What personal data we collect and why we collect it
When visitors use the contact form on the site to get in touch we receive the data entered, and also the visitor’s IP address and browser user agent string to help spam detection. The message is transferred to our email system, where all incoming messages are archived for an indefinite period.
What rights you have over your data
If you have submitted information about yourself to us, such as by using our contact form, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.
Your contact information
If you have contacted us about a proposed referral for one of our homes, we will perform contact logging. We record the source of any incoming referrals we receive as part of our internal business management data analysis. We also retain the contact information of whoever has been in touch for this purpose as our liaison for future correspondence over discussions of Looked After Child placements.
Personal information provided to us as part of the application process for recruitment is retained in secure employee filing upon the start of employment. The personal information of unsuccessful applicants is retained for 6 months before being destroyed using an industry regulation certified confidential waste disposal service.
We will process personal data only to the extent and in such a manner, as is necessary to fulfil the purpose(s) of processing and shall not process personal data other than for the applicable permitted purpose(s). This information will not be used to directly or indirectly market, solicit or offer any service to data subjects.
Who else may view your data
If we are required to show Ofsted or any other relevant regulatory body our internal administrative tools during an official inspection, then your contact information will be visible to them on the referral tracker if you have made a referral to us, or in our recruitment applications file if you have applied for a job with us (see above). We will manage any disclosure of personal data to a third party (including a sub-contractor) where instructed or required by law or by our compliance and quality policies and procedures.
How we protect your data
Employees are all subject to confidentiality obligations in relation to the data they process for us as part of their roles and to policies prohibiting access to other data held by us that is not job-related. Steps have been taken to ensure the reliability and integrity of employees. Each employee has undergone and shall continue to receive reasonable levels of training in Data Protection Laws and in the care and handling of personal data.
We have implemented and will maintain the following appropriate technical, organisational security measures, processes and facilities which are sufficient to comply with GDPR. These form part of our Data and Computer Security Policy:
- We shall use the latest versions of anti-virus, and shall have adequate malware detection;
- Passwords changed every 60 days;
- Use of any form of portable storage media is restricted;
- Encryption and password protected emails are utilised where appropriate;
- Mobile devices – hard drive is encrypted, password protected and remote device wiping is applicable as required;
- Clear desk policy;
- Locked filing cabinets;
- Locked printing;
We will ensure that any system on which we hold data including back-up data is a secure system. Should any data be corrupted, lost or degraded as a result of our default we will take steps to restore or procure the restoration of the data.
What data breach procedures we have in place
We have in place written procedures to be followed in the event of a security incident:
- We will if appropriate notify affected co-controllers or data subjects as soon as practicable unless prohibited by law;
- We will take steps to restore the security of the compromised systems files and information to contain the breach and minimise the impact;
- We will modify any policies to prevent such events occurring in the future;
- We will make a report to the ICO if required by the GDPR.