Data Protection

Check out our Privacy Notice and how your data is used at Caredig

Your Guide to Data Protection

In order to operate effectively, Caredig has to obtain certain types of information about persons working and residing in or having support in the areas we manage homes.

The information Caredig holds on individuals, which identifies that individual, is known as personal data. These individuals include former, current and prospective tenants, employees, suppliers, partners and service users.

The term personal data applies to any material which identifies a living individual, for example, information held on Caredig computer systems, photographs, CCTV footage. To ensure that Caredig handles personal data lawfully and appropriately, it must adhere to the latest Data Protection principles.

Data Protection Officer

Within Caredig, the route for all matters relating to data protection and information management is via the Data Protection Officer (DPO) dpo@caredig.co.uk. Their role consists of assisting all Caredig services in achieving and maintaining a position of compliance with Data Protection.

As Caredig collects and processes personal data, we must register with the Information Commissioners Office (ICO) as a data controller in accordance with the Data Protection Act. If data is breached within Caredig, then procedures are in place to contain and investigate disclosure. The DPO is responsible for providing staff with tools and frameworks to ensure they have clear processes and are trained in data protection through e-learning courses and internal material.

If you need advice or guidance on any related topic from information security to data protection, please contact the Data Protection Officer: dpo@caredig.co.uk

Subject Access Requests (SARs)

Under the rights of subject access, an individual is entitled to find out what is being held about them. Individuals are only entitled to their own personal data and not to information relating to other people (unless they are acting on behalf of that person). Neither are they entitled to information simply because they may be interested in it.  For any SAR requests please email: dpo@caredig.co.uk

Further information on a Subject Access Requests (SAR) can be found on the ICO website: Make a subject access request | ICO

The Wales Accord on the Sharing of Personal Information (WASPI)

WASPI provides a framework for service-providing organisations directly concerned with the health, education, safety, and social wellbeing of people in Wales, and Caredig is a Partner of this framework. In particular, it concerns those organisations that hold information about individuals and who need to share that information to deliver effective services. Further information on WASPI can be found on their website.

Identity and contact details of Caredig

Our postal address is:

Caredig LTD, 43 Walter Road, Swansea, SA1 5PN

You can contact us here for a range of services, or via forms on our website Feedback - Caredig or in person at 43 Walter Road, Swansea, SA1 5PN.

The right to complain about data handling

Caredig sets very high standards for the collection and appropriate use of personal data. We therefore take any complaints about data handling very seriously. We encourage you to bring to our attention where the use of data is unfair, misleading or inappropriate, and we also welcome suggestions for improvement.

Data protection law says Caredig must:

  • Give people a way of making data protection complaints to Caredig;
  • Acknowledge receipt of complaints within 30 days of receiving them;
  • Without undue delay, take appropriate steps to respond to complaints, including making appropriate enquiries, and keep people informed; and
  • Without undue delay, tell people the outcome of their complaints.

 

Step 1 – Data handling enquiry (Informal resolution)

In the first instance, we would ask that you try to resolve data handling queries directly to our data protection officer as follows:

  • dpo@caredig.co.uk or
  • Online: Feedback Form
  • In writing to: 43 Walter Road, Swansea, SA1 5PN (please be aware that complaints will only be logged from the data postage is confirmed as received so this may delay your complaint response).

We are committed to handling data appropriately and are confident that we can resolve most issues informally.

 

Step 2 – Making a Data Complaint (Formal resolution)

If you are unhappy with the response to your query, or for example, how we have responded to your Subject Access Request (SAR), you can raise a data complaint in line with Caredig's internal Data Complaint process as follows:

  • dpo@caredig.co.uk
  • Online: Feedback Form
  • In writing to: 43 Walter Road, Swansea, SA1 5PN (please be aware that complaints will only be logged from the data postage is confirmed as received, so this may delay your complaint response).

You can also make a data complaint without following Step 1 and go straight to Step 2 – Formal resolution.

Step 3 - Complain to the Information Commissioner's Officer

If you remain dissatisfied following an internal complaint, you can lodge a complaint with the Information Commissioner:

In writing to: Information Commissioner's Officer – Wales, 2nd Floor, Churchill House, Churchill Way, Cardiff, CF10 2HH.

Online: Make a complaint | ICO