Policy key definitions:
- “I”, “our”, “us”, or “we” refer to the business, [Solutions Social Care].
- “you”, “the user” refer to the person(s) using this website.
- GDPR means General Data Protection Act.
- PECR means Privacy & Electronic Communications Regulation.
- ICO means Information Commissioner’s Office.
- Cookies mean small files stored on a user’s computer or device.
Processing of your personal data
Under the GDPR (General Data Protection Regulation) we control and / or process any personal information about you electronically using the following lawful bases.
- We are registered with the ICO under the Data Protection Register, our registration number is: ZA238231.
Lawful basis: Legitimate interests
The reasons we use this basis:
- We need to process some of your personal data in order to deliver the service you have requested of us as a business (finding you work and protecting your safety). We judge that we would not be able to do this lawfully without processing your personal data.
- We need to process some of your personal data in order to deliver the service our clients have requested of us (providing them with support services and protecting their safety). We judge that we would not be able to do this lawfully without processing some of your personal data.
- We also need to share some of your personal data with third parties for these purposes. We judge that we would not be able to function as a business lawfully, for your benefit and for the benefit of our clients without sharing some of your personal data.
If, as determined by us, the lawful basis upon which we process your personal information changes, we will notify you about the change and any new lawful basis to be used if required. We shall stop processing your personal information if the lawful basis used is no longer relevant.
We process your personal information via our website in the following ways:
- When you submit an enquiry about a job via a job advert on our website, we receive your name, email address and mobile phone number if you provide them on the enquiry form.
- When you work for us or apply to work for us, on the various application forms you complete via our website we receive the personal and sensitive data you provide to do with your identity, your job experience, and equal opportunities information such as your gender.
- When you work for us, we receive your personal data (name, email address, e-signature and time of signing) when you sign documents such as policies via our website.
- When you work for us, the personal data you supply when creating an account on our website (name, username, email address, password) may be saved to your device via Internet Cookies (please see “Internet Cookies” section below for more information).
We store the personal information of yours that we received via our website in the following ways:
- Once we have received your completed application forms via our website, we save a copy on our computerised database and delete the copy from the website.
- Once we have received your signed documents such as policies via our website, we save a copy on our computerised database and delete the copy from the website.
- Once we have received the results of your DBS check via Devonshire County Council (as outlined below), we store the results on our computerised database and they are also kept in an archive on Devonshire County Council website.
- Once we have received your data in a job enquiry via our website, we keep these details on our computerised database.
Sharing your information: After collecting your personal and sensitive data via our website in the ways listed above, if you work for us, we share it with third parties in the following ways:
- For the purpose of carrying out a DBS check for you, after receiving your written permission for us to do so, we share the following information with the Devonshire County Council website when starting an application for your DBS and when verifying the application: your current forename and surname, your place of birth, your date of birth, your gender, your surname if different at birth, your National Insurance number, your email address, your home address, your address history, your contact number, whether or not you have any criminal convictions and details if so, whether or not you are an EEA national, the details of your ID-verification documents such as your passport, which other verification documents you have provided us with (such as council tax bill), the fact you are working for our organisation, your job role within our organisation, the sector you are working in for our organisation, the fact your DBS application is for Child and Adult Workforce, whether or not your job with us involves working at your clients’ home address, whether or not you are a volunteer, and your right to work in the UK.
- For the purpose of carrying out an update service check on your current DBS, we share the following information with the DBS Update Service website: your DBS certificate number or Update Service ID number (as per your preference which we check with you beforehand verbally or in writing).
- For the purpose of finding you work, we might share the following information with our service users and/or their guardians and social services and your line managers: your name, your job title, your photograph, your DBS certificate number and date of issue, your professional training and experience. Usually this is all sent in one go in your worker profile. If we want to share any other information with them we will seek your written permission before doing so.
- For the purpose of organising your shifts and time off and communicating them to you, and so that you can accept shifts and submit timesheets, and so that we can produce payroll reports for Datacount, we share the following information with Find My Shift website when creating an account for you: forename, surname, date of birth, email address, account password, rates of pay, start date, phone number, job title, job department. We also share with Find My Shift the shifts you are assigned, the shifts you work, time off you have, clients that you work with, and reports for your weekly earnings and tax deductions.
- For the purpose of managing our worker details, we share the following information with Find My Shift website: your name, email address, phone number, home address. (These details are visible to those with manager permissions on the website and not to other users.)
- For the purpose of managing your pay and e-payslips, we share the following information with Datacount: your name, your rate of pay. They create and share with us your e-payslip log in details. Datacount share information with HMRC such as your name, date of birth, National Insurance number, address, tax code, any benefits being claimed and your reference number if you are self-employed.
- For the purpose of collecting feedback on services we provide such as staff training, we may share the following information with Surveymonkey website: your name and email address. However, usually we send the survey internally as a weblink so your information is not shared with Surveymonkey. In this case, Surveymonkey will collect your IP address and the time that you accessed the link.
- For the purpose of sending out e-newsletters, if we put you on a mailing list, we share the following information with Mailchimp website: your name and email address. If you are on a mailing list for this, you will be made aware of how to opt out.
- For the purpose of training our workers, we share the following information with Social Care TV website to make you an account for your online training: your name, email address, account username and password.
- For the purpose of having our standards inspected and assessed or having audits carried out on us, we might share your personal and/or sensitive information with CQC (Care Quality Commission), ICO (Information Commissioner’s Office and REC (Recruitment and Employment Confederation) such as equal opportunities information.
- For the purpose of public information, we might share your name, job details, a bio written by or about you and your photograph on our Solutions Social Care website. We will obtain written permission from you before doing this.
- When you stop working for us, for the purpose of providing a reference for you at your request, we share the following information with the employer seeking a reference: your name, job role with us, whether you were DBS checked with us and your certificate number if so, and any safeguarding or competency concerns that came to our attention during your time working for us.
- For the purpose of obtaining a reference for you from your named referees, we will share the following information with your named referees: your name, the job you are applying for with us. Whenever we want to contact someone for a reference whom you have not explicitly given as a referee, for instance if your named referee defers the request to someone else, we will seek your written permission before doing so.
Data retention period: Of your personal/sensitive data received via our website, we deem it necessary to keep almost all of it indefinitely, including after you have stopped working with us, for the following purposes:
- Some data would be needed if you requested a reference from us through a future employer – this includes your name, job role with us, whether you were DBS checked with us and your certificate number if so, and any safeguarding competency concerns that came to our attention during your time working for us.
- Much of your data would be needed if any legal allegations were made towards you in relation to the work you did for us. This includes but is not limited to: your ID documents, any declarations of criminal convictions, details of DBS checks, and details of the work you did for us as well as any reports you personally produced or official statements you made.
Requests to stop processing/sharing: You may ask us to stop processing and/or sharing your personal and/or sensitive data that we obtained via our website if it is not needed for the above purposes. For instance, although helpful to us, we do not need to include your email address on recipient lists for surveys or E-newsletters. Similarly, we could remove some of your personal information from Find My Shift and keep it only on our computerised database. Requests to stop processing and/or sharing your personal and/or sensitive data will need to be put to us in writing.
Your individual rights
Under the GDPR your rights are as follows. You can read more about your rights in details here;
- the right to be informed;
- the right of access;
- the right to rectification;
- the right to erasure;
- the right to restrict processing;
- the right to data portability;
- the right to object; and
- the right not to be subject to automated decision-making including profiling.
You also have the right to complain to the ICO [www.ico.org.uk] if you feel there is a problem with the way we are handling your data.
We handle subject access requests in accordance with the GDPR.
Some cookies are required to enjoy and use the full functionality of this website.
Cookies that we use are;
- Google Analytics
Data security and protection
We ensure the security of any personal information we hold by using secure data storage technologies and precise procedures in how we store, access and manage that information. Our methods meet the GDPR compliance requirement.
Transparent Privacy Explanations
We have provided some further explanations about user privacy and the way we use this website to help promote a transparent and honest user privacy methodology.
As well as updating this privacy and cookies policy, in order to be compliant with GDPR we have:
- changed to a secure server
- encrypted and upgraded our website
- fully backed up our website and database
- upgraded the wordpress software our website uses
- upgraded the plugins our website uses
- ensured testing and trouble shooting is in place if needed
Sponsored links, affiliate tracking & commissions
Our website may contain adverts, sponsored and affiliate links on some pages. These are typically served through our advertising partners; Google Adsense, eBay Partner Network, Amazon Affiliates, or are self served through our own means. We only use trusted advertising partners who each have high standards of user privacy and security. However we do not control the actual adverts seen / displayed by our advertising partners.
Clicking on any adverts, sponsored or affiliate links may track your actions by using a cookie saved to your device. You can read more about cookies on this website above. Your actions are usually recorded as a referral from our website by this cookie. In most cases we earn a very small commission from the advertiser or advertising partner, at no cost to you, whether you make a purchase on their website or not.
We use advertising partners in these ways to help generate an income from the website, which allows us to continue our work and provide you with the best overall experience and valued information.
If you have any concerns about this we suggest you do not click on any adverts, sponsored or affiliate links found throughout the website.
Email marketing messages & subscription
Under the GDPR we use the consent lawful basis for anyone subscribing to our newsletter or marketing mailing list. We use this basis because we judge that our newsletter mailing activity is not necessary for the service we provide you (finding you work and protecting your safety) or the service we provide our clients (providing them with support and protecting their safety), and your participation is therefore based on consent.
We only collect certain data about you, as detailed in the “Processing of your personal data” above. Any email marketing messages we send are done so through an EMS, email marketing service provider. An EMS is a third party service provider of software / applications that allows marketers to send out email marketing campaigns to a list of users.
Email marketing messages that we send may contain tracking beacons / tracked clickable links or similar server technologies in order to track subscriber activity within email marketing messages. Where used, such marketing messages may record a range of data such as; times, dates, I.P addresses, opens, clicks, forwards, geographic and demographic data. Such data, within its limitations will show the activity each subscriber made for that email campaign.
Any email marketing messages we send are in accordance with the GDPR and the PECR. We provide you with an easy method to withdraw your consent (unsubscribe) or manage your preferences / the information we hold about you at any time. See any marketing messages for instructions on how to unsubscribe or manage your preferences, you can also unsubscribe from all MailChimp lists, by following this link, otherwise contact the EMS provider.
Our EMS provider is Mailchimp. We hold the following information about you within our EMS system: your name and your email address.
Data retention period: We will continue to process your information in this way under this basis until you withdraw consent or it is determined your consent no longer exists.