Hull Personal Assistant Database Privacy Policy





Choices and Rights Disability Coalition
ICO registration number Z2602583
This Privacy Policy tells you what to expect when Choices and Rights Disability Coalition collects and uses your personal data in accordance with the Data Protection Act (DPA)/ General Data Protection Regulation (GDPR).
Data Controller
Our General Data Protection Regulation Officers contact details are:
GDPR officer:
Choices and Rights Disability Coalition
Jude Lodge
Tiverton House
Tiverton Road
Hull HU17 7LN
Tel 01482 878778

Choices and Rights needs to hold and process Personal Data about individuals applying for jobs via the PA database. Your application is not shared with any other individual or organisation unless there is a legitimate reason for doing so. When you apply for your application to be put forward for specific posts, your application is then shared with the service user(s) who are recruiting.

What is Personal Data?
Personal data is that which relates to a living individual who can be identified from the data or from a combination of that data with other information in the possession or likely to come into the possession of the holder. Data does not have to be private or sensitive in order to constitute personal data and includes information such as names addresses and telephone numbers. The GDPR has increased the scope of the definition to include identifiers such as location data and online identifiers and now also includes genetic data.
This can include information contained in a job application or CV.
Data relates to any information held on a computer including email or manually held paper records that have been stored in a structured way so that information can be found easily or manual records which are due to be stored.

Data protection principles
There are six data protection principles that are central to the GDPR. In brief they say that personal data must be
Processed fairly and lawfully and in a transparent manner in relation to the data subject
Collected for specific, explicit and legitimate purposes and not further processed in any manner incompatible with those purpose
Adequate relevant and limited to what is necessary in relation to the purposed for which they are processed
Accurate and where necessary kept up to date
Kept in a form which permits identification of data subjects for no longer than is necessary for the purpose for which the personal data processed.
Processed in a manner that ensures appropriate security of the personal data including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures

Categories of data that are collected.
Date of Birth
Full Address
Telephone number
Education and Employment experience
Other personal information such as if you have a driving licence, Criminal convictions, languages spoken and Hobbies.
We also process special categories of personal data:
Racial or Ethnic Origin
Physical or mental health
Criminal Convictions.

Legal basis for processing
Personal data and special categories of personal data must only be processed where there is legal basis for processing that data.
Consent: The data subject has freely given consent for their information to be processed for a specific purpose.
Contract: Processing is necessary due to the fulfilment of a contract.
Legal Obligation: Processing is necessary to comply with the law.
Vital Interest: Processing is necessary to save or protect an individual’s life.
Public Tasks: Processing is necessary to perform a public interest in official functions. (Primarily applies to governmental agencies/entities.)
Legitimate Interests: Processing is necessary to the legitimate interests of an organization or a third-party affiliate.
In respect of your PA application we are relaying on your consent to hold this information and to share it was the service users with whom you apply to work.

The purpose we are processing your personal data for is:
When you apply for a job with one of our service users, we need all the categories of information in the list above primarily to allow us to perform our contract with you and our service uses and to enable us to comply with any legal obligations. In some cases we may use your personal information to pursue legitimate interests of our own or those of third parties. The situation in which we will process your personal information are listed below.
Sending you application to service users so that they can be supported to make a decision about your recruitment or appointment
Determining the terms on which you work for our service users
Checking that you are legally entitled to work in the UK.
If you are successfully appointed, addition information will be required. A separate privacy statement is available in respect of your employment.

Criminal Convictions
Under the GDPR, employers would be allowed to carry out criminal records checks on prospective employees only if this is specifically authorised by law, for example where a Disclosure and Barring Service check is required for a role involving work with vulnerable adults or children. Information on the application form about criminal convictions is not shared with service users, but will be used by the organisation to recommend a Disclosure and Barring Service check before commencement of employment.

Who we will share your personal data with
Normally your personal data would only be shared with the service user who is looking to appoint a PA and where you have specifically applied for that role, however during shortlisting or interviewing, that service user may be accompanied by others such as Health and Social Care Professionals or other representatives.

Using your personal information for other purposes
We will not process your personal data for any other purpose than that for which it was collected, without first providing you with information on that other purpose and seeking your consent if applicable; except where we are required to disclose your personal data in accordance with legislation for example in relation to the prevention and detection of crime, counter terrorism, safeguarding, legal proceedings or to protect interests of you or another.

Data security
Choices and Rights Disability Coalition will ensure that appropriate technical and organisational measures are taken to safeguard personal data. All personal data will be password protected and only accessed by those staff who have a particular operational need to do so.
All members of Choices and Rights Disability Coalition have a personal responsibility to ensure that any information of personal or sensitive personal nature to which they have access in the course of their work with Choices and Rights Disability Coalition.
In particular staff must observe the following rules:
Electronic storage of such material must have limited access
Take responsibility for their workstation and keeping their password safe.
Label information sent by post as private and confidential
Write private and confidential on emails when sending personal information.
Not disclose information or any personal information about individuals other than in the course of proper performance of duties or to authorised colleagues and service users.
Take particular care when exchanging information with 3rd parties
Not use information other that for purposes for which it is intended
All Choices and Rights Disability Coalition employees will be require to undergo GDPR training

Taking data off site.
Personal Information will never be taken home by employees of Choices and Rights Disability Coalition, emailed to a personal account or stored on a personal computer. If personal data needs to be transported to another location it is the responsibility of the employee to ensure it is stored securely at all times. Service Users are reminded of their responsibly to keep your details confidential.

Retention of personal Data
Personal data must not be retained for longer than is necessary. Information must only be retained where there is a genuine organisational need to do so. Where data is retained it must be secured securely and have restricted access. If a former PA database member requests their information to be removed from the database then it must be removed or anonymised so it cannot be traced to that individual. If a PA/Potential PA asks for information to be deleted because they believe it to be incorrect it must be looked at by the General Data Protection Regulation Officer and determined if this is the case.
We will only retain your personal data:
• for as long as you wish to remain on the PA database.
• for as long as you might legally bring a claim against our company or service users;
• in accordance with legal and regulatory requirements.
Individuals should be aware that disclosure of information in contravention of this policy will be treated by Choices and Rights Disability Coalition as a serious disciplinary offence which may result in dismissal for gross misconduct.

Individual Data Rights.
Individuals on whom Choices and Rights Disability Coalition have data have the following rights under the GDPR.
You have a right to:
• Be informed about us processing your personal data;
• Have your personal data corrected if it’s inaccurate and to have incomplete personal data completed.
• To object to processing of your personal data;
• To restrict processing of your personal data;
• To have your personal data erased (the “right to be forgotten”)
• To request access to your personal data and information about how we process it;
• To move, copy and transfer your personal data (“data portability”)

Consent. Where processing is carried out on the basis of consent individuals can withdraw their consent at any time
Subject access. Individuals can make a request to view or have a copy of their personal data. We need your personal data to allow us to provide you with the services listed above. If you do not provide us with your personal details or you withdraw your consent for us to process your personal data, then this may mean that we may no longer be able to provide the services for you. If you wish to withdraw your consent, you can do so by contacting the General Data Protection Regulation Officer’s via the contact details above.
Data portability. Under the GDPR. Individuals have a right to be provided with or have another organisation provided with a copy of any data. This will need to be in a structured commonly used and machine readable form where the lawful ground for processing is consent or where processing is necessary for the performance of contract and the processing is carried out by automated means.
The General Data Protection Regulation Officer should keep a log of all requests made and all responses to these requests

Informal Requests
A current PA Database member can request to see all data that Choices and Rights Disability Coalition has on them by requesting this from the admin team. The staff member must put this request forward to the General Data Protection Regulation Officer who must make an arrangement with the PA data base member to show this information to them.

Formal requests
Requests by any individual who has had dealing with Choices and Rights Disability Coalition but is not a current PA Database member must always be considered as a formal request.
If an individual wants to make a formal request for access to any information held on Choices and Rights Disability Coalition PA Database systems:
The individual should be advised to put a request in writing to the General Data Protection Regulation Officer.
On receipt of this letter the General Data Protection Regulation Officer will check to ensure that the individual is who they claim to be, validate their right to gain access to the data and consider the appropriateness of the request in line with the act.
The General Data Protection Regulation Officer will contact the appropriate individuals within Choices and Rights Disability Coalition and request access to or copies of the relevant information held on the individual within any system or manual file,
The information once collected must be made available within in one calendar month to the individual requesting their data.
Deleting data
Any individual has the right to ask that their data is no longer used by Choices and Rights Disability Coalition or that the reasons for which is used are amended. The right to erasure however is limited and any such requests should be considered by the General Data Protection Regulation Officer.

Changing contact preferences
A PA Database member has the right to change their contact preferences at any time. This can be done by contacting our General Data Protection Regulation Officer via the contact details listed above. Any request to change contact preferences will be made within 7 working days.
Please, note that these rights don’t apply in all circumstances and may be restricted as required by law.
More information on your rights can be found on Information Commissioner Website:

If I am dissatisfied, who can I complain to?
If you are dissatisfied with how we have processed your personal data you can contact our Data Protection Officer to request an internal review.
If you are dissatisfied with the outcome of the internal review, they have the right to appeal directly to the Information Commissioner for an independent review.

Changes to our Privacy Policy
Choices and Rights Disability Coalition may amend this Privacy Policy from time to time. We encourage you to regularly check our website page to review any changes we might make in accordance with this Privacy Policy. If we make material changes in the way we use your Data, we will notify you by sending you an email.

Automated emails- Mail chimp
The administrator of your personal data will be Choices and Rights Disability Coalition
Detailed information on the processing of personal data can be found in our privacy policy above.
However it should be noted that we use a 3rd party app called Mail Chimp as our email platform.
When you apply to be on the PA database, you are consenting that your email will be used to send you an automated email from Mail Chimp.
This email will direct you to a link to sign up page that will enable you to receive our mail outs via this service.
If you do not fill out the subscriber email received via Mail Chimp you will not receive copies of the monthly vacancies list.
This application collects some personal data from its Users.
Users may be subject to different protection standards and broader standards may therefore apply to some. In order to learn more about the protection criteria, users can refer to Mail Chimp privacy policy available at Mail Chimp takes data privacy seriously. Their privacy policy explains who they are, how they collect, share and use personal information, and how you can exercise your privacy rights. We recommend that you read this privacy policy in full to ensure you are fully informed.

Every email campaign sent through Mail Chimp is required by law to include an unsubscribe link. You can unsubscribe from this service by clicking the unsubscribe link on the bottom of an email received via Mail Chimp. You will need to enter your name and email address. Choices and Rights will be notified via Mail Chimp that have you have updated your subscription preferences. Your application form held on the database will be removed in line with our documentation retention and removal policies and you will not receive details of further PA vacancies.