be informed.
7.2 Information Commissioner Office (ICO) – Notification and Registration
The company has registered its use of personal data with the information commissioner and the register reference is given below. The register can be accessed and searched on the information commissioners website: www.ico.gov.uk
Data Controller: John Sykes
Registration Ref: Z8006117
Customer Service Team
Information Commissioners Office
Website Address: http://www.ico.org.uk
Fax: 01625 524 510
Telephone 0303 123 1113 (Local rate) or 01625 545 745 if you prefer to use national rate number.
The Data Controller will review the data protection register annually and notify the information
commissioner of any amendments.
9.0 Related Documents
- Information Security Policy and related guidance
- Retention of Records Guidance Documentation
- Subject Access Request and guidance form
- Consent Form for Photography and Filming
- CCTV Code of Practice