LINC is wholly committed to complying with the Data Protection (Jersey) law 2018. Our policy is written with the aim of ensuring that all employees who have access to any client and staff data do so in a manner compliant with this legislation. Staff receive annual data protection training to ensure that they are aware of their professional responsibilities with regard to handling data.
This Data Protection Notice is part of LINC's ‘best practice’ approach to data protection. The Notice provides a concise statement of how we collect, use and disclose personal data and the rights of individuals.
At LINC, we operate a transparent and clear policy to comply with data protection. In order for our data protection notice to be as accessible as possible, we include explanations of the terms used.
Data is information which is being processed about a living, identifiable person. Data must only be used for the reason that it was collected. Data is categorised as either personal or special. Personal data is any information referring to a data subject; examples include name, identification number, location data, date of birth. Special data is sensitive and examples include information about ethnicity, race, religious views. Neither of the examples for personal or special data are exhaustive. For the purpose of this notice, ’data’ refers to both personal and sensitive data.
An identifiable, living person, who can be identified either directly or indirectly.
Processing data refers to any operations being performed with personal data. This may include collecting, using, storing and disposing of the data.
A controller decides the purpose for which the data is processed, and how that data is processed. Care Academy and its subsidiary companies act as a data controller for clients and staff. Other data controllers may include departments of the States of Jersey and GP surgeries.
Data processors are appointed by the data controller to carry out processing tasks on data. Examples include employing a processor to shred data, a company who creates our staff ID cards and departments of the States of Jersey. This list demonstrates examples and is not exhaustive.
2. Who is collecting the data?
At LINC, we offer a wide range of care services within the Channel Islands. Your data is only handled by staff who need access to the information for a legitimate, operational need. Access to data is regularly audited by our Data Protection Officer.
3. How do we collect your data?
We collect your personal data in a number of ways, for example:
from the information you provide to us;
from information shared with us by yourself or other professionals.
4. What data is being collected?
Your data is collected to ensure the best training is delivered. We only ever collect data which is relevant to your training. The data is kept as accurately and up-to-date as possible. You add data to that we already have from you at any time.
5. Where is the data stored?
Data is stored in compliance with legislation and best practice guidelines. Some data is stored electronically, whilst some data is stored in paper format, and locked away for safety. The software which is used to store data electronically will have been risk assessed by our Data Protection Officer prior to being used for the purposes of storing data. If you have concerns about where or how your data is stored, you can contact the LINC Data Protection Officer to discuss further.
6. What is the legal basis for processing the data?
LINC will always endeavour to obtain your permission to process your data prior to doing so. In some circumstances, such as employment and healthcare, we have a legal obligation to collect and process your data. We will only process data if there is a legitimate and necessary interest. Data handled by the LINC will not be transferred or distributed outside of Jersey, unless there is a legitimate and/or justifiable reason to do so.
7. Will the data be shared with any third parties?
Data will only be shared with your consent. This consent will only be superseded in circumstances such as safeguarding and if there is a legal obligation.
Third parties who we share data with may include States of Jersey departments, GPs and other healthcare professionals. Although not a legal requirement, we endeavour to have Data Sharing Agreements with third parties, prior to sharing information. These agreements stipulate the responsibility of both parties with regards to information sharing.
Some of our processing duties are outsourced. For example, we employ companies to undertake the shredding of confidential documents, and we use computer software to process data. All third parties who carry out processing duties on our behalf will have signed a Data Processor Contract, outlining their responsibilities.
8. How will the data be used?
Data will be used to ensure that all clients are kept safe, and receive the training possible.
9. How long will the data be stored for?
We will only retain data for as long as is necessary under law and best practice guidelines. For medical data, where there is not a legal stipulation, we follow guidance available by the Information Governance Alliance.
10. What are your individual rights?
Under the Data Protection (Jersey) law 2018, you have the following data protection rights:
Right to be informed – You have the right to receive clear and easy to understand information about why your information is being collected/processed, who the information will be given too, how long it will be stored for, and the categories of data collected. This information is written for clients in a Fair Processing Notice.
Right to access health records – You have the right to know what data is being stored about you. If you would like to know what data is stored about you (Subject Access Request), please contact the Data Protection Officer. Information will then be provided to you in accordance with the law.
Right to rectification – If the data stored about you is inaccurate or incomplete, you can request that it is corrected.
Right to be forgotten – In certain circumstances, you can request for your data to be erased. As LINC is a healthcare business, we are legally obliged to keep some training data, even if you request for its erasure.
Right to restrict processing – In certain circumstances, you can request that we do not process your data, or that we restrict how we process your data.
Right to data portability – When data processing is automated, you can request to see the data given to the Controller in a structured and readable format. You can also request that automated data is transferred to another Controller, where it is feasible to do so. This right is not applicable when the rights/freedoms of others may be affected.
Right to object – You have the right to object to your data being processed, unless the processing is for a legitimate reason (i.e. for reasons of public interest). You have the right to object to your data being used for marketing.
11. How can I raise a complaint?
If you have concerns about anything to do with the data we keep about you, you should contact our Data Protection Officer via telephone: 01534 888237, or email: firstname.lastname@example.org
The complaint will be investigated, and the relevant procedures will be followed. If we find that a serious data breach has occurred, we will report the breach to the Office of the Information Commissioner within 72 hours of being made aware of the breach. Minor breaches will be dealt with in-house. All breaches are appropriately documented.
Further information about Data Protection is available through the Office of the Information Commissioner: www.oicjersey.org
12. Contact details
For further information on any aspect of Data Protection on this page, please contact our Data Protection Officer:
Verity Sangan, Compliance and Special Projects Manager
What are cookies?
A cookie is a text-only string of information that a website transfers to your computer via the browser for either the essential functionality of that website or to improve the performance for the user. Cookies aren’t viruses and we cannot access or save any personal data on your computer when you accept them.
Why are cookies important?
These anonymous markers let us temporarily remember who you are, allowing us to make sure we give you the best user experience during every visit. No cookies used by this site are a threat to your privacy.
You can accept or decline cookies at any time by modifying the settings in your browser preferences. Please bear in mind that declining all cookies may prevent you from being able to use certain areas and functions of the site.