Please read this privacy statement carefully. It contains important information you need to know on who we are, how and why we collect, store, use and share your personal information, your rights in relation to your personal information and how to contact us and other organisations in the event you have a complaint.
We are the Enviva Care Group. You can access full details of who we are such as our full company name, registered number and registered office address on our Contact Us page.
As part of the services we offer, we are required to collect, store and use personal data about our staff, our service users and in some instances, collect, store and use the personal data of the friends or relatives of our service users and staff.
Personal information means any information about you from which you can be identified.
As the ‘data controller’ of personal information, we are committed to protecting the privacy and security of your personal information. The General Data Protection Regulation (“GDPR”), which applies in the United Kingdom and across the European Union, sets out our obligations to you and your rights in respect of how we manage your personal information.
As the ‘data controller’ of your personal information, we will ensure that the personal information we hold about you is:
- Used lawfully, fairly and in a transparent way.
- Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes.
- Relevant to the purposes we have told you about and limited only to those purposes.
- Accurate and kept up to date.
- Kept only as long as necessary for the purposes we have told you about.
- Kept securely.
Please note when we refer to:
- A “public body” we mean any organisation in the United Kingdom which delivers, commissions or reviews a public service and includes (but is not limited to) the Ombudsman, local authorities, councils, unitary authorities, clinical commissioning groups, health and social care trusts, the National Health Service as well as their arm’s length bodies and regulators.
- A “social or health care professional” we mean any person who provides direct services, acts as consultant or is involved in the commission of your healthcare or social care services, including (but not limited to) your General Practitioner (GP), dental staff, pharmacists, nurses and health visitors, clinical psychologists, dieticians, physiotherapists, occupational therapists, hospital staff, social workers and other care and support related professionals.
Information collected by us
By using our website or communicating with the Group using any form of media or communication, you agree that we may collect information about you and you agree to the use of this data in accordance with this Privacy Statement.
For clarity, we collect personal information directly from you, or if you are a job applicant, through the application and recruitment process, through your visit to our website (via our Contact Us form) or through an employment agency who submits your C.V for our consideration. We may also collect additional background information from third parties including former employers or other background checking agencies.
We will only use your personal information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal information for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
Please note that we may process your personal information without your knowledge or consent, but we will only do so where this is required or permitted by law.
When you apply for a job with us, we may collect the following personal information which is either provided by you or obtained by third parties during the application and recruitment process:
- Your title, name, addresses, contact details (including your telephone number (s) & email address) and next of kin and/or emergency contact information (i.e. name, relationship and home and mobile numbers)
- Your date of birth and gender
- Your National Insurance Number
- Recruitment information (including copies of right to work documentation, references and other information included in a CV or cover letter or as part of the application process)
- Employment records (including job titles, work history, working hours, training records and professional memberships)
- Copies of your Driving Licence and other necessary identity and proof of address documents
How we use your personal information
We collect and use your personal information for the purposes of:
- Making a decision regarding your recruitment or appointment
- Assessing your right to legally work in the UK
- Assessing your suitability for a regulated role
- Assessing your fitness to work
- To allow us to enter into an employment contract with you should your application and recruitment be successful
- To enable us to comply with any legal obligations such as employment law
- To enable us to conduct appropriate pre-employment checks including reference checks
Please note that if you fail to provide certain information when requested, we may not be able to continue to consider your application or progress with your recruitment.
If your application is successful then in addition to the information we have already collected about you during the recruitment process, we may also collect, store, and use the following additional categories of personal information which is either provided by you, obtained by third parties or compiled by us during the course of your employment in relation to job related activities:
- Your likes, dislikes and lifestyle preferences (including your religious beliefs or other beliefs of a similar nature in so far as they relate to providing you with suitable care).
- Salary, annual leave, pension and benefits information
- UK bank details and tax status information
- Start date
- Performance information, disciplinary and grievance information
- Photographs of you which we have to keep on your personnel file and which may be displayed in our office.
How we use your personal information
We collect and use your personal information to:
- Allow us to perform and administer our contract with you, business management and planning and accounting and auditing
- Enable us to comply with our legal obligations
- Allow us to contact your Next of Kin or emergency contact in the event of an emergency
- Pay you and deduct tax, National Insurance and Pension contributions as applicable
- Conduct performance reviews, manage your performance and determine performance requirements
- Assess qualifications and experience for a particular task, including decisions about further training and development requirements
- Managing sickness absence
- Match you to our Clients
Who we share your personal information with and why we share this
We will only share your information in the following circumstances:
- Where required to do so by law
- Where it is necessary to administer the working relationship with you
- Where we have another legitimate interest to do so
We may share your personal information with law enforcement or other authorities for the purposes of compliance with our legal obligations. This includes:
- Information required by public bodies to evidence our compliance with the applicable regulatory framework.
- Sharing personal information with external social or health care professionals, including public bodies, competent authorities, the courts, local safeguarding groups (in some circumstances)
- Sharing personal information as otherwise required by law
We may share your personal information with third party providers who carry out a process on our behalf as follows:
- Pre-employment screening providers such as The Disclosure & Barring Service for purposes of a criminal records check.
- The company payroll provider
- The company pensions provider if applicable
- The company training providers
- IT and Telecoms Support companies – to ensure the safe, secure and resilient operation of our IT infrastructure including computers, servers, phones and mobile devices
- Software support companies – to provide specialist support and resolve issues with the software that we run, for example the systems we use to store and manage your customer records
We may share limited personal information with other employees where appropriate.
We may share limited personal information with our Clients where you will be assigned to provide care and support for purposes of introduction.
We may share your information with future and prospective employers.
We will not share, sell or trade your personal information with any other third party.
Special category (sensitive) information
Through the application, recruitment and employment process, we may also collect, store and use the following “special categories” of more sensitive personal information as follows:
- Information about your race or ethnicity, religious beliefs, sexual orientation and political opinions
- Information about your health, including any medical condition, health and sickness records.
- Information about criminal convictions and offences
We may process this information to enable us to carry out our obligations under employment law and comply with regulatory body requirements and where it is necessary to assess your working capacity.
How we use your special category information
- We will use information relating to leaves of absence, which may include sickness absence or family related leaves, to comply with employment and other laws.
- We will use information about your physical or mental health, or disability status, to ensure your health and safety in the workplace and to assess your fitness to work, to provide appropriate workplace adjustments, to monitor and manage sickness absence and to administer benefits.
- We will use information about your race or national or ethnic origin, religious, philosophical or moral beliefs, or your sexual life or sexual orientation, to ensure meaningful equal opportunity monitoring and reporting.
- We will use information about criminal convictions and offences to assess your suitability for a regulated role and where necessary, to protect the interests of all parties (including us, you, our clients, other employees and third parties)
Please note that if you fail to provide certain information, personal or sensitive, when requested, we may not be able to perform the contract we have entered into with you or we may be prevented from complying with our legal obligations.
We rely on the following grounds within the GDPR:
- Article 6(1)(b) – processing is necessary for the performance of our contracts to provide individuals with care and support services and you with employment
- Article 6(1)(c) – processing is necessary for us to demonstrate compliance with the law or regulatory frameworks
- Article 6(1)(f) – in pursuit of legitimate interests
- To analyse and report on the performance and compliance of the business
- Providing access to company equipment, vehicles and facilities (including phone, vehicles, software and applications)
- To send, receive and analyse employee feedback.
GDPR recognises that additional care is required when processing special category (sensitive) data such as your health. We process this under the following grounds within GDPR:
- Article 9(2)(h) – Provision of health or social care or management of health or social care systems or services
- Article 9(2)(b) – Legal obligations under employment or social benefit law
- Article 9(2)(f) – Establishment, exercise or defense of legal claims or court.
Your Duty to Inform us of changes
It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes during the application and recruitment process and thereafter.
How long your information will be kept
We will hold your personal information and records for as long as required in line with the Information Governance Alliance recommendations and/or the Companies regulatory requirements.
Keeping your personal information secure
We have appropriate security measures in place to prevent personal information from being accidentally lost, used or accessed in an unauthorised way. We limit access to your personal information to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.
We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
Transfer of Information out of the EEA:
We do not, as a matter of course, transfer your data outside of the European Economic Area.
Under the GDPR you have a number of important rights. In summary, those include rights to:
- Fair processing of information and transparency over how we use your use personal information
- Access to your personal information
- Require us to correct any mistakes in your information which we hold
- Require the erasure (i.e. deletion) of personal information concerning you, in certain situations. Please note that where we are obliged to keep your personal data due to a regulatory or legal requirement, we will not be able to delete the data and will continue to retain it.
- Receive the personal information concerning you which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those data to a third party in certain situations
- Object at any time to processing of personal information concerning you for direct marketing – we do not process your personal information for marketing purposes
- Object to decisions being taken by automated means which produce legal effects concerning you or similarly significantly affect you
- Object in certain other situations to our continued processing of your personal information
- Otherwise restrict our processing of your personal information in certain circumstances
- Claim compensation for damages caused by our breach of any data protection laws
For further information on each of those rights, including the circumstances in which they apply, see the Guidance from the UK Information Commissioner’s Office (ICO) on individuals’ rights under the General Data Protection Regulation.
How to contact us
If you would like to exercise any of those rights, please:
- Email, call or write to us
- Let us have enough information to identify you (eg: your name and address)
- Let us have proof of your identity and address (a copy of your driving licence or passport and a recent utility or credit card bill)
- Let us know the information to which your request relates, including any account or reference numbers, if you have them
How to complain
We hope that we can resolve any query or concern you raise about our use of your information. However, if you do have any concerns about our handling of your personal data, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO) who may be contacted at https://ico.org.uk/concerns/ or telephone: 0303 123 1113.
Changes to this privacy notice
We reserve the right to update this privacy notice at any time, and we will provide you with a new privacy notice when we make any substantial updates. All other changes will be updated on our website.
Questions and comments regarding this privacy statement are welcomed and should be addressed to firstname.lastname@example.org
Please see the companies’ Terms and Conditions for the Disclaimer Statement and the Cookies Policy accessed through the Home tab at www.envivacare.com