This Privacy Notice sets out what personal data we, Care and Repair in Powys hold about you and how we collect and use it, both whilst you are a client with us and after your case has been closed.
We are required by data protection law to give you the information in this Privacy Notice. It is important that you read the Privacy Notice carefully, together with any other information that we might give you from time to time about how we collect and use your personal data.
This Privacy Notice applies from 25 May 2018, when the General Data Protection Regulation came into force. We may update this Privacy Notice at any time.
Who is the controller?
Care and Repair in Powys is the “controller” for the purposes of data protection law. We are registered with the Information Commissioner’s Office (ICO), our registration number is Z8162536. This means that we are responsible for deciding how we hold and use personal data about you.
Our Data Protection Officer is the Group Company Secretary. As Data Protection Officer, they are responsible for informing and advising us about our data protection law obligations and monitoring our compliance with these obligations. They also act as your first point of contact if you have any questions or concerns about data protection.
What type of personal data do we hold about you?
Personal data means any information relating to a living individual who can be identified (directly or indirectly) in particular by reference to an identifier (e.g. name, NI number, email address, physical features). It can be factual (e.g. contact details or date of birth), an opinion about an individual’s actions or behaviour, or information that may otherwise impact that individual in a personal or business capacity.
Data protection law divides personal data into two categories: ordinary personal data and special category data. Any personal data that reveals racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, physical or mental health conditions, sexual life or sexual orientation, or biometric or genetic data that is used to identify an individual is known as special category data. (The rest is ordinary personal data).
Any sensitive personal data we collect from you is for the purposes of providing our services to you or if we need to comply with a legal obligation. Our legal ground of processing this data is your explicit consent.
Why do we hold your personal data and on what legal grounds?
We hold and use your ordinary personal data for our casework service and business administration purposes. This will include, for example: management of adaptation works overseen by us; assisting or completing any benefit and/or grant applications; liaising with partner agencies or organisations to achieve the best outcome for the client.
Data protection law specifies the legal grounds on which we can hold and use personal data.
We rely on the following legal grounds when we process your personal data:
- Where we need it to perform the contract we have entered into with you, whether this is a contract for services or another type of contract.
- Where it is necessary for our legitimate interests, and your interests and fundamental rights do not override those interests. This may include, for example, managing your case and monitoring satisfaction with our services.
We use the information you give us in some of the following ways:
- Respond to any enquiries
- Support applications for welfare benefits or benevolent funds
- Carry out adaptations to your home
- To liaise with other agencies to apply for grants, building regulations and other necessary paperwork needed to complete works
- Contact you by telephone, sms (text), email or post, to gain your opinions on the service provided by Care and Repair in Powys and to update you on progress
- To improve services
Sometimes we may use your personal data for purposes that are different from those for which we collected it. If we do this, we will notify you and explain our legal ground for using your data in this way, as required under data protection law.
How do we collect your personal data?
You provide us with most of the personal data about you that we hold and use. Other personal data about you we hold and use, is generated by you in the course of discussions and/or applications surrounding our casework service or minor adaptations service.
Some of the personal data about you that we hold and use may come from external sources. For example: from a Family Member, Occupational Therapist, Housing Association, or Land Registry.
If you give us someone else’s personal data
Sometimes, you might provide us with another person’s personal data – e.g. details of your emergency contact or next of kin, or refer them on their behalf. In such cases, we require you to inform the individual of the personal data of theirs you are giving to us. You must also give them our contact details and let them know that they should contact us if they have any queries about how we will use their personal data.
Who do we share your personal data with?
We will only share your personal data with third parties where we have an appropriate legal ground under data protection law which permits us to do so. Commonly, this could include situations where we provide the information to comply with our contractual duties to provide a casework service to you, which may also include sharing with external contractors. Where it is necessary in our legitimate interest to improve services, and monitor satisfaction with our services.
We require all of these third parties to whom we transfer your data to respect the security of your personal data and to treat it in accordance with the law. They are only allowed to process your personal data on our instructions.
We will not share your details with third parties for marketing purposes.
We have put in place security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. We also limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know such data. They will only process your personal data on our instructions and are subject to a duty of confidentiality. We have put in place procedures to deal with any suspected personal data breaches and will notify you and any applicable regulator where we are legally required to do so.
We may anonymise your personal data (so that you can no longer be identified from such data) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.
We will only keep your personal data for as long as is necessary to fulfil the purposes for which we collected it. We may retain your data to satisfy any legal, accounting, or reporting requirements so for example we need to keep certain information about you for 6 years after you cease to be a client for tax purposes. You have the right to ask us to delete the personal data we hold about you in certain circumstances.
You have a number of legal rights relating to your personal data, which are outlined here:
The right to be informed. Individuals have the right to be informed about the collection and use of their personal data. This is a key transparency requirement under the GDPR.
The right to make a subject access request. You may request that we inform you of the data we hold about you and how we process it. We will not charge a fee for responding to this request unless your request is clearly unfounded, repetitive or excessive in which case we may charge a reasonable fee or decline to respond.
The right to request that we correct data, incomplete or inaccurate personal data that we hold about you.
The right to request that we delete or remove personal data that we hold about you where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have exercised your right to object to processing (see below).
The right to object to our processing your personal data where we are relying on our legitimate interest (or those of a third party), where we cannot show a compelling reason to continue the processing
The right to request that we restrict our processing of your personal data. This enables you to ask us to suspend the processing of personal data about you, for example if you want us to establish its accuracy or the reason for processing it.
The right to request that we transfer your personal data to you or to another party, in a structured format. This right applies in respect of data that you have provided where our legal ground for using the data is that it is necessary for the performance of a contract or that you have consented to us using it (this is known as the right to “data portability”).
If you would like to exercise any of the above rights, please contact The Data Protection Officer, in writing. Note that these rights are not absolute and in some circumstances we may be entitled to refuse some or all of your request.
We will, in most cases, reply within one month of the date of the request unless your request is complex or you have made a large number of requests in which case we will notify you of any delay and will in any event reply within 3 months.
If you wish to make a Subject Access Request, please send the request to:
Data Protection Officer
Care and Repair in Powys
Ty Canol House
or email firstname.lastname@example.org marked for the attention of the Data Protection Officer.
We are committed to protecting your personal data but if for some reason you are not happy with any aspect of how we collect and use your data, you have the right to complain to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk).
We should be grateful if you would contact us first if you do have a complaint so that we can try to resolve it for you.
Cookie Privacy Notice
As with most websites, when you visit this website, a small amount of data may be stored on your mobile phone, tablet, or computer hard drive using cookies and similar technologies. Cookies help make this website work and provide information to us about how users interact with our site. We use this information to improve our website. We do not seek to identify individual visitors unless they choose to input their contact details into one of the forms on the website.
The types of cookies used on this website can be classified into one of three categories:
- Strictly Necessary Cookies. These are essential in order to enable you to use certain features of the website, such as submitting forms on the website. Without these cookies, the services offered on the website cannot be provided to you. These cookies do not gather information about you that could be used for marketing or remembering where you have been on the Internet.
- Functionality Cookies. These are used to allow the website to remember choices you make (such as your username, if applicable) and provide enhanced features to improve your web experience.
- Analytical Cookies. These are used to collect information about how visitors use this website, for instance, the number of visits to the site or the average duration of a visit. The information is used only to improve how this website works.
Web Beacons. Pages of our website may contain small electronic files known as web beacons that allow us to record activity, such as when you visit a certain page. Web beacons are used to track usage of this website and monitor its performance (i.e. Google Analytics)
Use of IP Addresses. An IP address is a numeric code that identifies your computer on the Internet. We use your IP address and browser type to help analyze usage patterns to improve the service we offer to you. But without additional information your IP address does not identify you as an individual.
If you have any questions or concerns about how your personal data is being used by Care & Repair in Powys Ltd. you can contact:
Data Protection Officer (Care & Repair in Powys Ltd.):
Care & Repair in Powys Ltd.
Ty Canol House,
Newtown, Powys, SY16 1AL
Telephone: 01686 620760
Links To Other Websites
Data Protection Policy
Our latest Data Protection Policy has been updated in March 2018 to ensure the Group complies with the requirements of the General Data Protection Regulations (GDPR) as incorporated into UK legislation. Download Data Protection Policy.