Privacy Policy

Date Reviewed:  May 9 2018

Introduction

Apax as a data controller is committed to protecting the personal data of all those that use and are involved with the service. We want to ensure that we respect the wishes of those whose data we hold (data subjects). This policy will address in detail how we will collect, use, store and share personal information about you and the rights that you have in relation to the information that is held about you.

Please note that this document does not address the data protection of employees. Privacy information relating to employees can be found within Apax’s Employees Handbook.

Definitions

Data Controller – Where an organisation is determining the purpose of the storage or processing of personal information, it is considered a data controller.

Data Subject – The person whose personal data is processed by a controller is known as a data subject.

What personal information will we hold about you?

We will collect information about you from the following categories:

  • The information you have provided on our application forms, including name, title, address, telephone number, personal email address, work email address, date of birth, gender
  • Employment records (including job titles, work history)
  • Financial data includes bank account and payment card
  • Transaction data includes details about payments to and from you
  • Usage data, how you use our services and/or website
  • Identity data for example name, marital status, title and gender
  • Medical, treatment or care data
  • Previous service provider details
  • Contact data

How is your personal information collected?

We collect data from you through different methods depending on your relationship with us.

As a client, we may collect information from you via direct interactions over the phone, in person or email, referral forms and supporting documents, automated technologies, publically available sources and from third parties such as friends, family, and professionals involved in your care provision.

For the purpose of this document, an external stakeholder refers to client’s friends and family, doctors, Community Mental Health Teams and other agencies that we may work with in order to ensure that clients receive the most holistic support possible. We will often collect information about our external stakeholders via direct interactions over the phone, in person or email, contact details provided on application forms, automated technologies, third parties and publically available sources.

How we will use the information about you?

We will only use your information in a lawful way. Most commonly, we will use your personal data in the following circumstances:

  • In performing the services we provide
  • In improving our services
  • In sharing the success of the service and its clients
  • Where it is necessary for our legitimate interests (or those of a third party) and your interests
  • Where we need to comply with a legal or regulatory obligation

If for any reason we need to use your personal information for an unrelated purpose, we will notify you and explain the legal basis which allows us to do so.

Your responsibility as a data subject?

As a data subject, you are responsible for making sure that all information that you give us is accurate at the time of data collection. You are also responsible for informing us of any changes to your personal data as and when they occur so that we can maintain accurate records at all times. You can do this by contacting the accommodation manager of your home or by informing us via the contact details below.

How will we keep your information safe?

We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way. We also limit access to your personal information so that only those who need access are granted access.

Your information is also stored in a safe and secure way. All paper-based information is locked away after use and electronic information is password protected ensuring only those who need access have access.

We also have a procedure in place to ensure we deal with any suspected data breaches appropriately and we will notify you and any applicable regulator of a suspected breach where we are legally required to do so.

How will be share information about you?

We will only share your personal information with third parties after obtaining your consent to do so, for the purposes of processing an application for housing and support services and for undertaking a contract we have with you. At the point of obtaining your consent, we will also disclose to you the third parties your personal information will be shared with.

How long do you keep my data?

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for. The length of time we retain your information for varies depending on the nature of the information. If you would like more information on the retention period for a specific piece of data. Please request a copy of our Record Retention Schedule from the accommodation manager or from contacting us on the contact details below.

Data is also disposed of in accordance with the Data Protection Act, using methods that respect your privacy such as via cross-shredding.

What are my rights?

At any time after we have collected information about you, you have the right to:

  1. Ask for a copy of the information that we hold about If for any reason we refuse this request, we will provide you with a reason why. To submit a request, please email Services@Apax.org.uk.
  2. Correct inaccurate or incomplete information that we hold about
  3. In certain circumstance, ask us to delete the information we hold about
  4. In certain circumstances, to restrict our use of the information that we hold about
  5. In certain circumstances, to ask us to transfer the information we hold about you to another
  6. Ask us to not use your information for certain purposes such as direct
  7. Ask us not to use automated decision making on your

Contact Details

We have a Data Protection Officer (DPO) to oversee our compliance with GDPR and this privacy Policy. Should you wish to contact them to make a complaint or about any query relating to your personal data that is held with us, please do so by emailing Services@Apax.org.uk.

If you are not satisfied with how a complaint is dealt with, you can also contact the Information Commissioner’s Office (ICO) directly, this is the supervisory authority for data protection issues in the UK.

Information Commissioner Wycliffe House

Water Lane Wilmslow Cheshire SK9 5AF

T: 0303 123 1113

Disclaimer

Please note that we may process your personal information without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

We may also on occasion make amendments or additions to this policy. We will always display the latest policy within our manuals and on our website.