Staff Care Services Privacy Notice
Staff Care Services (SCS) is part of Cantium Business Solutions (Cantium), a company owned by Kent County Council.. SCS offer Occupational Health and Support Line Services to Employers and employees of organisations, (that contract us to provide services), for example – public / private sector organisations, Schools, and Academies, amongst others as well as to Kent County Council employees. We aim to maintain the highest possible standards and seek to adopt best practice with regards to the way in which we manage and process data in the course of our business.
SCS collects, uses and is responsible for certain personal information about you. When we do we are regulated under the General Data Protection Regulation (GDPR) which applies across the European Union (including the United Kingdom) and we are responsible as a ‘controller’ of that personal information for the purposes of those laws. Our Data Protection Officer is iSystems.
This Privacy Notice offers both our customers (Employers who have contracted our services) and you, their employees, with meaningful and accessible guidance on our approach to handling personal data.
Who are we?
SCS offers a number of services:
In providing a service to your Employer, it will be necessary for SCS to gather, obtain, record and hold employee [your] personal information.
The personal information we collect and use
In the course of providing Occupational Health and Support Line services to your Employer we collect personal information about our customers’ employees. This information may be provided directly by you, as the employee or by your Employer on your behalf. This includes but is not limited to:
We may also obtain sensitive personal data from third parties, with your consent and in compliance with legislation and professional guidelines, with whom we liaise in providing a service to your Employer i.e. your GP, Medical specialist, or by a representative acting on your behalf e.g. appointed advocate / solicitor.
We may also obtain Management information from third parties with whom we liaise in providing a service to your Employer (i.e. LGPS / Teachers’ Pension Scheme / Legal Advisors), or by a representative acting on your behalf (trade union representative / solicitor).
How we use your personal information
We use your personal information to:
The lawful basis for which we collect and use your personal data
The lawful basis for which we collect and use your personal data are as follows:
The lawful basis on which we collect and use special categories/sensitive personal data is as follows:
* for carrying out legal obligations or exercising specific rights in employment or social law
* for occupational health assessment
We will also comply with the Data Protection Act 2018.
How long your personal data will be kept
We will not keep your information during or after your employment for longer than is necessary, for either:
following which your personal data will be securely destroyed.
Where your Employer ceases to purchase a service from us all personal data we hold on you will be retained for current year plus 6 years in line with our retention schedule. Upon expiry of this period any personal data will be securely destroyed.
Who we share your personal information with
Personal information may be shared between SCS colleagues who legitimately need the information to carry out their duties in providing service/services to your Employer. All our staff are appropriately trained and understand their obligations with regards to the personal data they have access to.
Other than your Employer we may share your personal or sensitive personal data with the following:
Providers of management information systems and platforms used by SCS may also have access to personal and sensitive personal data to enable them to provide the service for which they have been contracted. We require any providers to respect the confidentiality and security of your personal data and treat it in accordance with the law.
We may transfer your personal information outside the EU, but if we do, you can expect a similar degree of protection in respect of your personal information.
Keeping your personal information secure
We have appropriate security measures in place to prevent personal information from being accidentally lost, used or accessed in an unauthorised way. We limit access to your personal information to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.
We also have procedures in place to deal with any suspected data security breach. We will notify you and the ICO as regulator of any suspected data security breach where we are legally required to do so.
Under the GDPR you have a number of rights which you can access free of charge. You have the right to request access to information about you that we hold [please see Who to contact below]. You also have the right to:
For further information about your rights, including the circumstances in which they apply, see the guidance from the UK Information Commissioners Office (ICO) on individuals’ rights under the General Data Protection Regulation.
We will always seek to comply with your request however we may be required to hold or use your information to comply with legal duties. Please note: your request may delay or prevent us delivering a service to you.
If you have a concern about the way we are collecting or using your personal data, we ask that you raise your concern with us in the first instance [see Who to contact below]. Alternatively, you can contact the Information Commissioner’s Office at https://ico.org.uk/concerns/
If you would like to exercise a right, please contact firstname.lastname@example.org
Who to Contact
You can contact our Data Protection Officer, iSystems at email@example.com or by writing to Data Protection Officer, Cantium Business Solutions, Worrall House, 30 Kings Hill Avenue, West Malling, ME19 4AE
Please contact firstname.lastname@example.org to exercise any of your rights, or if you have a complaint about why your information has been collected, how it has been used or how long we have kept it for.
The General Data Protection Regulation also gives you right to lodge a complaint with the Information Commissioner’s Office (ICO) – the UK supervisory authority. The ICO may be contacted at https://ico.org.uk/concerns or telephone 03031 231113.
We keep our Privacy Notice under regular review. This document was last reviewed August 2018.