All Seasons Privacy Notice
Data controller: All Seasons, 3rd Floor, Mill Lane House, Mill Lane, Margate, Kent, CT9 1LB
The organisation collects and processes personal data relating to its employees and clients to manage the working relationships. The organisation is committed to being transparent about how it collects and uses that data and to meeting its data protection obligations.
What information does the organisation collect and why?
The organisation collects and processes a range of information about you. This includes:
- Personnel Information
- Financial details for Wages and invoicing
- Contracts of Service or employment for customers and employees
- Information about medical or health conditions
- Customer files including risk assessments and care plan
The organisation may collect this information in a variety of ways, from applicants, employees or clients. In some cases, the organisation may collect or share with your consent personal data about you to or from third parties; this could be from contracted providers, health professionals or (with consent) other organisations for references or for Disclosure and barring or for training purposes with external providers.
Under the General Data protection Regulation there are six principles for why personal data may be processed:
- Consent: The individual has given clear consent for All Seasons to process your personal data for a specific purpose.
- Contract: The processing is necessary for a contract between All Seasons and employee or client, or because they have asked you to take specific steps before entering into a contract.
- Legal obligation: The processing is necessary to comply with the law (not including contractual obligations). This may also include the processing of special categories of data e.g. health or medical conditions or for Disclosure and barring purposes.
- Vital interests: The processing is necessary to protect someone’s life.
- Public task: The processing is necessary for you to perform a task in the public interest or for your official functions, and the task or function has a clear basis in law.
- Legitimate interests: The processing is necessary for our legitimate interests or the legitimate interests of a third party unless there is a good reason to protect the individual’s personal data which overrides those legitimate interests.
Processing employee data allows the organisation to:
- Meet all legal obligations to enable All Seasons to manage our employees, clients, customers.
- Maintain accurate and up-to-date records and contact details (including details of who to contact in the event of an emergency)
- Ensure that All Seasons complies with duties in relation to individuals with disabilities, meet its obligations under health and safety law
- Allow for effective workforce management
- Respond to and defend against legal claims.
Where the organisation processes other special categories of personal data, such as information about ethnic origin, sexual orientation or religion or belief, this is done for the purposes of equal opportunities monitoring. Data that the organisation uses for these purposes is anonymised or is collected with the express consent of employees, which can be withdrawn at any time. Employees are entirely free to decide whether or not to provide such data and there are no consequences of failing to do so.
The organisation will not transfer your data to countries outside the European Economic Area.
How does the organisation protect data?
Data is stored in a range of different places, including in your personnel file which is kept in a locked cabinet, in the organisation’s IT systems (including the organisation’s email system), or in our offsite storage facility. The organisation takes the security of your data seriously and there are strict personnel restrictions within electronic systems and access to employee personal data.
Where the organisation engages third parties to process personal data on its behalf, they do so on the basis of written instructions, are under a duty of confidentiality and are obliged to implement appropriate technical and organisational measures to ensure the security of data.
For how long does the organisation keep data?
The length of time All Seasons will hold your personal data are based on statutory legal requirements. This can be found in the organisations Data protection Policy.
As a data subject, you have a number of rights. You can:
- Access and obtain a copy of your data on request;
- Require the organisation to change incorrect or incomplete data;
- Require the organisation to delete or stop processing your data, for example where the data is no longer necessary for the purposes of processing; and
- Object to the processing of your data where the organisation is relying on its legitimate interests as the legal ground for processing.
What if you do not provide personal data?
You may withdraw your consent at any time. Please note that all processing of your personal data will cease if you withdraw your consent, but this will not affect any personal data that has already been processed prior to this. Please also note that withdrawing consent may mean All Seasons are unable to comply with contractual or legal obligations, as regards to employment, support or training for you.
If you would like to exercise any of these rights, please contact the Data protection champions Sam Perry (firstname.lastname@example.org) based at the Margate office.
If you believe that the organisation has not complied with your data protection rights, you can complain to the Information Commissioner at www.ico.org.uk