Emmaus Greenwich promises to respect and keep safe any personal data you share with us, either directly or through third parties. We aim to be clear about how we will use your data and not do anything you wouldn’t reasonably expect from us.
For the purpose of the General Data Protection Regulation and the Data Protection Act 1998 the data controller is Emmaus Greenwich of 226 Elmley St, Plumstead, London, SE18 7NN, a registered charity with Charity Number 1064472 and the data protection officer is the Chief Executive Officer.
When you apply for a role at Emmaus Greenwich, we will collect the following information:
When you are offered employment at Emmaus Greenwich and during your employment with us, we will collect the following additional information:
We may also collect, store and use the following “special categories” of more sensitive personal information:
We collect information:
We need all the categories of information in the list above primarily to allow us to perform our contract with you and to enable us to comply with legal obligations. In some cases we may use your personal information to pursue legitimate interests of our own or those of third parties. The situations in which we will process your personal information are listed below:
If you fail to provide certain information when requested, we may not be able to perform the contract we have entered into with you (such as paying you or providing a benefit), or we may be prevented from complying with our legal obligations (such as to ensure the health and safety of our workers).
“Special categories” of particularly sensitive personal information require higher levels of protection. We need to have further justification for collecting, storing and using this type of personal information. We may process special categories of personal information in the following circumstances:
We will use your particularly sensitive personal information in the following ways:
We do not need your consent if we use special categories of your personal information in accordance with our written policy to carry out our legal obligations or exercise specific rights in the field of employment law. In limited circumstances, we may approach you for your written consent to allow us to process certain particularly sensitive data. If we do so, we will provide you with full details of the information that we would like and the reason we need it, so that you can carefully consider whether you wish to consent. You should be aware that it is not a condition of your contract with us that you agree to any request for consent from us.
We may only use information relating to criminal convictions where the law allows us to do so. This will usually be where such processing is necessary to carry out our obligations and provided we do so in line with our data protection policy.
Less commonly, we may use information relating to criminal convictions where it is necessary in relation to legal claims, where it is necessary to protect your interests (or someone else’s interests) and you are not capable of giving your consent, or where you have already made the information public.
We envisage that we will hold information about criminal convictions and we collect information about unspent criminal convictions as part of the recruitment process or we may be notified of such information directly by you in the course of you working for us. We will use information about criminal convictions and offences in the following ways:
We are allowed to use your personal information in this way under the Rehabilitation of Offenders Act 1974 (Exceptions) Order 1975, which includes ‘Any office or employment which is concerned with the provision of care services to vulnerable adults’.
All personal information held by Emmaus Greenwich will be stored in locked cabinets or password protected or restricted access electronic folders. It will only be accessible by people who need to be able to access it to do their role.
The timescales we will retain personal information for are:
At the end of these time periods, all personal information we hold about you will be securely disposed of except for (employees only):
We may have to share your data with third parties, including third-party service providers.
We require third parties to respect the security of your data and to treat it in accordance with the law.
We will share your personal information with third parties where required by law, where it is necessary to administer the working relationship with you or where we have another legitimate interest in doing so.
The following third-party service providers process personal information about you for the following purposes:
All our third-party service providers, communities and other entities in the group are required to take appropriate security measures to protect your personal information in line with our policies. We do not allow our third-party service providers to use your personal data for their own purposes. We only permit them to process your personal data for specified purposes and in accordance with our instructions.
We may share your personal information with other third parties, for example in the context of the possible sale or restructuring of the business. We may also need to share your personal information with a regulator or to otherwise comply with the law.
We have put in place measures to protect the security of your information. Details of these measures are available upon request.
Third parties will only process your personal information on our instructions and where they have agreed to treat the information confidentially and to keep it secure.
We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal information on our instructions and they are subject to a duty of confidentiality. Details of these measures may be obtained from the senior management team.
We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
Under certain circumstances, by law you have the right to:
If you want to review, verify, correct or request erasure of your personal information, object to the processing of your personal data, or request that we transfer a copy of your personal information to another party, please contact us on 020 8316 5398 or firstname.lastname@example.org or send a description of the information you want to see and proof of your identity by post to Emmaus Greenwich of 226 Elmley St, Plumstead, London, SE18 7NN
No fee usually required
You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.
It is your responsibility to inform us of any changes to your personal details, such as change of address, during your time working for Emmaus Greenwich.
If you have any questions, comments or suggestions, please let us know by contacting us at Emmaus Greenwich of 226 Elmley St, Plumstead, London, SE18 7NN.