Privacy Policy
1 General
PHC Care Management Limited (‘Private HomeCare’) is committed to protecting all personal, special, and criminal categories of data held on you. As such, Private HomeCare wants you, the ‘data subject’, to understand how Private HomeCare collects, uses, stores, and shares your personal data. Private HomeCare also wants you understand what rights you can invoke to help you to protect your privacy. In this regard, it is important that you read this Privacy Notice and understand how Private HomeCare uses your personal data. Please note that Private HomeCare reserves the right to update this Privacy Notice as required. The most recent version of this document can be found on Private HomeCare’s website through the following link: https://Private HomeCare.ie/privacy-policy/
1.1 Private HomeCare Information
Private HomeCare is Ireland’s longest established home care provider. Private HomeCare is a HSE recognised and approved provider of home care. If you wish to locate further information on Private HomeCare, you can find this on the Private HomeCare website through the following link: https://www.privatehomecare.ie/
1.2 Legislation
All personal data processed by Private HomeCare is done so in accordance with the General Data Protection Regulation (GDPR) and the Data Protection Act 2018
1.3 Queries and Complaints
If you are unhappy with the way Private HomeCare handles your personal data and wish to complain, or if you simply want further information about the way your personal data will be used, please contact Private HomeCare at the below: Data Protection Officer Private HomeCare 2 Newcastle Road Lucan Co. Dublin Ireland Telephone: +353 01 621 9101 Email: [email protected] You have the right to lodge a complaint with the Data Protection Commission. To contact the Data Protection Commission, please use the following details: Data Protection Commission 21 Fitzwilliam Square South Dublin 2 D02 RD28 Ireland Telephone: +353 (0)761 104 800 Telephone: +353 (0)57 868 4800 Email: [email protected]
1.4 Breaches
Private HomeCare will take all appropriate technical and organisational steps to safeguard your personal data. In the unlikely event of a data breach, Private HomeCare will contact you in line with Private HomeCare’s legal obligations.
2 How Does Private HomeCare Collect Information?
Private HomeCare collects personal data to enable the provision of services to support the Private HomeCare purpose. The following non-exhaustive methods of data collection are an indication of ways in which Private HomeCare may obtain your information:
- Obtain personal data directly from you; and
- Personal data that Private HomeCare receives from other sources
It is important that the personal data you provide Private HomeCare is up to date and accurate. As outlined in Section 7.4 of this notice, if personal data Private HomeCare holds on you is inaccurate or incomplete, please contact Private HomeCare and Private HomeCare will update the information.
3 What Does Private HomeCare Use Information For?
3.1 Process, Purpose, and Lawful Basis
Private HomeCare uses personal data collected to fulfil Private HomeCare’s obligations to provide recruitment services and to enable the provision of services to support Private HomeCare’s purpose.
Private HomeCare uses personal data for any of the following purposes:
Pre-Recruitment
Purpose: To register a prospective data subject’s interest in recruitment for employment.
Lawful Basis: Processing is necessary in order to take steps at the request of the data subject prior to entering into a contract.
The processing is necessary for the exercise of rights and obligations under employment law.
Background Checks
Purpose: To verify if the data subject is qualified and eligible for certain positions within Private HomeCare.
Lawful Basis: Processing is necessary for compliance with a legal obligation to which Private HomeCare is subject.
Recruitment and Selection
Purpose: To complete the recruitment process and assess data subject suitability.
Lawful Basis: Processing is necessary in order to take steps at the request of the data subject prior to entering into a contract. Processing relates to Private HomeCare’s obligations in employment and for assessing data subject’s work capacity.
Pension
Purpose: To administer data subjects pension entitlements and to comply with pension rules.
Lawful Basis: To comply with various pension laws. Processing is necessary for the performance of a contract to which the data subject is party.
Payroll
Purpose: To enable Private HomeCare to effect payment to the data subject.
Lawful Basis: Processing is necessary for the performance of a contract to which the data subject is party.
Personnel File
Purpose: To comply with employment and revenue laws and to ensure that terms and conditions of employment are adhered to.
Lawful Basis: Processing is necessary for the performance of a contract to which the data subject is party. To comply with various employment and revenue laws. To protect the vital interests of the data subject in the event of an accident or emergency.
Entitlement to Work
Purpose: To enable Private HomeCare to achieve compliance with its obligations pursuant to any local legislation governing the entitlement to work.
Lawful Basis: Processing is necessary for compliance with a legal obligation to which Private HomeCare is subject.
Time and Attendance Record
Purpose: To enable the data subject to avail of their rights and entitlement pursuant to the Organisation of Working Time Act 1997.
Lawful Basis: The processing is necessary for the performance of the contract to which the data subject is party.
Statutory Entitlement
Purpose: To enable Private HomeCare to achieve compliance with:
- Its obligation to the data subject;
- Record keeping obligations pursuant to a variety of employment law statutes.
Lawful Basis: The processing is necessary for compliance with legal obligation to which Private HomeCare is subject.
Training Records
Purpose: To ensure that Private HomeCare is in a position to assess the data subject’s training needs and to capture proof of training.
Lawful Basis: The processing is necessary for the performance of the contract to which the data subject is party.
Performance Details
Purpose: To manage the data subject’s performance in accordance with relevant Private HomeCare policies.
Lawful Basis: The processing is necessary for the performance of the contract to which the data subject is party.
Grievance and Disciplinary
Purpose: To ensure the data subject’s complaints are fairly investigated in accordance with Private HomeCare policies.
Lawful Basis: To comply with Private HomeCare legal obligation to apply fair procedures to any data subject’s investigation. The processing is necessary for the performance of the contract to which the data subject is party.
Medical Information
Purpose: To manage the data subject’s absences, to manage sick pay in accordance with the contract of employment, and to manage the fitness to work of data subjects.
Lawful Basis: Processing is necessary to assess, subject to data subject safeguards, the working capacity of the data subject. To carry out obligations and exercise rights under employment law.
Making or Receiving Payments
Purpose: To make or receive any payments in the discharge of normal business functions, dispute settlement, or to carry out any other payment requirements.
Lawful Basis: Processing is necessary for compliance with various employment and revenue laws. The processing is necessary for the performance of the contract to which the data subject is party.
Voice of the Customer
Purpose: To obtain the data subject’s feedback by survey on the Private HomeCare recruitment processes, client services and for research purposes.
Lawful Purpose: Processing is based on request of consent which will be taken from the data subject.
Attracting Talent
Purpose: To provide support and assistance on recruitment services to data subjects via third party sources, such as LinkedIn and other job sites, from which Private HomeCare obtain personal data.
Lawful Purpose: Processing is based on legitimate interest.
Supporting Talent
Purpose: To support data subjects in their career guidance and communicate with them directly with useful information, advice, and support materials through email, messaging, or mobile/web notification.
Lawful Purpose: Processing is based on legitimate interests and contractual obligations.
Regulatory Compliance
Purpose: To comply with financial regulations and any other relevant laws and regulations.
Lawful Purpose: Processing is necessary for compliance with a legal obligation to which Private HomeCare is subject. Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.
Third Party Data Sharing
Purpose: To allow Private HomeCare to conduct and carry out functions with third party service providers that enable Private HomeCare to deliver services.
Lawful Purpose: Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.
Back-ups
Purpose: To store personal data and make back-ups of that data in case of emergencies and for disaster recovery purposes.
Lawful Purpose: Processing is necessary for compliance with a legal obligation to which the Private HomeCare is subject.
Evidence Submissions
Purpose: To gather information for dispute resolution services and legal proceedings.
Lawful Purposes: Processing is necessary for compliance with a legal obligation to which the Private HomeCare is subject.
Transfer of Information for Parties Legal Proceedings
Purpose: To allow parties to commence legal proceedings.
Lawful Purposes: Processing is necessary for compliance with a legal obligation to which the Private HomeCare is subject.
Accidents and Incidents
Purpose: To enable Private HomeCare to comply with employee record keeping obligations pursuant to the Safety, Health, and Welfare Act 2005.
Lawful Purpose: Processing is necessary for compliance with a legal obligation to which the Private HomeCare is subject.
4 Who Does Private HomeCare Share Information With?
Private HomeCare may share personal data with other parties in the course of Private HomeCare’s duties. When this is done, Private HomeCare adheres to the following principles:
- The transfer is based on a legal obligation, the performance of a contract, or explicit consent.
- Where data is transferred to another party, Private HomeCare ensures appropriate technical and organisational safeguards are used to protect your personal data.
- Where Private HomeCare engages a third party to provide a service to Private HomeCare, Private HomeCare ensures the provider has taken appropriate technical and organisational measures to process, store, and safeguard your personal data.
- Private HomeCare, as a Data Controller, will not sell your data to any third party and will take all appropriate steps to ensure the security of your data in dealings with third parties.
While the parties Private HomeCare engage may change occasionally, Private HomeCare believe it is important you are aware of the types of parties Private HomeCare shares data with. The categories and types of third parties outlined below is a non-exhaustive list but provides an indication of the parties Private HomeCare shares data with.
4.1 Other Third Parties
Third parties for the purposes of internal and external audits, carrying out research, general practitioners, and or third parties who may improve Private HomeCare’s processes and services (such as consultants).
4.2 Government Departments, Bodies or Agencies
Private HomeCare is legally obligated to share personal data with state actors which is outlined in the Data Protection Act 2018. Recipients of this data include Government departments, agencies, bodies, investigatory bodies, local authorities, and the Gardaí.
4.3 International Transfers
Where personal data is transferred outside the European Economic Area, Private HomeCare use safeguards known as Standard Contractual Clauses (SCCs).
5 What Type of Information is Collected?
To fulfil Private HomeCare’s mandate and perform tasks as outlined in this statement, Private HomeCare needs to collect various types of personal data. While the type of personal data may change occasionally, Private HomeCare believes it is important you are aware of the types of data Private HomeCare gathers and uses. The following table is a non-exhaustive list and provides an indication of the categories and types of data Private HomeCare uses to perform Private HomeCare’s tasks. Please note that information listed under one category may be used for the performance of a task or in relation to activities under another heading or as outlined under Section 3.
| Category | Type of Data |
| Candidates |
|
| Employees |
|
| Other Stakeholders |
|
6 How Long Does Private HomeCare Retain Information?
Private HomeCare has developed a record retention schedule for all the personal data Private HomeCare holds. Each retention period varies dependent on the nature and the purpose of the processing. The main factors which determine retention periods are as follows:
- How long it is required to perform the task;
- Any legal requirements to hold onto the data;
- Any pending legal actions.
If you would like to see a copy of the Retention Policy, please contact the DPO at [email protected]
7 What Are Your Rights?
As a data subject, you will have the following rights as outlined in this section 7. However, restrictions may apply in certain situations.
7.1 Where do I send requests?
Please send all your requests to the contact details provided in Section 1, with as much detail as possible about your requirements to allow Private HomeCare to deal with your request efficiently. To answer your request, Private HomeCare may ask you to provide identification for verification purposes.
7.2 How long will a request take?
Upon receipt of a request, Private HomeCare will have 30 days to provide an answer with an extension of two further months if required. If Private HomeCare requires more time to deal with your request, Private HomeCare will notify you of the delay and the reasons behind it within 30 days of the receipt of the request. If Private HomeCare refuses your request, Private HomeCare will also notify you within 30 days of the receipt of the request accompanied by the reasons for the refusal. Private HomeCare will not charge a fee for any requests, provided Private HomeCare does not consider them to be unjustified or excessive. If Private HomeCare considers these to be unjustified or excessive, Private HomeCare may charge a reasonable fee (also applicable for multiple copies) or refuse the request. You are entitled to contact the Data Protection Commission if Private HomeCare refuses your request.
7.3 Right of Access
You have a right to know what personal data Private HomeCare hold on you, why Private HomeCare holds the data, and how Private HomeCare is processing your personal data. When submitting your request, please provide Private HomeCare with information to help verify your identity and as much detail as possible to help Private HomeCare understand the information you wish to access (i.e. date range, subject of the request) and email [email protected] Please note that an access request is free of charge, however, where Private HomeCare determines a request to be unjustified or excessive, Private HomeCare may charge you a reasonable fee.
7.4 Right to Rectification
You have a right to request that Private HomeCare information held on you is up to date and accurate. Where information is inaccurate or incomplete, Private HomeCare encourage you to contact Private HomeCare to have this information rectified. Upon receipt of request, Private HomeCare will ensure that the personal data is rectified and as up to date as is reasonably possible.
7.5 Right to be Forgotten
You have the right to seek the erasure of your personal data in the following circumstances:
- The personal data is no longer required for the purposes for which is was obtained;
- Where data is being processed on the basis of consent, you withdraw consent to the processing and no other lawful basis exists;
- The personal data is being unlawfully processed;
- You object to the processing of personal data and there are no overriding legitimate grounds for the processing;
- Your personal data requires deletion in line with legal requirements.
However, Private HomeCare will be unable to fulfil an erasure request if the processing of personal data is necessary for the following:
- Exercising the right of freedom of expression and information;
- Compliance with a legal obligation or for the performance of a task carried out in public interest;
- Reasons of public interest in the area of public health;
- Archiving or statistical purposes in the public interest;
- The establishment, exercise, or defence of legal claims;
Please note that the where the legal basis for Private HomeCare’s processing of personal data is on the basis of a legal obligation, some processing in relation to your data may not be subject to the right to erasure. To determine your request for erasure, Private HomeCare will carry out an assessment of the justification for the retaining your personal data where a legal requirement applies and contact you if Private HomeCare is unable to fulfil your request. Please be aware that in some circumstances Private HomeCare may need to retain some information to ensure all your preferences are properly respected. For example, Private HomeCare cannot erase all information about you where you have also asked Private HomeCare not to send you marketing material. Otherwise, Private HomeCare would delete your preference not to receive marketing material.
7.6 Right to Restriction
You have the right to restrict the extent of personal data processed by Private HomeCare in circumstances where:
- You believe the personal data is not accurate (restriction period will exist until Private HomeCare updates your information);
- The processing of the personal data is unlawful, but you wish to restrict the processing of data rather than erase it;
- Where the personal data is no longer required by Private HomeCare, but you require retention of the information for the establishment, exercise, or defence of a legal claim;
- You have a pending objection to the processing of the personal data;
When processing is restricted, your personal data will only be processed: with your consent; for the establishment, exercise or defence of legal claims; for the protection of the rights of other people; or for reasons important to public interest. Private HomeCare will contact you confirm where the request for restriction is fulfilled and will only lift the restriction after Private HomeCare has informed you that Private HomeCare is doing so.
7.7 Right to Data Portability
You have the right to the provision of all personal data held in relation to you in a structured, commonly used and machine-readable format where:
- Processing is completed on the basis a contract;
- Processing is completed based on consent by the you;
- Processing is carried out by automated means.
You may also request that Private HomeCare sends this personal data to another data controller where technically feasible.
7.8 Right to Object
You have the right to object to the processing of your personal data; however, the processing must have been undertaken on the basis of public interest or legitimate interest by Private HomeCare. If you wish to object to the processing of data, please contact Private HomeCare with your request. Private HomeCare will then stop the processing of personal data unless it is required for legal proceedings.