Use of Data 

Ashberry Care Homes is the trading name of Ashberry Healthcare. 

Ashberry Healthcare uses collected data for various purposes: 

  • To provide and maintain care to our residents; 
  • To support and contact our residents’ friends and families. 

Lawful Basis for Processing Residents’ and their families’ Personal Data Under General Data Protection Regulation (GDPR) 

Our lawful basis for processing your personal data is under Article 6(1)(f): legitimate interests: the processing is necessary for Ashberry Healthcare’s legitimate interests or the legitimate interests of a third party unless there is a good reason to protect your personal data which overrides those legitimate interests. 

We may use your Personal Data to contact you with newsletters, marketing or promotional materials and other information that may be of interest to you.  You may opt out of receiving any, or all, of these communications by following the unsubscribe link or instructions provided in any email we send. 

 Retention of Data 

Ashberry Healthcare will retain your data only for as long as is necessary for the purposes set out in this privacy policy, in line with our internal retention policy.  We will retain and use your data to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies. 

Who we share information with: 

We will not share your information with any third parties UNLESS  

  1. it is necessary in the performance of our contractual obligation to you;  
  1. they are a third party data processor acting on our instruction; 

under certain circumstances, Ashberry Healthcare may be required to disclose your data if required to do so by law or in response to verified requests by public authorities (e.g. a court or a government agency). 

Security of Data 

Ashberry Healthcare stores your data in servers based in the EEA.  We take all precautions to ensure that your data is treated securely and in accordance with this privacy policy and no transfer of your personal data will take place to an organisation or a country unless there are adequate controls in place including the security of your data and other personal information. 

 Employees  

Ashberry Healthcare is the data controller for the information you provide during the employment and application process unless otherwise stated.  If you have any queries about the process or how we handle your information, please contact us. 

 What will we do with the information you provide to us? 

All of the information you provide during the process will only be used for the purpose of progressing your application, or to fulfil legal or regulatory requirements if necessary. 

We will not share any of the information you provide during the recruitment process with any third parties for marketing purposes or store any of your information outside of the European Economic Area.  The information you provide will be held securely by us and/or our data processors whether the information is in electronic or physical format. 

We will use the contact details you provide to us to contact you to progress your application.  We will use the other information you provide to assess your suitability for the role you have applied for.  

Speculative Applications 

We sometimes receive speculative applications.  When these are received electronically, if there is no suitable vacancy at that time, we keep them in our system for no more than 24 months at which point we will redact the information but keep the contact information on our database until such time as you opt out.  

 What information do we ask for, and why? 

We do not collect more information than we need to fulfil our stated purposes and will not retain it for longer than is necessary. 

The information we ask for is used to assess your suitability for employment.  You don’t have to provide what we ask for but it might affect your application if you do not.  

 Advertised positions 

We ask you to send us a current CV and a covering letter which will include your personal details including name and contact details, as well as your previous experience, education, referees, and any other information relevant to the role you have applied for.   

 Shortlisting 

The relevant head of department will shortlist applications for interview.  They will receive all information supplied at that time. 

You may be required to provide:  

  • Proof of your identity – you will be asked to attend our office with original documents, we will take copies. 
  • Proof of your qualifications – you may be asked to attend our office with original documents, we will take copies. 
  • You may be asked to complete a criminal records declaration to declare any unspent convictions. 
  • We may contact your referees, using the details you provide in your application, directly to obtain references. 
  • We may ask you to complete a questionnaire about your health.  This is to establish your fitness to work as well as for your well-being whilst on our premises. 
  • If we make a final offer, we will also ask you for the following: 
  • Bank details – to process salary payments. 
  • Emergency contact details – so we know who to contact in case you have an emergency at work. 
  • Information for your inclusion in our pension scheme.  We use a third party for this scheme. 
  • Information for your optional inclusion in our private healthcare scheme, where you fit the eligibility criteria.  We use a third party for this scheme. 

 If you are unsuccessful following assessment for the position you have applied for, we may ask if you would like your details to be retained in our talent pool for a period of 24 months.  If you say yes, we would proactively contact you should any further suitable vacancies arise.  

 We will process this data because the processing is necessary for the performance of our mutually agreed contract. 

 In relation to the special category data we hold about you we will process this in accordance with Article 9(2)(b) of the GDPR, i.e. that the processing is necessary for the purposes of carrying out the obligations and exercising specific rights of Ashberry Healthcare or of the data subject in the field of employment and social security and social protection law in so far as it is authorised by Union or Member State law or a collective agreement pursuant to Member State law providing for appropriate safeguards for the fundamental rights and the interests of the data subject. 

 Where employment information is kept 

HR data is kept securely in electronic and hard copy files and accessed only by members of the senior management team. 

How long is the information retained for? 

If you are successful, the information you provide during the application process will be retained by us as part of your employee file for the duration of your employment/engagement plus 6 years following the end of your employment/engagement.  This includes your criminal records declaration, fitness to work, records of any security checks and references. 

 Information generated throughout the assessment process, for example interview notes, is retained by us for 6 months following the closure of the recruitment campaign. 

 Use of data processors 

Data processors are third parties who necessarily provide elements of our internal practices.  We have contracts in place with our data processors.  This means that they cannot do anything with your personal information unless we have instructed them to do it.  They will not share your personal information with any organisation apart from us.  They will hold it securely and retain it for the period we instruct. 

 Use of other third parties 

Some third parties with whom we share your data are data controllers in their own right in which case they will have their own retention periods.   

We have contracts with all third parties to ensure the security of your data that we share with them. 

 Using our website 

Usage Data 

We may collect information how the Service is accessed and used (“Usage Data”). This Usage Data may include information such as your computer’s Internet Protocol address (e.g. IP address), browser type, browser version, the pages of our Service that you visit, the time and date of your visit, the time spent on those pages, unique device identifiers and other diagnostic data. 

Ashberry Healthcare will retain Usage Data for internal analysis purposes. Usage Data is generally retained for a shorter period of time, except when this data is used to strengthen the security or to improve the functionality of our Service, or we are legally obligated to retain this data for longer time periods. 

Tracking & Cookies Data 

We use cookies and similar tracking technologies to track the activity on our Service and hold certain information. 

 Cookies are files with small amount of data which may include an anonymous unique identifier. Cookies are sent to your browser from a website and stored on your device. Tracking technologies also used are beacons, tags, and scripts to collect and track information and to improve and analyse our Service. 

 You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our Service. 

Examples of Cookies we use: 

  • Session Cookies. We use Session Cookies to operate our Service. 
  • Preference Cookies. We use Preference Cookies to remember your preferences and various settings. 
  • Security Cookies. We use Security Cookies for security purposes. 

 Analytics 

We may use third-party Service Providers to monitor and analyse the use of our Service. 

Google Analytics: Google Analytics is a web analytics service offered by Google that tracks and reports website traffic. Google uses the data collected to track and monitor the use of our Service. This data is shared with other Google services. Google may use the collected data to contextualize and personalize the ads of its own advertising network. You can opt-out of having made your activity on the Service available to Google Analytics by installing the Google Analytics opt-out browser add-on. The add-on prevents the Google Analytics JavaScript (ga.js, analytics.js, and dc.js) from sharing information with Google Analytics about visits activity.  

 For more information on the privacy practices of Google, please visit the Google Privacy & Terms web page: https://www.google.com/intl/en/policies/privacy/ 

 Ashberry Healthcare uses cookies and data analytics –  https://www.youronlinechoices.com/uk/ 

Google AdWords: Google AdWords remarketing service is provided by Google Inc. You can opt-out of Google Analytics for Display Advertising and customise the Google Display Network ads by visiting the Google Ads Settings page: https://www.google.com/settings/ads  

 Google also recommends installing the Google Analytics Opt-out Browser Add-on – https://tools.google.com/dlpage/gaoptout – for your web browser. 

 Google Analytics Opt-out Browser Add-on provides visitors with the ability to prevent their data from being collected and used by Google Analytics. 

 For more information on the privacy practices of Google, please visit the Google Privacy & Terms web page: https://www.google.com/intl/en/policies/privacy/ 

 Facebook: Facebook remarketing service is provided by Facebook Inc. You can learn more about interest-based advertising from Facebook by visiting this page: https://www.facebook.com/help/164968693837950  

 To opt-out from Facebook’s interest-based ads follow these instructions from Facebook: https://www.facebook.com/help/568137493302217 

 Facebook adheres to the Self-Regulatory Principles for Online Behavioural Advertising established by the Digital Advertising Alliance.  You can also opt-out from Facebook and other participating companies through the Digital Advertising Alliance in the USA https://www.aboutads.info/choices/, the Digital Advertising Alliance of Canada in Canada https://youradchoices.ca/ or the European Interactive Digital Advertising Alliance in Europe https://www.youronlinechoices.eu/, or opt-out using your mobile device settings. 

 For more information on the privacy practices of Facebook, please visit Facebook’s Data Policy: https://www.facebook.com/privacy/explanation 

 Others 

There may be other individuals with whom we do business and for whom we hold personal data, such as those who work for professional organisations and supplier companies.  We process this information in accordance with our obligations and contracts with those organisations.   

 Updating your personal information 

You can update your personal information at any time, and change your marketing preferences.  To do this please email us at DPO@Ashberry.net. 

Your Rights 

Under current UK data protection legislation, you have rights as an individual which you can exercise in relation to the information we hold about you. 

Individuals have the right to see the personal data held by Ashberry Healthcare (a subject access request).  Once the person requesting the information has been identified the request will be carried out within one calendar month in a clear and easy to read way.  There are numerous and various exemptions to this right and each request will be dealt with on a case by case basis. 

Individuals have the right to have their data rectified where it is incorrect or out of date.  Where a request for data rectification is made it will be dealt with in a similar way to a subject access request (SAR), i.e. within a strict time frame. 

 You also have the rights to (i) erasure and (ii) restriction and you can request that we remove your data or restrict the processing of it.  

Your right to object to the processing of your data is an absolute right which will be dealt with immediately unless there are compelling grounds for us to continue the processing where appropriate. 

You can read more about these rights here – https://ico.org.uk/for-the-public/is-my-information-being-handled-correctly/ 

Links To Other Sites 

Our  website may contain links to other sites that are not operated by us.  If you click on a third party link, you will be directed to that third party’s site.  We strongly advise you to review the privacy policy of every site you visit. 

We have no control over, and assume no responsibility for, the content, policies or practices of any third party sites or services.  

Children’s Privacy 

Our Service does not address anyone under the age of 18 (“Children”).  

We do not knowingly collect personally identifiable information from anyone under the age of 18.  If you are a parent or guardian and you are aware that your child has provided us with personal data, please contact us.  If we become aware that we have collected personal data from children without verification of parental consent, we will take steps to remove that information from our servers. 

This privacy policy was updated on 8th March 2019.  We reserve the right to update and alter this policy. 

Contact Us​ 

If you have any questions about this privacy policy, how we handle your data or wish to make a change to it, please contact us by email:  DPO@ashberry.net