Privacy Policy – Jersey

What we process

We process personal data about enquirers, residents, and individuals we support before, during and after their contact with us. This processing is required to support our vital business interests and to fulfil our legal and contractual obligations that are compliant with Data Protection (Jersey) Law 2018 (DPJL 2018) and Caldicott Principles including guidance from the 10 data security standards, which include:

  • Providing services to our enquirers, residents, and individuals we support, recording what services we have provided;
  • Managing the health, welfare, safety and security of our residents and individuals we support;
  • Handling enquiries, complaints, and investigations;
  • Monitoring and improving the quality of our services;
  • Using Legitimate interests for researching and understanding the needs of our target audience and to improve our marketing effectiveness;
  • Working with our partners such as recruiting sites and providers to improve the quality of our services.

We also process personal data about job applicants, current and former employees, service providers, and other groups of individuals during our business operations, and this data is subject to our internal privacy policies.

Personal data you provide to us

We collect personal data you provide to us when you enquire, work in, or use any of our services, for example:

  • Enquiry: Personal details (name, gender, age etc.), contact information (home address, phone number, email address etc.), details of your interests and communications preferences;
  • Residents: Personal details, contact information, financial details, relative, or next of kin, care needs;
  • Complaints: Personal details, contact information, enquiry, or complaint details;
  • Health & Welfare: Medical, dietary and mobility details provided to us before, during or after any stay with us in one of our services;
  • Surveys & Market Research: Responses to post-enquirer surveys and market research surveys.
  • Job Applications: Responses to Job applications, including contact details, CV’s and other personal information provided.

Data anonymisation and use of aggregated information

Your information may be converted into statistical or aggregated data in such a way as to ensure that you are not identified or identifiable from its content. This aggregated data cannot be linked back to you as an individual. The methods used to protect this data is encryption, pseudonymisation and anonymisation.

Who we share your information with

When you are a resident in one of our services, we may share your information with:

  • A sponsor to organise payment of fees.
  • Your next of kin or named family member.
  • Any person that you have appointed to act on your behalf pursuant to a valid Power of Attorney or allied professionals and other health care providers in the case of an emergency.

or with;

  • Organisations and consultants providing contracted services to us (for example, information technology service providers who provide and maintain our systems and our website hosting). Where these companies and consultants do provide services to us, we will only use your information in compliance with the Data Protection (Jersey) Law 2018 and the Caldicott Principles.
  • The courts in the United Kingdom or Jersey or abroad as necessary to comply with a legal requirement; for the administration of justice; if there is a risk to public health; to protect vital interests and to protect the security or integrity of our business operations.
  • A third-party company, for example when providing a reference for a former employee, or if a resident who transfers to another service provider. This transfer of data would only take place in accordance with strict compliancy criterion which is transparently conducted.

Where we store your information

We only store your information on servers located within the European Economic Area (EEA). Any third parties that we share your data with are also required to be located within the EEA. These servers are fully protected and encrypted.

As part of our process, we carry out and document full Data Protection Impact Assessments on systems and implement changes based on its outcomes.

Retention of your information

Residents:

  • If you participate in any pre-admission assessment but do not go on to become a resident within Aria Care, we will only keep your information for as long as it is lawfully necessary to enable compliance with our legal and contractual obligations and any related legislations.
  • If you become a resident at a Aria Care, we will keep your information for as long as you continue to be a resident, and then depending on certain circumstances, for 7 years after your contract has ended.
  • All the information we hold is secured, kept confidential and protected with the use of strict processes and policies such as access restrictions and encryption that are in line with Data Protection (Jersey) Law 2018 (DPJL 2018) and the Caldicott Principles.

Job Applicants:

  • Information provided by candidates that are unsuccessful in their application for employment, such as CV’s, shall be securely deleted after 12 months, unless we are given permission to keep the data for a longer period.

Your rights

You have enhanced rights under DPJL 2018 in respect of the information we hold subject to some exemptions.

Please note that the way we process your information and the legal basis on which we rely on to process it affects the extent to which these rights apply.

These rights are the:

  • Right to be informed about the processing of your information (this is what this notice sets out to do);
  • Right to have your information corrected if it is inaccurate (Article 31 DPJL) and to have incomplete information completed;
  • Right to object to processing (Article 21 DPJL) of your information;
  • Right to withdraw your consent at any time where we rely on it to process your information;
  • Right to restrict processing (Article 33 DPJL) of your information;
  • Right to have your information erased (Article 32 DPJL);
  • Right to request access (Article 28 DPJL) to your information and information about how we process it;
  • Right to move, copy or transfer (Article 34 DPJL) your information; and
  • Right to automated decision making (Article 38 DPJL) including profiling.
  • Right to object to the processing of personal data for direct marketing purposes at any time (Article 36 DPJL)

If you would like to discuss or exercise any of these rights, please contact us using the details provided both at the top and bottom of this Privacy Policy.

Where you believe your information has or is being used in a way that you believe does not comply with data protection law. You have the right to lodge a complaint with Jersey Office of The Information Commissioner. We encourage you to contact us before making any complaint and we will seek to fully resolve any issues or concerns you may have.

You can also contact our Data Protection Officer (S.Sagoo) with any data protection concerns at dpo@ariacare.co.uk or by calling 01206 224 100.

Last updated: March 2023