You are here

Policy statement

Introduction

The Data Protection Act 2018 requires us (Essex Cares Limited, trading as ECL) as a Data Controller to have an appropriate policy document in place relating to the processing of special category personal information and information about criminal offenses.

Personal data is any information by which a living individual can be identified. Individual identification can be by information alone or in conjunction with other information. Certain categories of personal data have additional legal protections when being processed. These categories are referred to in the legislation as “special category data” and are data concerning:

Health
Racial or ethnic origin
Political opinions
Religious or philosophical beliefs
Trade union membership
Genetic data
Biometric data
Sex life or sexual orientation

The processing of criminal offence data also has additional legal safeguards. Criminal offence data includes information about criminal allegations, criminal offences, criminal proceedings and criminal convictions.

The principles

The below information sets out our procedures for ensuring our compliance with the principles as detailed in Article 5 of the General Data Protection Regulation.

Principle 1: Personal data shall be processed lawfully, fairly and in a transparent manner in relation to the data subject.

We will:

ensure that personal data is only processed where a lawful basis applies, and where processing is otherwise lawful
only process personal data fairly, and will ensure that data subjects are not misled about the purposes of any processing
ensure that data subjects receive full privacy information so that any processing of personal data is transparent

Principle 2: Personal data shall be collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes.

We will:

only collect personal data for specified, explicit and legitimate purposes, and we will inform data subjects what those purposes are in a privacy notice
not use personal data for purposes that are incompatible with the purposes for which it was collected. If we do use personal data for a new purpose that is compatible, we will inform the data subject first

Principle 3: Personal data shall be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.

We will:

only collect the minimum personal data that we need for the purpose for which it is collected.
ensure that the data we collect is adequate and relevant.

Principle 4: Personal data shall be accurate and, where necessary, kept up to date.

We will:

ensure that personal data is accurate, and kept up to date where necessary.
take particular care to do this where our use of the personal data has a significant impact on individuals.

Principle 5: Personal data shall be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed.

We will:

only keep personal data in identifiable form as long as is necessary for the purposes for which it is collected, or where we have a legal obligation to do so. Once we no longer need personal data it shall be deleted or rendered permanently anonymous.

Principle 6: Personal data shall be processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.

We will:

ensure that there appropriate organisational and technical measures in place to protect personal data.

Accountability principle: The controller shall be responsible for, and be able to demonstrate compliance with these principles. Our Accounting Officer is responsible for ensuring that the department is compliant with these principles.

We will:

ensure that records are kept of all personal data processing activities, and that these are provided to the Information Commissioner on request
carry out a Data Protection Impact Assessment for any high risk personal data processing, and consult the Information Commissioner if appropriate
ensure that a Data Protection Officer is appointed to provide independent advice and monitoring of personal data handling, and that this person has access to report to the highest management level of the department
have in place internal processes to ensure that personal data is only collected, used or handled in a way that is compliant with data protection law

Our policies in regards retention and erasure of personal data

We will ensure, where special category or criminal convictions personal data is processed, that:

there is a record of that processing, and that record will set out, where possible, the envisaged time limits for erasure of the different categories of data
where we no longer require special category or criminal convictions personal data for the purpose for which it was collected, we will delete it or render it permanently anonymous
data subjects receive full privacy information about how their data will be handled, and that this will include the period for which the personal data will be stored, or if that is not possible, the criteria used to determine that period

If you have any concerns or questions about how we use your personal information, you can speak with our Data Protection Officer.

You can contact them by:

Email: information.governance@essexcares.org
Post: Data Protection Officer, c/o Head of Quality and Corporate Governance, Seax House, Victoria Road South, Chelmsford, Essex CM1 1QH
Phone: 03330 135 438

For independent advice about data protection, privacy and data sharing issues, you can contact the Information Commissioner’s Office (ICO) at: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF / Tel: 03031 231 113 (local rate). Alternatively, visit ico.org.uk or email casework@ico.org.uk.

Name	Description	Expiry
CraftSessionId	Sets a unique ID for the session. This allows the website to obtain data on visitor behaviour for statistical purposes.	Session
CRAFT_CSRF_TOKEN	Ensures visitor browsing-security by preventing cross-site request forgery. This cookie is essential for the security of the website and visitor.	Session
*_username	Used by us to remember the user’s account login username/email.	Persistent
cookie-consent	Used by us to keep a record of your cookie preferences.	Persistent
hideAnnouncement*	Used by us to keep a record of when you have opted to hide the announcement banner.	Persistent

Name	Description	Third-party	Expiry
_ga	Registers a unique ID that is used to generate statistical data on how the visitor uses the website.		2 years
_gat_*	Used by Google Analytics to throttle request rate.		1 day
_gid	Registers a unique ID that is used to generate statistical data on how the visitor uses the website.		1 day
juggler/event.gif	Identifies the visitor across devices and visits, in order to optimize the chat-box function on the website.	disqus.com	Session

Name	Description	Third-party	Expiry
c	Used in order to detect spam and improve the website's security.	admedo.com	1 year
_fbp	Used by Facebook to deliver a series of advertisement products such as real time bidding from third party advertisers.		3 months
_gcl_au	Used by Google AdSense for experimenting with advertisement efficiency across websites using their services.		3 months
ads/ga-audiences	Used by Google AdWords to re-engage visitors that are likely to convert to customers based on the visitor's online behaviour across websites.	google.com	Session
fr	Used by Facebook to deliver a series of advertisement products such as real time bidding from third party advertisers.	facebook.com	3 months
GPS	Registers a unique ID on mobile devices to enable tracking based on geographical GPS location.	youtube.com	1 day
IDE	Used by Google DoubleClick to register and report the website user's actions after viewing or clicking one of the advertiser's ads with the purpose of measuring the efficacy of an ad and to present targeted ads to the user.	doubleclick.net	2 years
juggler/telemetry/lounge_dynamic.gif	Collects data on the visitors use of the comment system on the website, and what blogs/articles the visitor has read. This can be used for marketing purposes.	disqus.com	Session
pagead/1p-user-list/#		google.com	Session
tr	Used by Facebook to deliver a series of advertisement products such as real time bidding from third party advertisers.	facebook.com	Session
tuuid	Collects visitor data related to the user's visits to the website, such as the number of visits, average time spent on the website and what pages have been loaded, with the purpose of displaying targeted ads.	admedo.com	1 year
tuuid_lu	Contains a unique visitor ID, which allows Bidswitch.com to track the visitor across multiple websites. This allows Bidswitch to optimize advertisement relevance and ensure that the visitor does not see the same ads multiple times.	admedo.com	1 year
vglnk.Agent.p	Collects data on visitor behaviour from multiple websites, in order to present more relevant advertisement - This also allows the website to limit the number of times that they are shown the same advertisement.	disqus.com	1 year
vglnk.PartnerRfsh.p	Collects data on visitor behaviour from multiple websites, in order to present more relevant advertisement - This also allows the website to limit the number of times that they are shown the same advertisement.	disqus.com	1 year
VISITOR_INFO1_LIVE	Tries to estimate the users' bandwidth on pages with integrated YouTube videos.	youtube.com	179 days
YSC	Registers a unique ID to keep statistics of what videos from YouTube the user has seen.	youtube.com	Session
yt-remote-cast-installed	Stores the user's video player preferences using embedded YouTube video.	youtube.com	Session
yt-remote-connected-devices	Stores the user's video player preferences using embedded YouTube video.	youtube.com	Persistent
yt-remote-device-id	Stores the user's video player preferences using embedded YouTube video.	youtube.com	Persistent
yt-remote-fast-check-period	Stores the user's video player preferences using embedded YouTube video.	youtube.com	Session
yt-remote-session-app	Stores the user's video player preferences using embedded YouTube video.	youtube.com	Session
yt-remote-session-name	Stores the user's video player preferences using embedded YouTube video.	youtube.com	Session
aet-dismiss	Necessary for the functionality of the website's comment-system.	disqus.com	Persistent
drafts.queue	Necessary for the functionality of the website's comment-system.	disqus.com	Persistent
submitted_posts_cache	Necessary for the functionality of the website's comment-system.	disqus.com	Persistent

Opportunities for adults with learning disabilities & autism

Older people Day Centres

Overview of service

Short-term home care

News

Guidance & advice

Careers

Policy statement

Introduction

The principles

Our policies in regards retention and erasure of personal data

If you have any concerns or questions about how we use your personal information, you can speak with our Data Protection Officer.

Policy statement

Introduction

The principles

Our policies in regards retention and erasure of personal data

If you have any concerns or questions about how we use your personal information, you can speak with our Data Protection Officer.

Our cookies

Necessary

Analytics

Marketing