GDPR Compliance Statement
We use personal data (information that relates to and identifies living people) and other information to help us to carry out our role as a provider of health and adult social care services in England.
About our purpose and role
We will always make sure that your information is protected and treated securely. Any information about you that we hold, or details you give us, will be held in accordance with:
- The General Data Protection Regulation (GDPR)
- Independence Matters Information Management Policy
- Independence Matters Policy on Confidential Personal Information.
Information about people who use services & members of the public
Information held within our services
Registered providers and Managers of care services must record and pass on certain events and incidents, including where they have received allegations of abuse, or where someone using the service is seriously injured. Care services also record statistics including the number of compliments and complaints they have received.
Contact details of people who use services will be held to ensure we provide the service required.
Personal data that we receive from other sources
We receive information from people who use the services we provide, their families, friends and carers. These often contain personal data.
We also receive information that sometimes contains personal data from other sources, such as NHS, NCC and the police.
We use this information to directly support all our customers and staff.
Data and statistics
The data we hold will include the following:
- date of birth
- address and postcodes
- NHS number
Some of this information is unique to a person (NHS Number,), and others cannot uniquely identify a person (e.g. a postcode), but all data is stored and processed with the same robust security applied to identifiable data.
We need this information to help meet our purpose of ensuring safe, effective and compassionate, high-quality care.
Information about our own staff and people applying to work for or with us
We need to process personal data about our own staff (and people applying to work for us) so that we can carry out our role (for example, by ensuring that we have the right staff to perform our role) and so we can meet our legal and contractual responsibilities as an employer.
The personal data that we process includes information about racial or ethnic origin, religion, disability, gender and sexuality. We use this information to check we are promoting and ensuring diversity in our workforce and to make sure we are complying with equalities legislation.
Our employees decide whether or not to share this monitoring data with us, and can choose to withdraw their consent for this at any time. Employees who wish to withdraw their consent for us to process this data can contact the HR team.
Other personal data that we are required to process includes information on qualifications and experience, pay and performance, contact details, bank details, and service records (including records of continuous service and pension contributions/entitlements).
We check that people who work for us are fit and suitable for their roles. This may include asking people to undertake Disclosure and Barring Service (DBS) checks. We share information about our employees as required to meet our contractual obligations to them – for example, by sharing relevant information with pension service administrators.
We have a legal obligation to comply with the Freedom of Information Act 2000 and this may include the requirement to disclose some information about our employees – especially those in senior or public facing roles.
Information about people who use our website
We will only collect personal information volunteered by you via our website, such as:
- Feedback from surveys and online forms
- Email addresses
- Preferred means of communication.
This personal information about you will be used to exercise our functions. This privacy statement covers the Independence Matters site. This does not cover external links.
Signing up to our e-newsletter
If you subscribe to this service, your name and email address will be held by us. You can unsubscribe at any point by emailing contactus@independencematters.org.uk with your request.
How we share information with other organisations
We only share personal data with other organisations where it is lawful to do so and in accordance with our Code of Practice on Confidential Personal Information. We do not use personal data for direct marketing (promoting or selling goods, services etc.) or share information with anyone else who will use it for direct marketing.
We sometimes use other organisations to process personal data on our behalf. Where we do this, those companies are required to follow the same rules and information security requirements as us and are not permitted to reuse the data for other purposes.
Retention and disposal of personal data
We publish a retention and disposal schedule which explains how long we keep different types of records and documents for, including records and documents containing personal data. Personal data is deleted or securely destroyed at the end of its retention period.
Changes to the law – the General Data Protection Regulation (GDPR)
The GDPR came into force in May 2018 and has replaced the Data Protection Act 1998. We will ensure that we will process personal data in accordance with the requirements of the GDPR and Data Protection Act 2018.
Your rights
Your right to access information about you
If you think we may hold your personal data and you want to see it, you need to make a subject access request. We will ask you for proof of identity before responding to your request.
Correcting or deleting your personal data
If you think that we may already hold your personal data, and you want us to correct information that you believe is wrong, or if you want us to delete your personal data or to stop processing it, then you have the right to object to the data being used or to ask for it to be corrected.
Please make your objection in writing by sending an email to: imdpo@norfolk.gov.uk or send it by post to:
Data Protection Officer (DPO)
Independence Matters CIC Head Office
Dereham Community Hub
Rashes Green
Dereham
NR19 1JG
Sometimes we may need to refuse a request to delete, correct or stop processing personal data. For example, this may be when we need to protect a vulnerable person from harm, or as a result of our legal obligations, or to help us carry out our functions.
Complaints about how we process personal data
If you feel that we have not met our responsibilities under the Data Protection Act 2018 and GDPR, you have a right to request an independent assessment from the Information Commissioner’s Office (ICO). You can find more details on their website www.ico.org.uk.
Independence Matters Data Protection Officer (DPO) under Article 37 of the GDPR is Rachel Miller. The DPO’s role is to monitor and advise Independence Matters on meeting its data protection responsibilities. The DPO can be contacted using the details above.
We may update this notice from time to time and will publish an up to date copy on our website and ensure you have the most up to date information.
Last updated: 23/01/2020
Make an enquiry
Please complete our enquiry form below, alternatively email or call 0300 790 0508