Data Protection and Access to Personal Information Policy
Abbeyfield Wales Society (AWS) are responsible for the collecting, processing, storing and safe keeping of personal and other information as part of our business activities. We manage personal information in accordance with the Data Protection Act 1998 and aim to comply with the General Data Protection Regulations (GDPR). We are registered as data controllers with the Information Commissioner's Office.
We take your privacy and the security of that information very seriously. This policy sets out how we meet our obligations under the Data Protection Act to protect the personal information we may hold about you and this policy also sets out your rights to inspect these details.
This policy applies to Residents, Staff, Volunteers and Trustees.
The Data Protection Act identifies eight data protection principles that AWS is obliged to follow:
We may collect, process and store information such as:
We may apply markers to your information (for example, in relation to your vulnerability or health status) to enable us to tailor and deliver services to you. It is important that YOU notify us of any changes to YOUR personal information.
We will provide a copy of our privacy notice (See Appendix One), to all residents, potential residents, staff, volunteers and trustees. We will also refer and share links to our privacy notice on our website and emails.
4.1 Tenants and Residents:
We use your personal information for responding to your enquiries, providing services to you and managing our relationship with you. We will also provide information to:
We may also anonymise your information, so that it cannot be linked to you, as part of research exercises.
We will always tell you how we will use your information when collecting it from you, for example in an interview, survey form or on our website.
4.2 Job Applicants & Employees:
If you submit a job application or CV to AWS we will use your personal information to process your application and to produce and monitor recruitment statistics. We will not take up references without your prior permission. We will not share or disclose your information unless you have given us your consent or we are required to do so by the law. When you become an employee and where we are required to carry out a Disclosure and Barring Service check we will comply with the law and your rights when carrying out these checks. As an employee we will use you personal data to:
4.3 Volunteers and Trustees:
As a Volunteer or Trustee you will usually be asked to complete an application form or CV as well as your emergency contact details. We will not take up references without your prior permission. We will not share or disclose your information unless you have given us your consent or we are required to do so by the law. Where we are required to carry out a Disclosure and Barring Service check we will comply with the law and your rights when carrying out these checks.
We will also collect and maintain records to manage your learning and development.
Access to your information will normally be limited to ourselves (AWS). However, there may be occasions when we disclose your details to others:
5.1 With your consent:
We will usually obtain your consent before referring you to another service, an activity that requires us to share your contact details and background information with the organisation that provides the service.
5.2 Legally Obliged:
We will share specific and relevant information with law enforcement and government agencies or public bodies where we are legally required to do so. Example may include (This list is not exhaustive):
We may also share your information with emergency services and local authorities where this is necessary to help them respond to an emergency situation that affects you.
5.3 Contractors and Suppliers:
We may share your personal information with our suppliers and contractors who enable us to provide services to you, or who provide services on our behalf, examples may include specialist call centres as well as maintenance contractors who carry our work in our properties and the contractors who manage our out of hours services and emergency alarm monitoring service. The data shared is the specific information the supplier needs to carry out their task, as well as any information that ensures we fulfil our health and safety obligations to the people carrying out that task.
Our contractors are also required to ensure that any information we may share with them about you is kept safe and secure and they are required to comply with this policy.
AWS remain responsible for the fair and lawful processing of personal data shared with suppliers. We ensure this occurs through setting data protection requirements in contracts that we let with suppliers.
5.4 Utility Companies:
In order to assist utility providers (gas, electricity, Water etc) deliver their services and to collect revenue, we will provide on request names and contact details of new tenants and residents, and forwarding addresses of former tenants, as well as tenancy/occupancy dates.
5.5 Partner Agencies:
We may enter into partnerships with other organisations such as local authorities and the Police. For example, we may join a partnership to help prevent and/or control anti-social behaviour or crime. We will enter into a formal data sharing agreement to govern process and ensure that it is lawful. That agreement will be approved by our Data Protection Manager (CEO) before it is implemented and if needed independent legal advice will be obtained.
Resident’s personal matters will be discussed within the sheltered housing and nursing teams and may include a third party support, care agency or a commissioner of services where the individual receives a support or care package from that agency. However, these discussions will be undertaken in confidential meetings.
Disclosure of personal information without consent will be exceptional and only if required by law, a court order, or where there is an over-riding health and safety consideration. In our care services we will seek formal permission from you to give authority for us to share that data.
AWS aims to ensure that staff, volunteers and Board members do not misuse any confidential information, or pass on this information improperly to a third party. We protect personal information by applying technical measures, implementing policies, training for staff, trustees and volunteers and carrying out checks in practice.
7.1 Secure Storage:
Paper files and records containing personal information are kept in secure cabinets. These cabinets are locked when not in use. AWS staff and volunteers are provided with training and guidance before secure handling of records when taken from the office, for example, when carrying out a home visit.
We ensure any information on our computer system is secure, accurate, relevant and necessary. All of our computers are secured with passwords, and all staff are trained on our systems. The personal data held on mobile IT devices is minimised and also secured with a password should a device be lost or stolen.
7.2 Telephone Enquiries:
When a tenant or resident or applicant contacts us by phone they will be asked to provide a piece of identifying data (e.g. Date of Birth) to ensure that personal information is only disclosed to the correct person. If a tenant or resident would like someone else to contact AWS on their behalf they need to confirm that to us directly, or if it is an ongoing arrangement complete a Explicit Consent Form (See Appendix Three).
7.3 Online Services:
At the time of adopting this policy AWS has very limited on line services. At present there is no facility within AWS for our service users to access their information online.
If someone contacts us to raise a complaint on behalf of a resident we will always seek your permission first before investigating the complaint and responding to the complaint. This is because in responding to the complaint, the person claiming to represent you might view some of your personal data.
7.5 Rent and/or Fee Enquiries:
If you want to make an enquiry about the rent or fees you pay e.g balance of account, payment history etc we will ask you to provide confirmation of your address and date of birth before providing the information.
7.6 Moving out:
If you are a tenant, when you move out of your home we will hold your file for 12 months and then securely destroy the paper files relating to your tenancy, unless we are pursuing you for rent arrears or other debts or we need the information to support any allegation/investigation of anti-social or criminal behaviour.
If you are a resident in a nursing home we are currently obliged to retain all records for a period of three years after your occupancy with us has ended. We will then securely destroy the paper files relating to your residency with us.
7.7 Employees, Trustees and Volunteers:
If you are an employee, trustee or volunteer, when you leave we will hold your file for 12 months if you are volunteer or 6 years if you are an employee and then securely destroy the files relating to your employment, trusteeship or voluntary work, unless there is a dispute between us. We will then destroy records once that dispute is resolved.
The Data Protection Act 1998 gives you a number of rights in relation to your personal information. You can find out about your rights and obtain further guidance form the website of Information Commissioners Office.
You have the right to access files or other records containing information relating to:
Please note the following important information about accessing your personal information:
Because we also need to respect the rights of others, we CANNOT make the following information available to you:
The decision to refuse an individual access to personal information about them is taken by the Data Protection Manager (CEO).
If you receive support or care services from us:
We will identify ourselves and provide a contact number for you to confirm our identity on request when contacting you about our services.
Adopted by Abbeyfield Wales Society’s Board on: 03/09/2018
To be reviewed by Abbeyfield Wales Society’s Board on: 03/09/2021