Firstpoint Homecare Ltd Employment Business: GDPR privacy notice
Firstpoint Homecare is a homecare provider which delivers care services to clients in their own homes. The Company must process personal data (including special category data) so that it can provide these services – in doing so, the Company acts as a data controller.
You may provide your personal details to the Company directly, such as on an application form, by CV or via our website or we may collect them from another source such as a job board. The Company must have a legal basis for processing your personal data. For the purposes of providing you with information and work opportunities relevant to you we will only use your personal data in accordance with the terms of the following statement.
This notice explains how Firstpoint Homecare Ltd (referred to in this notice as we, us or our) collects and uses information during the work finding process. This notice covers the following:
What is personal data?
How do we collect personal data?
What information do we collect?
How do we use your information?
What is the legal basis that permits us to use your information?
What happens if you do not provide information that we request?
How do we share your information?
How do we keep your information secure?
For how long do we keep your information?
Your rights in relation to your information
The Table at the end of this notice provides an overview of the data that we collect, the purposes for which we use that data, the legal basis which permits us to use your information and the rights that you have in relation to your information.
We may update this notice from time to time.
Our contact details are as follows:
Address: Firstpoint Homecare, Kingston House, Towers Business Park, Wilmslow Road, Manchester, M20 2LD
Telephone: 0121 633 6180 We have appointed a data protection officer who has responsibility for advising us on our data protection obligations. You can contact the data protection officer using the following details: email@example.com
Personal data is any information that tells us something about you. This could include information such as your name, contact details, date of birth, and references.
We collect personal data about you from various sources including:
We collect the following categories of information about you:
We use your information for the following purposes:
Under data protection legislation we are only permitted to use your personal data if we have a legal basis for doing so as set out in the data protection legislation. We will process your personal data for the purposes of providing you with care work opportunities. The legal bases we rely upon to offer these services to you are:
The Table at the end of this notice provides more detail about the information that we use, the legal basis that we rely on in each case and your rights.
Some information is classified as “special” data under data protection legislation. This includes information relating to health, racial or ethnic origin, religious beliefs or political opinions, sexual orientation and trade union membership. This information is more sensitive and we need to have further justifications for collecting, storing and using this type of personal data. There are also additional restrictions on the circumstances in which we are permitted to collect and use criminal conviction data. We may process special categories of personal data and criminal conviction information in limited circumstances with your explicit consent, in which case we will explain the purpose for which the information will be used at the point where we ask for your consent.
We need some of your personal data in order to supply care work opportunities. If you do not provide such information, we may not be able to continue with the recruitment process or offer you work.
We share your personal data in the following ways:
• Clients in the Homecare sector
• Auditors for our clients which include; Councils and Clinical Commissioning Groups
• CQC Inspections
• Auto-enrolment pension provider
• Call monitoring system provider (CM2000)
• Electronic care planning & care notes system (PASS)
Where we share your personal data with third parties we ensure that we have appropriate measures in place to safeguard your personal data and to ensure that it is solely used for legitimate purposes in line with this privacy notice.
All data is held on secure servers housed in a private suite within a Level(3) data centre. Access to the suite requires RFID access to the building, biometric fingerprint access to the floor the suite is on, and then a key code combination to access the private suite.
The internet breakout is secured using a Cisco firewall and we have Cyber Essentials accreditation for network security. All data is held on secure SAN nodes with RAID 10 redundancy, and data is accessible by authorised individuals only based on Active Directory and implemented windows security permissions.
All virtual servers are fully backed up nightly to a separate server within the private suite via Veeam software, and following this the backup is then replicated to a secure server housed at our Head Office in Stratford. External network access is limited to authorised users only, running Cisco AnyConnect VPN software via the Cisco ASA. All external access if via Windows RDP server access, with features such as printing to devices outside of the company network disabled.
We use the full Trend Micro Smart Protection Complete Suite, with all updates immediately deployed and enforced by our central Control Centre. All urgent windows security updates are automatically downloaded and deployed overnight by the Windows Server Update Service to ensure all servers and client machines are fully protected against latest threats. Practises employed to help secure company data include (but are not limited to):
All hardware, backups, and data links are fully monitored 24/7 using PRTG Enterprise Console.
We will ensure access to personal data is restricted to employees working within our group on a need to know basis. Training will be provided to any employees working within the group who need access to your personal data to ensure it is secured at all times.
As a general rule we keep personal data about candidates and workers for a period of:
However, where we have statutory obligations to keep personal data for a longer period or where we may need your information for a longer period in case of a legal claim, then the retention period may be longer.
You have a number of rights in relation to your personal data, these include the right to:
• if we are continuing to process personal data beyond the period when it is necessary to do so for the purpose for which it was originally collected;
• if we are relying on consent as the legal basis for processing and you withdraw consent;
• if we are relying on legitimate interest as the legal basis for processing and you object to this processing and there is no overriding compelling ground which enables us to continue with the processing;
• if the personal data has been processed unlawfully (i.e. in breach of the requirements of the data protection legislation);
• if it is necessary to delete the personal data to comply with a legal obligation.
• personal data is inaccurate;
• our processing of your personal data is unlawful;
• where we no longer need the personal data but you require us to keep it to enable you to establish, exercise or defend a legal claim;
• where you have raised an objection to our use of your personal data;
If you would like to exercise any of your rights or find out more, please contact firstname.lastname@example.org. The Table at the end of this notice provides more detail about the information that we use, the legal basis that we rely on in each case and your rights. Complaints If you have any complaints about the way we use your personal data please contact email@example.com who will try to resolve the issue. If we cannot resolve your complaint, you have the right to complain to the data protection authority in your country (the Information Commissioner in the UK).