This statement applies to all the personal data that we hold or process about you. This statement is provided with the intention to comply with your right to be informed under the Data Protection Act 2018.
We will never transfer or disclose your personal data to any third party except:
Cavalry Healthcare Limited is part of the Cavalry Group of companies. We may transfer your data to other parts of Cavalry Group for internal administrative purposes – for example fulfilment of your services, provision of internal support services, or where marketing is provided by other parts of Cavalry Group. We will ensure your data is processed securely and in accordance with this privacy notice.
The Cavalry Group consists of the following companies:
Cavalry Holdings Limited (Reg no: 15046216)
Cavalry Staffing Limited (Reg no: 12524080)
Cavalry Healthcare Limited (Reg no: 11411412)
Cavalry Executive Search Limited (Reg no: 12525293)
Toto Childrens Homes Limited (Reg no: 15077069)
For service users we will hold and process the following information:
- Your personal and contact details including your name, address, telephone numbers, emails.
- Details of your service including your personal care plan containing: any health conditions; medication information; risk assessments relating to your care package; power of attorney; your life, personal and social preferences, and risk assessments for your property for Health & Safety purposes.
- Financial information including your bank details, invoices.
- Emergency contact information including your next of kin.
- Sensitive information including protected characteristics under the Equality Act 2010 for Equal Opportunities Monitoring and Compliance.
- Copies of letters and communications between us and you.
For our staff we will hold and process the following information:
- Your personal and contact details including your name, address, telephone numbers and emails.
- Information of your employment including your job title, salary, benefits.
- Financial information including your bank details, NI No, tax statements, payslips.
- Evidence your right to work in the UK.
- Information of qualifications and skills including references, licences, certificates, and training.
- Emergency contact information.
- Information around your performance including tasks, attendance.
- Sensitive information including protected characteristics under the Equality Act 2010 for Equal Opportunities Monitoring and Compliance.
- Records of disciplinary, grievance, performance management processes undertaken with you.
- Copies of letters and communications between us and you.
- Health records including fitness for work, medical capability, and assessment outcomes.
- DBS records which include records of past convictions or records of no previous convictions.
- Criminal Convictions including unspent convictions declared and driving offences.
- Information of former employment including references and salaries.
Why do we collect your data?
We are the controller of this information, and we are also the processor. This data is gathered in the legitimate interest of assisting us in fulfilling the contractual requirements to provide a service of care and support, and to provide hours and pay to our staff as part of their employment. It will also be necessary for us to hold this data in the interest of health and safety. You are not obliged to share your personal data with us, but we may need to process your data in order to provide you with the services you have requested, and to fulfil the contract we have with you. There failure to provide us with the data may impact on your recruitment, employment or duties and responsibilities with your role. For service users it may have an impact on the service we are able to provide.
For staff the recipients of your data are us and we anticipate that we may need to share personal information with:
- HMRC (HM Revenue & Customs).
- HSE (Health & Safety Executive).
- The Police.
- Other regulatory bodies such as CQC (Care Quality Commission) Ofsted (Office for Standards in Education, Children’s Services and Skills).
- Other care providers as part of our staffing solution agency.
For service users we anticipate that we may need to share personal information with:
- Regulatory bodies such as CQC (Care Quality Commission) Ofsted (Office for Standards in Education, Children’s Services and Skills).
- The Police.
- Other public service departments including local authorities.
- Our staff for them to be able to support you.
- Your next of kin or family members at your request.
If none of the grounds set out above applies, we will obtain separate consent from you to the processing of your personal data. You can withdraw your consent at any time. This will not affect the lawfulness of any processing we carried out prior to you withdrawing your consent.
How long will we hold your data?
Staff financial and employment data will be kept for the duration of their employment and for a further period thereafter of 6 years. This period has been determined under HMRC requirements and for the protection of Cavalry Group throughout your employment and for a period after in the event of any employment tribunal or breach of contract claims. If your data is subject to an ongoing safeguarding alert, it will be kept open for the length of the alert plus 6 years, or it refers to a child it will be kept indefinitely, this is set by safeguarding guidance. Service user information regarding their care/support including financial data for adult service users will be kept for the duration of your service and for further period of 3 years. For children we will retain the information for a period of 80 years. This has been set for the protection of service users and the organisation in the event of any claims. Following the end of this period, we will delete or destroy your personal data in accordance with Data Protection Legislation.
Your Rights:
You have the right to ask us to confirm that we process your personal data, as well as having the right to request access to/copies of your personal data. You can also ask us to provide a range of information, although most of that information corresponds to the information set out in this fair processing notice.
We will provide the information free of charge unless your request is manifestly unfounded or excessive or repetitive, in which case we are entitled to charge a reasonable fee. We may also charge you if you request more than one copy of the same information.
We will provide the information you request as soon as possible and in any event within one month of receiving your request. If we need more information to comply with your request, we will let you know.
If you believe personal data we hold about you is inaccurate or incomplete, you can ask us to rectify that information. We will comply with your request within one month of receiving it unless we do not feel it is appropriate, in which case we will let you know why. We will also let you know if we need more time to comply with your request.
In some circumstances, you have the right to ask us to delete personal data we hold about you. This right is available to you:
- Where we no longer need your personal data for the purpose for which we collected it.
- Where we have collected your personal data on the grounds of consent, and you withdraw that consent.
- Where you object to the processing and we don’t have any overriding legitimate interests to continue processing the data.
- Where we have unlawfully processed your personal data (i.e. we have failed to comply with GDPR UK).
- Where the personal data has to be deleted to comply with a legal obligation.
There are certain scenarios in which we are entitled to refuse to comply with a request. If any of those apply, we will let you know.
Right to restrict processing.
In some circumstances, you are entitled to ask us to suppress processing of your personal data. This means we will stop actively processing your personal data, but we do not have to delete it. This right is available to you:
If you believe the personal data we hold isn’t accurate – we will cease processing it until we can verify its accuracy.
If you have objected to us processing the data – we will cease processing it until we have determined whether our legitimate interests override your objection.
If the processing is unlawful.
If we no longer need the data but you would like us to keep it because you need it to establish, exercise or defend a legal claim.
Data portability.
You have the right to data portability in that you may obtain and reuse your data for your own purposes across different services, from one IT environment to another in a safe and secure way, without hinderance to usability. You will be informed of the mechanism that may be in place should you choose to exercise this right. Exact methods will change from time to time.
Right to object.
You are entitled to object to us processing your personal data:
- If the processing is based on legitimate interests or performance of a task in the public interest or exercise of official authority.
- For direct marketing purposes (including profiling).
- For the purposes of scientific or historical research and statistics.
In order to object, you must have grounds for doing so based on your particular situation. We will stop processing your data unless we can demonstrate that there are compelling, legitimate grounds which override your interests, rights and freedoms or the processing is for the establishment, exercise or defence of legal claims. If you were asked to provide consent for us to process your personal data, you have the right to withdraw that consent at any time, this will not affect the lawfulness of any processing of your personal data before you withdrew consent.
You have the right to raise a complaint with a supervisory authority such as the Information Commissioner Officer or any other of our regulators or accreditors if you do not feel we have used or managed your data correctly. We would advise that you exhaust our internal compliant procedure prior to referring the matter. A copy of our complaint policy is available from your local office or by contacting our Compliance Department at compliance@cavalrycare.co.uk
Who we are
Our website address is: https://www.cavalrycare.co.uk.
Comments
When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.
An anonymised string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service Privacy Policy is available here: https://automattic.com/privacy/. After approval of your comment, your profile picture is visible to the public in the context of your comment.
Media
If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.
Cookies
If you leave a comment on our site you may opt in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.
If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.
When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.
If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.
Embedded content from other websites
Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.
These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.
Who we share your data with
If you request a password reset, your IP address will be included in the reset email.
How long we retain your data
If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognise and approve any follow-up comments automatically instead of holding them in a moderation queue.
For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.
What rights you have over your data
If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.
Where we send your data
Visitor comments may be checked through an automated spam detection service.