Privacy Notice for Colleagues and Candidates

 

This notice applies to current and former employees, workers and contractors and candidates applying for employment. This notice does not form part of any contract of employment or other contract to provide services. We may update this notice at any time but if we do so, we will provide you with an updated copy of this notice as soon as reasonably practical. It is important that you read and retain this notice, together with any other privacy notice we may provide on specific occasions when we are collecting or processing personal information about you, so that you are aware of how and why we are using such information and what your rights are under data protection legislation.

​

What Information we Collect and Store About You

​

We may collect and store the following categories of personal information about you:

• Personal contact details such as name, title, address, telephone numbers, personal email addresses and contact preferences

• Date of birth

• Martial status and dependants

• Next of kin and emergency contact details

• National insurance number and NHS number

• Bank account details, payroll records and tax status information

• Salary, annual leave, pension and benefits information

• Records/results of any pre-employment checks (including credit and fraud checks)

• Start date and, if different, continuous employment dates

• leaving data and your reason for leaving

• Location of employment and places you have worked whilst employed

• Attendance records or timesheets

• Identification information contained within your passport, driving licence, proof of address, birth certificates or any other formal identification document provided (copies of these may be stored on your employment file or within our digital checking systems)

• Online identifiers or social media identifiers

• Employee personal relationships with anyone else working for the company

• Recruitment information, including copies of right to work documentation, references, and other information included in your CV and cover letter, or provided as part of the application process

• Employment records, including job titles, work history, working hours, holidays, training records and professional memberships

• Employment management records, including disciplinary and grievance records, flexible working requests, performance records, appraisals, sickness records, recorded conversations, accident and injuries, health and safety incidents, terms and conditions of employment, contracts, job descriptions and anything else that forms part of your employment record

• Compensation history

• CCTV footage, audio CCTV recordings (in limited circumstances) and other information obtained through electronic means, such as clocking in times and locations, and alarm activations/deactivations

• Information about your use of our IT and electronic systems

• Results of HRMC employment status checks

• Digital background and criminal record checks

• Information about your status, nationality and residency 

• Information about your race or ethnicity, religious, philosophical and moral beliefs, sexual life, sexual orientation and political opinions

• Any club, trade union, and other applicable membership details

• Information about your physical and mental health, including any medical conditions and medications

• Identification information containing biometric data, such as passports, photos, videos, and voice recordings, and any biometric based time and attendance systems in use

​

We may also collect, use and share aggregated data, such as statistical data for any purpose. Aggregated data could be derived from your personal information but is not considered personal information in law, as this data will not directly or indirectly reveal your identity. If we are unable to aggregate your data anonymously, we will treat the combined data as personal information and it will be subject to protection under this policy. 

​

How we Collect your Personal Information

​

We collect personal information about candidates, employees, workers and contractors through the application and recruitment process, either directly from candidates or sometimes from an employment agency or background check provider.

 

We may sometimes collect additional information from third parties including former employers, credit reference agencies or other background check agencies such as immigration consultants, or the Disclosure and Barring Service.

​

We may also collect personal information from the trustees or managers of pension arrangements operated by a group company.

​

We will collect additional personal information in the course of job-related activities throughout the period of you working for us.

​

How we will use your Personal Information

​

LDC Care Company and its affiliates may share this personal information with each other but will always use it in accordance with this Privacy Notice. We may also combine it with other information to provide and improve our services.

​

We will only use your personal information when the law allows us to. We could use your personal information in the following circumstances:

• Where we need to determine how appropriate your application is for employment with us

• Where we need to perform the contract we have entered into with you

• Where you have provided us with your consent

• Where we need to comply with legal obligations

• Where it is necessary for legitimate interests pursued by us or a third party and your interests and fundamental rights do not override those interests

• Where we need to protect your interests (or someone else's interests)

• Where it is needed in the public interest or for official purposes

​

Some of the above circumstance may overlap and there could be several grounds for justifying our use of your information. Where possible, this will be discussed with you, detailing the reasons. 

​

Situations in which we could use your personal information include: 

• Making a decision about your recruitment or appointment (for example CV, application form)

• Checking you are legally entitled to work in the UK

• Paying you and, if you are an employee or deemed an employee for tax purposes, deducting tax and national insurance contributions

• Providing you with the following:

  • Salary​

  • Pension

  • Insurance

  • Any benefits administration

• Enrolling you in a pension agreement in accordance with our statutory automatic enrolment duties​

• Liaising with the trustees or managers of a pension arrangement operated by a group company, your pension provider, and any other provider of employee benefits

• Administering the contract we have entered into with you

• HR, business management, regulatory and planning purposes

• Making decisions about salary reviews or compensation

• Conducting inductions, appraisals, performance reviews, handling disciplinary and grievance matters, performance management, career planning, training, promotion, secondments, etc. 

• Dealing with legal disputes involving you, or other employees, workers and contractors, including accidents at work

• Managing disability, sickness, or other types of leave (maternity/paternity leave, etc.)

• Ascertaining your fitness to work

• To facilitate settling of expenses staff have incurred in the course of business, in accordance with their employment contracts

• To facilitate communications between employees and members within the business

• Internal record keeping purposes to enable us to maintain an audit trail in respect to approvals or decisions, voting and internal surveys

• Managing and safeguarding our IT and communications systems, including company digital technologies

• Security reasons

• Complying with health and safety obligations

• To prevent fraud

• Performing workforce analysis, project management, and planning

• Education, training and quality purposes

• Equal opportunities monitoring

• Legal reasons, such as complying with employment and health and safety obligations, ensuring you are legally entitled to work in the UK, establishing or defending legal claims, for record keeping purposes (including, without limitation, to keep pension records or records for tax purposes), to defend our legal rights, etc. 

• To ensure network, digital systems and information security, including preventing unauthorised access to our digital systems and preventing malicious software distribution

• To test our systems to improve the services we provide, for example when there is a change in legislation or when testing new/potential systems and processes. 

• To provide services to you

• Facilitate the settling of any applicable fees

• Communications between any other care providers

• To help us develop, operate, deliver, and improve the quality of care we provide and the services we can offer

• Sending important notices to you or those acting on your behalf, such as updates to your care plans, changes to our terms and conditions, changes in our policies, and changes to the services we deliver

• For health and safety purposes, such as incident management

• For security purposes, through the use of CCTV systems

• For internal purposes such as auditing, data analysis, trend analysis, and researching ways to improve the services we deliver

• For testing our digital systems to improve the services we deliver, such as the software we use to store your digital health and social care records

​

We process your sensitive information for the following purposes:

• CCTV and other biometric data captured whilst performing your duties

• For security purposes and investigations

• Safeguarding reasons

• Managing sickness and absence, providing reasonable adjustments in the workplace and administering benefits

• For legal reasons, such as complying with health and safety obligations, or responding to requests for information from the police or other governing body

​

We will use information about your gender, race, national/ethnic origin, religious, philosophical or moral beliefs, sexual life/orientation, to ensure meaningful equal opportunities monitoring and reporting, and to ensure we are meeting the needs of the people we support. 

​

We will use trade union membership information to pay trade union premiums (if applicable), register the status of a protected employee, and comply with employment law obligations. 

​

We will not sell, share or give your information to third parties for marketing purposes. 

​

How we manage changes in how we use your personal information

​

We will only use your personal information for the purposes for which we collected it. There may be times where we reasonably consider the use of your data for other internal purposes, but only where this helps us deliver our services to you, and we can justify the use of your data under lawful purposes. 

​

If we need to use your personal information for any unrelated purpose, we will publish an updated Privacy Notice on our website, and reasonable methods will be used to notify you of those changes. 

​

Please note that we may process your personal information without your knowledge or consent, incompliance with the above rules, where this is required or permitted by law. 

​

Why we might share your personal information with third parties

​

We will share your personal information with third parties under the following circumstances: 

• When required to do so by law

• Where it is necessary to administer our working relationship with you

• When conducting background and right to work checks

• To protect your interests (or someone else's interests)

• Where we have another legitimate interest in doing so

​

We will never sell, share or give personal information to third parties for marketing purposes. 

​

What type of third party service providers process your personal information

​

'Third parties' includes third party service providers (including IT software providers), commissioning authorities (such as your GP, local authorities, provider trusts, local systems or private medical insurances) and other entities within LDC Care Company.

​

Third party service providers 

LDC Care Company engages third party service providers to provide certain services to the business. These often support our IT software or digital systems (including online payment providers). In order for them to provide their services, we need to allow them to process personal data necessary for their tasks. When we use third party service providers to process personal data on our behalf, we require them to commit to compliance with relevant data protection legislation.

​

The following activities are carried out by, or utilise, third party service providers:

• Payroll processing

• Pension administration

• Early pay scheme

• Benefits provision

• Data storage and administration

• Digital record keeping systems

• Intranet services

• Occupational health

• Digital right to work checks

• Digital background checking

• HR administration

• Rostering

• Digital Health and Social Care Records

• Criminal record checks

​

We will never sell, share or give personal information to third parties for marketing purposes.

 

How we may share you personal information with third parties

​

We may also share your personal data with other third parties.

​

Sale or restructuring 

We may need to share your personal information if a sale or restructuring of all or part of LDC Care Company occurs. In this situation we will, so far as possible, share anonymised data with the other parties before the transaction completes. Once the transaction is completed, we will share your personal data with the other parties if and to the extent required under the terms of the transaction.

​

Request from a regulator or otherwise to comply with the law

We may also share your personal information:

• With a regulator

• To comply with the law 

• Other circumstances when we are legally permitted to do so.

 

This may include making returns to HMRC and disclosures to any other regulatory bodies which have authority over LDC Care Company or our professional advisers (such as lawyers, auditors, immigration advisers etc.), disclosures to stock exchange regulators, disclosures to shareholders such as directors' remuneration reporting requirements and to such third parties as we reasonably consider necessary in order to prevent crime.

​

How long we will use your personal information

​

We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. Details of retention periods for different aspects of your personal information are available in our retention policy which can be requested by emailing the LDC Care Company Data Protection Officer on DPO@ldccare.co.uk

​

To determine the appropriate retention period for personal data, we consider the following: 

• The amount personal data being held

• The nature of the data being held

• The sensitivity of the personal data

• The potential risk of harm from unauthorised use or disclosure of our personal data

• The purposes for which we process your personal data and whether we can achieve those purposes through other means

• The applicable legal requirements for holding the personal data

​

In some circumstances we may anonymise your personal information so that it can no longer be associated with you. In situations, we may use such information without further notice to you. Once you are no longer an employee, worker or contractor for LDC Care Company, we will retain and securely destroy your personal information in accordance with our retention policy, applicable laws and regulations.

 

How we store your personal information

​

The personal information we collect can be stored in a variety of ways. These include:

• Paper-based forms and records

• Digital documents, such as PDF files, Word documents, scanned documents, image files, data export files etc.

• Digital databases

• Digital systems provided by a third party, such as a Digital Health and Social Care Record systems

• Within email systems

• Physical document archiving

• Digital archiving

​

LDC Care Company have taken appropriate and adequate steps to ensure that your information is safe and secure. 

​

How we protect your personal information

​

We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those of our employees, workers or contractors and other third parties who need to access it to provide services to you. They will only process your personal information on our instructions and they are subject to a duty of confidentiality. Details of these measures may be obtained from the LDC Care Company Data Protection Officer by emailing DPO@ldccare.co.uk

​

We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so. 

​

How we ensure accuracy of your personal information

​

LDC Care Company are dedicated to ensuring that you information is accurate and up-to-date. We obtain your information through a number of systems that we use to administer the business. This data is analysed for any differences in the data we hold and the data being obtained. This information is updated in our central records, and reviewed regularly. You can also update your personal information yourself by logging into the LDC People Services Hub. Your can also update your information by emailing the HR department on HR@ldccare.co.uk or by contacting the LDC Care Company Data Protection Officer on DPO@ldccare.co.uk

 

When we might transfer your information overseas

​

We may transfer the personal information we collect about you to countries within the European Economic Area (EEA). There are adequacy regulations in respect of these countries. This means that the countries to which we transfer your data are deemed to provide an adequate level of protection for your personal information.

​

We may transfer personal information we collect about you to the United States of America or other parts of the world outside the UK where there has not been an adequacy decision. This means that these countries are not deemed to provide an adequate level of protection for your personal information. We will transfer your personal data to those countries in limited circumstances that include when a third party supplier (such as IT software supplier) has operations (or provides IT software support for example) in such a country and can only deliver their service to LDC Care Company by transferring your personal data to that country or because their IT infrastructure is structured in such a way that data is stored in those countries.

​

To ensure that your personal information does receive an adequate level of protection we put in place the following appropriate measures to ensure that your personal information is treated by those third parties in a way that is consistent with and which respects UK law on data protection:

• Data protection agreements

• Technical and organisational measures

• Standard contractual clauses

• Binding corporate rules (where applicable) 

 

If you require further information about this or these protective measures, you can request more information from the LDC Care Company Data Protection Officer by emailing DPO@ldccare.co.uk

​

Access to personal information

​

You are entitled to see what personal information we hold about you at any time. This Privacy Notice outlines the information we hold about you and why. If you wish to access your personal information, please contact us at DPO@ldccare.co.uk

​

We are not required to process any request for access which is frivolous or vexatious, jeopardizes or otherwise affects the privacy of others, are impractical, or for which access is not otherwise required by law. We will let you know in writing if any of these circumstances apply to your request.

​

How we use automated decision making

​

Automated decision making takes place when an electronic system uses personal information to make a decision without human intervention.

​

You will not be subject to decisions that will have a significant impact on you based solely on automated decision making, unless we have a lawful basis for doing so and we have notified you.

​

LDC Care Company do not currently utilise automated decision making technologies. If this changes in the future, this Privacy Notice will be updated, and you will be informed. 

​

Data portability

​

You have the right to data portability under the UK General Data Protection Regulation (GDPR). 

​

The right to portability allows you to obtain and reuse a copy of your personal data for:

• Your own purposes

• For your own records

​

The right to data portability ensures that it is done in a safe and secure way without affecting its usability. However, it will only apply to information concerning you which you have provided to us and where it is held electronically (so does not include paper records). 

​

This may include, but is not limited to, data such as: 

• Username

• Email address

• Date of birth

• Address

• Medical information

• Financial information

• Religion

• Gender

• Sexuality

• GP information

• Professional diagnosis

​

You can make a data portability request by emailing the LDC Care Company Data Protection Officer on DPO@ldccare.co.uk

​

Additional rights

​

You may also have the right to:

• Object to processing of personal data that is likely to cause, or is causing, damage or distress

• Prevent processing for the purpose of direct marketing

• Object to decisions being taken by automated means

• In certain circumstances, have inaccurate personal data rectified, blocked, erased or destroyed

• Data portability

​

If you believe you have any of these additional rights, or you wish to exercise them, please contact the LDC Care Company Data Protection Officer on DPO@ldccare.co.uk

​