For collecting data covered by The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) the Data Controller is Care Control Systems.
Information We May Collect from You
We may collect and process the following data about you:
Information that you provide by filling in an enquiry form on our site. We will use this information to send answers to your enquiries only. We may also ask for further information if you are reporting problems with our website. This will be stored: on our email system. You have the right to withdraw consent at any time by asking us to delete these emails.
Information that you provide by registering to use our site, subscribing to our service, posting material or requesting further services. This will be stored: on the WordPress database, or mailing list. You have the right to withdraw consent at any time by deleting your account.
Details of transactions you carry out through our site and of the fulfilment of your orders. This will be stored: on the WordPress database and our email system. You have the right to withdraw consent at any time, deleting your account will leave the order in place but your contact details will be deleted.
If you contact us by email, we will keep a record of that correspondence. This will be stored: on our email system. You have the right to withdraw consent at any time by asking us to delete these mails.
We may collect information about your computer, including where available your IP address, operating system and browser type, for system administration and to report aggregate information to our advertisers. This is statistical data about our users’ browsing actions and patterns and does not identify any individual.
Where We Store Your Personal Data
All information you provide to us is stored on our servers (see above: Information we may collect from you). Any payment transactions will be encrypted using SSL technology, and processed by an external payment processor i.e. PayPal, Stripe or other. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our site, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
Uses Made of the Information
We use information held about you in the following ways:
- To reply to your enquiries.
- To provide you with information, products or services that you request from us or which we feel may interest you, where you have consented to be contacted for such purposes.
- To allow you to participate in interactive features of our service, when you choose to do so.
If you are an existing customer, we will contact you by phone, e-mail or SMS with information about goods and services like those which were the subject of a previous sale to you. You have the right to withdraw consent at any time.
Disclosure of Your Information
We may disclose your personal information to members of our company, which means our parent company, its subsidiaries and colleagues where appropriate.
You have the right to ask us not to process your personal data for marketing purposes. We will inform you (before collecting your data) if we intend to use your data for such purposes or if we intend to disclose your information to any third party for such purposes. You can exercise your right to prevent such processing by checking certain boxes on the forms we use to collect your data. You can also exercise the right at any time by contacting us using our usual methods.
Our site may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
If you believe that we have done something wrong by not complying with GDPR please contact us in the first instance to make a complaint for which we aim to resolve. Should you not be happy with this resolution, you do have the right to lodge a complaint with the supervisory authority, the Information Commissioner’s Office.
Access to Information
GDPR gives you the right to access information held about you. Your right of access can be exercised in accordance with the Act. Any access request may be subject to a fee of £5 to meet our costs in providing you with details of the information we hold about you.
Phone Recording Policy
This policy outlines Care Control Systems LTDs call recording process. The purpose of call recording is to provide a record of incoming and outgoing calls which can: 1. Identify practice staff training needs 2. Protect practice staff from nuisance and abusive calls 3. Establish facts relating to incoming/outgoing calls made (e.g. complaints) 4. Identify any issues in Care Control’s processes with a view to improving them.
The purpose of this policy is to ensure that call recording is managed in line with GDPR and Data retention requirements. This will generally involve the recording of telephone conversations which is subject to the Telecommunications Act 1984.
This policy applies to all Care Control Staff including any contracted or temporary workers. All calls via the telephone systems used by Care Control Systems will be recorded, including:
- All external incoming calls
- All external outgoing calls made by Care Control Staff
- All external call transfers
The recording will automatically stop when a Care Control staff member terminates the call.
Call playback and Monitoring
All call recordings will be undertaken by the Managing Director. Any playback of the recording will take place in a private setting and where applicable, staff members should be given the opportunity to listen to relevant recordings to receive feedback and developmental support.
All recordings will be stored securely by Care Controls phone providers 8 X 8. Access to these call recordings will be controlled by the Managing Director or in his absence Head of Operations .
The Data Protection Act allows access to information that is held about an individual and their personal data. This included recorded telephone calls.
Requests for copies of telephone conversations can be made under the Data Protection Act as a “Subject Access Request”. After assessing whether the information can be released, the requestor can be invited to Care Controls HQ to head the recording. The right to be forgotten does not override legal and compliance obligations.
Subject Access Request (SAR)
Subject Access Request (SAR) is a mechanism provided by data protection laws that allows individuals to request access to the personal data held about them by an organization.
To make a Subject Access Request to Care Control Systems, follow these steps:
- Contact the Human Resources department or Sally Brown who is responsible for handling SARs at Care Control Systems as our designated Data Protection Officer.
- Prepare your request: Compose a written request that clearly states that you are making a Subject Access Request. Include your full name, contact details, and any additional information that can help identify your records in our systems. It’s crucial to be as specific as possible about the data you are seeking access to, including relevant timeframes or specific categories of information.
- Submit your request: Send your SAR to the designated contact at Care Control Systems. You can typically do this through email or postal mail, depending on the contact information provided. If you choose email, ensure that your request is encrypted or sent through a secure channel to protect your personal information.
- Verification of identity: Care Control Systems may require you to verify your identity before processing your request. They may ask for additional information or documentation to confirm that you are the individual to whom the requested data relates. This step is crucial to prevent unauthorised access to personal information.
- Processing time: Under data protection laws, Care Control Systems has up to 30 days to respond. Care Control Systems will acknowledge your request promptly and provide an estimated response time, which will be no greater than 30 days.
- Data disclosure: Once your request is verified and processed, Care Control Systems will provide you with the requested personal data they hold about you. This can be in the form of a secure digital file.
- Review and follow-up: Upon receiving the data, review it carefully to ensure accuracy and completeness. If you have any concerns or questions about the information provided, you can contact Care Control Systems for clarification or further assistance.