This is an important notice regarding your privacy and the way in which Future Horizons support Limited (referred to as “we”, “our” or “us” in this policy) collects and makes use of your personal data.

We want to be open and transparent with you, and therefore encourage you to contact us if you have any questions about this policy or the ways in which we use your personal data. This policy applies to individuals outside of our organisation, for example, applicants for vacancies, residents, family and friends of our residents, doctors, nurses, suppliers, and the general public. We take our privacy responsibilities seriously and are committed to protecting and respecting your privacy.

This policy sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.

For the purpose of applicable privacy legislation, the data controller is Future Horizons Support Limited of 2 Railway Street, Stafford, ST16 2EA. Our company registration number is 09411249.

Questions regarding this policy should be directed to our Data Protection Compliance Manager. The Data Protection Compliance Manager is responsible for ensuring compliance with relevant data protection legislation and with this policy. The Data Protection Compliance Manager can be contacted at enquiries@futurehorizons.org.uk. Any questions about the operation of this policy or any concerns that the policy has not been followed should be referred in the first instance to the Data Protection Compliance Manager.

1. What information do we hold about you?

We may collect, store and use personal data about you (referred to throughout this privacy policy as personal information) as well as Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data) referred to throughout this privacy policy as sensitive personal information. It does not include data where identity has been removed i.e. (anonymous data).

Applicants

  • Personal contact details such as the name, title, address, telephone number and e-mail address;
  • Recruitment information (including, for example, your driving licence, passport or visa information, the information provided to us within your DBS check application form and other personal information included in an application form, CV or cover letter (obtained as part of your application for employment with us);
  • Personal information provided to us by our recruitment partners in relation to your application for employment with us;
  • Any other personal information gathered during your application process.

Suppliers

  • Contact details such as your name, title, business telephone number and business e-mail address.
  • Information you provide, or we collect during our interactions with you or your employer, such as how long we have done business with you or how long you have worked at your company.

Residents

  • Personal details such as your name, title, personal telephone and e-mail address and address.
  • Your parent’s personal details.
  • Photographs and videos of you.
  • Special Categories of Personal Data about you (see above).

We may get this information from application forms you (or someone on your behalf) have filled in, from notes and reports about your background, health and any treatment and care you have received or need, or it may be recorded in details of contact we have had with you such as information about complaints or incidents, and referrals from commissioning bodies.

Family members and friends of residents

  • Personal details such as your name, relation to the resident, personal telephone, e-mail address and address.
  • Photographs and videos of you.

Generally

  • If you visit our premises, images and videos are recorded by the CCTV in operation onsite.
  • Any personal information gathered when you visit our premises via our visitor vetting process, including your name and vehicle registration where requested.
  • Any personal information you provide to us via our website, for example, by using the “Contact” page on our website.
  • Any personal information you provide to us during your interactions with us.

2. How long will we use your personal information and what is the legal ground we rely on for doing so?

We will only use your personal information when the law allows us to. When we use your personal information, we must have a legal ground for doing so. The table below sets out a description of all the ways we plan to use your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate. Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data. Please contact us if you need details about the specific legal ground we are relying on to process your personal data where more than one ground has been set out in the table below.

Purpose/Activity Type of data Lawful basis for processing including basis of legitimate interest
To deliver services to you and/or the young people and adults we support (a) Identity (b) Contact (c) Special Categories of Personal Data (a) Performance of a contract with the relevant local authority with responsibility for a young person and adults (b) Necessary to comply with a legal obligation (c) Necessary for our legitimate interests
To manage our relationship with you which will include: (a) Notifying you about changes to our terms or privacy policy (b) Asking you to leave a review or take a survey (a) Identity (b) Contact (c) Marketing and Communications (a) Performance of a contract with you (b) Necessary to comply with a legal obligation (c) Necessary for our legitimate interests
To administer and protect our business and this website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data) (a) Identity (b) Contact (c) Technical (a) Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise) (b) Necessary to comply with a legal obligation
To use data analytics t improve our website, products/services, marketing, customer relationships and experiences (a) Technical
(b) Usage
Necessary for our legitimate interests (to define types of users for our services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy)

Generally

  • To ensure our premises are kept secure – in pursuit of our legitimate interests (site security and evidence).
  • Health and safety purposes – to comply with a legal obligation.
  • To administer our website and for internal operations, including troubleshooting, data analysist, testing, research, statistical and survey purposes
    – in pursuit of our legitimate interests (to better understand how people interact with our website and solve any issues it may have).
  • To improve our website to ensure that content is presented in the most effective manner for you and your computer
    – in pursuit of our legitimate interests (to improve our content and your experience).
  • To transfer to third party service providers – in pursuit of our legitimate interests (outsourcing for effectiveness and efficiency) or to provide you with support services.
  • To contact you if we wish to use your personal information for a purpose not set out in this policy
    – to comply with a legal obligation.

3. What happens if there is a change of purpose?

We will only use your personal information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal information for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

4. Which type of third parties might we share your personal information with?

We may share your personal information with the following types of third parties:

  • Technical support providers, who provide us with IT support and our electronic recording system which is used to store personal data.
  • Your personal details such as your name may be passed to service providers where we arrange for services to be provided to you such as transport, education and physical and mental health services.
  • Professional advisers such as clinical psychologists and legal advisors.
  • With statutory authorities such as social services and the police.
  • Providers who help us collate and organise information effectively and securely. We require third parties to respect the security of your personal information and to treat it in accordance with the law. For example, where we instruct third party service providers, we carry out due diligence on those providers to ensure they treat your personal information as seriously as we do.

5. How long will you use my personal information for?

We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for. We assess the appropriate retention period for different information based on the size, volume, nature and sensitivity of that information, the potential risk of harm to you from unauthorised use or disclosure of that information, the purposes for which we are using that information, applicable legal requirements for holding that information, and whether we can achieve those purpose(s) through other means in accordance with our obligations under the laws and regulations that we are subject to.

Applicants

In relation to job applications we may get this information from application forms and CVs submitted as part of the job application process.

We may also collect information about criminal convictions and offences as part of our job application and screening process.

  • Where your application for employment with us is successful, we will provide further information during the course of your employment as to how we use your personal information.

Suppliers

  • Where we have collected your personal information during the course of your and our organisations doing business, we will keep your information for as long as this business carries on, or for as long as we have a commercial interest in holding your personal information, for example, with a view to doing business in the future.

Residents

  • In relation to the young people and adults we support we may get this information from application forms you (or someone on your behalf) have filled in, from notes and reports about your background, health and any treatment and care you have received or need, or it may be recorded in details of contact we have had with you such as information about complaints or incidents, and referrals from commissioning bodies. Where we have collected your personal information as a result of providing you with our services, we will keep your personal information for as long as is necessary in connection with providing those services in accordance with our obligations under the laws and regulations that we are subject to.

General

  • If you wish to find out more information about our CCTV retention periods, please contact our Data Protection Compliance Manager using the details listed at the beginning of this privacy policy.

6. Data Security

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality. We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

7. Your rights in connection with your personal information.

Under certain circumstances, by law you have the right to:

Request access to your personal data (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.

Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.

Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.

Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.

Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios: (a) if you want us to establish the data’s accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.

Request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.

Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.

8. What we may need from you

We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is a security measure to ensure that personal information is not disclosed to another person who has no right to receive it.

9. What happens if you fail to provide personal information?

If you fail to provide certain information when requested, we may not be able to perform the contract we have entered into with you (such as providing you with our products or services), or we may be prevented from complying with our legal obligations (such as to ensure the health and safety of visitors to our premises).

10. Right to complain

You have a right to make a complaint if you wish to do so. The organisation with oversight of our processing is the Information Commissioner’s Office which can be contacted in writing at Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, by telephone (0303 123 1113) or by e-mail (casework@ico.org.uk).

May 2018