Privacy Notice for Heath Care Workforce
You may be aware of the laws relating to General Data Protection Regulation (GDPR) that came into effect on 25th May 2018. As technology develops and as our private information could be used and shared, people were becoming increasingly worried about security-this was why GDPR was brought in. The purpose of GDPR is to provide a set of standardised data protection laws across all EU member countries to make sure that your data (i.e. Information about you) is as safe as possible.
This document sets out how Heath Care comply with these laws and will explain how we use your personal data and the types of data that we may share or process. It also explains your privacy rights and how we will be careful and fair in how we treat your personal information and ‘data’.
The types of personal ‘data’ that we collect, process, hold and share include:
- Personal information (such as name, employee number, email address, home address, next of kin and contact number)
- Special categories of data including characteristics information (such as gender, age and ethnic group)
- Contract information (such as start dates, hours worked, post, roles and salary information)
- HR information (such as absence record, appraisal, supervision records, performance indicators, training, qualifications, disciplinary record and pre-employment checks)
- Finance information (such as national insurance, bank details and salary).
Why we collect and use this data
- To monitor and manage employment under policies and procedures
- To enable the development of a comprehensive picture of the workforce and how it is deployed
- To inform the development of recruitment and retention policies
- To enable our regulators (Ofsted) to understand and to regulate our services in the interests of the young people
- To enable individuals to be paid appropriately
- For legal requirements and insurance purposes.
Storing this information
We will never retain your personal data for any longer than is necessary and we hold the different types of ‘data’ in accordance with the legislation we are regulated by. For example, some finance information is held for 3 years, whereas key HR information will be held for 50 years. For further details on this please email GDPR@heathcare.co.uk or write to HR at Head Office using the address below.
Who we share this information with
We may share this information with:
- Health Shield / Pension / Company incentives / Insurance companies
- Training partners
- Sage (payroll)
- HR Advisors
In exceptional circumstances, we may need to share your personal information with:
- Local Authorities
- When the information concerns risk of harm to the client, or risk of harm to another adult or a child. We will discuss such a proposed disclosure with you unless we believe that to do so could increase the level of risk to you or to someone else
What we will NOT do with your personal information
We will not share your personal information with third-parties for marketing purposes
How we ensure the security of personal information
- We control who has access to personal information
- We have a secure system within Heath Care and the wider partners used ensuring they are all GDPR compliant.
- Personal information is also stored on a secure server owned by Heath Care. In addition, Malware and antivirus protection is installed on all computing devices.
Your right to access the personal information we hold about you
- You have a right to access the information we hold about you. To make a request for your personal information please email GDPR@heathcare.co.uk or write to HR at Head Office using the address below
- We will usually share this with you within 30 days of receiving a request
- There may be an administration fee for supplying the information to you
- We may request further evidence from you to check your identity
- A copy of your personal information will usually be sent to you in a permanent form (that is, a printed copy)
- You have a right to get your personal information corrected if it is inaccurate
- You can complain to a regulator. If you think we haven’t complied with the data protection laws, you have a right to lodge a complaint with the Information Commissioner’s Office at https://ico.org.uk/concerns/.
If you would like to discuss anything further please contact the GDPR officer Jonathan Rigg on GDPR@heathcare.co.uk or write to Head Office using the address below.