The company is registered with the Information Commissioner’s Office as data controller and has a legal requirement to comply with the General Data Protection Regulation (GDPR) which came into force on 25 May 2018.
I understand that during my work at the company, I will have access to personally identifiable information about individuals, some of which are sensitive data/special category data such as data concerning individuals’ racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, health, sex life or sexual orientation. In order to fulfil my duty to ensure the company is compliant with the GDPR, I agree that I am required to:
- Read and understand the company GDPR-specific policies and procedures, and resources.
- Undertake GDPR Awareness training.
- Only process personal data for which there is at least one lawful basis (Consent, Contract, Legal Obligation, Vital Interests, Public Task, and Legitimate Interests.)
- Ensure that where processing is based on individuals’ consent, there is evidence of affirmative consent.
- Only process personal data that are within their retention period.
- Inform the Data Protection Officer if it comes to my attention that the personal data in use has exceeded its retention period.
- Only process personal data that is adequate, relevant and limited to what is necessary for processing.
- Ensure the personal data I am processing is accurate and up to date.
- Inform immediately the Data Protection Officer of any requests that I may receive from individuals in exercising their rights under the GDPR.
- Only use removable media authorised by the Data Protection Officer.
- Seek written authorisation from the Data Protection Officer before using my own personal devices to access company network.
- Keep paper records in lockable cabinets in staff-only offices.
- Encrypt personal data before saving them on the cloud.
- Seek advice from the Data Protection Officer if in doubt about any aspect of compliance with the GDPR.
Information we hold about you
- Full name
- Address
- Date of Birth
- Telephone Number
- Next of kin
- Health status
- Religious/cultural beliefs
- Bank details
The above information is kept in your file in a locked cabinet. Access to this information is on a need to know basis only, this information is also stored on our software which is password protected and has limited access. Authorised individuals who can access this software are the office staff team.
We are required by law to work with our regulators, the Care Quality Commission and they will require access to files for regulatory purposes.
We may be required to share your data should we suspect you have been subject to criminal act or there are safeguarding concerns and in these circumstances we will act in line with our duty of care.
I have attached a signature form for you to sign to agree that you are aware of the information that we hold about you and that you are happy that we have this information and that you are aware of third parties that we are required to share your information within.