Data Privacy Notice for Meadows Care Workforce
Reviewed October 2024
Meadows Care is a limited company registered in England with company number 05087886 and our registered office at Egerton House, Wardle Road, Wardle, OL12 9EN.
We are registered with the Information Commissioner’s Office (ICO), the UK data-protection regulator, our registration number is Z1652894. Meadows Care will be the ‘data controller’ for the purposes of the data-protection laws in relation to any personal information we hold about you.
We are fully committed to employee confidentiality and protecting your personal information. We have appointed a member of Meadows Care as our Information Officer and representative for data-protection matters.
- Jonathan Rigg – Director / Owner
- Email: gdpr@meadowscare.co.uk
- Phone: 07976 722 689
RoPA (Record of Processing Activities) is an important part of our Accountability Framework
One of the essential aspects of GDPR is maintaining accurate and up to date records of processing activities. This includes:
- The types of information being processed
- Data retention periods
- Data sharing practices
Best Practice involves:
- Data mapping exercises- each department keeps a record of the data they retain, use and process.
- Each departmental schedule includes:
- DPO name and contact details
- Purposes of data processing
- Data subject categories
- Who data may/will be shared with
- Retention schedules
- Security and technical measures
- Staff awareness
- Each departmental schedule includes:
- Documentation-the above is reviewed regularly
- Data minimisation-plans are reviewed regularly to discuss whether less data can be used.
- Training-GDPR training is provided to staff. Each department discusses data protection processes and important of RoPA regularly.
The types of personal ‘data’ that we collect, process, hold and share include:
- Personal information (such as name, employee number, email address, home address, next of kin and contact number)
- Special categories of data including characteristics information (such as gender, age and ethnic group)
- Contract information (such as start dates, hours worked, post, roles and salary information)
- HR information (such as absence record, appraisal, supervision records, performance indicators, training, qualifications, disciplinary record and pre-employment checks)
- Finance information (such as national insurance, bank details and salary).
Why we collect and use this data
- To monitor and manage employment under policies and procedures
- To enable the development of a comprehensive picture of the workforce and how it is deployed
- To inform the development of recruitment and retention policies
- To enable our regulators (Ofsted) to understand and to regulate our services in the interests of the young people
- To enable individuals to be paid appropriately
- For legal requirements and insurance purposes.
If none of these reasons apply, we may ask for your specific permission.
Storing this information
We will never retain your personal data for any longer than is necessary and we hold the different types of ‘data’ in accordance with the legislation we are regulated by. For example, some finance information is held for 7 years, whereas key HR information will be held for 50 years. For further details on this please email GDPR@meadowscare.co.uk or write to HR at Head Office using the address below.
Who we may share this information with:
- Ofsted
- Health Shield / Pension / Company incentives / Insurance companies
- Training partners
- Sage (payroll)
- Bank
- HR Advisors
- Reg 44 Visitors
In exceptional circumstances, we may need to share your personal information with:
- Police
- Local Authorities
- When the information concerns risk of harm to the client, or risk of harm to another adult or a child. We will discuss such a proposed disclosure with you unless we believe that to do so could increase the level of risk to you or to someone else
Whenever possible, we will only share your personal information with them on a confidential basis.
What we will NOT do with your personal information
We will not share your personal information with third-parties for marketing purposes
How we ensure the security of personal information
- We control who has access to personal information
- We have a secure system within Meadows Care and the wider partners used ensuring they are all GDPR compliant.
- Personal information is also stored on a secure server owned by Meadows Care. In addition, Malware and antivirus protection is installed on all computing devices.
Your right to access the personal information we hold about you
- You have a right to access the information we hold about you. To make a request for your personal information please email GDPR@meadowscare.co.uk or write to HR at Head Office using the address below
- If possible, we will usually share this with you within 30 days of receiving a request
- There may be an administration fee for supplying the information to you
- We may request further evidence from you to check your identity
- A copy of your personal information will usually be sent to you in a permanent form (that is, a printed copy)
- You have a right to get your personal information corrected if it is inaccurate
To help us process your request quickly and efficiently, please provide as much detail as possible about the personal data you are requesting access to. Please include time frames, dates, names, types of documents, file numbers, or any other information to help us locate your personal data.
We will contact you for additional information if the scope of your request is unclear or does not provide sufficient information for us to conduct a search (for example, if you request “all information about me”). We will begin processing your access request as soon as we have verified your identity and have all of the information we need to locate your personal data.
If the information you request reveals personal data about a third party, we will either seek that individual’s consent before responding to your request, or we will redact third parties’ personal data before responding. If we are unable to provide you with access to your personal data because disclosure would violate the rights and freedoms of third parties, we will notify you of this decision.
Applicable law may allow or require us to refuse to provide you with access to some or all of the personal data that we hold about you, or we may have destroyed, erased, or made your personal
data anonymous in accordance with our record retention obligations and practices. If we cannot provide you with access to your personal data, we will inform you of the reasons why, subject to any legal or regulatory restrictions.
How to complain
- You can complain to a regulator. If you think we haven’t complied with the data protection laws, you have a right to lodge a complaint with the Information Commissioner’s Office at https://ico.org.uk/concerns/.
Further Information
If you would like to discuss anything further please contact the GDPR officer Jonathan Rigg on GDPR@meadowscare.co.uk or write to Head Office using the address below.