PRIVACY NOTICE – GENERAL DATA PROTECTION REGULATION MAY 2018
We record, process and keep personal information about you in accordance with Article 6 of the General Data Protection Regulation (GDPR, May 2018): ‘the rights of the data subjects’.
It is a requirement of our registration with the Information Commissioners Office (ICO)* to provide you with access to your personal information.
This requirement applies to information we collect in relation to:
- Online and electronic data processing
- Paper data processing
Records we hold about you
Our services, as monitored by local data controllers and under the authority of the organisations data protection officer, hold and collect this information to enable us to take forward our recruitment, employment management, payment and associated activity from a best practice, informed, governed and legally/ regulatory compliant perspective. The information we hold includes:
- personal identifiers and contact information (names, addresses, dates of birth, telephone and electronic contact details, banking details, National Insurance information)
- application forms
- interview details
- employment contracts
- medical details
- emergency contact details
- DBS forms
- Employment records (training, development, leave, absence, disciplinary, supervision, complaints)
This list is not exhaustive, to access the current list of categories of information we process please see our data audit located in the office spaces for copies please ask management.
What we do with your data and with whom it is shared
Kibo Hospital Services is required to ensure that the information collected and referenced above is treated confidentially, stored appropriately and only shared when there is a need to be shared. Ideally where this is legally required and considered good practice we will have your permission in advance of sharing. Information shared is done so via agreed protocols and formats and to appropriate and involved contacts and agencies. Only relevant information will be shared with those contacts and agencies.
The majority of person specific data is securely stored at each setting. Staff legal and finance information is also duplicated and held electronically at head office for the purposes of salary payments and associated correspondence.
Ensuring data is accurate
Under the GDPR we are required to ensure that the data we keep is up to date and accurate; we will do this regularly. You have the right to access personal data about you and we will facilitate this on request.
How long do we keep your data
We are required to inform you how long we retain the information collected and referenced above. This is recorded in our retention policy and data audit; these are available for review on request. The retention policy will also be on display at the entrance to the service setting. Further information about document retention will be clarified at the point at which you leave the service.
How we delete your data
Online deletion – files held in relation to you on the computer and electronic devices are deleted when no longer required using CCleaner* from Piriform. *CCleaner – https://www.piriform.com/ccleaner/download.
Paper deletion – files held in paper format, including photographs, are either handed to you or your representatives when you leave or are shredded when no longer required. We do have legal obligations to maintain around information storage and sharing once you have left the service. We will comply with these.
How you make a complaint
We are required to inform you about how you can make a complaint relating to a breach or if you think we are not processing your data appropriately.
Complaining to ICO
If you are concerned about a data breach, you can contact the Information Commissioners Office – https://ico.org.uk/for-organisations/report-a-breach/.
Online data processing
Computer and tablet security includes regularly updated antivirus software and secure password protection. All electronic devices and online log ins are password protected.
Electronic equipment and mailing
Information is stored on the organisation’s computers and accessed through the organisation’s computers. Computers are password protected. Documents with sensitive data are password protected; passwords are changed regularly. Content and documentation sent electronically is done so via a secured and encrypted email platform. Our general use internet platform, email provider and email server are GDPR compliant.
Visiting our website
If you use our website for any reason some information Google Analytics collects internet log information and details of visitor’s behaviour patterns; we do not use this information.
Paper data processing
Paper documents relating to you are stored in locked cabinets in the organisations office spaces. These offices are also locked when not in use.
This privacy notice is reviewed annually and as required.
Kibo Hospital Services.