DATA PROTECTION
PRIVACY NOTICE POLICY

DATA PROTECTION
PRIVACY NOTICE POLICY

Company Contact details: Address: Fountain Court, New Leaze, Bradley Stoke, Bristol, BS32 4LA
Phone: 01174030943
Web page: https://nurselinecs.co.uk/
E-mail address: admin@nurselinecs.uk
Company Name:Nurseline Community Service (‘the Company’)
Date:30-11-21
Review Date:3 years
Last amended:
Version: 1

Nurseline Community Services deliver short and longer-term packages of specialist, outcome-focused support for adults (18+), children and young people (aged 13-17) and young people transitioning into adult services (16-17) with a range of complex care support needs including mental health. The Company must process personal data (including sensitive personal data) so that it can provide these services – in doing so, the Company acts as a data controller.

 

You may give your personal details to the Company directly, such as on an application, assessment, or registration form or via our website, or we may collect them from another source such as a jobs board. The Company must have a legal basis for processing your personal data. For the purposes of providing health care and service and keeping information relating to the employees’ rights, we will only use your personal data in accordance with the terms of the following statement.

1.Collection and use of personal data

a. Purpose of processing and legal basis

The Company will collect your personal data (which may include sensitive personal data) and will process your personal data for the purposes of providing you with work-finding services. The legal bases we rely upon to offer these services to you are:

  • Legitimate interest


In some cases we may be required to use your data for the purpose of investigating, reporting and detecting crime and also to comply with laws that apply to us. We may also use your information during the course of internal audits to demonstrate our compliance with certain industry standards.

b. Recipient/s of data

The Company may process your personal data and/or sensitive personal data with the following recipients:

 

  • Payroll Systems (Sage)
  • Online rostering / Workforce management system / Document Storage (Sirenum, 3B Forms)
  • Document destruction service (Shred-It)
  • Auditors
  • Care Quality Commission and other relevant regulators
  • Commissioners and Allied Health professionals
  • Cloud Based Hosting Services (Excalibur)
  • Email Marketing Tools / Analytics Tool (Mailchimp, Google Analytics)

c. Statutory/contractual requirement

Your personal data is required by law and/or a contractual requirement (e.g. our client may require this personal data), and/or a requirement necessary to enter into a contract. You are obliged to provide the personal data and if you do not the consequences of failure to provide the data are:

  • Failure to provide this data will affect us being able to commence the service delivery and therefore we would be unable to find you suitable work.

2. Overseas Transfers

The Company may transfer only the information you provide to us to countries outside the European Economic Area (‘EEA’) for the purposes of providing you with work-finding services. We will take steps to ensure adequate protections are in place to ensure the security of your information. The EEA comprises the EU member states plus Norway, Iceland and Liechtenstein.

3. Data retention

The Company will retain your personal data only for as long as is necessary. Different laws require us to keep different data for different periods of time.

We must also keep your personal and health records, payroll records, holiday pay, sick pay and pensions auto-enrolment records in accordance with the statutory retention period as required by law.

Where the Company has obtained your consent to process your personal and sensitive personal data, we will do so in line with our retention policy (a copy of which is attached). Upon expiry of that period the Company will seek further consent from you. Where consent is not granted the Company will cease to process your personal data and sensitive personal data.

4. Your rights

Please be aware that you have the following data protection rights:

 

  • The right to be informed about the personal data the Company processes on you;
  • The right of access to the personal data the Company processes on you;
  • The right to rectification of your personal data;
  • The right to erasure of your personal data in certain circumstances;
  • The right to restrict processing of your personal data;
  • The right to data portability in certain circumstances;
  • The right to object to the processing of your personal data that was based on a public or legitimate interest;
  • The right not to be subjected to automated decision making and profiling; and
  • The right to withdraw consent at any time.

 

Where you have consented to the Company processing your personal data and sensitive personal data you have the right to withdraw that consent at any time by contacting:

 

REGISTERED MANAGER: 

Tracy Crane

E-mail: tracy.c@nurselinecs.uk

Landline: 0117 456 4799

Mobile: 07572 237133 

 

CQC NOMINATED PERSON INDIVIDUAL:

Sarah Ambe

E-mail: sarah.ambe@catalystgrp.co.uk

Office: 0345 894 2264 

Mobile: 07960 254357

 

01174030943   

5. Complaints or queries

If you wish to complain about this privacy notice or any of the procedures set out in it please contact our Compliance Manager.

01174030943

You also have the right to raise concerns with Information Commissioner’s Office on 0303 123 1113 or at https://ico.org.uk/concerns/, or any other relevant supervisory authority should your personal data be processed outside of the UK, if you believe that your data protection rights have not been adhered to.

DATA RETENTION POLICY

Date 30-11-21
Company Name:Nurseline Community Service (‘the Company’)
Review Date:1 year
Version:1

The GDPR has set up additional requirements around 8k. We can only keep data for as long as is necessary and it must be kept up to date. The retention periods can differ based on the type of data processed, the purpose of processing or other factors. Throughout this document Nurseline Community Service will be referred to as the Company.

6. The Company guidelines for retaining data

Personal data should not be retained for longer than is necessary for the purpose it has been obtained for. Ensuring personal data is disposed of when no longer needed will reduce the risk that it will become inaccurate, out of date or irrelevant.

This policy covers all company data stored on company-owned, and company provided systems and media, regardless of location.

Under the GDPR, individuals have the right to request erasure, or to be forgotten. This means that the Company must remove the individuals personal data, however this is not an absolute right as some data must be retained to comply with statutory requirements. The type of record will determine the length of time the record must be kept for.

Listed below are records that must be retained and the period of time of retention. These obligations will override any request to erase data.

CategoryType of DocumentFormatRetention Period
EmploymentDuty RotasPaper/Electronic6 years after date to which they relate
EmploymentHealth Assessment Records for Night WorkersPaper/Electronic2 years from the date they were entered into
EmploymentCriminal Convictions of workersPaper/ElectronicDeleted once conviction is spent under Rehab of Offenders Act
EmploymentDisclosure and Barring CertificatePaper/ElectronicNo longer than 6 months from appointment. However, key data can be retained in line with policy and procedure
EmploymentAnnual Leave RecordPaper/Electronic6 years. If leave is carried over from year to year, this may be extended
EmploymentImmigration ChecksPaper/Electronic2 years after termination of employment
EmploymentCollective Workforce Agreements and Works Council MinutesPaper/ElectronicPermanently
EmploymentConsents for the processing of personal and sensitive dataPaper/ElectronicFor as long as the data is being processed and up to 6 years afterwards
EmploymentApplication Forms and Interview Notes (for unsuccessful candidates)Paper/Electronic6 months – 1 year
EmploymentEmployment Records- QualificationsPaper/ElectronicThroughout employment and up to 6 years after employment ceases (or 75th birthday whichever is sooner) if summary has been made
EmploymentEmployment Records- ReferencesPaper/ElectronicThroughout employment and up to 6 years after employment ceases (or 75th birthday whichever is sooner) if summary has been made
EmploymentEmployment Records- Annual Appraisal ReportsPaper/ElectronicThroughout employment and up to 6 years after employment ceases (or 75th birthday whichever is sooner) if summary has been made
EmploymentEmployment Records - Job HistoryPaper/ElectronicThroughout employment and up to 6 years after employment ceases (or 75th birthday whichever is sooner) if summary has been made
EmploymentEmployment Records - Resignation, Termination and/or retirement lettersPaper/ElectronicThroughout employment and up to 6 years after employment ceases (or 75th birthday whichever is sooner) if summary has been made
EmploymentEmployment Records - DisciplinaryPaper/Electronic6 years or longer where decided on a local level
EmploymentEmployment Records - GrievancePaper/ElectronicThroughout employment and up to 6 years after employment ceases (or 75th birthday whichever is sooner) if summary has been made
EmploymentEmployment Records - Travel and subsistencePaper/ElectronicThroughout employment and up to 6 years after employment ceases (or 75th birthday whichever is sooner) if summary has been made
EmploymentOccupational Health ReportsPaper/ElectronicThroughout employment and up to 6 years after employment ceases
(or 75th birthday whichever is sooner) if summary has been made Throughout employment and up to 6 years after employment ceases or 75th birthday whichever is longer
EmploymentClinical Training RecordsPaper/ElectronicThroughout employment and up to 6 years after employment ceases or 75th birthday whichever is longer
EmploymentMandatory TrainingPaper/ElectronicThroughout employment and up to 10 years after employment ceases
EmploymentOther TrainingPaper/Electronic6 years after training completed
EmploymentMedical Records under Ionising Radiations RegulationsPaper/ElectronicUntil person reaches 75 years of age, but at least 50 years
EmploymentMedical records as specified by COSHH regulationsPaper/Electronic40 years from the date of the last entry
EmploymentRetirement Benefits Schemes – Records of notifiable events e.g. relating to incapacityPaper/Electronic6 years from the end of the scheme year in which the event took place
Supported IndividualAdult Social Care RecordsPaper/Electronic8 years from when care ceased if no serious incidents recorded
Supported IndividualChild Social Care RecordsPaper/Electronic25th birthday if no serious incidents recorded If the person had treatment until they were 17, retain until 26th birthday
Supported IndividualRecords of Detention, Restraint, DoLSPaper/Electronic3 years
Supported IndividualCare Records with standard retention periodsElectronicWhere the electronic system has the capacity to destroy records in line with the retention schedule, and where a metadata stub can remain demonstrating that a record has been destroyed, then the code should be followed in the same way for electronic records as for paper records with a log being kept of the records destroyed. If the system does not have this capacity, then once the records have reached the end of their retention periods they should be inaccessible to users of the system and upon decommissioning, the system (along with audit trails) should be retained for the retention period of the last entry related to the schedule
Supported IndividualIncidents (serious)Paper/Electronic20 years and review
Supported IndividualIncidents (non-serious)Paper/Electronic10 years and review
AdministrationFire & general risk assessments, including Buildings and Health & SafetyPaper/Electronic3 years
AdministrationWater safetyPaper/Electronic3 years
AdministrationMaintenance of premisesPaper/Electronic3 years
AdministrationPAT testingPaper/Electronic3 years
AdministrationPurchasing medical devices and equipmentPaper/Electronic18 months
AdministrationMaintenance of equipment logsPaper/Electronic11 years
AdministrationAccident Books, Accident Records/ReportsPaper/Electronic3 years from date of last entry (or if involves young adult/child until they reach 21 years old)
AdministrationRecords of VisitorsPaper/Electronic3 years
AdministrationTelephony system recordsElectronic1 year - review and destroy if no longer required
AdministrationRecorded conversations that might be needed for legal purposes at a later dateElectronic6 years
AdministrationDestruction Certificates or Electronic Metadata Destruction StubPaper/Electronic20 years

All other data that falls outside of these parameters will be destroyed in one of the following scenarios:

  • Upon request from the individual
  • 1 year from the last date of completing a work assignment
  • Application forms that have not progressed to interview will be deleted after 3 months

7. Data destruction

Once the retention timeframe expires the Company will seek further consent from you. Where consent is not granted the Company will cease to process your personal data and sensitive personal data and will destroy this information. This includes hard and electronic copy. Regular monthly checks will be conducted to keep up to date with the data destruction.

Hard copies are destroyed in confidential waste which is regularly collected by Shred-It. Electronic copies are deleted from our cloud based services and document storage.