Due to the nature of your employment, Aspens Charities Ltd hold some personal information about
you. This document explains why we have that information, how we use it, how we manage it and
how we protect it. It also sets out your rights relating to that information. This Privacy Statement
form will be held in your personal HR file.

What Personal Data do we hold?

Personal Data is any information relating to an identifiable person (you) who can be directly or
indirectly identified by using this information. We currently hold the following Personal Data about
you:

1. Name
2. Address
3. Photo identification
4. Personal email address
5. Personal telephone number – mobile and landline if both provided
6. Bank Account details
7. Next of Kin
a. Name
b. Contact telephone numbers – mobile and landline if both provided
8. National Insurance number
9. Health declaration
10. Information regarding any criminal convictions
11. Business email address
12. Business telephone number – mobile and landline if both provided
13. Supervisions and performance data

As part of Aspens' dedication to equal employment opportunities, we also request that all job
applicants complete an Equal Opportunities Form. The information within this form is categorised
as Special Category Data and therefore is processed differently. This includes data such as:

14. race;
15. ethnic origin;
16. politics;
17. religion;
18. trade union membership;
19. genetics;
20. biometrics (where used for ID purposes);
21. health;
22. sex life; or
23. sexual orientation

Where did we get your Personal Data from?
This data is provided by you through the application process to become an employee of Aspens.
Number 10 is obtained via the Disclosure and Barring Service (DBS). The DBS carries out
criminal record checks for specific positions, professions, employment, offices, works and licences
included in the Rehabilitation of Offenders Act 1974 (Exceptions) Order 1975 and those prescribed
in the Police Act 1997 (Criminal Records) regulations.

Numbers 11 & 12 are provided by Aspens once you are in post.

What is the legal basis and purpose of Aspens holding your Personal Data?
The Personal Data we hold and process is necessary for the performance of the employment
contract to which you are party.

What do we do with your Personal Data?
We use your data as set out in Numbers 1 to 10 to facilitate the following elements of your
employment contract;
 Payment of your salary
 Payment of your pension
 Payment of your National Insurance Contributions
 Aspens related business communication
 Contact protocols in the event of a personal emergency in which your next of kin must be
contacted and to meet our statutory obligations.

Information set out in Numbers 11 to 20 are anonymous and used for the purpose of statistical
submissions regarding Aspens workforce for the purpose of analysing the Care Sector. They are
not processed as Personal Identifiable Information and are not saved in your personal HR file.
Aspens data is categorised within our Information Assets Register. There are three categories of
data; Shared, Restricted and Confidential.

Shared information is data that is available to everyone working for Aspens.

Restricted information is data that maybe commercially, technically or otherwise sensitive and
therefore constrained to certain groups or individuals within Aspens.
Confidential information includes any data that contains personally identifiable information (PII)
and any other information that the Board wish to remain private.

All data that you have provided to Aspens is categorised as Confidential except;
1. Your name
11. Business email address
12. Business telephone number – mobile and landline if provided

Who else do we give access to your information and why?

Local authorities
Aspens provides the majority of our services to individuals who have been referred by Local
Authorities. To facilitate the delivery of these services, we may need to pass personal information
between Aspens and the Local Authorities but this will only include;
1. Your name
11. Business email address
12. Business telephone number – mobile and landline if provided

Business partners
Aspens payroll services are provided by a third party organisation called Firefly. To facilitate the
payment of salaries and all associated payments including pensions, national insurance and other
additional elements such as expenses, childcare vouchers, student loans etc. we provide them
with the following information;
1. Name
2. Address
4. Personal email address
5. Personal telephone number – mobile and landline if both provided
6. Bank Account details
7. Next of Kin
a. Name
b. Contact telephone numbers – mobile and landline if both provided
8. National Insurance number
11. Business email address
12. Business telephone number – mobile and landline if both provided

What we don’t do with your Personal Data
Aspens does not use your information for profiling or automated decision making.
Aspens does not transfer your information outside of the European Union.

How do we protect your information?
Aspens has a robust Information Security Policy to ensure that your information is kept safe both
in electronic files as well as hard copies. A copy of this and all other associated policies are
available for you to access at;

G:\Common\Policies & Procedures\GDPR

The review, understanding and implementation of these policies will also be part of the induction
process for all new members of staff, regardless of their position within the organisation.

The Personal Data we hold about you has been assessed using a Data Protection Impact Analysis
(DPIA). The DPIA is used to measure the potential risk of the personal information we hold
relating to your freedoms and rights as individuals and any potential impact if the information was
breached or lost. By completing the DPIA and subsequently categorising the data we hold within
Aspens’ Information Assets Register, Aspens has implemented appropriate and proportionate
measures to mitigate or lower those risks.

How long do we keep your Personal Data?
We will retain your information for the duration of your employment with Aspens, regularly checking
to ensure that it is accurate and up to date. Some of the data we will retain for a further 6 years
following the end of your employment due to our legal obligations. Bank account and next of kin
information will be deleted once you have received your final salary payment and when that
information is no longer required.

Information relating to Parental Leave will be held for 18 years from the birth of the child as, legally,
you can take this leave within the first 18 years of your child’s life. This information will be passed
to your new employer upon request.

What are your Personal Data rights?
If, at any point, you believe the Personal Data we hold on you is incorrect, you want us to correct
or delete that information, or you no longer want us to hold that information or contact you, you can
exercise your rights under the current Data Protection Laws. These rights include;

  • The right to be informed
  • The right of access
  • The right to rectification
  •  The right to erasure
  • The right to restrict processing
  • The right to data portability
  • The right to object
  • Rights in relation to automated decision making and profiling

Please note, these rights are not absolute and we may not be able to delete information that is
required to maintain our business purpose, to comply with relevant legislation or that is required to
facilitate your contract of employment.

Who do you contact if you have an issue with the Personal Data that we hold?
Natalie Spangenberg is the Data Protection Officer for Aspens Charities Ltd. She can be
contacted on the details below. All contact will be treated as confidential.

01424 773366 ext. 112
[email protected]

How do you make a complaint about how your Personal Data is being held or processed?

Please contact our Data Protection Officer in the first instance. They will investigate ensuring that
due process is followed as set out in our Complaints Policy and Procedures.

If you are not satisfied with the response or believe we are processing your data not in accordance
with the law, you can complain directly to the Information Commissioner’s Office on 0303 1231113
or follow the instructions on their website; https://ico.org.uk/concerns/

Restricted information is data that maybe commercially, technically or otherwise sensitive and
therefore constrained to certain groups or individuals within Aspens.

Confidential information includes any data that contains personally identifiable information (PII)
and any other information that the Board wish to remain private.

For more information
For more information regarding your Personal Data Rights, please visit the Information
Commissioner’s Office website: https://ico.org.uk/for-organisations/guide-to-the-general-dataprotection-regulation-gdpr/individual-rights/