Employee privacy policy
Employee Privacy Promise
We ask that you read this privacy promise carefully as it contains important information on who we are and how we collect, use, store and share personal information. It outlines your rights and how to contact us and other relevant organisations in the event you have a complaint.
Quickly access information on Your rights here.
Who we are
We are Kandle Care Limited , registered number 14132045, registered address Colonial House Swinemoor Lane, Beverly, HU17 0LS.
As a ‘data controller’, we are responsible for how we process your information in the UK. The UK General Data Protection Regulation (UK GDPR) sits alongside an amended version of the Data Protection Act (DPA) 2018 and applies to most UK businesses and organisations. We must comply with this data protection regime with regards to the data protection principles, our obligations and your rights as a UK citizen.
All our data processing activities are monitored by our appointed Data Protection Officer to ensure that the information we collect is:
- Used lawfully, fairly and in a transparent way
- Relevant and for reasons that we have told you about
- Accurate and up to date
- Kept only for as long as it is needed
- Kept securely
You may also be interested in our:
Information we collect from you
In our role as an employer, and because of the nature of our business, we process different categories of data from our employees during and after the employment period. The type of data includes:
Personal data: Name, contact details, bank details, date of birth, gender, marital status, driving licence number, vehicle registration number, photographs, next of kin contact details, GP contact details
Financial details: Payroll records, benefits, salary, tax status, National Insurance number
Employment data: Recruitment records (including employment history, references, DBS, right to work, etc.), Performance management records (electronic call monitoring, direct observations, appraisals, supervisions, disciplinary, grievance), Training and competency records, Absence records (annual leave, etc.)
We will always ask for consent for any participation on our media platforms including social media and print publications.
We process ‘special category data’ which tends to be sensitive by nature and will include:
- Religion
- Medical and health information (including sickness details)
- Nationality or ethnicity
- Criminal cautions or convictions
- Motoring convictions
Data Processing during COVID-19
We may process special category data or health data which is classified as COVID test results and vaccination records collected from you or other external sources.
Under UK GDPR, we rely on the following legal basis to collect, use and share this data:
Article 9 (2)(b) – legal obligation under employment, social security and social protection
Article 6(1)(f) – in pursuit of legitimate interests to
- Inform public authorities where confirmed COVID cases would constitute as an outbreak
- Provide health data requested by public authorities performing a specific public task to reduce transmission and severity of pandemic
- Provide contact data to public health authorities or relevant bodies to invite you to have the COVID vaccine
The requirements for testing, uptake of the vaccine and changes to data processing are part of the COVID-19 management strategy to ensure safe working conditions, prevent contamination and transmission of coronavirus and protect vulnerable and ‘at risk’ groups that are employed or those using close contact services such as Kandle Care.
In accordance with GDPR, personal data will be shared in a safe and secure way; limited to only what is necessary and appropriate.
Information we collect from other sources
We may request and collect personal data, and information about you from different employment sources, recruitment agencies and individuals. We collect information from our website, social media and Applicant Tracking System (ATS) that you provide as a candidate during our recruitment process.
We record and retain audio and/or video files for the purposes outlined in our Call Recording & Acceptable Use Policy and CCTV Policy available on Collaborate.
We also record and retain audio and video files for data processing outlined in our Call Recording and CCTV Policy.
Purpose for collecting and using your personal information
Under the GDPR, we must have a legal basis to process your information for all the activities we carry out. We rely on the following legal basis for processing:
- Article 6(1)(b) – processing is necessary for the performance of our contracts
- Article 6(1)(c) – processing is necessary for us to demonstrate compliance with the law or regulatory frameworks
- Article 6(1)(f) – in pursuit of legitimate interests for:
- Corporate diligence relating to business development, innovation and staff engagement
- Call recording for training and quality assurance purposes
- CCTV Monitoring on premises and restricted areas of the business
- Return of company assets and facilities management
When processing special category (sensitive) data such as your health, diversity information or details of any criminal convictions; we do this on the following grounds:
- Article 9(2)(b) – Legal obligations under employment or social benefit law
- Article 9(2)(f) – Establishment, exercise or in the defence of legal claims or in court
- Article 9(2)(h) – Provision of health or social care or management of health or social care systems or services
How we use this information and how long we keep it for
We use the information collected to employ and support you during your employment with Kandle Care. The period of retention commences after employment has ended.
We use your personal information to: | For how long? |
To maintain accurate and up to date personnel records of personal data, employment data, contracts and financial information To record and manage statutory meetings such as redundancy, disciplinary or grievance proceedings To record and manage mediation and conflict resolution To process and assess special category data and health information where relevant to job role To receive and process records of managed moves, resignations and facilitate exit interviews and leavers workflows |
6 years *employee record summary kept up to 75th birthday |
To record and process records of absence, annual leave, sick notes, Return to work, DBS checks, MATB1, etc. | 3 years |
To manage training needs by arranging or assessing training, refresher courses and competency assessments To communicate and record performance management activities (including appraisals, observations and supervisions) |
6 years |
To record and process payroll for employees To record and process expenses or retirement benefits for employees To monitor and ensure compliance with National Minimum Wage Standards To record and manage Statutory Sick Pay To enrol in pension schemes |
6 years 6 years 3 years 3mths to 6 years 12 years |
To receive, record and process insurance claims To respond and process post, penalties and sanctions |
|
To manage electronic call monitoring and generate reports To provide access privileges on systems applications and company equipment acquisitions To create employee profiles and manage work placements including travel arrangements and accommodation when required To manage car parking and allocate spaces To recover company assets and intellectual property during and occasionally after a period of employment To communicate, exchange and record communications as part of the responsibilities of the job role and job description To issue and renew ID badges and security fobs |
For as long as required |
To comply with Investigations and regulatory compliance To monitor, review and support internal and external audit processes relating to the service provision in line with data sharing agreements and confidentiality clauses To process and record notifications, accidents and incidents internally and with the appropriate external regulators (including RIDDOR, CQC, CIW) To investigate, manage and record concerns, safeguarding and complaints |
Up to 10 years |
To report business and trend analysis To monitor and report on business performance and compliance To conduct and participate in employee surveys, review or feedback To participate in employer schemes and other work-related activities and communications |
|
To maintain active accounts on the Applicant Tracking System (ATS) To communicate internal job opportunities* To respond to requests relating to your individual rights *To opt out, you can delete your account or use the unsubscribe option available in all email marketing communication |
Sharing your information with others
To operate our business and recruitment process, we have contracts in place with third party service providers to access and maintain a duty of care over your personal information. These include:
- IT and telecoms support – to ensure secure operation of our IT infrastructure
- Software support – to provide technical support and resolve issues
- Communication and logistics– such as Royal Mail and network providers
- Regulatory authorities – such as Her Majesty Revenue & Customs (HMRC), the Financial Services Authority (FSA), Care Quality Commission (CQC) and Care Inspectorate Wales (CIW)
- Hospitality Service providers – such as fleet vehicle management, bookings and training
- Insurance providers
- Pension providers
- External security providers (CCTV monitoring)
- Archiving Service Providers
We will share relevant information within Kandle Care during and after your employment where this is necessary, and in line with our purpose for processing.
Due to the nature of our business and the service we provide we may share minimal personal data with our customers to enable the safe and effective delivery of care, for example by sharing carer profiles with customers.
We will not sell or trade your personal information with any other third party for marketing purposes without your consent and we will not share your information outside the scope of this privacy policy unless there is a legal reason.
Data transfers and Storage
Kandle Care transfers and stores data under contractual agreements with data processors in the UK. Data transfers and storage may also occur in the European Economic Area (EEA) and other third countries which are now known as Restricted Data Transfers.
Restricted Data Transfers
Under the UK GDPR, restricted data transfers from the UK to the EEA and other countries covered by a European Commission ‘adequacy decision’ are currently permitted subject to review by the UK Government.
Restricted Data Transfers from the EEA and other countries covered by a European Commission ‘adequacy decision’ are done in compliance with Eu GDPR with the appropriate safeguards we have put in place.
Restricted Data Transfers between the UK and other third countries are done in compliance with the UK GDPR ‘adequacy regulations’ or the appropriate safeguards we have put in place.
These appropriate safeguards ensure that your individual rights and freedoms are protected in respect to your personal data in accordance with the UK data protection regime.
We may share your data to communicate with you during and after your employment.
Data Security
We have appropriate organisational and technical security measures to protect your personal information and limit who has access. There are also appropriate safeguards in place for data transfers to protect your privacy rights.
We have procedures in place to detect and respond to suspected data security breaches. We may notify you and any relevant authority as part of our data risk management where we are legally obliged to.
Your rights
You have rights over the way we use your information:
- You have the right to be informed about what information we collect and how it is used as outlined in this privacy promise.
- You have the right to ask for access to the information we hold on you. We would usually provide copies free of charge.
- You have the right to ask us to correct or update any information you think is incorrect or incomplete.
- You have the right to object to your information being used and/or withdraw consent.
- You have the right to ask us to stop using your information. This ‘right to be forgotten is only applied where there is no legal reason for us to continue to hold or use it.
- You have the right to object to any automated decision making. This could affect your ability to fully access our services.
- You have the right to ask us to stop using your information for marketing purposes by opting out at any point of the registration process or by updating your preferences once registered. The unsubscribe feature on our emails are actioned immediately but may take up to 14 days to complete.
- You have the right to ask us to transfer certain personal information or a copy of some of your information to you or to another organisation, including service providers, in a format they can use where this is technically possible, known as the ‘right to data portability’.
- You have the right to withdraw any permission you have previously given us to use your information.
For detailed information on each of those rights, including the circumstances in which they apply, see the Guidance from the Information Commissioner’s Office (ICO) on individuals’ rights under the UK General Data Protection Regulation. If you would like to exercise a right, please contact the Compliance team at datarequest@kandlecare.com or see the ‘how to contact us’ section.
How to contact us
If you have any questions about this privacy promise, your rights or wish to contact the Data Protection Officer, get in touch by:
- Email – datarequest@kandlecare.com
- Post– Compliance Department, Colonial House, Swinemoor Lane, Beverly, HU17 0LS
- Telephone– 01482458148
Other information
How to complain
If you contact us, we hope to resolve any query or concern you raise about our use of your information.
The UK GDPR also gives you right to lodge a complaint with a supervisory authority with the Information Commissioner Office (ICO) who are the supervisory body in the UK and can be contacted at https://ico.org.uk/concerns/ or telephone: 0303 123 1113.
Changes to this privacy promise
This privacy notice was first published on 2nd of July 2023.
We may change this privacy promise and update our website from time to time.
Do you need extra help?
If you would like this privacy promise in another language or format such as audio, large print or braille, please contact us.