Our Privacy & GDPR Policy

The company

Care101 Ltd (“we”, “our” or “us”) is a nursing agency providing temporary healthcare staff to clients as and when required. Our registered address is 10 Parklands Way, Worcester Park, Surrey. KT4 7HT.

Use of our web sites & published documents

Our web sites, accessible at https://www.Care101.uk, https://www.Care101.co.uk & https://secure.Care101.co.uk are owned by Care101 Ltd and are protected by copyright. You may print out individual articles or pages for your private or non-commercial use/research within your organisation. You may not distribute or make public -either in print or electronically, any content from this web site without our prior written consent.

Disclaimer

We try to ensure that all information published on these web sites is accurate. However, content is for information only and subject to change without prior notice. No assumptions should be made with regard to uninterrupted access to or errors on either website. We will not be responsible in any circumstances for any consequential or incidental damages, or any other indirect damages that might arise from the use of these sites.

External information

Our sites sometimes link to, and contain content from, other web sites and resources. Where this is the case, no guarantee is made that the related information is accurate or up to date. A link or use of content does not imply or indicate that the information is endorsed by us.

Privacy policy statement

We collect personal information from visitors to our web sites through both the use of online forms and each time you e-mail us your details. We also collect information automatically about your visit to our web sites. We will only use information provided by our visitors for our own use. Any information automatically retrieved, such as site browsing patterns, will only be used for our own site traffic analysis. We will not disclose any information provided by visitors to any third parties except for suppliers that process data on our behalf. Care101 may also use this information to keep you informed of changes to our service, or changes to the features contained in our web sites.

GDPR regulations

GDPR or General Data Protection Regulations aim to create a harmonised data protection law framework across the EU and hence give individuals back control of their personal data. In addition, strict guidelines ensure those hosting and processing this data take the appropriate precautions, both on site and anywhere in the world –including outside the EU. In particular it means…

All data must be processed lawfully in a clear, fair and transparent way.
All data must only be collected for the purpose of employment and ongoing compliance.
All data must be adequate, relevant and limited to what is absolutely necessary to perform the tasks required of it. This refers to the data itself, and those able to view it.
All data must be retained for as long as necessary.
Data must be accurate and kept up to date.
Data must be processed securely during all stages of the check and destroyed safely. Specific details are given at the end of this document.

Terms & conditions

Care101’s Terms & Conditions and any 3rdparty agreements we work under provide the framework for this protection. Likewise, our staff terms of engagement detail the requirements for confidentiality for both them, Care101 and the clients with which they work. This includes confidentiality of information within a client site, about a client, about a resident/patient or about Care101 –either the company or another employee. All parties must be aware of these documents –copies of which are also available on request.

Inspection By Official Authorities

Upon request, Care101 will provide the required information to official authorities in connection with a specific case provided…

The requestor has official authority to request the information.
The requestor is deemed to have a need to see it.
It can be determined that the requestor will use the information appropriately and secure any copies as needed. If the requestor is not deemed to require access to some or all of the information requested, Care101 has a duty of care to withhold such information and will seek further guidance before providing it. This may require clarity of the request or consultation with legal partners.

Country

Any data processing may only be carried out in the EU or EEC. Any change to a third-party country may take place with the Controller’s consent.

Obligations of the Controller

The Controller shall be solely responsible for assessing the admissibility of the processing requested and for the rights of affected parties.

Notification Obligations

If any infringement is discovered by any employee or 3^rd party accessing the data, they must inform the Controller immediately.

Instructions

The Controller reserves the right of full authority to issue instructions concerning data processing on his/her behalf.

Destruction

In the event the data is no longer required, it must be destroyed at the appropriate time by an appropriate method. Where 3^rd party access to the information is involved, the Controller will seek assurances and potentially request proof from the 3^rd party that the data has been effectively destroyed. The appropriate retention periods must be observed prior to the destruction of any data.

Governing Law

Your use of our web sites is governed by and construed in accordance with the laws of England and Wales. Any disputes will be decided only by the courts of England and Wales.

Data Protection Act & GDPR

Personal information we hold, Care101 holds the following information for each employee…

Name, address, date of birth, NI number
Contact information
NEST pension details
PAYE or PSC related details
Proof of ID and right to work (RTW) information
Passport, work or residency permits, ID cards etc.
NMC registration details (nurses only)
DBS information
Training information
Details relating to any qualifications
References
Payroll history (for Care101 only, incl. PAYE, P60, P32, ITEPA details)

Where does the data come from? Details are recorded from…

An employee’s application form
The employee themselves
Details determined by Care101 (e.g. DBS)
Details generated by Care101 (e.g. payroll, pension etc.)
Ongoing information maintenance (e.g. refresher training etc.)
3^rd parties –e.g. employment references

Who has access to this information?

Care101 has less than 250 active employees. All details are available to…

Care101 directors
Care101 office & compliance staff

Payroll details are available to…

Our payroll partner
HMRC

Staff profile details (including contact, DBS, proof of ID, passport, registration & training details) are available to…

Clients with whom the staff member works
Clients via the eTips or similar panel-based websites
The individual employee (their own details only)
3^rd party data providers

Some data held by Care101, such as employment references are provided confidentially. Unless express permission is given by the supplier of the original data, no information regarding the data supplier themselves will be passed on or shared with any other organisation, except as described below. For the purposes of ongoing audits, specific 3^rd party companies by have access to these details, in order to provide they exist and Care101 has performed due diligence in the hiring process. However, no copies will be taken or stored externally by those companies.

Consent is granted by each employee…

Either through our application form
Or through the online data declaration

Details are recorded & monitored through our CMS system online.

Vital interests

Information is only shared this way under health grounds – e.g. if requested in an emergency, contact details & next of kin information would be supplied for an individual employee.

Legitimate interests. Typically, information is shared with 3^rd parties (e.g. clients, payroll, HMRC, NEST) as and when the individual would expect them to be. For example, in order to work for a client, implement payroll processing etc. As part of the application process, employees understand that data will be shared with clients, either written or on-line. They also understand that details will be held on-line and/or in paper form. Details are only shared if there is a “legitimate need” for the 3rdparty to access them and therefore become a data processor. Where confidentiality must be maintained (either explicitly or implicitly), only those permitted shall be given access. Under exceptional circumstances (e.g. on the grounds of health & safety or safeguarding), details may also be shared. Such actions will be recorded/documented.
Right to be informed including privacy information. All employees are informed how the information they provide will be used at application and also through our document library.
Communicate the processing of children’s personal data. This is not applicable to Care101.
Right of access. Individuals are able to request access to the details we hold about them at any time. Most is made available securely through our CMS system which provides them with electronic access to the information. However, they may contact the office for any other information we hold relating to them (the individual’s data only) at any time.
Right to rectification and data quality. Individuals may at any time request that incorrect or out of date information be updated. This can be performed online through our CMS system or by contacting the office, either by phone or in writing.
Right to erasure including retention and disposal. Individuals may at any time request that information regarding them be erased. Subject to external legal requirements (e.g. healthcare or insurance related), this will be actioned. Where this is not possible (for the aforementioned reasons), more specific details & reasons will be provided in answer to the request.
Right to restrict processing. Although individuals may request that the processing of their details is restricted in one or more ways, this will not normally be an available option. Without sharing the details legitimately, clients will not be able to accept the individual for work, nor would they be able to be paid etc.
Right to data portability. This is not applicable to Care101.
Right to object. Any potential employee has the right to object to the processing of their data. However, in doing so, they will severely restrict their ability to work, for the reasons mentioned previously. This would normally mean that Care101 would be unable to use their services because without sharing the profile details collected, clients would not accept them for work, the individual would not be able to be paid etc.
Rights related to automated decision-making including profiling. This is not applicable to Care101.
Accountability. See our data protection policy within this document. Details are held within our CMS system and reviewed as required from there. Policies are periodically updated as needed. Training is available for all staff online to ensure they are knowledgeable about their own responsibilities with other people’s (client and service user) data.
Processor contracts. Implemented as required with suppliers & clients to protect any personal data shared by Care101 Ltd.
Information risks. The data controller manages all data and ensures all directors, office staff are aware of their responsibilities relating to the personal information they have access to.
Data Protection by Design. Procedures are in place, both through CMS and manually to ensure details are only shared with the appropriate organisations and contacts.
Data Protection Impact Assessments (DPIA)These are not applicable to Care101. Although we may hold biometric information, it is recorded for ID and right to work (RTW) purposes only.
Data Protection Officers (DPO)& Management Responsibility. DPOs are directors of Care101. They understand the impact of DPA and GDPR.
Security policy. Data is held securely withinCare101. Online details are recorded centrally and accessed via CMS and online through a firewall and secure protocols (SSL). Secure backups are also held for disaster recovery and data retention only.

Further Information & Queries

If you have any queries with regard to this web site or it’s use, or our data protection policy as a whole, please contact us & we will be happy to help.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.