The Data Protection Act 2018 and the EU General Data Protection Regulation (GDPR)
Care Preference Ltd is obligated to process data in line with the latest legislation. The requirements predominantly concern Employee, Service User, Customer and Supplier data, data protection legislation and Care Preference Ltd’s obligations for protecting and processing data securely.
- Data must be processed lawfully in a clear, fair and transparent manner
- Data must only be collected for the purpose of providing Domiciliary Care
- Data must be adequate, relevant and limited to what is necessary to deliver our Contractual obligations
- Data must be retained for only as long as necessary once Employee, Service User, Customer and Supplier contractual obligations have been fulfilled
- Data must be accurate and kept up to date
- Data must be processed securely during all stages of our Contractual obligations.
Our Employees, Service Users, Customers and Suppliers have additional rights under the General Data Protection Regulations which includes:
- Their right to be informed about their data
- Their right of access to their data
- Their right to have their data rectified
- Their right to have their data deleted
- Their right to restrict processing of data
- Their right to object to the processing of data
- Their right of data portability making it easier to access their information
- Their right to object to automated decision making and profiling.
We have appointed responsibility for compliance to one of our Registered Managers, (Christian Bytheway) and we provide all the necessary in-house training.
We are working with WeIgnyte to ensure that our data processing software system is always compliant.
We have mapped our data processes and make changes to ensure we are GDPR compliant, including:
- Ensuring that we have the correct lawful basis for the collection of personal data
- Reviewing all our retention policies and amending where required to ensure they are appropriate
- Enhancing our record-keeping practices to ensure we can demonstrate accountability for compliance
- Making sure that any third parties that are storing or otherwise handling personal data on our behalf or to whom we transfer personal data have appropriate safeguards to ensure GDPR compliance.
We are monitoring our security policy and practices to ensure all the data we store is as secure as possible. We continue to update our Policies, Documentation and Processes and to introduce new ones where appropriate.
Retention Periods
We shall only keep information for 3 years in the case of Service Users, Customers and Suppliers after the service end date and for Employees, 3 years after the financial year end following termination date. Employees Tax, NIC, Pay and Pension details will be kept for 6 years after the financial year end following termination date.
Should you have a request for details regarding your data held by us or to exercise your right to be forgotten or any other questions please email Christian at [email protected] or write to him at the following address.
Christian Bytheway,
Care Preference Ltd,
Innovation Centre,
York Science Park,
Innovation Way,
York.
YO10 5DG