Privacy Policy

Data Privacy Notice

Spring Care PAs Battle Limited is a social care company, privately owned by Spencer Taylor and Sarah Smithwick.

Spring Care PAs Battle Ltd (“Spring Care”, “We”, “Us”) is committed to ensuring your privacy is protected in accordance with Data Protection Standards.

This Data Privacy Notice explains what data Spring Care collects and uses through our website; in the line of our work as a provider of social care; as an employer; any links to third party and other websites; and your rights as a data subject.
Spring Care will ensure it complies with Data Protection Law when it comes to processing your data. We will use it lawfully and in a transparent way. We will collect data only for the purposes that we explain to you and will only use it for purposes that are compatible with and relevant to those purposes. We will keep your data accurate and up to date and will only retain it for as long as is necessary according to need and legal and regulatory purposes. Your data will always be kept securely.

This Data Privacy Notice has been updated to include the changes being implemented by the General Data Protection Regulations (GDPR) which are in place from 25th May 2018. This policy will be reviewed on a regular basis and updated when required.

How to Contact Us:

Spring Care PAs Battle Limited, 1 North Trade Road, Battle, East Sussex, TN33 0EX

Registered in England Company Number 08527106

Registered with the Care Quality Commission Provider Number 1-782436986

www.springcarepas.co.uk

enquiries@springcarepas.co.uk

01424 777135

What is the GDPR?

The General Data Protection Regulation is a new, European-wide law that places greater obligations on organisations and how they handle personal data.

Spring Care PAs Battle Limited is registered with the Information Commissioner’s Office (ICO) as a Data Controller. The ICO are the regulatory authority for Data Protection in the UK. They can be contacted here: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF www.ico.org.uk Tel: 0303 123 1113

What information does the GDPR apply to?

The GDPR applies to “personal data”. Personal data (and Sensitive Personal Data) is any information which relates to an Identified or Identifiable Natural person (a living person).

Spring Care defines personal data as follows:

Personal Data Information relating to identifiable individuals such as:
Job Applicants
Current and Former Employees
Agency, Contract and other staff
Customers and Service Users
Suppliers
Marketing Contacts
Sensitive Personal Data Marital Status
Nationality
Racial or Ethnic Origin
Political opinions
Religious or Similar beliefs
Trade Union membership
Physical or Mental Health condition
Criminal Offences (or related proceedings)

Spring Care will collect and process Personal Data and Sensitive Personal Data as part of its recruitment and employment procedures; and as part of its Service User assessment and provision of care services.

Data Sharing

We use consistent third-parties who act as data processors on our behalf to provide specific services. We may share your data with them to enable us to undertake the activities set out above. They themselves may then become data controllers once your data is shared with them. They may also introduce you to us or us to you, eg: social services, patient care teams within hospitals, Clinical Commissioning Groups (CCGs).

Your Rights – Access to your information and corrections

Under the Data Protection Law (GDPR and E-Privacy) you have certain rights as a Data Subject.

Right to be Forgotten (Right to Erasure) You have the right to have information about you to be erased. If it is legal for us to do so and does not interfere with our ability to provide services to you we will comply with your request.
Right to Confirmation and Access You have the right to confirm what personal data is being held, for what purpose it is being used and what the safeguards are regards to sharing of your personal data with third parties.
Subject Access Request You have the right to request the nature and actual information that we hold about you.
Right to object to automated decision making or profiling You have the right not be subject to a decision based solely on automated processing, including profiling.

Please see section on Automated Decision Making

Right to Object to Processing You have the right to object to any processing of personal data concerning you.

Please note that Spring Care will make you aware of the consequences of any objection at the time of you raising it.

Right to Rectification You have the right to ensure that the data we hold about you is correct at all times.
Right to Data Transfer You have the right to ensure that any of your personal data that is transferred abroad is done so securely giving you the same rights as if this data was being held in the UK.

Please note that Spring Care does not transfer your personal data outside the UK.

Right to Complain You have the right to complain at any time if you feel that we have failed to safeguard your information.

For any Subject Access Requests (SARs) or any other request under Your Rights above please contact us in writing at the address set out at the top of this notice or by email on enquiries@springcarepas.co.uk

Website Privacy Notice

Spring Care uses cookies on its website. Cookies are text files which collect log-on information and visitor behaviour information. Cookies track visitor use and compile statistical reports on website activity.
The reason we monitor visitor activity is to enable us to make our website more responsive to the needs and preferences of our visitors.

We do not collect any identifiable data through our website.

You can set your browser to accept or decline cookies. Please be aware that a decline preference may mean a loss of function in some of our website features.

For further information on cookies visit: www.aboutcookies.org or www.allaboutcookies.org

Spring Care’s website is subject to Google Analytics Software. The Google Analytics Software (‘the Software’) is separate to Spring Care and operated by Google Limited. The Software produce a report which shows the number of people who have clicked on this website but does not contain any personal identifiable information. Spring Care does not pass on any information to third parties.

Links to Third Party and other Websites

This website may include links to other websites which allow you to connect to them. The links are provided as a convenient method of accessing information that may be useful or of interest to you. These links are beyond the control of Spring Care and we therefore cannot accept any responsibility for them. These sites may have their own privacy policies, and Spring Care cannot guarantee the privacy practices or the security of other sites. Upon clicking a link you have left Spring Care’s website and the privacy policy stated on our website is no longer in effect.

Children

Our website is not intended for children.
We do not provide care services to children or young persons under the age of 18.
We do not employ children (classed as those under 14) in any capacity.
We do not knowingly collect or process data relating to children.

Security

Under the rules of the GDPR, Spring Care will be operating a Privacy by Design and Privacy by Default policy. Meaning that before we use your data we will have already considered the potential impact on you as a Data Subject if your data were to be lost, stolen, shared or compromised.

Spring Care is in the process of reviewing its Security measures, which are likely to then include encryption of data wherever possible when it is to be stored with or transmitted to third parties. Where data is stored or transmitted to a Third Country (any country outside of the European Economic Area (EEA) we will ensure appropriate adequacy protection is in place).
Spring Care has contracts in place with all of its privately contracted third party relationships involving data transfer, such as for payroll processing, Disclosure and Barring checks, Care Management systems. These contracts have been reviewed to ensure your data is always processed securely.

Please note that we may also need to undertake further security and screening questions when undertaking our routine dealings with you, these are in place to protect your personal data and security.

Automated Decision Making

Spring Care holds a contract with Access UK Ltd for their People Planner Care Management System, specifically for the following:

  • Scheduling and Rostering
  • Payroll and Invoicing
  • Daily Records for both staff and service users
  • To store information for service users, next of kin, funders
  • For recruitment and screening
  • For HR Records
  • For Accounting
  • For Insight and Analytics

People Planner enables Automated Decision Making Processes under its planning rules for things like Maximum Working Hours, Training and Qualification Rules (eg: can individual staff deliver the care required to the Service User), staff and Service User preference lists, Clashing / Near Clashing of care visit scheduling.

This Automated Decision Making is necessary for the entry into or performance of our contract with both Service Users and Employers.

Spring Care does NOT use any Automated Decision Making Processes or Profiling for its recruitment of staff or when deciding whether we are able to deliver care services to a potential Service User.

Data Retention Schedule

job applicants 1 not shortlisted for interview data destroyed within 30 days
2 shortlisted for interview data retained for 6 months
3 successfully appointed and start work for us see employee section
in the case or 1 or 2 above you have the right to be forgotten and we will destroy your data at your request
employees 1 timesheets 2 years
2 occupational health records until 75th birthday or 6 years whichever is sooner
3 hr file until 75th birthday or 6 years whichever is sooner
4 training records (statutory and mandatory) until 75th birthday or 6 years whichever is sooner
5 salaries paid 10 years
6 tribunal case records 10 years
you have the right to be forgotten, however please note that where we are obliged to keep your personal data because of a regulatory or legal requirement we will not be able to destroy the data
service users and families 1 initial enquiry information 6 months
2 post assessment – where we have completed a risk assessment, which may include sensitive personal data, but no service has started 6 months
3 having received a service from us 8 years
in the case or 1 or 2 above you have the right to be forgotten and we will destroy your data at your request.
all 1 subject access requests (sars) 3 years
2 litigation records 10 years

Service Users and Service Users’ Families or Advocates

  • What information do we collect about you?

The nature of our service means that very personal and sensitive information is discussed, openly and honestly, in order to ensure we can meet your health and social care needs in ways that are unique to your individual circumstances. This specific type of information is required in order for us to meet our legal and regulatory obligations as a registered provider and to be able to fulfil our contract with you.

If you are a next of kin or person with power of attorney, then your details are required to ensure that we can get the necessary authority in respect of the care services we are providing to the person under your authority.

We will be collecting and processing the following information:

  • Your full name, address and contact details and next of kin information
  • Your capacity to make decisions and/or whether we need to liaise with the person(s) you have entrusted with power of attorney
  • Any specific medical conditions that may affect our staff and our ability to look after you
  • Any specific health issues that you may be required to disclose, depending on the nature of the care we will be providing to you
  • Details relating to the methods through which your care is being funded. If you are funding your care, then we will invoice you or your specified contact and receive payment via cash, cheque or bank transfer. If your care is being funded, then we will deal with the organisation funding this, or any other party that you have nominated or has agreed to pay for your care
  • We will record details of any medication you require in order that we can ensure we administer this and we will also record any specific medical care wishes you have
  • If you wish us to, we will record other information such as your religion, to allow us, should you request, to contact the appropriate religious representative

The Lawful bases which we use are contained within the Data Protection Act 2018 and are:

Contractual Obligation When we have a contract with you to provide care and/or support services.
You may have contracted us directly, or this contract may have been given to us by Social Services or CCGs and you have consented to us providing you with care and support (Consent to Care is separate from consent as a legal bases for us processing your data)
Legal Obligation Where we have a legal obligation to comply with current law, industry compliance requirements or court order.
For example, providing funding agencies with information about the services we are providing to you, to comply with the Health & Social Care Act and the Care Quality Commission standards, or where we are required to be able to demonstrate skills and competences of our staff to comply with industry or legal requirements
Vital Interest This is where the sharing of information is in the vital interest of you or our staff.
Such as sharing appropriate identity/information with a medical provider (ambulance, doctor, hospital, etc) in the event you are taken ill. Where your condition may represent a threat to the interests, rights or freedoms of other people, eg: if you have a communicable disease and we believe your condition may represent a risk to our staff or other healthcare professionals
  • How information about you will be used

We may share information regarding your care with those who have a need to know, namely Health Professionals, such as GPs, District Nurses, Hospitals, etc. Local Authorities, which would include departments such as Social Services, Housing, Day Centres etc. Any relevant person identified by you, such as family members, Power of Attorney; and our staff.

We will not share your information with anyone except those indicated above, unless required by law or at your specific request.

Personal information supplied to us is used in a number of ways, for example:

  • To agree a Care Plan
  • To review your care needs
  • To monitor your medication
  • To help us improve our services

Upon completion of your Assessment of Needs (Risk Assessment), we compile a Care Plan which sets out tasks, aspirations and outcomes in order to meet all your identified needs and this is regularly reviewed and updated. This includes liaison with all those involved in your care such as family, your representative relevant health and social care colleagues and other professionals.

In the event you are unwell, in an emergency, this information will be passed onto medical professionals, eg: ambulance, GP, hospital services.

  • How long do we keep your information for?

Please see the section on Data Retention

Job Applicants including Volunteers

  • What information do we collect about you?

To ensure that we can process your application to work with us, we will be collecting and processing the following Personal Data and Sensitive Personal Data:

  • Your full name, address and contact details and National Insurance number
  • Identification and legal status to work in the UK
  • Present and previous employers including reason for leaving
  • Referees who can be contacted for a reference
  • Education qualifications, training and certifications
  • If you have ever been dismissed or asked to resign from any employment
  • Any other information that you provide in your CV or written application – which we have no control over
  • If you have been referred to the Protection of Vulnerable Adults register
  • If you have any unspent convictions and if you have any pending prosecutions
  • If you have been subject to a safeguarding referral and if you have been barred from working with vulnerable adults

If your application and interview with us is successful, we will then carry out the following checks:

  • We are required by law to obtain a Disclosure and Barring Service Enhanced Certificate (DBS) which will provide you with a record of all spent and unspent convictions, cautions, reprimands and final warnings held on police file. This check also includes whether you are barred from working with adults. To complete the application for a DBS you are required to provide places of residence for the last 5 years and to provide us with certain documentation such as your passport, driving licence, proof of address such as utility bills dated within the last 3 months.

    Should you already have a DBS registered on the Update Service we will need to see your original DBS certificate and gain consent from you for us to run a check on the DBS Update system to confirm its validity. In those circumstances we would ask for your identity documents such as those listed above for our records and as part of our compliance.

  • You will be asked to provide information on any specific health issues that you may be required to disclose depending on the nature of the role you are applying for to ensure that we can fulfil our obligations in relation to health and safety.
  • We will seek references from your referees as provided by you, one of which will be from your current or most recent employer

The Lawful basis which we use is contained within the Data Protection Act 2018 and is:

Consent You will be asked to provide Consent at various intervals during the recruitment process.

You have the right to withdraw your consent at any time by contacting us to let us know what you would like to change.
Be aware that withdrawing your consent may mean that your application cannot be processed any further. If we have already shared your data with a third party we will make them aware that you have withdrawn your consent.

  • How information about you will be used

We will be using the information you have provided to us to determine whether you are suitable for the position that you have applied for either in relation to the job description and person specification for the role and also under our legal obligations where certain positions are exempt from the provisions of the Rehabilitation of Offenders Act 1974 (exceptions) Order 1975 as amended by the amendment order 1986.

We may share your data with third parties such as:

  • Immigration Services to ensure that you have the right to work in the UK and/or correct visa requirements – this is based on our requirement to comply with the law surrounding recruitment
  • Police and Criminal Records Bureau eg: Disclosure and Barring check
  • References – as provided by you based on our legitimate interest
  • Medical Examiner – where we may require you to undertake a medical, hearing test, etc relative to the role that you are applying for. This may be both based on our legitimate interest but also to protect you and/or other members of staff or our service users

You will be informed if your data is going to be shared with any third party before we undertake that activity

  • How long do we keep your information for?

Please see the section on Data Retention

  • Third Party Introductions / Job Sites

Where you have submitted your application through a third party, eg: Recruitment Agency, Job Site, etc you will have provided your Personal Data to those services and you need to ensure you are satisfied with the measures they are taking with your data, as we cannot be held responsible.

In initial correspondence with you we will always let you know where we obtained your data from and confirm that your interest in working with us is true.

Employees including Volunteers

  • What information do we collect about you?

During the course of your employment with us, we will be collecting and processing the following Personal Data and Sensitive Personal Data:

  • Your full name, address and contact details, next of kin
  • Identification and legal status to work in the UK
  • References, qualifications and certifications
  • Any specific health information that you provide us in your CV or written application – that we have no control over
  • PAYE information and National Insurance number
  • Your bank details, as we operate a BACS payment process and require this in order to be able to pay you
  • If your role involves travel we will also need to obtain copies of your driving license, car business insurance and MOT certificate
  • Sickness reporting – if you report absence from work, there is the possibility that we may be consequently in possession of information relating to your health, or potentially in possession of fitness to work assessments
  • Information about any medical conditions that you disclose to us, in order for us to ensure your health and safety
  • Any convictions, cautions, reprimands, warnings or pending prosecutions that you incur during your employment with us
Contractual Obligation Where we have contracted with you to provide you a service or benefit as a result of your employment, such as:
Paying your salary into your bank account where we will need to process your bank information
Providing your pension or other benefits may require us passing your details to a third party provider
Legitimate Interest Where we believe our legitimate interests do not override your interests, rights and freedoms, we may:
Request you to attend a medical after a period of sickness and obtaining confirmation of your fitness to work or medical conditions that may limit your duties
Be required to undertake screening, eg: moving and handling assessments. We may record this information to provide evidence in the future for example if you were to make a claim
Legal Obligation Where we have a legal obligation to comply with current law, industry compliance requirements, court order etc, we will need to:
Provide HM Revenue & Customs with information about your employment, tax and national insurance contributions etc
Provide information to the company’s legal team concerning employee’s sensitive data and allegations in respect of employee relations cases
Comply with a court order, earnings order, legal case, statutory duty with the Care Quality Commission and local authorities (safeguarding)
Provide anonymous statistical information for gender and equality compliance
Process your data to be able to demonstrate mental and physical fitness to undertake your role, skills and competence in order to comply with industry or legal requirements
Collate information required to conduct a DBS check or to check the barred list
Vital Interest Where the collection or sharing of information is in the vital interest of you or other members of the public, including staff or service users, we may need to:
Obtain your next of kin details
Share appropriate identity information with a medical provider (ambulance, doctor, hospital etc) in the event you are taken ill, OR with a third party who may need to know this to obtain medical care for you in the event you are taken ill whilst in the community at work for example
Where your condition may represent a threat to the interests, rights and freedoms of other people, eg: if you had a communicable disease and were required to work with vulnerable adults

You have the right to object to processing or change your preferences at any time by contacting us to let us know what you would like to change.

Be aware that in some cases objecting to the processing or sharing of your information may result in a benefit being withdrawn or us being unable to comply with the law of our contract with you. We will let you know how we can or cannot comply with your request if you were to make such request.

For example, if you ask us to not share your details with HMRC we would not be able to comply with this request as we are legally obliged to provide this information.

  • How information about you will be used

Your information will be used to enable us to comply with our legal responsibilities as your employer, and as a regulated provider.

We may share your data with third parties such as:

  • Immigration Services to ensure that you have the right to work in the UK and/or correct visa requirements – this is based on our requirement to comply with the law surrounding recruitment
  • Police and Criminal Records Bureau, eg: Disclosure and Barring Service check
  • Certification bodies (Exam bodies, University, College) – as listed in your qualifications, we may be required to undertake this in compliance with our legal obligations and in any case in relation to our legitimate interests
  • References – as provided by you based on our legitimate interest
  • Medical Examiner – where we may require you to undertake a medical, hearing test, etc or where your condition may require us to obtain independent medical advice relative to the role you have applied for. This may be both based on our legitimate interest but also, depending on the role, to protect you and/or other members of staff or our clients
  • Industry Compliance / Audit – where we are required to comply with industry requirements eg: register staff, demonstrate competences or accreditations, auditors etc we may need to share only data that is limited to fulfilling that purpose necessary to demonstrate compliance. This may therefore fall under the category of legitimate interest or legal obligation, depending on the nature of the audit/compliance requirement
  • Payroll – our payroll management company Mustard Payroll Ltd processes our payroll. We have undertaken checks to ensure that they comply, as a minimum, with the same level of security of processing around Personal Data as we do. Only the limited information necessary for them to undertake payment processing is shared with them. We are processing this information in order to comply with our contractual obligations with you
  • Government Services – HMRC, Pensions and National Insurance, Immigration, Courts, and Police – as required by law, order including attachment of earnings
  • We are required to report to the DBS any event where an employee is found to have put our Service Users at risk of harm or caused harm. We are also required to disclose this information to the Care Quality Commission and the Local Authority as part of our statutory duty (Safeguarding)
  • How long do we keep your information for?

Please see the section on Data Retention

Self Employed Contractors

  • What information do we collect about you?

As a self-employed contractor (such as a Live In Carer), we complete your recruitment and employment process with us in much the same way as though you were employed by the company. There are some elements of your data that we will not need to process such as processing your data through our payroll company.

During the course of your contract with us, we will be collecting and processing the following Personal Data and Sensitive Personal Data:

  • Your full name, address and contact details, next of kin
  • Identification and legal status to work in the UK
  • References, qualifications and certifications
  • Any specific health information that you provide us in your CV or written application – that we have no control over
  • Unique Tax Reference number and National Insurance number
  • Your bank details, as we operate a BACS payment process and require this in order to be able to pay you
  • If your role involves travel we will also need to obtain copies of your driving license, car business insurance and MOT certificate
  • Sickness reporting – if you report absence from work, there is the possibility that we may be consequently in possession of information relating to your health
  • Information about any medical conditions that you disclose to us, in order for us to ensure your health and safety
  • Any convictions, cautions, reprimands, warnings or pending prosecutions that you incur during your contract with us, or indeed between any separate contracts with us

The Lawful bases which we use are contained within the Data Protection Act 2018 and are:

Contractual Obligation Where we have contracted with you to provide you a service or benefit as a result of your contract, such as:
Paying your charges to us into your bank account where we will need to process your bank information
Legitimate Interest Where we believe our legitimate interests do not override your interests, rights and freedoms, we may:
Request you to attend a medical after a period of sickness and obtaining confirmation of your fitness to work or medical conditions that may limit your duties
Be required to undertake screening, eg: moving and handling assessments. We may record this information to provide evidence in the future for example if you were to make a claim
Legal Obligation Where we have a legal obligation to comply with current law, industry compliance requirements, court order etc, we will need to:
Provide information to the company’s legal team concerning contractor’s sensitive data and allegations in respect of employee relations cases
Comply with a legal case and statutory duty with the Care Quality Commission and local authorities (safeguarding)
Provide anonymous statistical information for gender and equality compliance
Process your data to be able to demonstrate mental and physical fitness to undertake your role, skills and competence in order to comply with industry or legal requirements
Collate information required to conduct a DBS check or to check the barred list
Vital Interest Where the collection or sharing of information is in the vital interest of you or other members of the public, including staff or service users, we may need to:
Obtain your next of kin details
Share appropriate identity information with a medical provider (ambulance, doctor, hospital etc) in the event you are taken ill, OR with a third party who may need to know this to obtain medical care for you in the event you are taken ill whilst on a contracted placement for example
Where your condition may represent a threat to the interests, rights and freedoms of other people, eg: if you had a communicable disease and were required to work with vulnerable adults

You have the right to object to processing or change your preferences at any time by contacting us to let us know what you would like to change.

Be aware that in some cases objecting to the processing or sharing of your information may result in a benefit being withdrawn or us being unable to comply with the law of our contract with you. We will let you know how we can or cannot comply with your request if you were to make such request.

For example, if you do not want to provide us with your bank details we would not be able to comply with this request as we would not be able to pay your invoice.

  • How information about you will be used

Your information will be used to enable us to comply with our legal responsibilities under the contract for services we hold with you, and as a regulated provider.

We may share your data with third parties such as:

  • Immigration Services to ensure that you have the right to work in the UK and/or correct visa requirements – this is based on our requirement to comply with the law surrounding recruitment
  • Police and Criminal Records Bureau, eg: Disclosure and Barring Service check
  • Certification bodies (Exam bodies, University, College) – as listed in your qualifications, we may be required to undertake this in compliance with our legal obligations and in any case in relation to our legitimate interests
  • References – as provided by you based on our legitimate interest
  • Medical Examiner – where we may require you to undertake a medical, hearing test, etc or where your condition may require us to obtain independent medical advice relative to the role you have applied for. This may be both based on our legitimate interest but also, depending on the role, to protect you and/or other members of staff or our clients
  • Industry Compliance / Audit – where we are required to comply with industry requirements, eg: register staff, demonstrate competences or accreditations, auditors etc we may need to share only data that is limited to fulfilling that purpose necessary to demonstrate compliance. This may therefore fall under the category of legitimate interest or legal obligation, depending on the nature of the audit/compliance requirement
  • Government Services – HMRC, Immigration, Courts, and Police – as required by law
  • We are required to report to the DBS any event that an employee or contractor is found to have put our Service User’s at risk of harm or caused harm. We are also required to disclose this information to the Care Quality Commission and the Local Authority as part of our statutory duty (Safeguarding)
  • How long do we keep your information for?

Please see the section on Data Retention