Employee Privacy Promise
We ask that you read this privacy promise carefully as it contains important information on who we are and how we collect, use, store and share personal information. It outlines your rights and how to contact us and other relevant organisations in the event you have a complaint.
Quickly access information on Your rights here.
Who we are
We are Midshires Care Limited trading as Helping Hands (Home Care), registered number 3959933, registered address 10 Tything Road, Kinwarton, Warwickshire B49 6EP.
As a ‘data controller’, we are responsible for how we manage this information. The General Data Protection Regulation (GDPR) applies to the personal information of every UK or European citizen and sets out our obligations and your rights.
All our data processing activities are monitored by our appointed Data Protection Officer to ensure that the information we collect is:
- Used lawfully, fairly and in a transparent way
- Relevant and for reasons that we have told you about
- Accurate and up to date
- Kept only for as long as it is needed
- Kept securely
You may also be interested in our:
Information we collect from you
In our role as an employer, and because of the nature of our business, we process different categories of data from our employees during and after the employment period. The type of data includes:
Personal data: Name, contact details, bank details, date of birth, gender, marital status, driving licence number, vehicle registration number, photographs, next of kin contact details, GP contact details
Financial details: Payroll records, benefits, salary, tax status, National Insurance number
Employment data: Recruitment records (including employment history, references, DBS, right to work, etc.), Performance management records (direct observations, appraisals, supervisions, disciplinary, grievance), Training and competency records, Absence records (annual leave, etc.)
We will always ask for consent for any participation on our media platforms including social media and print publications.
We process ‘special category data’ which tends to be sensitive by nature and will include:
- Medical and health information (including sickness details)
- Nationality or ethnicity
- Criminal cautions or convictions
- Motoring convictions
Information we collect from other sources
We may request and collect personal data, and information about you from different employment sources, recruitment agencies and individuals. We collect information from our website, social media and Applicant Tracking System (ATS) that you provide as a candidate during our recruitment process.
We also record and retain audio and video files for data processing outlined in our Call Recording and CCTV Policy.
Purpose for collecting and using your personal information
Under the GDPR, we must have a legal basis to process your information for all the activities we carry out. We rely on the following legal basis for processing:
- Article 6(1)(b) – processing is necessary for the performance of our contracts
- Article 6(1)(c) – processing is necessary for us to demonstrate compliance with the law or regulatory frameworks
- Article 6(1)(f) – in pursuit of legitimate interests for:
- Corporate diligence relating to performance and compliance of the business
- Monitoring calls, building perimeter and restricted areas of the business
- Providing access to company equipment, vehicles and facilities
When processing special category (sensitive) data such as your health, diversity information or details of any criminal convictions; we do this on the following grounds:
- Article 9(2)(b) – Legal obligations under employment or social benefit law
- Article 9(2)(f) – Establishment, exercise or in the defence of legal claims or in court
- Article 9(2)(h) – Provision of health or social care or management of health or social care systems or services
How we use this information and how long we keep it for
We use the information collected to employ and support you during your employment with Helping Hands Homecare. The period of retention commences after employment has ended.
|We use your personal information to:||For how long?|
|To maintain accurate and up to date personnel records of personal data, employment data, contracts and financial information
To record and manage statutory meetings such as redundancy, disciplinary or grievance proceedings
To record and manage mediation and conflict resolution
To process and assess special category data and health information where relevant to job role
To receive and process records of managed moves, resignations and facilitate exit interviews and leavers workflows
*employee record summary kept up to 75th birthday
|To record and process records of absence, annual leave, sick notes, Return to work, DBS checks, MATB1, etc.||3 years|
|To manage training needs by arranging or assessing training, refresher courses and competency assessments
To communicate and record performance management activities (including appraisals, observations and supervisions)
|To record and process payroll for employees
To record and process expenses or retirement benefits for employees
To monitor and ensure compliance with National Minimum Wage Standards
To record and manage Statutory Sick Pay
To enrol in pension schemes
3mths to 6 years
|To receive, record and process insurance claims
To respond and process post, penalties and sanctions
|To provide access privileges on systems applications and company equipment acquisitions
To create employee profiles and manage work placements including travel arrangements and accommodation when required
To manage car parking and allocate spaces
To recover company assets and intellectual property during and occasionally after a period of employment
To communicate, exchange and record communications as part of the responsibilities of the job role and job description
To issue and renew ID badges and security fobs
|To comply with Investigations and regulatory compliance
To monitor, review and support internal and external audit processes relating to the service provision in line with data sharing agreements and confidentiality clauses
To process and record notifications, accidents and incidents internally and with the appropriate external regulators (including RIDDOR, CQC, CIW)
To investigate, manage and record concerns, safeguarding and complaints
|Up to 10 years|
|To report business and trend analysis
To monitor and report on business performance and compliance
To conduct and participate in employee surveys, review or feedback
To participate in employer schemes and other work-related activities and communications
|To maintain active accounts on the Applicant Tracking System (ATS)
To communicate internal job opportunities*
To respond to requests relating to your individual rights
*To opt out, you can delete your account or use the unsubscribe option available in all email marketing communication
Sharing your information with others
To operate our business and recruitment process, we have contracts in place with third party service providers to access and maintain a duty of care over your personal information. These include:
- IT and telecoms support – to ensure secure operation of our IT infrastructure
- Software support – to provide technical support and resolve issues
- Communication and logistics– such as Royal Mail and network providers
- Regulatory authorities – such as Her Majesty Revenue & Customs (HMRC), the Financial Services Authority (FSA), Care Quality Commission (CQC) and Care Inspectorate Wales (CIW)
- Hospitality Service providers – such as fleet vehicle management, bookings and training
- Insurance providers
- Pension providers
- External security providers (CCTV monitoring)
- Archiving Service Providers
We will share relevant information within Helping Hands Homecare during and after your employment where this is necessary, and in line with our purpose for processing.
Due to the nature of our business and the service we provide we may share minimal personal data with our customers to enable the safe and effective delivery of care, for example by sharing carer profiles with customers.
We will not share, sell or trade your personal information with any other third party without your consent, unless there is a legal reason to do so.
Storage and data transfer
All employee data is stored and processed on systems that are within the European Economic Area (EEA) with the appropriate level of legal protection and rights over your data.
Sharing information outside the European Economic Area (EEA)
We may share or transfer your personal information outside the EEA where an employee is resident or temporarily located in another country. This will be to communicate with you or our overseas business partners/agents.
This international transfer is under Article 49(1)(b) – the transfer is necessary for the performance of a contract between the data subject and the controller.
In countries that do not have the same data protection laws as the United Kingdom and EEA, reciprocal arrangements are in place to demonstrate the same duty of care and confidentiality.
You have rights over the way we use your information:
- You have the right to be informed about what information we collect and how it is used as outlined in this privacy promise.
- You have the right to ask for access to the information we hold on you. We would usually provide copies free of charge.
- You have the right to ask us to correct or update any information you think is incorrect or incomplete.
- You have the right to object to your information being used and/or withdraw consent.
- You have the right to ask us to stop using your information. This ‘right to be forgotten is only applied where there is no legal reason for us to continue to hold or use it.
- You have the right to object to any automated decision making. This could affect your ability to fully access our services.
- You have the right to ask us to stop using your information for marketing purposes by opting out at any point of the registration process or by updating your preferences once registered. The unsubscribe feature on our emails are actioned immediately but may take up to 14 days to complete.
- You have the right to ask us to transfer certain personal information or a copy of some of your information to you or to another organisation, including service providers, in a format they can use where this is technically possible, known as the ‘right to data portability’.
- You have the right to withdraw any permission you have previously given us to use your information.
For detailed information on each of those rights, including the circumstances in which they apply, see the Guidance from the UK Information Commissioner’s Office (ICO) on individuals’ rights under the General Data Protection Regulation. If you would like to exercise a right, please contact the Compliance team at firstname.lastname@example.org or see the ‘how to contact us’ section.
How to contact us
If you have any questions about this privacy promise, your rights or wish to contact the Data Protection Officer, get in touch by:
- Email – email@example.com
- Post – Compliance Department, Helping Hands House, 10 Tything Road West, Kinwarton, Alcester, B49 6EP
- Telephone – 01789 767181
How to complain
If you contact us, we hope to resolve any query or concern you raise about our use of your information.
The GDPR also gives you right to lodge a complaint with a supervisory authority within the European Union or EEA state where you work, reside or where any alleged infringement of data protection laws has occurred. The Information Commissioner Office (ICO) is the supervisory body in the UK and can be contacted at https://ico.org.uk/concerns/ or telephone: 0303 123 1113.
Changes to this privacy promise
This privacy notice was first published on 21st May 2018, and last updated on 30th April 2020.
We may change this privacy promise and update our website from time to time.
Do you need extra help?
If you would like this privacy promise in another language or format such as audio, large print or braille, please contact us.