DATA PROTECTION POLICY
Introduction:
Glasgow East End Community Carers adhere to the General Data Protection Regulation (GDPR) as it applies in the UK, tailored by the Data Protection Act 2018. which states that all records required for the effective and efficient running of the organisation should be maintained accurately and should be up to date, those whose details are held, should have access to records and information about them held by the organisation, and that all individual records and organisation records should be kept in a confidential fashion and only retained where necessary.
Purposes for which data is held:
Personal data relating to employees is collected primarily for the purpose of:
- Recruitment, promotion, training, redeployment, career development;
- Administration and payment of wages;
- Calculation of certain benefits including pensions;
- Disciplinary purposes arising from an employee’s conduct or inability to perform his/her duties;
- Performance review;
- Recording of communication with employees and their representatives;
- Compliance with policy and/or legislation regarding Health and safety or other employment legislation;
- Provision of references to financial institutions, to facilitate entry onto educational courses and/or to assist future potential employers;
- Staffing levels and career planning.
The company considers the following data relevant:
- Personal details including name, address, age, status and qualifications. Where specific monitoring systems are in place, ethnic origin and nationality will also be deemed to be relevant;
- References;
- Emergency contact details;
- Notes on discussions between Management/Line Manager and the employee;
- Personal Development Plans;
- Training records;
- Documents relating to grievance, discipline, promotion, demotion or termination of employment;
- Salary, benefits and bank/building society details;
- Absence and sickness information.
Employees or potential employees will be advised by the Company of the personal data which has been obtained or retained, its source and the purposes for which the data may be used or to whom the data will be disclosed.
The Company will review the nature of the information being collected and held, on an annual basis, to ensure there is a sound business reason requiring the information to be retained.
Sensitive Personal Data:
Sensitive personal data includes information relating to the following matters:
- The employee’s racial or ethnic origin;
- Political opinions;
- Religious or similar beliefs;
- Trade union membership;
- Physical or mental health or conditions;
- Sex
- Commission or alleged commission of any offence by the employee.
The employee’s explicitly written consent must be sought at the point at which sensitive personal information is collected.
Responsibility for the Processing of Personal Data:
The Company will appoint a Data Controller as the named individual responsible for ensuring all personal data is controlled in compliance with the Data Protection Act 1998.
Employees who have access to personal data must comply with this policy and adhere to the procedures laid down by the Data Controller. Failure to comply with the policy and procedures will result in disciplinary action being taken up to and including summary dismissal.
Use of Personal Data:
To ensure compliance with the Data Protection Act and in the interests of privacy, employee confidence and good employee relations, the disclosure and usage of information held by the Company is governed by the following conditions:
- It must be used only for one or more of the purposes specified in this policy:
- Company documents may only be used in accordance with the statement within each document stating its intended use;
- Provided that the identification of individual employees is not disclosed, aggregate or statistical information may be used to respond to any legitimate internal or external requests for data (e.g. surveys, staffing level figures);
- Personal data must not be disclosed, either within or outside the Company, to any unauthorised recipient.
Data held for Equal Opportunities Monitoring Purposes:
Where data obtained about applicants is to be held for purposed of equal opportunities monitoring all data must be anonymised.
Disclosure of Personal Data:
Personal data may only be disclosed outside the Company in the following circumstances with the employee’s written consent, where disclosure is required by law or where there is immediate danger to the employee’s health.
Accuracy of Personal Data:
The Company will review personal data regularly to ensure that it is accurate, relevant and up to date.
In order to ensure the Company’s files are accurate and up-to-date, and so that the Company is able to contact the employee or another designate person in case of an emergency, employees must notify the Company as soon as possible following nay change in their personal details (e.g. change of name, address, telephone number, marital status, loss of driving licence where relevant, next of kin details).
Standard printouts of personal records will be issued to all employees on an annual basis for the purposes of ensuring that data is up-to-date and accurate. Employees will be entitled to amend any incorrect details and these corrections will be made to all files held on the Company’s information systems. In some cases, documentary evidence, e.g. qualification certificates, will be required prior to changes being made.
Once completed, the above forms will be stored in the employee’s personnel file.
Access to Personal Data:
Employees have the right to access personal data held about them. The Company will arrange for the employee to see/hear all personal data held about them within 10 days of receipt of a written request.
Information required for Disclosure
Introduction
The Code of Practice (“the Code”) is published by Scottish Ministers under section 122 of Part V of The Police Act 1997 (“the 1997 Act”). The Code sets out obligations for registered bodies, counter signatories and other recipients of disclosure information issued under the 1997 Act and the Protection of Vulnerable Groups (Scotland) Act 2007 (“the 2007 Act”).
General Principles
We comply with the Code and the 1997 and 2007 Acts regarding the handling, holding, storage, destruction and retention of disclosure information provided by Disclosure Scotland. We comply with the Data Protection Act 2018 (“the 2018 Act”). We will provide a copy of this policy to anyone who requests to see it.
Usage
We will use disclosure information only for the purpose for which it was requested and provided. Disclosure information will not be used or disclosed in a manner incompatible with that purpose. We will not share disclosure information with a third party unless the subject has given their written consent and has been made aware of the purpose of the sharing.
Handling
We recognise that, under section 1241 of the 1997 Act and sections 66 and 67 of the 2007 Act, it is a criminal offence to disclose disclosure information to any unauthorised person. Disclosure information is only shared with those authorised to see it in the course of their duties.
Access and Storage
We do not keep disclosure information on an individual’s personnel file. It is kept securely, in lockable, non-portable storage containers. Access to storage units is strictly controlled and is limited to authorised named individuals, who are entitled to see such information in the course of their duties.
Retention
To comply with the 1998 Act, we do not keep disclosure information for longer than necessary. For the 1997 Act, this will be the date the relevant decision has been taken, allowing for the resolution of any disputes or complaints. For the 2007 Act, this will be the date an individual ceases to do regulated work for this organisation. We will not retain any paper or electronic image of the disclosure information. We will, however, record the date of issue, the individual’s name, the disclosure type and the purpose for which it was requested, the unique reference number of the disclosure and details of our decision. The same conditions relating to secure storage and access apply irrespective of the period of retention.
Disposal
We will ensure that disclosure information is destroyed in a secure manner i.e. by shredding, pulping or burning. We will ensure that disclosure information which is awaiting destruction will not be kept in any insecure receptacle (e.g. a waste bin or unlocked desk/cabinet).
Umbrella Bodies
The company will NOT act as an Umbrella Body (a body which countersigns applications for Standard or Enhanced Disclosures or makes declarations in relation to PVG disclosure requests on behalf of other organisations).
Should the situation change we will take the following steps. We will ensure that the organisation on whose behalf we are acting complies with the Code and the 1997 and 2007 Acts. We will take all reasonable steps to satisfy ourselves that they will handle, use, store, retain and dispose of disclosure information in full accordance with this policy. We will also ensure that any body or individual for whom applications or requests are countersigned, has such a written policy. If necessary, we will provide a model policy for that body or individual to use or adapt for this purpose.
Review of this Policy
This policy will be reviewed by the Homecare Manager or their deputy at least every three years.
Cookies
When you visit Glasgow East End Community Carers website we place cookies on your device.
Cookies are small text files that help our websites to work and us to understand what information is most useful to our users. They also speed things when you come back to a site. We do not use them to identify you personally.
You can delete cookies stored on your device at any time.
What we collect
Cookies allow us to gather information about your visits to our site, including your:
- IP address
- Geographical location
- Browser type
- Device type
- Operating system
- Browsing data, such as access times
- Navigation history
- Preferences
How we use your information
Cookies enable us to use the tools and services of:
- Google Analytics
Google Analytics helps us measure and analyse how users are using our sites so that we can improve their experiences.
Who has access to your information
Our staff and Google can access information related to Google Analytics cookies.
Other third-party cookies
When we use internet tools from other companies to enhance our website, these companies may also put cookies on your device. They include:
- Google Maps
- YouTube