Data Privacy Notice
Connex Community Support is a company registered in England – Registration Number: 2918492. Our Registered Office is at 16 Eagle Parade, Buxton, Derbyshire, SK17 6EQ. We are also a registered charity – Charity Number: 1067193.
We provide the following services:
- Domiciliary personal care for older adults and people with a disability.
- Sitting and support services for children and young adults with a disability.
- Transport services.
- Befriending support and social contact groups.
- Home from Hospital services.
- Handy Van service.
- Home maintenance, cleaning and practical help.
- Volunteering information and recruitment.
- Office facilities and equipment for community use.
In order to provide our services, we may need to process Personal Data about you. This Privacy Notice explains how we will use the personal data we hold about you in line with the General Data Protection Regulations (GDPR).
If you have any questions about this Privacy Notice, feel free to send an email to email@example.com or call our Data Controller (Chief Executive) on 01298 23970.
To reduce the use of technical terms in this document, we talk about Connex Community Support as the Data Controller. We talk about you as the Data Subject and your data as Personal Data. If you are reading this document in your capacity as a parent or guardian of someone who uses our services, please understand that “you” covers both you and the beneficiary.
Please note that Appendix 1 includes a glossary of the GDPR terms used in this document.
WHO DO WE HOLD PERSONAL DATA ABOUT?
We hold Personal Data about the following people:
- Beneficiaries of our services.
- Parent/Guardian of a beneficiary.
- Contacts who have referred people to our services.
WHAT PERSONAL DATA WILL WE COLLECT?
To ensure that we can provide a service to you we need to collect some or all of the following information about you:
Your name, address, phone numbers, email, date of birth and where relevant, contact information for an emergency contact or next of kin. Depending on the service we are providing to you, we may also need to collect some Special Categories of Personal Data – these may include health data, sexual orientation, race, and religious or philosophical beliefs.
WHAT IS OUR LAWFUL BASIS FOR PROCESSING PERSONAL DATA?
We hold and process Personal Data about you to enable us to be able to provide services to you. Our Lawful Basis for holding this information is therefore that “Processing is necessary for the performance of a contract with the Data Subject or to take steps to enter into a contract.”
WILL WE DISCLOSE PERSONAL DATA TO ANYONE ELSE?
To enable us to provide a service to you, we may also need to share your data with other people or organisations:
- With other Connex Community Support services that may be of benefit to you.
- With statutory bodies that have a legal right to demand the information from us, e.g. the Care Quality Commission or the Police.
- With statutory bodies, in the event that we feel that you are vulnerable and at risk of abuse.
- With other organisations or individuals, but only where you have given your specific consent for this.
WHAT SECURITY PROCEDURES DO WE HAVE IN PLACE?
It is our policy to ensure that your data held by us is handled correctly and appropriately according to the nature of the information, the risk associated with mishandling the data, including the damage that could be caused to an individual as a result of loss, corruption and/or accidental disclosure of any such data, and in accordance with any applicable legal requirements.
WHERE DO WE STORE THE PERSONAL DATA WE COLLECT?
Your data will be held on our server in Buxton and/or using third party servers (within the EU) managed by our software providers. We only use servers in the European Union. Access to IT systems is passworded, and file access is restricted to designated staff. Paper files are kept in locked filing cabinets.
FOR HOW LONG DO WE STORE YOUR PERSONAL DATA?
We retain your data according to our data retention policy and any relevant statutory requirements. After this period the data is securely destroyed or removed from our server. If you wish to know the exact period of retention for your personal data, do please contact Connex Community Support’s Data Controller.
WHAT RIGHTS DO YOU HAVE ABOUT THE PERSONAL DATA WE COLLECT AND HOLD ABOUT YOU?
You have the following rights:
- The right to be informed about what Personal Data Connex Community Support collects and stores about you, and how it is used.
- The right to request a copy of the Personal Data we hold, as well as confirmation of:
(i) the purposes of the processing;
(ii) the categories of personal data concerned;
(iii) the recipients to whom the personal data has/will be disclosed;
(iv) for how long it will be stored; and
(v) if data wasn’t collected directly from you, information about the source.
- The right to require Connex Community Support to correct any Personal Data held about youwhich is inaccurate or incomplete.
- The right to have your data erased from our records – unless we need to retain the data under circumstances specified by the GDPR.
- The right to request that Connex Community Support restricts the processing of your data. The GDPR specifies the circumstances where this right applies.
- Right of portability: the right to have the data you have given us to be transferred to another organisation.
- The right to object where processing is carried out for direct marketing purposes.
- The right not to be subject to a decision based solely on automated processing.
WHO DO YOU COMPLAIN TO IF YOU ARE NOT HAPPY WITH HOW WE PROCESS YOUR PERSONAL DATA?
If you have any questions or concerns about how we are using Personal Data about you, please contact our Data Controller at our registered address or by email to firstname.lastname@example.org
You can also submit a complaint to the Information Commissioner’s Office. For further information please visit the ICO website: https://ico.org.uk/make-a-complaint/
We may update this Privacy Notice from time to time. If we do, we will let you know.
GLOSSARY OF GDPR TERMS IN THIS PRIVACY NOTICE
Controller is a legal term set out in the General Data Protection Regulation (GDPR), it means the party responsible for deciding what Personal Data to collect and how to use it.
Data Subject means the individual who can be identified from the Personal Data.
GDPR (General Data Protection Regulation) is Europe’s new framework for data protection laws – it replaces the previous 1995 data protection directive, which current UK law is based upon.
Lawful Basis – There are six lawful reasons defined in the GDPR for which personal data can be processed.
Personal Data means data which can be used to identify a living individual. This could be a name and address or it could be a number of details which when taken together make it possible to work out who the information is about. It also includes information about the identifiable individual.
Special Categories of Personal Data means details about an individual’s race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about health and genetic and biometric data.