ASC is part of Balhousie Care Group (BCG) which is committed to to protecting and safeguarding your privacy when dealing with your personal information and will only use the information that we collect about you lawfully and in accordance with the relevant legislation.
This privacy notice provides details about the information we collect about you, how we use and protect it. It also provides information about your rights.
If you have any questions about how we handle your information, please contact us at email@example.com
1. Privacy – Data protection principles
BCG will comply with data protection law including the 6 principles of GDPR. This means that when processing your personal data we will;
- process it fairly, lawfully and in a clear, transparent way
- collect your data only for reasons that we find proper for the course of your employment in ways that have been explained to you
- only use it in the way that we have told you about
- ensure it is correct and up to date
- keep your data for only as long as we need it
- process it in a way that ensures it will not be lost or destroyed or used for anything that you are not aware of or have consented to (as appropriate)
Balhousie Care Group is a “data controller”. This means that we are responsible for determining the purpose and means of processing personal data relating to you.
“Personal data”, or “personal information”, means any information relating to an identified, or identifiable individual in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
There are “special categories” of sensitive personal data, meaning data relating to racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, physical or mental health conditions, sex life or sexual orientation, genetic data, and biometric data which require a higher level of protection.
2. Scope of our privacy notice
This privacy notice applies to anyone who interacts with Balhousie Care Croup (‘BCG’) about our services and products, in anyway (e.g. email /website/post).
Personal Information that BCG collects and why we collect it:
- BCG collects personal information from you and third parties including those acting on your behalf
- BCG collects information from you by phone, by email, via our website, by post and social media.
Personal Information includes:
The list below identifies the kind of data that we will hold about you:
- personal contact details such as name, title, addresses, telephone numbers, and personal email addresses
- date of birth
- your photograph
- marital status and dependents
- next of kin and emergency contact information
- bank account details
- copy of driving license
- copy of passport
- information used for equal opportunities monitoring about your sexual orientation, religion or belief and ethnic origin
- medical or health information including whether or not you have a disability
Sensitive personal data may include:
BCG also collect sensitive personal data , which is define as any information concerning certain information about an individual including health data and requires stricter protection.The following list identifies the kind of data that that we will process and which falls within the scope of “special categories” of more sensitive personal information:
- information relating to your race or ethnicity, religious beliefs, sexual orientation, sex life and political opinions
- information about your health, including any medical conditions, disabilities and health and sickness records
- information about criminal convictions and offences
What we use your personal data for
BCG will only administer personal information in accordance with the lawful bases for processing. The purposes for which at least one of the following will apply when we process personal data:
- consent: You have given clear consent for us to process your personal data for a specific purpose.
- contract: The processing is necessary for a contract we have with you, or because we have asked you to take specific steps before entering into a contract.
- legal obligation: The processing is necessary for us to comply with the law (not including contractual obligations).
- vital interests: the processing is necessary to protect someone’s life.
- public task: the processing is necessary for us to perform a task in the public interest or for our official functions, and the task or function has a clear basis in law.
- legitimate interests: the processing is necessary for our legitimate interests or the legitimate interests of a third party unless there is a good reason to protect your personal data which overrides those legitimate interests.
- recruitment: recruitment information included on your application form, CV and/or covering letter, including references, education history and employment history is stored on our secure, internal and GDPR compliant database. We will only use this data internally and for relevant recruitment purposes such as shortlisting and arranging interviews and job offers, as well as conducting candidate searches for job opportunities. We will retain this information for a period of up to 12 months.
Along with our business and internal computer systems, BCG’s website is designed to comply with the following national and international legislation with regards to data protection and user privacy:
- UK Data Protection Act 1998 (DPA)
- EU Data Protection Directive 1995 (DPD)
- EU General Data Protection Regulation 2018 (GDPR)
The data currently collated on the website is limited, and primarily deals with contact details for both prospective employees and residents.
Website – Cookies
When you visit a website, it may send small files to your computer called cookies. These cannot be used to identify you personally, but can make the website work more efficiently for you by improving the time required to access pages and reducing the number of times you need to enter information. Cookies also enable website owners to understand how people are using the website so they can improve the online experience they provide. Most browsers can be programmed to reject cookies, or to warn you before you download them, however this may hamper your experience of the websites you visit. Information on how to manage cookies may be found in your browser’s help button, or in more detail on websites like
Like most websites, BCG’s website, uses Google Analytics (GA) to track user interaction. This data is used to determine the number of people using the BCG website to better understand how they find and use our web pages.
Although GA records such data as your geographical location, device, internet browser and operating system, none of this information personally identifies you to us. GA also records your computer’s IP address which could be used to personally identify you but Google do not grant us access to this. We consider Google to be a third party data processor.
Website – Blog
Should you choose to add a comment to any posts that have been published on our website, the name and email address you enter with your comment will be saved to the website’s database, along with your computer’s IP address and the time and date that you submitted the comment. This information is only used to identify you as a contributor to the comment section of the respective blog post and is not passed on to any of the third party data processors detailed below. Only your name will be shown on the public facing website.
1.) Remove the comment or 2.) Remove the blog post. Should you wish to have the comment and its associated personal data deleted, please e-mail us at firstname.lastname@example.org using the e-mail address you commented with.
If you are under 16 years of age you must obtain parental consent before posting a comment on our blog.
Please note that you should avoid entering personally identifiable information to the actual comment field of any blog post comments that you submit on to this website.
Website – Contact Forms and E-Mail Links
If you contact BCG using any of the contact forms on our website or an e-mail link, none of the data that you supply will be stored by this website or passed to be processed by any third party data processors as detailed below. Instead the data will be collated into an e-mail and sent to us over the Simple Mail Transfer Protocol (SMTP). Our SMTP servers are protected by encryption before being sent across the internet. The e-mail content is then decrypted by our local computers and devices.
Website – Storage of Personal Information
As detailed in the blog section above, if you submit a comment some of your personal data will be stored on BCG’s website and is the only element of personal data that is stored on the website.
BCG’s Website Servers are hosted by SBP Creative.
All personal data held, is supplied to SBP Creative through controlled processes that are protected by appropriate measures, including encryption.
Access to data is subject to audits and access logging, and is restricted based on business need.
All staff that have access to our data, have been fully trained on respecting cutomers’ rights, collecting only the data that is needed, adhering to privacy by design, and following other privacy principles.
4. Third Party Data Processors
We use a number of third parties to process personal data on our behalf. These third parties have been selected using certain criteria and comply with the relevant legislation set out above.
5. Automated Decision-making
BCG do not anticipate that any of our decisions will occur without human involvement. Should we use any form of automated decision making we will advise you of any change in writing.
6. How long is personal information retained?
BCG anticipate that we will retain your data as part of the care process for no longer than is necessary for the purpose for which it was collected.
BCG have given consideration to the following in order to decide the appropriate retention period:
- risk of harm
- purpose for processing
- legal obligations
- timescales recommended by professional bodies or regulators
- time limits set out in making claims
At the end of the retention period, upon conclusion of any contract BCG may have with you, or until we are no longer legally required to retain it, it will be reviewed and deleted, unless there is some special reason for keeping it. Occasionally, BCG may continue to use data without further notice to you. This will only be the case where any such data is anonymised and you cannot be identified as being associated with that data.
7. Individual rights in relation to your data
BCG commit to ensure that any data we process is correct and up to date. It is your obligation to make us aware of any changes to your personal information.
Under European data protection law and under certain circumstances, you may have the;
- Right to be informed. This means that we must tell you how we use your data, and this is the purpose of this privacy notice.
- Right to request access. You have the right to access the data that we hold on you. To do so, you should make a subject access request
- Right to request correction. If any data that we hold about you is incomplete or inaccurate, you are able to require us to correct it.
- Right to request erasure. If you would like us to stop processing your data, you have the right to ask us to delete it from our systems where you believe there is no reason for us to continue processing it.
- Right to object to the inclusion of any information. In situations where we are relying on a legitimate interest (or those of a third party) you have the right to object to the way we use your data where we are using it.
- Right to request the restriction of processing. You have the right to ask us to stop the processing of data of your personal information. We will stop processing the data (whilst still holding it) until we have ensured that the data is correct.
- Right to portability. You may transfer the data that we hold on you for your own purposes.
- Right to request the transfer. You have the right to request the transfer of your personal information to another party.
If you want to review, verify, correct or request erasure of your personal information, object to the processing of your personal data, or request that BCG transfer a copy of your personal information to another party, please contact the Data Protection Officer in writing at the below address.
You will not have to pay a fee to access your personal data or to exercise any of the other rights under data protection legislation. However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.
BCG may need to request specific information from you to help confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.
8. Right to withdraw consent
In the limited circumstances where you may have provided your consent to the collection, processing and transfer of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. To withdraw your consent, please email email@example.com. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.
9. Security of your personal data
BCG will take reasonable technical and organisational precautions to prevent the loss, misuse or alteration of your personal information.
BCG will securely store all the personal information that is provided electronically on our firewall and password protected servers. Personal information that is stored manually will be securely stored in an appropriate way.
Please let us know if the personal information which BCG hold about you needs to be corrected or updated.
12. Questions or complaints
BCG seek to resolve directly all complaints about how we handle personal information. Should you have any questions regarding this statement, please contact the Data Protection Officer, Earn House Lamberkine, Drive Perth PH1 1RA telephone 01738 254 254.(firstname.lastname@example.org)
The supervisory authority in the UK for data protection matters is the Information Commissioner (ICO). If you think your data protection rights have been breached in any way by us, you are able to make a complaint to the ICO.