Employee Privacy Policy

Our privacy promise to employees

We ask that you read this employee privacy promise carefully as it contains important information on who we are, how and why we collect, store, use and share personal information, your rights in relation to your personal information and on how to contact us and other organisations in the event you have a complaint.

Please see the section on Your rights for more information.

Introduction

We are Midshires Care Limited trading as Helping Hands Home Care. In order to identify, select, train and recruit new employees we collect and process personal information about you.

Personal information means any information about you from which you can be identified, but it does not include information where your identity has been removed (anonymous data).

As the ‘controller’ of personal information, we are responsible for how that data is managed. The General Data Protection Regulation (GDPR), which applies in the United Kingdom and across the European Union, sets out our obligations to you and your rights in respect of how we manage your personal information.

As the ‘controller’ of your personal information, we will ensure that the personal information we hold about you is:

Used lawfully, fairly and in a transparent way
Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes
Relevant to the purposes we have told you about and limited only to those purposes
Accurate and kept up to date
Kept only as long as necessary for the purposes we have told you about
Kept securely

If you have any questions about this privacy promise or would like further explanation as to how your personal information is managed then please contact us (see How to contact us below).

This document provides the information as required by GDPR under your right to be informed.

Personal data we process

In our role as an employer, and because of the nature of our business, we process a number of different categories of data from our employees during and after your working relationship with us. This includes:

Name
Contact details (postal address, phone number, email address)
Bank details
Age / date of birth
Gender
Marital status
Driving licence number
Photograph
Payroll records (benefits, salary, tax status, etc.)
Performance management records (direct observations, appraisals, supervisions, disciplinary, grievance)
Training and competency records
Absence records (annual leave, etc.)
Next of kin contact details
GP contact details
Recruitment records (including employment history, references, right to work, etc.)
National Insurance number
Extra information you choose to tell us (in writing or verbally)

Certain information that we process is classed as ‘special category data’. It is sensitive by nature. We have a higher duty of care in how we process this:

Religion
Medical and health information (including sickness details)
Nationality or ethnicity
Criminal cautions or convictions
Motoring convictions

Purposes of processing your personal information

In order to employ and support you during your employment with Helping Hands Homecare we will process personal data.

Purpose of processing	Examples
Maintaining employee files	Records of recruitment with Helping Hands To maintain accurate and up to date personal details, including emergency contacts Managing training needs, delivering or arranging training and assessing competencies To receive and record records of absence (including annual leave, sick notes, Return to Work, MATB1, etc.) To record performance management activities (including appraisals, supervisions, etc.) To record and manage statutory meetings including communication with our employees (including disciplinary or grievance) To process and maintain up to date criminal conviction and caution information, where relevant to your role To receive and process records of resignation from employment with Helping Hands
Finance and Payroll	To record and process expense payments for employees To record and process payroll for employees
Provision of service	Providing access to company equipment, vehicles and facilities (including phone, vehicles, software and applications) To issue and renew ID badges to all employees The provision of care (including covering placements, communication, records, training and competency assessment, reporting incidents) The provision of service (including arranging travel and accommodation, records, communication)
Investigations and regulatory compliance	To receive, record and process notifications, accidents and incidents as required with the appropriate external regulators (including RIDDOR, CQC, CIW) To receive, record and investigate complaints received about the service To respond to and redirect fines received on company vehicles to the appropriate driver To monitor and ensure compliance with National Minimum Wage Standards To register a manager or location and to make changes to registered managers or locations with our regulators To receive, record and process insurance claims
Reporting and business analysis	To conduct and support internal and external audits To monitor and report on the performance of the business and compliance To send, receive and analyse employee feedback

Who has access to your personal data

In order to operate our business and run our recruitment we rely on third parties to provide specialist support to us. To provide this support they will have access to, or a duty of care over your personal information.These third parties are:

IT and telecoms support companies – to ensure the safe, secure and resilient operation of our IT infrastructure including computers, servers, phones and mobile devices
Software support companies – to provide specialist support and resolve issues with the software that we run, for example the systems we use to store and manage your recruitment progression
Communication service providers – such as Royal Mail and network providers
Relevant authorities – such as the DVLA, HMRC, CQC or CIW
Service providers – such as fleet vehicle management, vehicle hire, hotel, training providers
Insurance providers
Archiving Service Providers

We will share relevant information within Helping Hands Homecare during and after your employment where this is necessary, and in line with our purpose for processing.

Due to the nature of our business and the service we provide we may share minimal personal data with our customers to enable the safe and effective delivery of care, for example we may share your name with a customer who you have agreed to work with.

We will not share, sell or trade your personal information with any other third party without your consent, unless there is a legal reason to do so.

International transfer

All your personal data is stored and processed on systems that are within the European Economic Area (EEA) and offer the same level of legal protection and rights over your data.

In certain situations, we transfer your personal information to the following countries which are located outside the European Economic Area (EEA):

A country where you are resident or located in temporarily

This will be for the purposes of communicating with you about your employment and the services we provide while you are outside of the UK.

This international transfer is under Article 49(1)(b) – the transfer is necessary for the performance of a contract between the data subject and the controller

Such countries do not have the same data protection laws as the United Kingdom and EEA. Any transfer of your personal information will be subject to appropriate or suitable relevant safeguards that are designed to help safeguard your privacy rights and give you remedies in the unlikely event of a misuse of your personal information.

If you would like further information please contact us (see How to contact us below).

Retention schedule

Type of data	Retention period
Employee file	7 years post employment
Finance details	3 years post employment
Pension or retirement benefit details	7 years post employment
Details relating to the provision of care to customers	Until the customer data record is deleted, in line with Helping Hands Retention Schedule.

Legal basis for processing

We rely on the following grounds within the GDPR:

Article 6(1)(b) – processing is necessary for the performance of our contracts to provide individuals with care and support services and you with employment
Article 6(1)(c) – processing is necessary for us to demonstrate compliance with the law or regulatory frameworks
Article 6(1)(f) – in pursuit of legitimate interests
- To analyse and report on the performance and compliance of the business
- Providing access to company equipment, vehicles and facilities (including phone, vehicles, software and applications)
- To send, receive and analyse employee feedback.

GDPR recognises that additional care is required when processing special category (sensitive) data such as your health. We process this under the following grounds within GDPR:

Article 9(2)(h) – Provision of health or social care or management of health or social care systems or services
Article 9(2)(b) – Legal obligations under employment or social benefit law
Article 9(2)(f) – Establishment, exercise or defense of legal claims or court.

Your rights

Under the GDPR you have important rights free of charge. In summary, those include rights to:

Fair processing of information and transparency over how we use your use personal information
Access to your personal information and to certain other supplementary information that this Privacy Promise is designed to address
Require us to correct any mistakes in your information which we hold
Require the erasure (i.e. deletion) of personal information concerning you, in certain situations. Please note that if you ask us to delete any of your personal information which we believe is necessary for us to comply with our contractual or legal obligations, this may affect our ability to provide employment or to fulfil our contractual duties with you
Receive the personal information concerning you which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those data to a third party in certain situations
Object at any time to processing of personal information concerning you for direct marketing
Object to decisions being taken by automated means which produce legal effects concerning you or similarly significantly affect you
Object in certain other situations to our continued processing of your personal information
Otherwise restrict our processing of your personal information in certain circumstances
Claim compensation for damages caused by our breach of any data protection laws

For further information on each of those rights, including the circumstances in which they apply, see the Guidance from the UK Information Commissioner’s Office (ICO) on individuals’ rights under the GDPR.

Keeping your personal information secure

The confidentiality and security of your information is of paramount importance to us. We have appropriate organisational and technical security measures in place to prevent personal information from being accidentally lost, or used or accessed in an unauthorised way. We limit access to your personal information to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.

We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.

If you want detailed information from Get Safe Online on how to protect your information and your computers and devices against fraud, identity theft, viruses and many other online problems, please visit www.getsafeonline.org. Get Safe Online is supported by HM Government and leading businesses.

How to complain

We hope that we can resolve any query or concern you raise about our use of your information.

The GDPR also gives you right to lodge a complaint with a supervisory authority, in particular in the European Union (or European Economic Area) state where you work, normally live or where any alleged infringement of data protection laws occurred. The supervisory authority in the UK is the Information Commissioner who may be contacted at ico.org.uk/concerns/ or by phoning 0303 123 1113.

Data Protection Officer

Karen Reid

Helping Hands House, 10 Tything Road West, Kinwarton, Alcester, B49 6EP
complianceteam@helpinghands.co.uk

Data controller details

Midshires Care Limited trading as Helping Hands Home Care
Helping Hands House
10 Tything Road West
Kinwarton
Alcester
B49 6EP

How to contact us

You can contact us by:

Email – datarequest@helpinghands.co.uk
Post – Compliance Department, Helping Hands House, 10 Tything Road West, Kinwarton, Alcester, B49 6EP
Telephone – 01789 767181

If you would like to exercise any of those rights, please:

Contact us using the details above – making clear that you wish to exercise one of your privacy rights
Let us have enough information to identify you (e.g. your name and address),
Let us have proof of your identity and address (a copy of your driving licence or passport and a recent utility or credit card bill)
Let us know the information to which your request relates, including any account or reference numbers, if you have them