Forward: In this digital age we expect to be constantly connected and have the data we want at the touch literally at our fingertips. This requires data to be collected and processed. Yet when storing and transmitting data, we must ensure a high level of data protection and data security. That goes for information pertaining to our customers, prospects, business partners and employees. Because data protection is people protection. 

We want Connies Carers (a trading division of Burbridge Limited) to set the standard in data protection. For that reason, we view it as our duty to comply with Data Protection Law. Our top priority is to ensure protecting the personal rights and privacy of everyone is the foundation of trust in our business relationship. 

Our Privacy Policy lays out strict requirements for processing personal data pertaining to customers, prospects, business partners and employees. It meets the requirements of the Data Protection Authority. The policy sets a globally applicable data protection and security standard for our company and regulates the sharing of information. 

Our managers and employees are obligated to adhere to the Privacy Policy and observe the Data Protection Laws. 

Connies Carers are dedicated in providing compassionate, quality at home care to our clients; enabling them to live with dignity and respect, doing the things they enjoy in a safe and supportive home environment. Our responsible, team oriented working environment engenders the personal satisfaction and professional growth of our staff, which translates to enhanced well-being of our clients.

Our client’s rights and personal values are at the centre stage of everything we practise as Guernsey’s leading at home care service. Our aim is to ensure our clients enjoy fulfilled, independent and dignified lives whilst supported with the highest level of care.

As a professional healthcare company providing Social Care privately, we believe we have a ‘duty of care to all our clients’ and on occasion this may mean that we share confidential information with other professional service providers such as Doctors, Social Workers and HSC Social Care Teams or such like.

Confidentially is at the heart of our practice.

Table of Contents

  1. Aim of the Privacy Policy 
  2. The Identity of the Data Controller and contact details
  3. Special Category Data/Sensitive Personal Data
  4. The purpose and legal basis of data processing are as follows:
  5. Employee Data processing for the employment relationship
  6. Confidentiality of Processing
  7. Security of data

 

  1. Aim of the Privacy Policy

Connies Carers is committed to comply with The Data Protection (Bailiwick of Guernsey Law, 2017. This Data Protection Policy applies to Connies Carers and is based on globally accepted, basic principles on data protection. Ensuring data protection is the foundation of trustworthy business relationships and the reputation of Connies Carers as an attractive employer. 

  1. The Identity of the Data Controller and contact details

Connies Carers are the Data Controller and can be contacted using the below:

Telephone:  07781 451122 , 01481 266490

Address:      P.O. Box 320,  St Peter Port, GY1 3TW

Email:      paula@connies-carers.com

  1. Special Category Data/Sensitive Personal Data

Special Category Data, sometimes known as sensitive personal data can be processed only it the law requires this, or the data subject provides their consent. Connies Carers processes health data in relation to its clients and this is because it is necessary for a Health or Social Care purpose.

  1. The purpose and legal basis of data processing are as follows:

To carry out such duties as are required in line with our duty of care to our clients. The lawful basis underpinning this processing it that it is necessary for a Health or Social Care purpose

  • Name
  • Address
  • Date of Birth
  • Next of Kin
  • Doctors Name Address and Telephone Number
  • We may disclose your personal date to: 
    1. Doctors
    2. Social Workers 
    3. Other professional bodies.
  • Retention period

Client personal data is kept for 7 years. This is because we need to keep information to defend against possible future legal claims.  Any personal data will not be kept any longer than it is necessary for the purpose for which the personal data is processed.

 

  1. Employee Data processing for the employment relationship

The data processed in respect of employees of Connies Carers is processed in order that we can fulfil our duties as required by an employment contract between us as the employer and our staff members as employees. Should the relevant information not be provided as required by the employment contract, offers of employment will be withdrawn.

In employment relationships, personal data can be processed if needed to initiate, carry out and terminate the employment agreement. When initiating an employment relationship, the applicants’ personal data can be processed. Applicants can consent to remain on file for a future selection process. In the existing employment relationship, data processing must always relate to the purpose of the employment agreement if none of the following circumstances for authorised data processing apply. If it should be necessary during the application procedure to collect information on an applicant from a third party. 

  • DBS certificate
  • Driving Licence
  • Passport
  • Right to Work
  • Bank Details
  • Utility bill/proof of address 

We may disclose your personal data to the Social Security, Income tax Authority and other Government bodies.

  • Data transfers

We do not transfer personal data outside of the Bailiwick of Guernsey

  • Retention period

Employee personal Data is kept for 7 years. This is because we need to keep information to defend against possible future legal claims. Any personal data will not be kept any longer than it is necessary for the purpose for which the personal data is processed.

  • Your rights
  1. Right to information about why personal data is collected from you
  2. Right of access
  3. Right to object to processing for direct marketing purposes
  4. Right to object to processing on grounds of public interest
  5. Right to object to processing for historical or scientific purposes
  6. Right to rectification
  7. Right to erasure
  8. Right to restriction of processing
  9. Right to not be subject to decisions based on automated processing
  10. Right of data portability
  11. Right to withdraw consent
  • Your right to complain to the Supervisory Authority:

You also have the right to make a complaint to our supervisory authority, The Office of the Data Protection Authority in Guernsey, who can be contacted as below:

The Office of the Data Protection Authority

St Martin’s House

Le Bordage 

St Peter Port

GY1 1BR

Email: enquiries@odpa.gg  Tel: 01481 724074

 

  1. Confidentiality of Processing

Personal data is subject to data secrecy. Any unauthorised collection, processing, or use of such data by employees is prohibited. Any data processing undertaken by an employee that he/she has not been authorised to carry out as part of his/her legitimate duties is unauthorised. The “need to know” principle applies. Employees may have access to personal information only as is appropriate for the type and scope of the task in question. This requires a careful breakdown and separation, as well as implementation, of roles and responsibilities. Employees are forbidden to use personal data for private or commercial purposes, to disclose it to unauthorised persons, or to make it available in any other way. The company must inform their employees at the start of the employment relationship about the obligation to protect data secrecy. This obligation shall remain in force even after employment has ended. 

 

  1. Security of Data

Personal data must be safeguarded from unauthorised access and unlawful processing or disclosure, as well as accidental loss, modification, or destruction. This applies regardless of whether data is processed electronically or in paper form. Before the introduction of new methods of data processing, particularly new IT systems, technical and organisational measures to protect personal data must be defined and implemented. These measures must be based on the technology, the risks of processing, and the need to protect the data (determined by the process for information classification).