GDPR the General Data Protection Regulation.
Responsible Person Donna Lowden
Register of Systems Electronic and manual
- Data protection principles
Someone Cares is committed to processing data in accordance with its responsibilities.Article 5 of the GDPR requires that personal data shall be:
- processed lawfully, fairly and in a transparent manner in relation to individuals;
- collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall not be considered to be incompatible with the initial purposes;
- adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
- accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay;
- kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes subject to implementation of the appropriate technical and organisational measures required by the GDPR in order to safeguard the rights and freedoms of individuals; and
- processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.”
- General provisions
- This policy applies to all personal data processed by Someone Cares.
- The Responsible Person shall take responsibility for Someone Cares’s ongoing compliance with this policy.
- This policy shall be reviewed at least annually.
- Someone Cares shall register with the Information Commissioner’s Office as an organisation that processes personal data.
- Lawful, fair and transparent processing
- To ensure its processing of data is lawful, fair and transparent, Someone Cares shall maintain a Register of Systems.
- The Register of Systems shall be reviewed at least annually
- Individuals have the right to access their personal data and any such requests made to Someone Cares shall be dealt with in a timely manner.
- Lawful purposes
- All data processed by Someone Cares must be done on one of the following lawful bases: consent, contract, legal obligation, vital interests, public task or legitimate interests (see ICO guidance for more information).
- Someone Cares shall note the appropriate lawful basis in the Register of Systems.
- Where consent is relied upon as a lawful basis for processing data, evidence of opt-in consent shall be kept with the personal data.
- Where communications are sent to individuals based on their consent, the option for the individual to revoke their consent should be clearly available and systems should be in place to ensure such revocation is reflected accurately in Someone Cares’s systems.
- Data minimisation
- Someone Cares shall ensure that personal data are adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.
- Someone Cares shall take reasonable steps to ensure personal data is accurate.
- Where necessary for the lawful basis on which data is processed, steps shall be put in place to ensure that personal data is kept up to date.
- Archiving / removal
- To ensure that personal data is kept for no longer than necessary, Someone Cares shall put in place an archiving policy for each area in which personal data is processed and review this process annually.
- The archiving policy shall consider what data should/must be retained, for how long, and why.
- Someone Cares shall ensure that personal data is stored securely using modern software that is kept-up-to-date.
- Access to personal data shall be limited to personnel who need access and appropriate security should be in place to avoid unauthorised sharing of information.
- When personal data is deleted this should be done safely such that the data is irrecoverable.
- Appropriate back-up and disaster recovery solutions shall be in place.
In the event of a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data, Someone Cares shall promptly assess the risk to people’s rights and freedoms and if appropriate report this breach to the ICO (more information on the ICO website).
At SomeOne Cares (SOC) we are committed to protecting your privacy. We use the information we collect about you to enhance your experience online and improve our service to you and as required by the UK Data Protection Act 2018 and all other data protection legislation currently in force, we follow strict security procedures in the storage and disclosure of information which you have given us, to prevent unauthorised access.
The Regulation applies to anyone processing personal data and sets out principles which should be followed and gives rights to those whose information is being processed.
This Privacy Notice tells you what to expect us to do with your personal information when you contact us or enter into an agreement with us.In this Privacy Notice we will tell you:
- why we can process your information
- what purpose we are processing it for
- whether you must provide it to us
- how long we store it for
- whether there are other recipients of your personal information
- whether we intend to transfer it to another country
- whether we do automated decision-making or profiling.
- processed lawfully, fairly and in a transparent way
- processed only for the purpose that the information was collected for
- limited to what is necessary
- accurate and kept up to date
- kept for no longer than is necessary
- kept safe and secure
- only shared with other Organisations who can demonstrate compliance with the regulations.
Our Contact Details
There are many ways you can contact us, including via our website, post, email, telephone or in person.Name: SomeOne Cares
Postal Address: 1 Amble Close, North Shields, Tyne and Wear, NE29 7XW
Telephone: (0191) 257 8094
SomeOne Cares are a Data Controller and registered with the ICO. Registration: Z9734344
What information we collect
- Name and contact details (address, email address, telephone number)
- IP Addresses you use to access our website along with your usage details.
- Payment card details
- Date of birth
- Proof of identity
- Immigration status
- Marital Status
- Health Details * including GP Details, Medications, Disabilities etc
- Emergency Contact information
We may use the information we collect to occasionally notify you about important functionality changes to the website, new products, services, and special offers we think you will find relevant.
If you would rather not receive this information, details of how to remove yourself from our subscription system will be contained in the emails that you receive from us. Make sure you change your preferences for each account you hold or email address you have provided.
Why we collect and process this information
- When you use our website or to enquire about our services via our website, by telephone or email
- When you enter into an agreement with us for any service provision
- To enable us to support our customer obligations and service requirements
- To notify you of any enhancements or updates to the services or systems we provided to you
- To manage our business
- Perform the terms of our agreement with you.
Your information will not be used for automated decision-making or profiling.In certain circumstances we also use other lawful bases as follows:
- To fulfil our regulatory and legal requirements
- Our legitimate interests, for example:
- to improve our services
- to conduct web analytics
- to administer and protect our business, website, and social media profiles
- for the prevention and detection of fraud and spam
- for the establishment, exercise, and defense of legal claims.
What about Cookies?
How we protect your information
We are committed to ensuring that your information is secure. As such we have put in place appropriate technical and organisational measures to safeguard it, including the use of user logins and passwords to our internal systems, secure cloud-based data storage, encryption, anti-virus software and network vulnerability scanning.
All information entere