Privacy Policy

Introduction

This privacy policy sets out how Chrysalis Care uses and protects any personal information that you provide to us. Chrysalis Care is committed to ensuring that your privacy is protected. Should we ask you to provide certain information by which you can be identified then you can be assured that it will only be used in accordance with this privacy statement. Chrysalis Care may update this policy in line with new legislation.

Legal basis for gathering and processing data

What is the lawful basis for Chrysalis Care processing data?

Chrysalis Care will process personal data in line with one of three lawful reasons. This will either be under ‘contract’ for employees, Clients and NHS, ‘legal obligation’ for employees and ‘public task’ for NHS clients, ‘consent’ for Private Clients.

When will we collect personal data?

For NHS/LA and Private Clients and their Next of Kin:

At initial enquiry stage Assessment process Prior to and throughout the contract of service

Employees

Job application process Selection process Contract of employment Duration of employment

What sort of personal data do we collect for employees? We may collect the following information:

* Name, age, job title

* Contact information including email address, telephone numbers

* Demographic information such as postal address

* Other information relevant to job applications

* Health, education, qualification, registrations

* ID for statutory requirement data * DBS checks * Financial information for legal purposes for HMRC

What sort of personal data do we collect for NHS and Private Clients?

*Name, age, status

*Next of Kin data

*Assessment of need details

*Health information, medical records

*Bank details

How and why we use your personal data:

Private and NHS clients: Provision of the service to NHS clients is a public task that requires a needs assessment. Chrysalis Care are obligated to provide personal data and information at the request of NHS and CQC.

The data subject will be aware that only appropriate information will be shared with a third party as detailed in the service contracts.

Chrysalis Care will ensure personal data is shared via secure electronic communication which is password protected.

For Employees:

As an employer Chrysalis Care are required under legal obligation to provide HMRC with financial information.

The data processing is used to enable Chrysalis Care to make an informed decision about the suitability of the employee to undertake a public task related to the safeguarding of vulnerable adults.

How we protect your personal data:

Security

Chrysalis Care are committed to ensuring that your information is kept secure. In order to prevent un-authorised access or disclosure we have put in place suitable physical, electronic and managerial procedures to safeguard security information.

How long do we hold your information?

Type of Data Suggested Retention Period Reason

Staff Personnel files including training records and notes of disciplinary and grievance hearings

6 years from the end of employment

Contract References and potential litigation

Application forms/interview notes

At least 6 months from the date of the interviews

Time limits on litigation

Private and NHS Client records and data

10 years from date of end of contract

Contract/ Public Task Health and Social Care Act 2008

Income tax and NI returns, including correspondence with tax office *

At least 3 years after the end of the financial year to which the records relate

Legal obligation Income Tax (Employment) Regulations 1993

Wages and Salary records * 6 years Legal obligation

Taxes Management Act 1970

Who do we share your personal data with?

NHS/LA and Private client data:

NHS LA where appropriate CQC Family member’s/ advocate/ fiends (with consent where necessary) Relevant lawful statutory agencies and advisory bodies e.g. Doctor, OT, Pharmacy

For employees:

HMRC CQC Accountants For recruitment processing i.e referees and previous employers Other statutory bodies such as Disclosure and Baring service Other employees with permission (i.e contact details with consent)

What are your rights over your personal data?

You have the right to request:

*access to your personal data

*the correction of your personal data when incorrect out of date or incomplete.

*where consent has been given you have the right to withdraw your consent, (this may affect the contracted service provided).

If you have any questions or queries then please contact Chrysalis DPO Data Protection Officer: Joanna Oliver Chrysalis Care Kings House 7 Princes Street Bexleyheath Kent DA7 4BQ

Jo.oliver@chrysaliscare.org 0208 2982800

If for any reason you feel that your data has not been handled incorrectly or you are unhappy with the response to any requests you have made regarding the use of your personal data you have the right to lodge a complaint with the information Commissioners office.

Contacting the regulator:

You can contact them by calling 03031231113

Or go online to www.ico.org.uk/concerns