Iris Care Group is an independent social care, healthcare and specialist education provider, employing over 1,600 employees covering a range of expertise and specialisms.
This privacy notice applies to Iris Care Group and its subsidiary services.
What is a Privacy Notice?
A Privacy Notice is a statement by Iris Care Group that advises the people we support, visitors, carers, public and staff how we collect, use, retain and disclose personal information which we hold. This privacy notice is part of our commitment to ensure that we process personal information/data fairly and lawfully.
Why issue a Privacy Notice?
Iris Care Group recognises the importance of protecting personal and confidential information in all that we do and takes care to meet its legal and regulatory duties. This notice is one of the ways we can demonstrate our commitment to being transparent and our values of being People Focused, Working Collaboratively, Striving to be the Best, Respect and Integrity, and Quality of Care.
This notice also explains what rights you have to control how we use your information.
How information is retained and kept safe?
To make sure your personal information is protected, we have a series of technical and administrative measures in place. Access is limited to only those who need access to it to provide services to you.
Information is retained in secure electronic and paper records and access is restricted to only those who need to know.
All members of staff are required to undertake annual data protection and confidentiality training and our privacy and security guidelines are communicated to all employees.
It is important that information is kept safe and secure, to protect your confidentiality. Our guiding principle is that we are holding your information in strict confidence.
Accuracy and retention of personal information
Iris Care Group makes it easy for you to keep your personal information accurate, complete, and up to date. If any of your information changes please let us know so that we can update our records.
All records are destroyed in accordance with the Iris Care Group Schedule, which sets out the appropriate length of time each type of record is retained.
Can I access my information?
You are entitled to request access to your information, with some exemptions. For more information on how to access the information we hold about you please contact us at the address below.
Privacy questions
If you have any questions or concerns about this Privacy Notice or how we process your information or if you would like to make a complaint about a possible data breach please contact us:
Data Protection Officer
Iris Care Group
Unit 1, Castleton Court, St Mellons, Cardiff
CF3 0LT
dpo@iriscaregroup.co.uk
We take data security extremely seriously and all such communications are examined and replies issued where appropriate as soon as possible. If you are unsatisfied with the reply you receive, you may refer your complaint to the Information Commissioner’s Office (ico.org.uk)
Why and how we collect information about the people we support
We may ask for or hold personal confidential information which will be used to support delivery of appropriate care and treatment. This is to support the provision of high quality care. These records may include:
- personal information (such as name, address, date of birth, NHS number, NI number, next of kin)
- characteristics (such as ethnicity, language, nationality, country of birth)
- personal sensitive information (such as sexuality, religion or beliefs, and whether you have a disability, allergies or health conditions)
- safeguarding Information
- contact we have had (such as appointments and home visits)
- details of diagnosis, treatment and care (including notes and reports about your health and well-being)
- information from people who care for you and know you well (such as health professionals and relatives)
- CCTV footage
You are not required to provide the personal information that we may request, but it is important for us to have a complete picture, as this information assists staff involved to deliver and provide improved care and appropriate treatment plans to fully meet your needs.
Information is collected in several ways, referral from your commissioning team, from the service you may currently be using and details from your GP, a relative or directly given by you.
How we use your information
- to help inform decisions that we make about your care
- to ensure that your treatment is safe and effective
- to work effectively with other organisations who may be involved in your care
- to ensure our services can meet future needs
- to review care provided to ensure it is of the highest standard possible
Who will the information be shared with?
We will only share your personal information with third parties where you have given your consent, where there are issues or concerns like the health and safety of yourself or others, or where there is a legal requirement or responsibility to share the information.
We will normally share information about you with other health and social care professionals so that you may receive the best quality care:
- NHS Trusts, hospitals and other bodies involved in your care
- General Practitioners (GPs)
You may be receiving care from other people, for example Social Care Services. We may need to share some information about you with them so we can all work together for your benefit, if they have a genuine need for it or we have your permission. Therefore, we may also share your information with:
- social care services
- education services
- local authorities
- safeguarding teams
- voluntary and private sector providers working with Iris Care Group
Personal information may also need to be shared with third parties to make arrangements for the funding and/or payment of services received.
Why and how we collect information about students at Beechwood College
We understand the importance of taking extra precautions to protect the privacy and safety of the young people under our care.
Why and how we collect information
The information that we collect, hold and share may include:
- personal information (such as name, unique student number, next of kin and address)
- characteristics (such as ethnicity, language, nationality, country of birth)
- attendance information (such as sessions attended, number of absences and absence reasons)
- safeguarding information
- medical information
- behavioural information
- CCTV footage
How we use student information
- to support learning
- to monitor and report on progress
- to provide appropriate pastoral care
- to assess the quality of our services
- to keep students safe
- to meet statutory duties
Whilst the majority of young person information provided to us is mandatory, some of it is provided to us on a voluntary basis. In order to comply with the law, we will inform you whether you are required to provide certain information to us or if you have a choice in this.
Who will the information be shared with?
We will only share your personal information with third parties where you have given your consent, where there are issues or concerns like the health and safety of yourself or others, or where there is a legal requirement or responsibility to share the information.
We routinely share student information with:
- Department for Education (DfE)
- Estyn
- Care inspectorate Wales
- local authorities
- safeguarding teams
- services the you may use after leaving us
We share data with the Department for Education (DfE) and Estyn on a statutory basis. This data sharing underpins funding and educational attainment policy and monitoring.
Personal information may also need to be shared with third parties to make arrangements for the funding and/or payment of services received.
Why and how we collect personal information about staff
You may be asked to provide your personal information at any time. We may combine it with other information to provide and improve our services as an employer. You are not required to provide the personal information that we may request, but, if you chose not to do so, in many cases we will not be able to provide you with a job.
Why and how we collect information
Here are some examples of the types of personal information we may collect and how we may use it:
- personal information (such as name, address, date of birth, next of kin)
- contact information (such as telephone number, email address)
- characteristics (such as ethnicity, language, nationality, country of birth)
- personal sensitive information (such as sexuality, religion or beliefs, trade union membership, and whether you have a disability, allergies or health conditions)
- Disclosure and Barring Service Information (including Enhanced DBS details)
- identifiers (such as Online identifier, Biometric details, Social media identifiers, National insurance number, bank details)
- CCTV footage
When you apply for a position we will record your details including your name, postal address, telephone number, email address, educational and work history, referees and contact preferences.
Before your appointment, all required right to work checks and a check with the Disclosure and Barring Service will be carried out. Details of these checks (or the results from them) will be retained on your HR record.
If you are successful in being appointed, and during your employment with us, we will retain your full employment record which will include your name, postal address, telephone number, email address, details of your next of kin, bank details (for the purposes of payments), educational and work history, training, appraisals, copies of any complaints, disciplinary or safeguarding matters.
How we use your personal information
The personal information we collect and store about you allows us to facilitate the employment relationship we have with you.
Your personal information may be shared with various departments across the group including:
- Payroll
- Learning and Development
- Human Resources
- Information Technology
Who we share your information with
We will only share your personal information with third parties where you have given your consent, or where there are issues or concerns like the health and safety of yourself or others, or where there is a legal requirement or responsibility to share the information.
Where necessary, we routinely share limited personal formation with the following:
- HMRC
- Pension providers
- External Regulators (including Care inspectorate Wales and Hospital Inspectorate Wales)
- Disclosure and Barring Service
- Training partners