Steps Ahead Care & Support Ltd is a registered domiciliary care and support provider. To provide our services and run our business, we collect and manage personal information about individuals and in our capacity as a data controller, we are registered with the Information Commissioner's Office. We are committed to ensuring that your privacy is protected.
Steps Ahead Care & Support Ltd
Address: Unit 130, City Business Park, Somerset Place, Plymouth, PL3 4BB
Phone: 01752 547257
Data Protection Officer:
The data controller and processor for Steps Ahead Care & Support Ltd is Miss Christine Holdsworth, who can be contacted via the above address and contact details.
We collect and process personal information for the purposes of:
· Service provision and development, including collaboration with other parties involved in the provision of rehabilitation and care.
· Business & finance management.
· Employment & employment administration.
· To inform recommendations for and management of safe and effective support and care.
· To work effectively with others who may be involved in the provision of care.
· Research and audit.
· Preparing statistics used for business development and decision making.
· Keeping interested parties informed about our company and our news.
We may collect the following data:
· Name, address, email address, telephone number, date of birth.
· Family and next of kin details/emergency contact details.
· Records of contact we have had by telephone calls, appointments, visits, and meetings etc.
· Education & training history - mostly frequently of staff, support workers and other professionals not employed by us.
· Employment records and pension details – most frequently for those that work for us either directly or are providing services on a contractual basis.
· Financial details.
· Lifestyle and social circumstances.
We may also collect and manage personal information that falls into special categories:
· Physical and mental health, disabilities, allergies, treatment, and care.
· Records from others who provide care, such as health professionals, support workers and relatives.
· Racial and ethnic origin.
· Sexual life.
· Religious or similar beliefs.
· Offences (including alleged offences), criminal proceedings and outcomes.
· Trade union membership.
· Employment tribunal applications, complaints, accidents, and incident details.
How your information is collected:
Depending on the nature of our relationship with you, your data may be collected via email, by letter, telephone calls, meetings, reports, your company website, job applications via website or third-party platforms, or by referral.
Why we hold your information:
Under the UK General Data Protection Regulation (UK GDPR), our legal bases for processing personal information include:
· Meeting the requirements of a contract for clients we provide a service to.
· Meeting our legal obligations in relation to employment, CQC regulation, and safeguarding.
· An individual has given their explicit consent in relation to marketing or provision of information.
· Where it is necessary for our legitimate interests (or those of a third party)
· We may also occasionally use your personal information where we need to protect your vital interests (or someone else’s vital interests).
Specific Information for Clients:
It is necessary for us to collect and process your personal data, with a view to entering into a contractual relationship for the provision of a support service, to provide that service and to meet our obligations in terms of professional registration standards, CQC registration, safeguarding and insuring our practice. Whilst we seek your agreement regarding the input you receive from us, we do not rely on your consent to share or process information about you in the course of providing the service.
Data collected will be kept throughout the period of our working relationship. Following this, information will be kept for a further 6 years, or 3 years after an individual’s death, for adults. For children, it will be held until their 26th birthday, if the working relationship ended while they were under 18, or 3 years after an individual’s death if sooner, unless upon review it is deemed necessary to retain it for a longer period.
Specific Information for Job Applicants:
We will use the details you provide on your application form, together with the supporting documents requested and additional details provided by any referees and recorded following any interview process to process your application from application through selection and interview processes and if selected to support and enable your appointment into the vacancy including any manual or electronic communications related to the processes.
We process the personal information provided on your application and the other information referred to above for the purposes of identifying you, processing your application, verifying the information provided and assessing your suitability for the role (including any relevant criminal convictions via DBS), your Right to Work status and any pre-employment medical checks, deciding whether to offer you a job, communicating that outcome (together with any feedback) and transferring if you are successful your applicant data into your employee records to enable appointment.
We consider the processing of your personal information for the above purposes to be either necessary for us to take steps with a view to creating a contractual relationship with you (e.g. to assess your application for employment), or necessary for compliance with a legal obligation (e.g. equal opportunities monitoring and CQC regulations).
If your application is successful, your information will be kept as part of your personnel record for the duration of your employment. If you are unsuccessful, your information will be normally kept for six months after completion of the application process before being destroyed.
How your information is stored:
We use encrypted cloud-based storage, recognised by ICO for the storing of documents. All information is stored in line with the Records Management Code of Practice, details of this can be found at https://transform.england.nhs.uk/information-governance/guidance/records-management-code/records-management-code-of-practice/
Who your information is shared with:
We will not distribute, sell, or lease personal information to third parties unless we have your strict permission or are required by law to do so.
Personal information is not shared with any third party outside Steps Ahead Care & Support, its associates, its agents, other companies with which we have arranged services for the benefit of any individual for whom we hold personal data or referring parties.
What security measures we have in place:
We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, we have put in place highly encrypted electronic systems and managerial procedures to safeguard and secure the information we collect.
In addition to your point of contact within our Head Office, other personnel at Steps Ahead Care & Support may have access to your information in order to fulfil managerial, administrative, human resources, accounts and payroll duties. All those with access to your personal data are duty bound to keep it confidential and secure. Should the need arise there is a protocol in place to contain, deal with and report any data breeches to the information.
How you can access your information:
You may request details of personal information which we hold about you under the General Data Protection Regulation. If you would like a copy of the information held on you, please write to us at the above address. Where you use our website, cookies are text files which collect log on information and visitor behaviour information. Cookies track visitor use and compile statistical reports on website activity. You can set your browser to accept or decline cookies. Please be aware that a decline preference may mean a loss of function in some of our website features.
Data Subject Rights:
Under data protection law, you have rights including:
Your right of access - You have the right to ask us for copies of your personal information.
Your right to rectification - You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
Your right to erasure - You have the right to ask us to erase your personal information in certain circumstances.
Your right to restriction of processing - You have the right to ask us to restrict the processing of your personal information in certain circumstances.
Your right to object to processing - You have the the right to object to the processing of your personal information in certain circumstances.
Your right to data portability - You have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances.
Further Information about Data Subject’s rights can be found here –
How you can opt-out and request to be deleted from our files:
All marketing materials are provided with the opt-out facility. Where we have relied on your consent to process your personal date, you may request to withdraw your consent or be deleted from our files, by contacting firstname.lastname@example.org.
How to complain:
If you have any concerns about our use of your personal information, you can make a complaint to us using the contact details at the top of this form.
You can also complain to the ICO if you are unhappy with how we have used your data.
The ICO’s address:
Information Commissioner’s Office
Helpline number: 0303 123 1113
ICO website: https://www.ico.org.uk
Last Updated: 12th January 2024