Privacy Policy

Privacy Policy

Introduction

The General Data Protection Regulation (GDPR) harmonises data protection laws in the EU that are fit for purpose in the digital age.  By introducing a single law, the EU believes that it will bring better transparency to help support the rights of individuals.

The primary objective of the GDPR is to give individuals back control of their personal data.

The GDPR is a regulation and not a directive this means that it is applicable in all EU member states from 25th May 2018.

How we use your information

Your information will be held by East Midlands Crossroads – Caring for Carers, which trades as Carers Trust East Midlands. This privacy notice is to let you know how we promise to look after your personal information. This includes what you tell us about yourself and the choices you give us about what marketing you want us to send you. This notice also tells you about your privacy rights and how the law protects you.

Our Privacy Promise

We promise:

To give you ways to manage and review your marketing choices at any time.

 

 

How the law protects you

This section sets out the legal reasons we rely on, for each of the ways we may use your personal information.

As well as our Privacy Promise, your privacy is protected by law. This section explains how that works.

Data Protection law says that we are allowed to use personal information only if we have a proper reason to do so. This includes sharing it outside Carers Trust East Midlands. The law says we must have one or more of these reasons:

When we have a business reason of our own to use your information, this is called a ‘legitimate interest’. We will tell you what that is, if we are going to rely on it as the reason for using your data. Even then, it must not unfairly go against your interests.

The law and other regulations treat some types of sensitive personal information as special categories. This includes information about racial or ethnic origin, sexual orientation, religious beliefs, trade union membership, health data, and criminal records. The collection and use of these types of data are subject to strict controls. Similarly, information about criminal convictions and offences are also limited in the way it can be processed. We only process data if we need to for a specific purpose.

We collect your personal data mostly through our contact with you, and the data is usually provided by you, but in some instances we may receive data about you from other people/organisations. Here is a list of all the ways that we may use your personal information, and which of the reasons we rely on to do so.

 

 

Your data and how and why we process it

In general terms, we process your data in order to manage our relationship with you. The table below lists more specific purposes for processing your data, and the legal basis for each type of processing.

Data processing Legal basis for processing
1.     Data we collect when you use our services.

This will include Name, Address, Telephone number, mobile number, email address, D.O.B

 

 

 

 

 

 

 

 

 

2.     Special Categories of data we collect when you use our services.

This will include Health conditions, disabilities, ethnicity, gender, sexual orientation, nationality, religion

 

 

 

 

 

 

 

 

3.     Special Categories of data we collect when you use our services

Next of kin and/or Carers details

This will include Name, Address, Telephone number, mobile number, email address, D.O.B

 

 

 

 

 

 

 

 

4.     Data we collect from 3rd Parties to enable you to access our services

This will include some or all of the data listed in 1-3 of the above

 

 

 

 

 

 

 

 

 

 

5.     Information we share for monitoring purposes with 3rd Parties to enable you to access our services

This can/will include some or all of the data listed in 1-3 of the above

 

 

 

 

 

 

 

 

 

6.     Distribution Lists – if you have used our services previously we will hold your contact information for a period of one year after the contract with you has ceased.

1.     Processing is carried out in the course of legitimate activities and is necessary for the performance of a contract of which the data subject is party to. As we provide regulated care services we are also regulated by CQC, the Care Act and Safeguarding procedures.

If you choose not to give us this personal information, it may delay or prevent us from fulfilling our contract with you.

 

2.     Processing is carried out in the course of legitimate activities and is necessary for the performance of a contract of which the data subject is party to. As we provide regulated care services we are also regulated by CQC, the Care Act and Safeguarding procedures.

If you choose not to give us this personal information, it may delay or prevent us from fulfilling our contract with you.

 

3.     Processing is carried out in the course of legitimate activities and is necessary for the performance of a contract of which the data subject is party to.

As we provide regulated care services we are also regulated by CQC, the Care Act and Safeguarding procedures.

If you choose not to give us this personal information, it may delay or prevent us from fulfilling our contract with you.

 

4.     Processing is carried out in the course of legitimate activities and is necessary for the performance of a contract with a local authority, Health authority, or funding source.

As we provide regulated care services we are also regulated by CQC, the Care Act and Safeguarding procedures.

If you choose not to give us this personal information, it may delay or prevent us from fulfilling our contract with you.

 

5.     Processing is carried out in the course of legitimate activities and is necessary for the performance of a contract with a local authority, Health authority, or funding source.

As we provide regulated care services we are also regulated by CQC, the Care Act and Safeguarding procedures.

If you choose not to give us this personal information, it may delay or prevent us from fulfilling our contract with you.

 

6.     Processing is carried out as a legitimate interest for use of our services in the future.  Once the year after contract is met this will be processed on a consent basis.

Information sharing with data subjects – after one year of no contract

For the purpose of sharing information, newsletters and updated service information

Processing will be applied on a consent basis only, annually.

Information will only be shared with those that ‘opt in’

Website and Social Media

We collect cookies from our website and social media platforms.

Cookies are small computer files that get sent down to your PC, tablet or mobile phone by websites when you visit them. They stay on your device and get sent back to the website they came from, when you go there again. Cookies store information about your visits to that website, such as your choices and other details. Some of this data does not contain personal details about you or your business, but it is still protected by this Privacy Notice.

For further information with regards to cookies., please refer to our Cookies Policy
Photographs

We use photographs for promotion of events that have taken place on our website or social media, which can capture data subjects.

Processing will be applied on a consent basis only, annually.

 

At times, we may further process data which we have already collected. We will only do this if the new purpose for processing it further is compatible with the original purpose that the data was collected for. We will tell you about any further processing before carrying it out.

How we store your data

Your personal data is held in both hard copy and electronic formats.

Electronic data, including emails, is stored on our servers, which are located in the UK/European Union on our software suppliers’ servers.

How long we keep your data

Information about how long we process your data for can be found in our Retention Policy.

Some retention periods are based on legal requirements while others take into account practical needs to keep the data.

Once the applicable retention period expires, unless we are legally required to keep the data longer, or there are important and justifiable reasons why we should keep it, we will securely delete the data.

Your rights as a data subject

As a data subject, you have the following rights in relation to your personal data processed by us:

  1. To be informed about how your data is handled

This is covered by this Privacy Notice, Retention Policy and Cookie policy

 

  1. To gain access to your personal data

You can get a copy of all the personal information we hold about you by contacting us via any of the routes outlined at the bottom of this section.

 

Please note due to the sensitivity of the information we hold, we will need to confirm identity of the person requesting the information prior to sharing any personal data.

 

  1. To have errors or inaccuracies in your data changed

You have the right to question any information we have about you that you think is incorrect. We will take reasonable steps to check this and if necessary correct it.  If you want to do this, please contact us via any of the routes at the bottom of this section.

 

  1. To have your personal data erased, in limited circumstances

You can ask us to delete, remove, or stop using your personal information if there is no need for us to keep it. There may be legal or other official reasons why we need to keep or use your data. But please tell us if you think that we should not be using it.

 

  1. To object to the processing of your personal data for marketing purposes or when the processing is based on the public interest or other legitimate interests.

You can ask us to delete, remove, or stop using your personal information if there is no need for us to keep it. There may be legal or other official reasons why we need to keep or use your data. But please tell us if you think that we should not be using it.

 

  1. To restrict the processing of your personal data, in limited circumstances.

We may sometimes be able to restrict the use of your data. This means that it can only be used for certain things, such as legal claims or to exercise legal rights.

You can ask us to restrict the use of your personal information if:

If we do restrict your information in this way, we will not use or share it in other ways while it is restricted.

 

 

 

 

  1. To withdraw consent

You can withdraw consent at any time.   This will only affect the way we use information when our reason for doing so is that we have your consent.  If you want to do this, please contact us via any of the routes at the bottom of this section.

 

  1. To obtain a copy of some of your data in a commonly used electronic form, in limited circumstances

You have the right to get certain personal information from us as a digital file, so you can keep and use it yourself and give it to other organisations if you choose to. If you wish, we will provide this to you in an electronic format that can be easily re-used, or you can ask us to pass it on to other organisations for you.  If you want to do this, please contact us via any of the routes at the bottom of this section.

 

If you wish to apply any of the above then please contact us via any one of the following routes:

Telephone: 01708 757242

Email: dataprotection@carerstrustem.org

In writing to the following address:

Carers Trust East Midlands

19 Pelham Road

Sherwood

Nottingham

NG5 1AP

 

How to complain

Please let us know if you are unhappy with how we have used your personal information. You can contact one of our Data Protection Officers as follows:

Email: dataprotection@carerstrustem.org

Telephone: 01708 757242

 

You also have the right to complain to the regulator, the Information Commissioner’s Office (ICO) and to lodge an appeal if you are not happy with the outcome of a complaint. You can make a complaint on the ICO’s website https://ico.org.uk/