Toll Free Number : 0800 644 6899

DATA PROTECTION POLICY

This policy relates to Oxford Care Services Ltd which is the registered company.

Policy

The Data Protection Act 1998 places responsibility on all companies who keep personal data, and sensitive personal data on computers to adopt the Data Protection principles as outlined in the Act.

Oxford Care Services is committed to preserving the privacy of its learners and employees and to complying with the Data Protection Act 1998. To achieve this commitment information about our learners, employees and other clients and contacts must be collected and used fairly, stored safely and not unlawfully disclosed to any other person.

The Company will fulfil its obligations under this Act fully, including ensuring that the following 8 principles governing the processing of personal data are observed.
  1. personal data shall be processed fairly and lawfully.
  2. Personal data shall be obtained only for specified and lawful purposes, and shall not be processed in any manner incompatible with those purposes.
  3. Personal data shall be adequate, relevant and not excessive in relation to the purposes for which it is processed.
  4. Personal data shall be accurate and, where necessary, kept up to date.
  5. Personal data shall be kept for no longer than is necessary for the purposes for which it is processed.
  6. Personal data shall be processed in accordance with the rights of data subjects under the Act.
  7. Personal data shall be subject to appropriate technical and organisational measures to protect against unauthorised or unlawful processing and accidental loss, destruction or damage.
  8. Personal data shall not be transferred to a country or territory outside the European Economic Area unless that country or territory ensures an adequate level of data protection.

CONSENT

The European Data Protection Directive defines consent as ‘any freely given specific and informed indication of his wishes by which the data subject signifies his/her agreement to personal data relating to him being processed’ – meaning the individual might signify agreement other than in writing. However, non-communication should not be interpreted as consent.


Oxford Care Services will not release staff or learner data to third parties except to relevant statutory bodies. In all other circumstances the company will obtain the consent of the individuals concerned before releasing personal data.


When collecting data, Oxford Care Services will ensure that the Data Subject:

  • • Clearly understands why the information is needed.
  • • Understands what it will be used for and what the consequences are should the Data Subject decide not to give consent to processing.
  • • As far as reasonably possible, grants explicit consent, either written or verbal for data to be processed.
  • • Is, as far as reasonably practicable, competent enough to give consent and has given so freely without any duress.
  • • Has received sufficient information on why their data is needed and how it will be used.

Security Statement

Oxford Care Services Limited has taken measures to guard against unauthorised or unlawful processing of personal data and against accidental loss, destruction or damage.


This includes:

  • • Adopting robust data information handling procedures and processes
  • • Putting in place controls on access to information using password protection on files and server access.
  • • Establishing a business continuity/disaster recovery plan by regular back-ups of its computer data files.
  • • Training all staff on security systems and procedures
  • • Detecting and investigating breaches of security should they occur

Storage

Information and records relating to service users will be stored securely and will only be accessible to authorised staff and volunteers. Information will be stored for only if it is needed or required statute and will be disposed of appropriately.


It is Oxford Care Services’ responsibility to ensure all personal and company data is non-recoverable from any computer system previously used within the organisation which has been passed on/sold to a third party.

Disclosure

Oxford Care Services is unlikely to share data with other organisations, but in circumstances where this is required, the Data Subject will be made aware how and with whom their information will be shared.


There are circumstances where the law allows Oxford Care Services to disclose data without the data subject’s consent; these are:

  1. Carrying out a legal duty as authorised by an appropriate legal officer.
  2. The Data Subject has already made the information public.
  3. Conducting any legal proceedings, obtaining legal advice or defending any legal rights.

Access

Any learner, customer or employee of the company who wishes to receive a copy of any personal data covered by the Act held on computer should submit a written request.


All Data Subjects have the right to access the information Oxford Care Services holds about them. We will take reasonable steps ensure that this information is kept up to date by asking data subjects whether there have been any changes.


Learners, staff and external customers are requested, upon receipt of such data, to check its accuracy and to inform the Company of any amendments which need to be made. It is in the interests of everyone that all information is accurate and up-to-date. Cooperation and assistance is greatly appreciated.



In addition, Oxford Care Services will ensure that:

  1. It has a Data Protection Officer with specific responsibility for ensuring compliance with Data Protection.
  2. Everyone processing personal information understands that they are contractually responsible for following good data protection practice.
  3. Everyone processing personal information is appropriately trained to do so.
  4. Everyone processing personal information is appropriately supervised.
  5. Anybody wanting to make enquiries about handling personal information knows what to do.
  6. It deals promptly and courteously with any enquiries about handling personal information.
  7. It describes clearly how it handles personal information.
  8. It will regularly review and audit the ways it holds, manages and uses personal information
  9. It regularly assesses and evaluates its methods and performance in relation to handling personal information.
  10. All staff are aware that a breach of the rules and procedures identified in this policy may lead to disciplinary action being taken against them.

This policy will be updated as necessary to reflect best practice in data management, security and control and to ensure compliance with any changes or amendments made to the Data Protection Act 1998.

In case of any queries or questions in relation to this policy please contact the Oxford Care Services Data Protection Officer on 0800 644 6899.

Contact Us

  •   Oxford care services
         71-75 Shelton Street
         Covent Garden
         London
         WC2H 9JQ
  •   0800 644 6899
  • info@oxfordcareservices.com

Subscribe For Newsletter