Positive Steps Limited Privacy Notice
Introduction
As a care provider, Positive Steps Limited are required to collect a variety of data to allow them to provide an efficient care service. The data concerned relates to information collected about either staff or clients for the purposes of the operations of the company and is done so in a respectful manner in compliance with Data Protection (Jersey) Law 2018.
Your Personal Data
Data can be personal information about an individual such as details about their identity, their contact information, any health conditions and financial details. These are some of the main subjects of data that the company would reasonably, and in some cases legally, be required to collect.
Security
Legislation requires that information collected to always be relevant and to be kept safe and secure. All staff are regularly trained in data protection to ensure that accurate records are being documented appropriately and that personal data is handled correctly. Data is kept safe and by storing it either electronically secured by password or as a hardcopy locked away in filing cabinets.
Confidentiality
Personal data is confidential and is only collected and shared on a ‘needs to know’ basis meaning that professionals working together who depend upon information in order to fulfil their job role would only have access to relevant data about a person. All care/support staff and partnership agencies are bound by law and code of conduct to work within these parameters. When data is obtained from another agency, the person will be informed about this.
Sharing
When information needs to be shared, permission is always sought from the individual with an explanation of why there is a need to share information about them. In certain cases, like safeguarding or reasons of the law, such as when others may be put at risk or are deemed in danger, then a person’s consent to share information may be overridden however they will still be informed that the information needed to be shared and why.
Storing
Data is to be up-to-date and reviewed by an appointed Data Protection officer. When data is no longer actively required then some of it may by law be required to be safely and securely archived. Retentions schedules for this guide the Data Protection officer in regularly maintaining archived data. Data that is no longer required is destroyed via a shredder or permanently deleted from electronic devices.
Compliance
The Data Protection officer is also responsible for responding to concerns about the handling of data within the company; investigating and reporting any occurrences to the Office of the Information Commissioner and working together with them in a cooperative and transparent way guided by their authority to take steps to improve data protection when/if identified.
The EU Law, The General Data Protection Regulation, provides the following rights for individuals:
1. The right to be informed
This covers your right to be informed about why and how information about you will be collected. How it will be handled and stored. It is stipulated in a Privacy Notice like this one.
2. The right of access
Everyone has the right to access the information kept about them. A ‘Subject Access Request’ would first need to be made in writing to the Data Protection officer. Please see details under Contact below if you would like to do this. Once the request is processed you would have access to your data within a one week period.
3. The right to rectification
You have the right to request that any information about you which you to be rectified if you find it to be incorrect.
4. The right to erasure
You can request to have your information deleted when it is no longer required for operational purposes however some data may have to be kept for legal reasons.
5. The right to restrict processing
This makes it possible to request not to process your data or to make special requests regarding how it is processed.
6. The right to data portability
Allows you to obtain and reuse your personal data for your own purposes across different services. It allows you to transfer your information safely and securely to another company.
7. The right to object
You have the right to protect your data from being shared where others are not impacted i.e. there are no safeguarding issues arising.
8.Rights in relation to automated decision making and profiling.
You have the right to opt out of automated decision making and profiling making automated decisions based on your information.
Complaints
If you have a concern or would like to make a complaint please contact the Data Protection officer (details below) and it will be documented and dealt with in line with requirements of the Office of the Information Commissioner. Steps will be taken within guidance to rectify the situation and appropriate feedback will be provided.
Contact
Data Protection Officer: Annabel Paris
Positive Steps Limited
2nd Floor Offices
31 Broad Street
St Helier
JE2 3RR
Telephone: 01534 529550
Email: Annabel@positivestepslimited.org