Data Protection Policy

Last updated: 01/09/2024

1. Introduction

Diverse Social Care Provision is committed to protecting the rights and privacy of individuals in accordance with the UK Data Protection Act 2018 and the UK General Data Protection Regulation (UK GDPR). This policy outlines our procedures for ensuring all personal data is collected, stored, and processed in compliance with data protection law.

2. Scope

This policy applies to all personal data processed by Diverse Social Care Provision, regardless of the media on which that data is stored or whether it relates to past or present employees, workers, customers, clients or supplier contacts, shareholders, website users or any other Data Subject.

3. Data Protection Principles

Diverse Social Care Provision adheres to the principles set out in the UK GDPR, which require that personal data shall be:

a) Processed lawfully, fairly and in a transparent manner b) Collected for specified, explicit and legitimate purposes c) Adequate, relevant and limited to what is necessary d) Accurate and, where necessary, kept up to date e) Kept in a form which permits identification of data subjects for no longer than necessary f) Processed in a manner that ensures appropriate security of the personal data

4. Lawful Basis for Processing

We will only process personal data where we have one of the following lawful bases:

  • Consent of the data subject
  • Performance of a contract with the data subject
  • Compliance with a legal obligation
  • Protection of vital interests of the data subject
  • Performance of a task carried out in the public interest
  • Legitimate interests pursued by the controller or a third party

5. Data Subject Rights

We respect the rights of individuals under the UK GDPR, including:

  • The right to be informed
  • The right of access
  • The right to rectification
  • The right to erasure
  • The right to restrict processing
  • The right to data portability
  • The right to object
  • Rights in relation to automated decision making and profiling

6. Data Collection

We collect personal data for specified, explicit, and legitimate purposes, including:

  • Processing service applications
  • Contacting users about our services
  • Sending newsletters (if subscribed)

Types of personal data we collect may include:

  • Full name
  • Email address
  • Phone number
  • Date of birth
  • Address
  • National Insurance number
  • Citizenship status

7. Data Storage and Security

We implement appropriate technical and organizational measures to maintain the security of personal data, including:

  • Encryption of sensitive data
  • Regular security assessments
  • Access controls and user authentication
  • Firewalls and anti-virus software
  • Regular staff training on data protection

8. Data Retention

We retain personal data only for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

9. Data Breaches

In the event of a data breach, we will notify the Information Commissioner’s Office (ICO) within 72 hours of becoming aware of it, if it’s likely to result in a risk to the rights and freedoms of individuals. We will also notify affected individuals if the breach is likely to result in a high risk to their rights and freedoms.

10. International Data Transfers

We do not transfer personal data outside the UK/EEA.

11. Data Protection Impact Assessments

We will carry out Data Protection Impact Assessments for any high-risk data processing activities.

12. Data Protection Officer

While we have not formally appointed a Data Protection Officer, responsibility for data protection compliance rests with [Insert responsible person/team].

13. Staff Training

All staff members who handle personal data will receive appropriate training on data protection principles and practices.

14. Policy Review

This policy will be reviewed annually and updated as necessary to reflect best practice in data management, security, and control and to ensure compliance with any changes or amendments made to the UK Data Protection Act 2018 or UK GDPR.

15. Contact Information

If you have any questions about this Data Protection Policy or our data protection practices, please contact us:

By email: enquiries@diversesocialcareprovision.co.uk By phone: 02081429323

Subscribe to Our Newsletter

Subscribe to our newsletter to stay updated on our latest news, services, and expert insights. Don’t miss out!

Subscription Form