GENERAL DATA PROTECTION PRIVACY NOTICE
The EU General Data Protection Regulation ("GDPR") replaces the 1995 EU Data Protection Directive. The GDPR strengthens the rights that individuals have regarding personal data relating to them and seeks to harmonize data protection laws across Europe, regardless of where that data is processed.
Amicura is committed to protecting the rights and freedoms of data subjects and safely and securely processing their data in accordance with our legal obligations.
We hold personal data about our employees, clients, suppliers and other individuals for a variety of business purposes.
This notice sets out how we collect and process personal data and seek to protect personal data.
Amicura are data controllers. Enquiries can be directed to Mr John Alflatt (Finance Director and Company Secretary), email@example.com or Mr Amit Shah (Data Protection Officer):
Our website may include links to third-party website, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data. We do not control these third party websites and are not responsible for their privacy statements.
Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).
We may collect, process, store and transfer personal information to enable us to provide residential healthcare services; to maintain our own accounts and records; to support and manage our employees. We may also collect, process, store and transfer personal information by way of our CCTV systems to monitor and collect visual images for security and the prevention and detection of crime or by using audio recording equipment to record telephone calls for record or training purposes.
We may collect and process information relevant to the above reasons/purposes. This information may include:
We may also process special categories of personal data including:
We process personal information about:
The information we hold is obtained from:
We may use different methods to collect data regarding data subjects, including:
We will only use your personal data in the following circumstances:
Generally, we do not rely on consent as a legal basis for processing your personal data although we will get your consent before sending third party direct marketing communications to you via email or text message. You have the right to withdraw consent to marketing at any time by contacting us.
We only use personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose.
If we need to use personal data for an unrelated purpose, we will notify the data subject and explain the legal basis which allows us to do so.
Please note that we may process personal data without knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
We sometimes need to share the personal information we process with the data subject and also with other organisations for the purposes of performing the contract we are about to enter into or have entered into, where it is necessary for our legitimate interests (or those of a third party) and the data subject’s interests and fundamental rights do not override those interests or where we need to comply with a legal obligation. The types of organisations we may need to share some of the personal information we process with for the purposes set out above may include:
We do not transfer any personal data outside of the European Economic Area.
Individuals have rights to their data which we must respect and comply with to the best of our ability. We must ensure individuals can exercise their rights in the following ways:
We have put in place appropriate security measures to prevent personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to personal data to those employees, agents, contractors and other third parties who need to be able to access the personal data to work effectively. They will only process personal data on our instructions and are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify any applicable regulator of a breach where we are legally required to do so.
An individual has the right to receive confirmation that their data is being processed, access to their personal data and supplementary information.
We must provide an individual with a copy of the information they request, free of charge. This must occur without delay, ideally within one month of receipt. We endeavour to provide data subjects access to their information in commonly used electronic formats, and where possible, provide direct access to the information through a remote accessed secure system.
If complying with the request is complex or numerous, the deadline can be extended by two months, but the individual must be informed within one month.
We can refuse to respond to certain requests, and can, in circumstances of the request being manifestly unfounded or excessive, charge a fee. If the request is for a large quantity of data, we can request the individual specify the information they are requesting.
You have the right to complain to the Information Commissioners Office on telephone helpline 0303 123 1113 or to Amicura Limited, 1 Grove Hill Road, Harrow, HA1 3AA or by email to one of the contact email addresses above or via our website at www.amicura.co.uk.