Bramley care are committed to ensuring that any personal data we hold about you is protected in accordance with data protection laws and is used in line with your expectations
This Policy explains what personal data we collect, why we collect it, how we use it and how we protect it.
GDPR requires that all data shall be:
• Processed lawfully, fairly and in a transparent manner in relation to individuals
• Collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes.
• Adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed
• Accurate and where necessary, kept up to date; every reasonable step must be taken to ensure that data that are inaccurate, having regard to the purposes for which they are processed, are erased and rectified without delay
• Kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research or statistical purposes subject to the implementation of the appropriate technical and organisational measures required by GDPR in order to safeguard the rights and freedoms of individuals; and
• Processed in a manner that ensures the appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.
• This policy applies to all personal data processed by Bramley Care.
• The responsible person shall take responsibility for Bramley Care’s compliance with this policy
• This policy will be reviewed quarterly
• Bramley Care will appoint a data protection Officer to ensure its compliance with data protection regulations.
Data in relation to young people in the care of Bramley care is in line with the requirements of The Children’s Act 1989 – this includes all personal data that Bramley care are required to collect and maintain for the timeframes indicated in this legislation.
Data in relation to employees of Bramley Care Ltd is collected for the purposes of their employment and safeguarding requirements of overarching legislation relating to registration and managing a children’s home including: The Children’s Homes Regulations 2015, Working together to Safeguard children 2018 and Children and Families Act 2014.
Individuals have the right to access their personal data and such requests made to Bramley care will be dealt with in a timely manner
These requests can be made via the Data Protection Officer at a dedicated email address – DPO@appleorchard.org.uk
• All data processed by Bramley care must be done on one of the following lawful basis: consent, contract, legal obligation, vital interests, public task or legitimate interests.
• Where consent is relied upon as lawful basis for processing data, evidence of opt-in consent shall be kept with the personal data.
Bramley Care shall ensure that personal data are adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.
Bramley Care shall take reasonable steps to ensure personal data is accurate
Where necessary for the lawful basis on which the data is processed, steps shall be taken to ensure that personal data is kept up to date.
To ensure that data is not kept longer than is necessary, Bramley care shall put in place an archiving system for each area in which personal data is processed and review this system annually.
The archiving policy shall consider what data should/ must be retained, for how long and why.
Bramley Care shall ensure that personal data is stored securely using modern software that is kept up to date where possible and where data cannot be stored electronically that there are systems in place to ensure the security of all paper data.
Access to personal data shall be limited to personnel who need access and appropriate security will be in place to avoid unauthorised sharing of information.
When personal data is deleted this will be done safely such that the data is irrecoverable
Appropriate back-up and disaster recovery solutions will be in place where possible.
In the event of a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data. Bramley Care shall promptly assess the risk to people’s rights and freedoms and if appropriate report this breach to ICO.
Data Retention/ Archiving Guide – Appendix A
|Data Type||Retention period|
|All information required for retention in relation to Young People placed at Bramley Care||Until the young person reaches the age of 75 years/ 15 years after the death of any person previously placed at Bramley care|
|Staff Records||Full length of employment and 3 years after the person has ceased employment|
|Financial Records||6 years|
|Job applications||Where the candidate was unsuccessful records will be kept for 12 months after the initial application|
|Referrals||Where the referral was unsuccessful information will be kept for 12 months after the initial referral was made.|