Emmaus Dover (“We”) promises to respect and keep safe any personal data you
share with us, either directly or through third parties. We aim to be clear about how
we will use your data and not do anything you wouldn’t reasonably expect from us.
For the purpose of the General Data Protection Regulation and the Data Protection
Act 1998 the data controller is Emmaus Dover of Archcliffe Fort, Archcliffe Road,
Dover CT17 9EL, a registered charity with Charity Number: 1047354.
What information will we collect?
When you apply for a role at Emmaus Dover, we will collect the following
information:
Please note: when your application is considered by the panel, the personal
information will be removed from your CV, including your name, address, age and
marital status. This is to protect your personal information, but also to enable us to
shortlist ‘blind’, so that we are fair and equitable to encourage a diverse workforce.
When you are offered employment at Emmaus Dover and during your employment
with us, we will collect the following additional information:
We may also collect, store and use the following “special categories” of more
sensitive personal information:
How is your personal information collected?
We collect information:
Why do we collect your information?
We need all the categories of information in the list above primarily to allow us to
perform our contract with you and to enable us to comply with legal obligations. In
some cases we may use your personal information to pursue legitimate interests of
our own or those of third parties. The situations in which we will process your
personal information are listed below:
Providing the following benefits to you:
If you fail to provide certain information when requested, we may not be able to
perform the contract we have entered into with you (such as paying you or providing
a benefit), or we may be prevented from complying with our legal obligations (such
as to ensure the health and safety of our workers).
How we use particularly sensitive personal information
“Special categories” of particularly sensitive personal information require higher
levels of protection. We need to have further justification for collecting, storing and
using this type of personal information. We may process special categories of
personal information in the following circumstances:
1. In limited circumstances, with your explicit written consent.
2. Where we need to carry out our legal obligations and in line with our data
protection policy.
3. Where it is needed in the public interest, such as for equal opportunities
monitoring [or in relation to our occupational pension scheme], and in line with
our data protection policy.
4. Where it is needed to assess your working capacity on health grounds,
subject to appropriate confidentiality safeguards.
5. Less commonly, we may process this type of information where it is needed in
relation to legal claims or where it is needed to protect your interests (or
someone else’s interests) and you are not capable of giving your consent, or
where you have already made the information public.
Our obligations as an employer
We will use your particularly sensitive personal information in the following ways:
Do we need your consent?
We do not need your consent if we use special categories of your personal
information in accordance with our written policy to carry out our legal obligations or
exercise specific rights in the field of employment law. In limited circumstances, we
may approach you for your written consent to allow us to process certain particularly
sensitive data. If we do so, we will provide you with full details of the information that
we would like and the reason we need it, so that you can carefully consider whether
you wish to consent. You should be aware that it is not a condition of your contract
with us that you agree to any request for consent from us.
Information about criminal convictions
We may only use information relating to criminal convictions where the law allows us
to do so. This will usually be where such processing is necessary to carry out our
obligations and provided we do so in line with our data protection policy.
Less commonly, we may use information relating to criminal convictions where it is
necessary in relation to legal claims, where it is necessary to protect your interests
(or someone else’s interests) and you are not capable of giving your consent, or
where you have already made the information public.
We envisage that we will hold information about criminal convictions and we collect
information about unspent criminal convictions as part of the recruitment process or
we may be notified of such information directly by you in the course of you working
for us.
We will use information about criminal convictions and offences in the
following ways:
We are allowed to use your personal information in this way under the Rehabilitation
of Offenders Act 1974 (Exceptions) Order 1975, which includes ‘Any office or
employment which is concerned with the provision of care services to vulnerable
adults’.
How we store your information
All personal information held by Emmaus Dover will be stored in locked cabinets or
password protected or restricted access electronic folders. It will only be accessible
by people who need to be able to access it to do their role.
The timescales we will retain personal information for are:
At the end of these time periods, all personal information we hold about you will be
securely disposed of except for (employees only):
Data Sharing
We may have to share your data with third parties, including third-party service
providers. We require third parties to respect the security of your data and to treat it in
accordance with the law.
Why might you share my personal information with third parties?
We will share your personal information with third parties where required by law,
where it is necessary to administer the working relationship with you or where we
have another legitimate interest in doing so.
Which third-party service providers process my personal information?
The following third-party service providers process personal information about you
for the following purposes:
How secure is my information with third-party service providers and other
entities in our group?
All our third-party service providers, communities and other entities in the group are
required to take appropriate security measures to protect your personal information
in line with our policies. We do not allow our third-party service providers to use your
personal data for their own purposes. We only permit them to process your personal
data for specified purposes and in accordance with our instructions.
What about other third parties?
We may share your personal information with other third parties, for example in the
context of the possible sale or restructuring of the business. We may also need to
share your personal information with a regulator or to otherwise comply with the law.
Data security
We have put in place measures to protect the security of your information. Details of
these measures are available upon request.
Third parties will only process your personal information on our instructions and
where they have agreed to treat the information confidentially and to keep it secure.
We have put in place appropriate security measures to prevent your personal
information from being accidentally lost, used or accessed in an unauthorised way,
altered or disclosed. In addition, we limit access to your personal information to
those employees, agents, contractors and other third parties who have a business
need to know. They will only process your personal information on our instructions
and they are subject to a duty of confidentiality. Details of these measures may be
obtained from the senior management team.
We have put in place procedures to deal with any suspected data security breach
and will notify you and any applicable regulator of a suspected breach where we are
legally required to do so.
Your rights in connection with personal information
Under certain circumstances, by law you have the right to:
No fee usually required
You will not have to pay a fee to access your personal information (or to exercise
any of the other rights). However, we may charge a reasonable fee if your request
for access is clearly unfounded or excessive. Alternatively, we may refuse to comply
with the request in such circumstances.
What we may need from you
We may need to request specific information from you to help us confirm your
identity and ensure your right to access the information (or to exercise any of your
other rights). This is another appropriate security measure to ensure that personal
information is not disclosed to any person who has no right to receive it.
Keeping our records up to date
It is your responsibility to inform us of any changes to your personal details, such as
change of address, during your time working for Emmaus Dover.
We may change this Privacy Policy from time to time. If we make any significant
changes in the way we treat your personal information we will make this clear by
contacting you directly.
If you have any questions, comments or suggestions, please let us know by
contacting us at Emmaus Dover, Archcliffe Fort, Archcliffe Road, Dover CT17 9EL/
[email protected].