(GDPR) Privacy Notice
General Data Protection Regulation (GDPR) Privacy Notice
1. Business details
This is the privacy notice of Autonomy Care Group Limited.
Our registered office is at 67 Roundpond, Melksham, Wiltshire SN12 8EB.
Each of our services within the Autonomy Care Group Limited are registered as independent companies:
Autonomy Care Limited our domiciliary care services have two offices which are situated at:
- ACL Melksham, 53 High Street, Melksham, Wiltshire, SN12 6JY
Autonomy Life Limited has three Adult residential homes.These are situated at:
- The Willows, 72 Boreham Road, Warminster, Wiltshire, BA12 9JN,
- Willow View, 63b Boreham Road, Warminster, Wiltshire, BA12 9JX
- The Oaks, 165 Worcester Road, Malvern, Worcestershire, WR14 1ET
- Weavers Lodge, Florida Street, Castle Cary, Somerset BA7 7AE.
Autonomy Plus Limited, has one Children's residential home.
- Haresfield is situated in Wiltshire.
2. Aims of this notice
We have issued this notice to describe how we handle personal information that we hold about our service users, staff and job applicants.
We respect the privacy rights of individuals and are committed to handling personal information responsibly and in accordance with applicable law. This notice sets out the personal data that we collect and process, the purposes of the processing and the rights that you have in connection with it.
3. What personal information we collect about: a) service users b) employees and c) third parties
We hold personal data on all our service users and employees to meet legal obligations and to perform vital internal functions. This notice details the personal data we may retain and process relating to your employment and vital business operations. We are committed to ensuring that your information is secure, accurate and relevant. To prevent unauthorised access or disclosure, we have implemented suitable procedures to safeguard and secure personal data we hold.
All personal data will be stored in accordance with applicable laws and kept for as long as needed to carry out the purposes described in this notice or as otherwise required by law. Types of personal information we may process include, but are not limited to:
Service users. As a registered care provider, we must collect some personal information on our service users, including financial information, which is essential to our being able to provide effective care and support. The information is contained in individual files (manual and electronic) and other record systems, all of which are subject to strict security and authorised access policies. Personal information that becomes inactive, e.g. from enquiries or prospective users who do not enter the service is also kept securely for as long as it is needed, before being safely disposed of.
Employees and volunteers. The organisation operates a safe recruitment policy to comply with the regulations in which all personal information obtained, including CVs and references, is, like service users’ information, securely kept, retained, and disposed of in line with data protection requirements. All employees are aware of their right to access any information about them.
Third parties. All personal information obtained about others associated with the delivery of the care service, including contractors, visitors, etc will be protected in the same ways as information on service users and employees.
Sensitive Personal Data. This includes any information that reveals your racial or ethnic origin, religious, political, or philosophical beliefs, genetic data, biometric data for the purposes of unique identification, trade union membership, or information about your health/sex life. We may need to collect some sensitive personal information for legitimate employment-related purposes, for example:
Data relating to your racial/ethnic origin, gender, and disabilities for the purpose of equal opportunities monitoring, to comply with anti-discrimination laws and for government reporting obligations.
Data relating to your physical or mental health to provide work-related accommodations, health and insurance benefits to you and your dependants and to manage absences from work.
Data from CCTV systems including similar devices e.g Smart Doorbells primarily collecting visual data, which can include:
- Images and Videos:The primary data collected by CCTV cameras are images and video footage of individuals in the monitored area.
- Audio Recordings:Smart doorbells only may capture audio, depending on the setup.
- Metadata:This includes information such as timestamps, camera locations, and potentially even motion detection data that indicates when an individual was present in a specific area.
4. How we collect information
The bulk of service user’s, employees’, and third parties personal information is collected directly from them or through form filling, mainly manually, but also electronically via Access Care planning and management system for some purposes, e.g. when contacting the service through its website.
With service users, we might continue to build on the information provided in enquiry and referral forms, and, for example, from needs assessments, which feed into their care and support plans. We also use Access and Quickbooks for financial purposes.
With employees, personal information is obtained directly and with consent through such means as references, testimonials and criminal records (DBS) checks. When recruiting staff, we seek applicants explicit consent to obtain all the information needed for us to decide to employ them. We also use Access care management system which also includes rota management. Atlas is our HR system which contains employee records.
We use Advantage Training, Careshield, Grey Matter Learning, PRICE and TAG Trauma Action Group for training purposes. Information held includes employee name, course attended, grade and certificate.
We use Quickbooks and Brightpay for financial purposes including payroll.
Data collection through CCTV occurs via:
Surveillance Cameras: These devices are strategically placed in public spaces generally outside the premises with the exception of Autonomy Care Limited where CCTV is located with the office of a retail unit, for security purposes. They continuously record or operate on motion detection.
Storage Systems: Recorded footage is typically stored on network video recorders (NVRs), or cloud-based storage solutions.
All personal information obtained to meet our regulatory requirements will always be treated in line with our explicit consent, data protection and confidentiality policies.
Any processing based on consent will be made clear at the time of collection or use - consent can be withdrawn at any time by contacting the HR Department.
Our website and databases are regularly monitored to ensure they meet all privacy standards and comply with our general data protection security and protection policies.
5. What we do with personal information
All personal information obtained on service users, employees and third parties is used only to ensure that we provide a service, which is consistent with our purpose of providing a person-centred care service, which meets all regulatory standards and requirements. It will not be disclosed or shared for any other purpose.
We process our employees’ personal information through Atlas, which is a tool that helps us to administer personnel records. Atlas allows staff members to manage their own personal information such as contact and next of kin details. Atlas is provided by Citation who utilise third-party servers via Microsoft Azure to hold its HR System data and other business services; these are both based in the United Kingdom and have been assessed against stringent security requirements to ensure that all appropriate security controls are in place to protect personal information.
Personal data, images and videos will be used for marketing purposes; this could be used for, but not limited to, print and digital media formats including print publications, websites, e-marketing, posters, banners, advertising, film, social media platforms, support planning and research purposes. Personal data will refer to employees either by first or full name and service users / family members by first name only, publications / posts may include but not limited to birthdays, appreciation and shout outs, long service awards, new starters and leavers. Consent is obtained prior to use of this data.
The use of collected CCTV data generally falls into the following categories:
Security Monitoring: The primary purpose of CCTV footage is to enhance security by monitoring premises for suspicious activities or unauthorised access.
Incident Investigation: Recorded footage can be reviewed after incidents occur (e.g., theft, vandalism) to gather evidence for investigations by law enforcement or internal security teams.
Data Retention Policies: Retention periods have been established for how long recorded footage is kept. After this period, the data is securely deleted unless required for ongoing investigations or legal reasons.
Source: Croner-Reviewed 02/04/2024 Reviewed by JT EWS Ltd applicable to all CQC regulated services
Next Review: July 2025