We use cookies on our website.
Some of them are necessary for the functioning of the site, but you can decide about others.
Please read this privacy notice carefully as it explains how we comply with the Data Protection Act 2018 and the UK General Data Protection Regulation (UK GDPR). The notice was last revised on 1st September 2022 and may be further revised from time to time.
In order that we can respond to your enquiry, we need to collect and use information about you (“personal information”). Personal information is anything about you from which you can be identified, but it doesn’t include information from which your identity has been removed (i.e. anonymous data).
As a ‘controller’ of your personal information, we are legally responsible for making sure that your personal information is:
The GDPR says that we must have a ‘lawful basis’ for collecting and using your personal information. At this stage, in responding to your enquiry, we will rely on the lawful basis of consent under Article 7(1) to process your personal information.
Other lawful grounds for processing your data could apply in certain situations, such as where sharing your personal information is required by law.
In order to respond to your enquiry, we need to collect the following personal information from you:
We will use your personal information to make contact with you and respond to your enquiry. We may also use your personal information for our own analysis e.g. in reviewing how quickly and effectively we deal with enquiries.
We will not share your information with others unless we have a lawful reason for doing so.
Our company is part of City and County Healthcare Group. Although the group provides its services through a number of different companies, it shares a middle and senior management structure and back-office functions (such as finance, payroll and IT). In order to respond to your enquiry, we may need to share your personal information as necessary within the management and back-office structure of City and County Healthcare Group.
We may also share personal information with law enforcement or other authorities if required by law.
We will not share your personal information with anyone else without first asking your permission and will never sell your personal information to anyone.
We have appropriate security measures in place to prevent personal information from being accidentally lost, or used or accessed in an unauthorised way. We limit access to your personal information to those who have a genuine need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.
We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so or where we otherwise think you should know about it.
We will hold the personal information you have provided to us for as long as we are dealing with your enquiry. If we continue to deal with you after we have dealt with your initial enquiry, we will provide you with new privacy notices describing how we will process your personal information thereafter.
Under the GDPR, you have a number of important rights. In summary, those include rights to:
You will find further information on each of these rights on the Information Commissioner’s website (www.ico.org.uk).
If you wish to exercise any of the above rights or have any other complaints or queries about this notice and our use of your personal information, you can contact us as follows:
Email: dataprotection@candchealthcare.co.uk
Telephone: 020 7186 0518
By post: The Data Protection Officer
City and County Healthcare Group
Cardinal House
Abbeyfield Court
Abbeyfield Road
Nottingham
NG7 2SZ
Note that we may ask you to provide proof of your identity before we can discuss your personal information with you.
If you have a complaint about the way we process your personal information, we would ask you to contact us using the details in the previous section.
We hope that we can resolve any concern you raise, but if you want to do so, you also have the right to complain to the Information Commissioner, who may be contacted at www.ico.org.uk/concerns/ or by telephone on 0303 123 1113.
If you would like this notice in another format (e.g. audio, large print or braille), please contact us (see ‘How to contact us’ above).
Please read this privacy notice carefully as it explains how we comply with the Data Protection Act 2018 and the UK General Data Protection Regulation (UK GDPR). The notice was last revised on 1st September 2022 and may be further revised from time to time; we will let you know when this happens.
In order that we can provide your care and support services, we need to collect and use information about you (“personal information”).
Personal information is anything about you from which you can be identified, but it doesn’t include information from which your identity has been removed (i.e. anonymous data).
As a ‘controller’ of your personal information, we are legally responsible for making sure that your personal information is:
In this notice, a “public body” is any organisation that delivers, commissions or reviews a public service, including local authorities, councils, unitary authorities, integrated care boards, health and social care trusts, the Ombudsman and regulatory bodies.
In this notice, a “housing provider” is the organisation responsible for housing-related mattersf homes in an Extra Care, assisted living (or similar) scheme in which we provide care services, and for the associated maintenance, safety, security etc. of those premises. The housing provider is also typically the landlord.
In this notice, a “health or social care professional” is any person that provides direct services, acts as a consultant or is involved in the commissioning of your healthcare or social care services, including your GP, dentist, pharmacist, nurses and health visitors, clinical psychologist, dietician, physiotherapist, occupational therapist, hospital staff and social worker.
The UK GDPR says that we must have a ‘lawful basis’ for collecting and using your personal information. We rely on the following grounds within the UK GDPR for this lawful basis:
Other lawful grounds for processing your data could apply in certain situations, such as where sharing your personal information is essential in order to protect you from harm (“vital interests”).
In order to set up and provide your service, we need to collect personal information from you or from other sources, such as your family or health and social care professionals. Without this information, we may be unable to create a suitable care plan and provide safe and effective care:
In the course of delivering your service, we will also produce records of the care delivered to you.
We use your personal information to:
We will not share your information with others unless we have a lawful reason for doing so.
We may share your personal information with appropriate health or social care professionals and any other individuals you nominate when we prepare your care plan. This enables us to make sure the care support we provide to you is suitable and safe.
If you live in an Extra Care or assisted living scheme (or similar) we may share your personal information with your housing provider in order to ensure that you and others are safe (but this will not include information related to your tenancy or any other matter that is not relevant to the care we provide).
We will also share your information with certain data processors in order to properly deliver your service. For example, our care management software is hosted by a separate company. However, by law, the data processors we use can only use your information for the purpose we have asked them to and will not share your information with anyone else. They must also keep your data safe and secure. We also use contractors for the archiving and disposal of confidential documents.
Although we seek to avoid using agency staff to deliver our services, we may need to do so on occasion to ensure continuity of service, and this may require us to share your personal information with an agency or their staff in order that they can deliver your service safely and effectively.
We may also share information about you where not doing so could mean you or someone else might come to serious harm, for example where the emergency services need information in order to save your life.
Our company is part of City and County Healthcare Group. Although the group provides its care services through a number of different companies, it shares a middle and senior management structure and back-office functions (such as finance, payroll and IT). In order to deliver your service properly (and only for that purpose), we will share your personal information as necessary within the management and back-office structure of City and County Healthcare Group. On occasion, we may second our care staff between companies within our group and if this happens, we may need to share your information with staff from one of our other companies in order that they can provide your care safely and effectively.
We may also share personal information with law enforcement or other authorities if required by law. This includes information required by public bodies to evidence our compliance with regulatory requirements. We are also required to share personal information with external health or social care professionals, including public bodies and local safeguarding agencies (in some circumstances) to ensure your safety.
We will not share your personal information with any other third party for any other purpose without first asking your permission and will never sell your personal information to anyone.
For the avoidance of doubt, we will not share confidential information about your health or care with research organisations etc. without your explicit consent, whether or not you have exercised your rights under the National Data Opt-Out (https://digital.nhs.uk/services/national-data-opt-out).
We have appropriate security measures in place to prevent personal information from being accidentally lost, or used or accessed in an unauthorised way. We limit access to your personal information to those who have a genuine need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.
We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so or where we otherwise think you should know about it.
We will hold the personal information we hold about you for as long as we continue to provide a service to you and for eight years after your service ends, at which time we will destroy your records securely.
We are required to retain information about services provided to children for eighty years.
Under the UK GDPR, you have a number of important rights. In summary, those include rights to:
You will find further information on each of these rights on the Information Commissioner’s website (www.ico.org.uk).
If you wish to exercise any of the above rights or have any other complaints or queries about this notice and our use of your personal information, you can contact us as follows:
Email: dataprotection@candchealthcare.co.uk
Telephone: 020 7186 0518
By post: The Data Protection Officer
City and County Healthcare Group
Cardinal House
Abbeyfield Court
Abbeyfield Road
Nottingham
NG7 2SZ
Note that we may ask you to provide proof of your identity before we can discuss your personal information with you.
If you have a complaint about the way we process your personal information, we would ask you to contact us using the details in the previous section.
We hope that we can resolve any concern you raise, but if you want to do so, you also have the right to complain to the Information Commissioner, who may be contacted at www.ico.org.uk/concerns/ or by telephone on 0303 123 1113.
If you would like this notice in another format (e.g. audio, large print or braille), please contact us (see ‘How to contact us’ above).
Please read this privacy notice carefully as it explains how we comply with the Data Protection Act 2018 and the UK General Data Protection Regulation (UK GDPR). The notice was last revised on 1st September 2022 and may be further revised from time to time; we will let you know when this happens.
In order that we can consider and process your application for employment or volunteering, and then, in due course, fulfil our obligations to you under any contract of employment (as well as other legal duties), we need to collect and use information about you (what is referred to as “personal information”).
Personal information is anything about you from which you can be identified, but it doesn’t include information from which your identity has been removed (i.e. anonymous data).
As a ‘controller’ of your personal information, we are legally responsible for making sure that your personal information is:
The UK GDPR says that we must have a ‘lawful basis’ for collecting and using your personal information. We may rely on the following grounds within the UK GDPR for this lawful basis:
Other lawful grounds for processing your data could apply in certain situations, such as where sharing your personal information is essential in order to protect you from harm (“vital interests”) or where we otherwise have a legitimate interest.
We need to collect certain information about you in order to process your application. We may get the information directly from you but also from other sources such as a Job Centre or government work programme or from the people whose names you have given us as referees:
Once we enter into a contract of employment (or volunteer agreement) with you and at any time thereafter, we may need to update any of the information above, to ensure it remains accurate. We will also collect other information about you and your work that we need in order that we can both fulfil our obligations to each other and to others. This might include records of training, assessments, meetings, supervision and appraisals as well as records of the work you do and other aspects of your employment or volunteering, such as annual leave, sickness absence, accident and incident records, disciplinary or grievance processes and occupational health records.
During the course of your employment or volunteering, we may also collect further information about you from third parties, such as the people that use our services, our clients and customers. If you have been referred to us by a Job Centre or government work programme or on an educational work placement, we may also obtain further information from the agency or establishment that referred you to us.
Similarly, we may need to obtain information about your health from your GP or another healthcare professional, but only with your consent, which we will seek at the time.
We will also need to maintain records of your pay and tax, NI and other deductions made.
Before you take up employment or a volunteer role with us, we will use your personal information to:
If your application is successful, we will carry forward the information you have provided and use that information along with any other personal information that we obtain to:
We will not share your information with others unless we have a lawful reason for doing so.
In order to process your application, we may share relevant information about you, your application and about your past employment with the people whose names you have given us as referees.
Once you are employed by us (or become a volunteer), we may share information about you with the people that use our services and their families and representatives in so far as it is relevant to the provision of their service. We may also share relevant information about you with the people or organisations that commission our services in order to allow us to fulfil our contractual obligations to them.
We will also share your information with certain data processors in order to process your application and then to fulfil our obligations as an employer and a provider of care services. For example, our application processing systems are hosted by a separate company. Our care management software systems, including systems for the electronic monitoring of care assignments, are also hosted by a separate company. We may also use external training providers to equip you with the skills you need to do your job. We also use contractors for the archiving and disposal of confidential documents.
These and any other data processors we use can only use your data for the purpose we have asked them to and will not share your data with anyone else. They must also keep your data safe and secure.
In order to allow you to have the option of taking advantage of our employee assistance programme (EAP) and perks platform through LifeWorks, we will also share your name and email address with LifeWorks (who operate the EAP). LifeWorks only use this information to verify that you are who you say you are when you sign up to the services. If you do sign up to the platform (which we hope you will), LifeWorks have their own privacy notices explaining to you how they will use your data. (This paragraph does not apply to volunteers, who will not have access to the EAP).
We may share with your future employers factual information about your work with us in the form of an employment reference where you name us as a referee.
Our company is part of City and County Healthcare Group. Although the group provides its services through a number of different companies, it shares a middle and senior management structure and back-office functions (such as finance, payroll and IT). In order process your application and to fulfil our contractual obligations to you as your employer (and to otherwise run our business effectively), we may need to share your personal information within the management and back-office structure of City and County Healthcare Group.
We may also share your personal information with law enforcement or other authorities if required by law. This includes information required by public bodies to evidence our compliance with applicable regulatory frameworks.
We may also share relevant information about you with organisations that are empowered by law to carry out functions on behalf of government, such as maintaining workforce statistics (for example, in England, Skills for Care which maintains the Adult Social Care Workforce Dataset).
Where you undertake a formal qualification as part of your employment (e.g. an apprenticeship programme), we will provide relevant personal information to the educational establishment; note that such organisations are independently regulated and will provide you with their own information about how they will protect your privacy.
In the event of the possibility of your employment transferring to another employer by operation of the Transfer of Undertakings (Protection of Employment) Regulations (“TUPE”), we may share with your prospective new employer, in advance of any transfer, relevant information about you (such as your training records and rotas) in order to ensure compliance with our legal and contractual obligations and to ensure continuity of services.
We will not share your personal information with any other third party without first asking your permission and will never sell your personal information to anyone.
We have appropriate security measures in place to prevent personal information from being accidentally lost, or used or accessed in an unauthorised way. We limit access to your personal information to those who have a genuine need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.
We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so or where we otherwise think you should know about it.
If your application is not successful, or you withdraw it, we will retain a record of your name and national insurance number and information about the progress of your application (such as when you applied, when you were interviewed, whether you passed or failed the assessments, what evidence you provided of identity or your right to work in the UK, whether you attended training, and the reason that your application did not result in employment) for administrative and monitoring purposes only. However, any copies of your personal documents that were taken during your application will be destroyed six months after your application fails or is withdrawn. During that period, we may contact you in connection with your data privacy rights and to let you know about future suitable employment or volunteering opportunities.
If your application is successful and you take up a role with us, we will retain the personal information you have provided during the application process and any further information obtained from you for six years after the end of your employment (or period of volunteering). This will allow us to fulfil our regulatory obligations. We may also contact you in connection with your data privacy rights and to let you know about future suitable employment or volunteering opportunities.
After six years, we will destroy most of your information securely, retaining only basic personal information to allow us to confirm that you held a position with us and the reason that you left, plus any information about you that forms part of records that we otherwise need to retain for statutory or other legitimate purposes.
Under the UK GDPR, you have a number of important rights. In summary, those include rights to:
You will find further information on each of these rights on the Information Commissioner’s website (www.ico.org.uk).
If you wish to exercise any of the above rights or have any other complaints or queries about this notice and our use of your personal information, you can contact us as follows:
Email: dataprotection@candchealthcare.co.uk
Telephone: 020 7186 0518
By post:
The Data Protection Officer
City and County Healthcare Group
Cardinal House
Abbeyfield Court
Abbeyfield Road
Nottingham
NG7 2SZ
Note that we may ask you to provide proof of your identity before we can discuss your personal information with you.
If you have a complaint about the way we process your personal information, we would ask you to contact us using the details in the previous section.
We hope that we can resolve any concern you raise, but if you want to do so, you also have the right to complain to the Information Commissioner, who may be contacted at www.ico.org.uk/concerns/ or by telephone on 0303 123 1113.
If you would like this notice in another format (e.g. audio, large print or braille), please contact us (see ‘How to contact us’ above).