This privacy notice lets you know what happens to any personal data that you give to us, or any that we may collect from or about you. The privacy notice applies to the personal data of our staff, clients, suppliers, donors and other people whom we may contact in instances where we collect your personal data.
This privacy notice applies to personal information processed by or on behalf of The Myriad Centre Ltd.
Changes to this privacy notice
We may change this privacy notice from time to time by updating this page in order to reflect changes in the law and/or our privacy practices. We encourage you to check this privacy notice for changes whenever you visit our website – www.myriadcentre.co.uk.
The Myriad Centre Ltd and our Data Protection Officer
We’re the Myriad Centre Ltd, St Georges Walk Worcester WR1 1QY We are a data controller of your personal data. Our Dedicated Data Protection Officer is Richard Whateley.
2. What kinds of personal information about you do we process?
Personal information that we’ll process in connection with all of our services, if relevant, includes:
- Personal and contact details, such as title, full name, contact details and contact details history
- Your date of birth, gender and/or age
- National Insurance Number
- Your sex/Gender
- Your religion
- Your nationality, for equal opportunities
- Family members, if relevant to the service, for emergency contact information
- Contact Telephone numbers, to be able to contact you and for emergency purposes
- Email address, for automated correspondence such as references, quotes, invoices
- Personal information which we obtain from Referees you have supplied for your employment
- Your Education details, for employment suitability
- Employment History, for employment suitability
- Copy of personal Documents, such as Driving licence, passport, Bank statements, utility bills for right to work and DBS application
- Photograph, right to work in the UK
- Criminal records information, including alleged offences, for the purpose of working with vulnerable client groups
- Information about your health or if you have a disability
- Financial details about you, such as your salary, attachment of earnings, student loan, Bank details (to pay you)
- Information we obtain from third parties such as HMRC, DWP, Local authorities
- Your residency and/or citizenship status, if relevant, such as your nationality, your length of residency in the UK and/or whether you have the permanent right to reside in UK
- Tax Information, tax code for payroll purposes
- Organisation contact details suppling a service or product to be able to do business with you
- The date, time, reason you attended our premises, staff and visitor sign in/out records for fire purposes, and attendance records
- Extra information you choose to tell us
Please note that the above list of categories of personal data we may collect is not exhaustive.
3. What is the source of your personal information?
We’ll collect personal information from the following general sources:
- From you directly.
- From other sources such as other employers, HMRC, DWP, local authorities and other agencies, publicly available directories and information (for example, telephone directory, social media, internet, news articles).
- Supplier data we collect whilst working with you
- Website Users, We collect a limited amount of data from our website users which we use to help us to improve your experience when using our website and to help us manage the services we provide. This includes information such as how you use our website, the frequency with which you access our website, your browser type, the location you view our website from, the language you choose to view it in and the times that our website is most popular. If you contact us via the website, for example by using the contact form, we will collect any information that you provide to us, for example your name and contact details.
4. How do we use your personal information?
- Supplier Data: The main reasons for using your personal data are to ensure that the contractual arrangements between us can be properly implemented so that the relationship can run smoothly, and to comply with legal requirements
- Client data : The main reasons for using your personal data is to ensure we provide you with the right service for your needs and the contractual arrangements between us can be implemented and comply with statutory regulations
- Staff Data: The main reason for using your personal data is to ensure contractual requirements are implemented
- To monitor and to keep records of our communications such as supervisions, appraisals and performance management
- Competency and training records
- Equal opportunities monitoring
- Photographs for our marketing documents with your consent
5. What is the lawful basis for processing for your personal information?
Article 6(1) (b) of the General Data Protection Regulation’s the one that is relevant here – it says that we can process your data where it “is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract”.
6. When do we share your personal information with other organisations?
We may share information with the following third parties for the purposes listed:
- Employers, for references
- Training course agencies, for booking forms
- Governmental and regulatory bodies such as HMRC, CQC, NMDS, Local authorities, Social workers as required for the service
- Other organisations and businesses who provide services to us such as back up and server hosting providers, IT software and maintenance providers, document storage providers and suppliers of other back office functions
- Family Members in case of emergency
7. Is your personal information transferred outside the UK or the EEA?
We’re based in the UK and your information will not be transferred outside of European Economic Area. If we do so we’ll make sure that suitable safeguards are in place, for example by using approved contractual agreements, unless certain exceptions apply.
8. How and when can you withdraw your consent?
Where we are relying upon your consent to process personal data, you can withdraw this at any time by contacting us using the details below.
9. What should you do if your personal information changes?
You should tell us so that we can update our records using the details in the Contact details below. We’ll then update your records as per your instruction.
10. For how long is your personal information retained by us?
Unless we explain otherwise to you, we’ll hold your personal information based on the following criteria:
- For as long as we have reasonable business needs, such as managing our relationship with you and managing our operations, however no longer than six years.
- Retention periods in line with legal and regulatory requirements or guidance for care services, however no longer than seven years.
- Unsuccessful candidates for employment no longer than two years.
11. How do we safeguard your personal data?
- We are committed to taking all reasonable and appropriate steps to protect the personal information that we hold from misuse, loss, or unauthorised access. We do this by having in place a range of appropriate technical and organisational measures. These include measures to deal with any suspected data breach.
- If you suspect any misuse or loss of or unauthorised access to your personal information please let us know immediately. Details of how to contact us can be found below.
12. What are your rights under data protection laws?
Here is a list of the rights that all individuals have under data protection laws. They don’t apply in all circumstances. If you wish to use any of them, we’ll explain at that time if they are engaged or not. The right of data portability is only relevant from May 2018.
- The right to be informed about the processing of your personal information
- The right to have your personal information corrected if it is inaccurate and to have incomplete personal information completed
- The right to object to processing of your personal information
- The right to restrict processing of your personal information
- The right to have your personal information erased (the “right to be forgotten”)
- The right to request access to your personal information and to obtain information about how we process it
- The right to move, copy or transfer your personal information (“data portability”)
- Rights in relation to automated decision making which has a legal effect or otherwise significantly affects you
You have the right to complain to the Information Commissioner’s Office which enforces data protection laws: https://ico.org.uk/. You can contact us using the details below.
13. Your right to object
You have the right to object to certain purposes for processing, in particular to data processed for direct marketing purposes and to data processed for certain reasons based on our legitimate interests. You can contact us by going to the contact section of our website to exercise these rights or by using the details below.
14. Data Subject Access Requests (DSAR)
Just so it’s clear, you have the right to ask us to confirm what information we hold about you at any time, and you may ask us to modify, update or delete such information. At this point we may comply with your request or, additionally do one of the following:
We may ask you to verify your identity, or ask for more information about your request; and
Where we are legally permitted to do so, we may decline your request, but we will explain why if we do so.
15. How do we delete your information?
While we will endeavour to permanently erase your personal data once it reaches the end of its retention period or where we receive a valid request from you to do so, some of your data may still exist within our systems, for example if it is waiting to be overwritten. For our purposes, this data has been put beyond use, meaning that, while it still exists on an archive system, this cannot be readily accessed by any of our operational systems, processes or staff.
If you have any questions about this privacy notice, or if you wish to exercise your rights or contact the Data Protection Officer, you can contact us by going to the Contact section of our website. Alternatively, you can write to The Myriad Centre, St Georges Walk Worcester WR1 1QY marking it for the attention of the Data Protection Officer.