People in Action is a registered charity (Charity Registration Number: 702885, Company Registration Number: 02486564) that is committed and responsible for the care and support of vulnerable adults. We use personal data to help us carry out the role of a health and social care provider.
We will always make sure that your information is protected and treated securely. Any information about you that we hold, or details you give us, will be held in accordance with:
- Freedom of Information Act 2000
- Data Protection Act 1998
- Health and Social Care Act 2008,2012
- Mental Health Act 1983
As a health and social care provider who support vulnerable adults, it is not appropriate to rely solely on consent from employees and clients to obtain and process their personal data. We have therefore identified a lawful basis which will support us to collect, process, store and share necessary data. We are required to protect the safety of both employees, clients and the organisation whilst maintaining the person centred approach we deliver to vulnerable adults, thus meaning we have ‘Legitimate Interests’.
What information we collect?
People in Action, use personal information to help us carry out our role as a registered care provider who is regulated by CQC.
We may also hold personal sensitive information relating to you and your circumstances, to ensure People in Action meet your individual needs.
We will also process data for the following purpose:
- To identify services that are appropriate for you and to provide those services
- To work with others outside of People in Action, who are providing you with care and support
- To ensure that the service is safe and effective and in the case of care homes and home care, meet regulatory standards
- Where otherwise permitted under the Data Protection Act 1998, e.g. disclosure to comply with legal obligations
People in Action may also process your data where you have given your consent to:
- Help review the quality of service
- Identify areas of future development
- Investigate concerns or complaints
We will need to process personal data about our own employees (and any persons applying to work for us) so that as an employer we can fulfil our role (for example, by ensuring that we employ the right people to comply with third party inspections, i.e. CQC and Safeguarding etc.) and so we can meet our legal and contractual responsibilities as an employer.
The collection and processing of your personal data starts when you initially apply for a position with People in Action. Before starting employment we check that people who work for us are fit and suitable for their roles. This may include completing a Disclosure and Barring Service check and reference checks. Any information obtained on a DBS check will be assessed in accordance with the role they are applying for; once we are satisfied the certificate number and date of check will be recorded. Any other information relating to convictions will be destroyed.
Personal data that we collect and process includes information regarding ethnic origin, gender and age. This information has no bearing on an individual being able to complete their role, and is only used to check that we are promoting and ensuring diversity within our workplace and to make sure we are complying with equalities legislation.
Our employees decide whether or not they would like to share this information with us, and can choose to withdraw their consent for this at any time. Although it is important to remember that the information collected does remain anonymous and cannot identify you as a person. Once we have collated the information, it is then destroyed.
Examples of other information we are required to process includes but is not limited to; qualifications and experience, pay and performance, contact details, bank details and service records.
We only share information regarding personal data with other organisations where it is lawful to do so and that will help support the social care workforce in England. Any other information shared will be to protect the lives of the clients we support and maintain safety of both clients and employees. We will deem this necessary if we believe a vulnerable person is at risk of harm, or when another organisation needs to take action to ensure the safety and quality of care. A few examples of organisations we may have to share your information with are; Safeguarding, Social Services and Disclosure and Barring etc.
Any personal data collected will only be used for its original purpose, for example; when we obtain your email address for the application process, this will then not be used for any other marketing purposes.
We will only process personal data that is necessary in order for us as an employer to fulfil our legal and contractual purposes to its employees and clients, thus meaning that any data that isn’t necessary will not be obtained.
Personal data that we hold needs to be accurate and kept up to date. Therefore, should any of your personal information change; you need to inform your Service Manager or the HR Department. Any inaccurate information will be deleted. In order to maintain accurate personal information, every year (April) you will be asked to report any changes to your personal information and submit these.
Employees and customers may request access to their personal information by writing to their Service Manager or the HR Department. To help us process your data efficiently please can you include examples of the information you wish to obtain:-
- Your full name, address and contact number (extra information may need to be provided if there are others in the organisation with the same name such as account numbers or unique ID’s)
- Details of the specific information you require and any relevant dates i.e. your personnel file, specific emails between X and Y (between 1/05/14 and 1/09/14). For example should you request to see your supervision notes you should specify dates of the period you require, i.e. May 2016 – May 2017.
We may also ask for proof of identification before accessing this information. The company has 1 month in which to respond to requests for personal information.
Any information we obtain and process, we are required to retain for 7 years.
All information we collect is stored in locked cabinets within locked premises that only the authorised persons have access to. We ensure that computers, laptops, tablets and files are password protected; personal data on laptops is kept to a minimum.
Any information collected that we no longer require for the purpose it was originally collected will be destroyed. For example; where we ask questions regarding your ethnicity, age and gender on the ‘Equal Opportunities’ form. Once this anonymous information is processed and recorded it will be destroyed.
If you would like us to delete your personal data or stop processing it, then you have the right to object to the data being used.
For employee’s you should contact the HR Department in writing and for customer’s you should contact the relevant Service Manager.
Sometimes we may need to refuse a request to delete or stop processing personal data. For example this may be when we need to protect a vulnerable person from harm, or as a result of our legal obligations, or to help us carry out our functions.
Any relevant guidance relating to deleting your personal date can be found at: https://ico.org.uk/for-organisations/guide-to-data-protection/principle-6-rights/damage-or-distress/