When we use your personal data, John Hoffman Consultancy Limited is the data controller.
As the data controller, we must:
· Process information lawfully, fairly and transparently;
· Collect and use information only for a specific legitimate reason;
· Collect only necessary, sufficient information;
· Ensure the accuracy and currency of the information;
· Retain the information only as long as is necessary; and
· Process the information in a way that ensures appropriate security
What is personal data
Personal data is any information about a living person that can be used to work out who they are, for example, your name, address, date of birth, telephone numbers. This can include your email correspondence, photographs and audio or video recordings.
Some of your personal data falls under the heading of ‘special category data’. This is more sensitive information and requires us to be more careful. Examples of ‘special category data’ are ethnic origin, sexual orientation, and health data
Why we collect and store your personal data
We are a consulting service providing consultancy, services and training to our clients. We collect and store the personal data of the following types of people to allow us to undertake our business:
· Prospective and registered care and accommodation providers
· Prospective and current clients
· Supplier contacts to support our services
· Employees and associates
What information you give us, and we collect
This is information that you give us when filing in forms on our site www.johnhoffmanconsultancy.com correspondence with us by phone, email, or otherwise. It includes data requested when we complete assessments and reviews of care and accommodation providers, complete safeguarding audits, undertake independent investigations, when you register or attend our events and training, participate in social media functions on our site or engage with us on our social media platforms.
The information you give us or we collect about you may include your name, address – including former addresses, whether you have been prohibited from being a private foster carer details of other members of your household – whether they are prohibited from being a private foster carer, specific details of your children – age, whether they have been subject to family court proceedings, private and corporate email address and phone number, health information – GP details, criminal conviction, compliance documentation and references verifying your identity, information available in the public domain e.g. Facebook, Twitter, LinkedIn, Instagram
Information we collect about you when you visit our website
Each time you visit our website we will automatically collect the following information:
· Technical information, including the Internet Protocol (IP) address used to connect your computer to the internet, your logon information if application, browser type and version, operating system and platform, device e.g. mobile or PC.
· Information about your visit, including date and time, duration of visit for each page visited.
Information we obtain from other resources
We work closely with Local Authorities from whom we obtain Local Authorities Checks of prospective and registered care and accommodation providers. We obtain information from our clients – clubs who hold registers of care and accommodation providers.
Using your personal data
We will use your data to:
· Advice our clients regarding the suitability of applicants and registered care and accommodation providers;
· Provide consultancy, services and training for our clients, their staff and care and accommodation providers registered with them;
· Do what we are required to do by law;
· Create anonymised data and use it to help us improve what we do, e.g. audits
Anonymised data will not contain any personal data and so you cannot be identified.
We do not undertake automated decision making. A suitably trained officer will always be involved in the decision-making
Organisations with whom we share data
We share data only with those organisations necessary to determine your suitability as Host Parent, for example, The Disclosure and Barring Service; your Local Authority; the Host Family Service to whom you have applied.
Transferring data abroad
Your data may be transferred out of the UK, specifically, where we use cloud-based secure services that host servers in another country.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use our best endeavours by employing our strict procedures and security features to try to prevent unauthorised access.
Unless encrypted, email sent via the internet may not be secure, it is possible for it to be intercepted and read by someone else. Please consider this whenever you are deciding to send to us email containing personal or sensitive information. If you email us we may keep a record of it only if it helps us to provide you with our services and only for as long as it is necessary to do so.
Marketing
We will not use your data to send you marketing or promotional material unless you have given us explicit information to do so.
Consent
Should we want or need to rely on consent to lawfully process your data we will request your consent in writing for the specific activity for which we require consent and record your response on our system. Where consent is the lawful basis for our processing you have the right to withdraw your consent at any time.
Retention of your data
We understand our legal duty to retain securely accurate, personal data for the legitimate reasons we said that we needed the information and for no longer than is necessary and you are happy for us to do so. Because of this we have data retention notices and will run data retention exercises to remove data for which we no longer have a legitimate reason to retain.
In addition to using our best endeavours to ensure the accuracy of details at point of capture, to assure the continued data accuracy, we will:
· Share with applicants and registered care and accommodation providers the report completed as part of their assessment of suitability and annual review;
· Complete a bi-annual detail verification exercise with our clients
Your rights
You have the right to ask us not to process your personal data. The GDPR provide you with specific rights:
· Request correction of personal information you consider inaccurate or incomplete
· Request erasure of your personal information where we no longer have a legitimate reason for continuing to process it.
· Object to processing of your personal information, even if we consider that the reason for holding it is legitimate, but your situation is such that you do not agree. You also have the right to object where we are processing your personal information for direct marketing purposes.
· Request the restriction of processing your personal information. This would allow you to ask us to suspend processing your personal information if you want us to establish its accuracy and our legitimate reason for processing it.
· Request the transfer of your personal information to another party in certain formats, if practicable
· Make a complaint to the Information Commissioners Office.
Data Protection Officer
The Data Protection Officer is entrusted to monitor our compliance with the:
· Data Protection Act 2018;
· The General Data Protection Regulations (GDPR); and
· All relevant policies and procedures in relation to the processing and protection of personal data
The Data Protection Officer and contact person for the Information Commissioner’s Office is
John Hoffman
8 Dunoon Close
Nottingham
NG5 5DH