I, James Purser am the Data Controller and Processor of One (Housing & Support) CIC.
The basis on which I keep data is that of “Legitimate Interests”. This means that the data is necessary for me to fulfil the contract that we have together (i.e. tenant or support provided) and that it is data that you would reasonably expect me to hold and use.
For those who enquire and make referrals, the data I hold includes any information you have sent me by email/text/message. the data I hold includes:
Basic information; including, name, email address, phone number.
Information you give me as part of the referral form.
Records including support plans etc
Emails, texts and/or messages that are sent between parties
Information sent from any third party, e.g. housing teams, commissioners etc.
Some of the information you give me may fall under the definition of special category of data as defined by the General Data Protection Regulation. The condition for processing this special data is “processing is necessary for medical diagnosis, the provision of health care or treatment pursuant to contract with a health professional”.
Data is not shared with anyone, except possibly your social/key worker etc, and for any reasons covered by the Requirements for Disclosure, which are detailed and discussed when you are referred.
The data is primarily used to enable One (Housing & Support) CIC to provide housing and support for you. It may also be used for onward referrals or social prescribing delivered by a partner organisation.
Details of where data is held:
Any emails sent between us are held either on my computer’s hard drive or exchange server or if archived, in Dropbox, which is secure cloud based storage that is GDPR compliant. Any emails that may be held on smart phones or Ipads are fingerprint/code protected.
Any texts/Whatsapp messages/Facebook messenger messages sent between parties (See Social Media and Electronic Information section) are held on smart phones or Ipads are fingerprint/code protected.
All support plans and other sensitive personal information is kept on a secure server and/or locked filing cabinet.
Your data is kept for 7 years. The length of time is based on the stipulation of my insurer. After this time any paper records are shredded and computer records permanently deleted.
One (Housing & Support) CIC takes the security of data seriously and as such:
All data is held securely (see details of where data is held above).
Any data transmitted is sent encrypted where possible.
For accounting purposes Excel spreadsheets are used.
I am not in control of data (including emails and texts) which you send me.
Apps such as Facebook routinely access any information held and this is beyond my control.
If there is any breach of data security One (Housing & Support) CIC will give full details to the Information Commissioners Office and any person affected within 72 hours of the breach and do all possible to minimise any potential impact.
You have rights with regards to the data held:
The right of access. I will provide you with all data I hold on you as soon as I can following a request (within 30 days, unless this is not possible due to holidays or illness).
The right to rectification. If any data I hold is incorrect, please let me know as soon as possible and I will correct it as soon as I can following a request (within 30 days, unless this is not possible due to holidays or illness).
The right to erasure. If you would like me to erase your data please let me know as soon as possible and I will delete any computer records and shred any paper records as soon as I can following a request (within 30 days, unless this is not possible due to holidays or illness). NB: data may be retained for scientific research, historical research or statistical purposes where erasure is likely to render impossible or seriously impair the achievement of that processing, but this would never include case notes or data such as address/email/phone.
The right to restrict processing. This would usually be a stop-gap measure before correction of any errors or before erasure.
The right to data portability. This might apply if you want your notes sent to another therapist for example, but it is likely that the easiest solution would come under the right to access, i.e. I would send the data to you.
The right to object to:
Processing based on legitimate interests or the performance of a task in the public interest/exercise of official authority (including profiling). One (Housing & Support) CIC does not engage in these things
Processing for purposes of scientific/historical research and statistics. For this, you must provide grounds for your objection.
Each website you visit can send its own cookie to your browser if your browser’s preferences allow it. To protect your privacy, your browser only permits a website to access the cookies it has already sent to you, not the cookies sent to you by other websites.
How to control and delete cookies:
You may restrict or block the cookies that are sent by our website, or any other website, through your browser settings. You can also ask your browser to alert you when a cookie is issued. For more information about cookies and how to manage them is available at www.aboutcookies.org