The eight principles of the Act require that personal information must: 

• be processed fairly and lawfully
• not be used for a purpose for which it was not collected
• be adequate, relevant and not excessive for the purpose
• be accurate and up-to-date
• not be kept longer than necessary
• be processed in accordance with the data subject's rights
• be kept secure and protected from unauthorised processing, loss or destruction
• be transferred only to those countries outside the European Economic Area that provide adequate protection for personal information.

In order to meet the requirements of the eight principles Seaton Hall Residential Home will:

·         fully observe conditions regarding the fair collection and use of information

·         meet its legal obligations to specify the purposes for which information is used

·         collect and process appropriate information, and only to the extent that it is needed to fulfil operational needs or to comply with any legal requirements

·         ensure the quality of the information used

·         hold personal information on Seaton Hall Residential Home systems for as long as is necessary for the relevant purpose, or as long as is set out in any relevant contract held with Seaton Hall Residential Home or Seaton Hall Residential Home's Archiving, Disposal and Storing of Records Policy and Procedures (this is the policy that defines which documents should be kept and for how long)

·         ensure that the rights of people about whom information is held can be fully exercised under the Act. These include:

o   The right to be informed that processing is being undertaken

o   The data subject's right of access to their personal information

o   The right to prevent processing in certain circumstances

o   The right to correct, rectify, block or erase information which is regarded as wrong information

·         take appropriate technical and organisational security measures to safeguard personal information and

·         ensure that personal information is not transferred outside the European Economic Area (EEA), without suitable safeguards. 

Seaton Hall Residential Home’s responsibilities for data protection 

Seaton Hall Residential Home will ensure that there is someone with specific responsibility for the protection of data and confidential information in the home. 

The nominated person is the Data Protection Officer whose contact details are:

Mrs Wendy Dick - Manager

Seaton Hall Residential Home

10 The Green

Seaton Carew

Hartlepool

TS25 1AS

Email: seatonhall@yahoo.co.uk 

Data Storage

These rules describe how and where data should be safely stored.

When data is stored on paper:

• It should be kept in a secure place where unauthorised people cannot see it.
• When not required, the paper or files should be kept in a locked drawer, filing cabinet or in a secure filing room.
• Employees should make sure that paper and printouts are not left where unauthorised people can see them, like on a printer.
• Data printouts should be shredded and disposed of securely when no longer required

When data is stored electronically:

• It must be protected from unauthorised access, accidental deletion and malicious hacking attempts.
• If data is stored on removable media, Compact Disc, Digital Video Disc, Memory Stick or other form of detachable storage should be kept locked away securely when not in use.
• Data should only be stored on designated drives and servers.
• Data should only be uploaded through approved computing services
• Servers containing personal data should be sited in a secure location
• Data should be backed-up and tested monthly
• Data should never be saved directly to laptops, tablets, smart phones or other mobile devices
• All servers and computers containing data should be protected by approved security software and a firewall.

Data Use

Personal data is of no use to the home unless the business can make use of it. However, it is when personal data is accessed and used that it can be at greatest risk of loss, corruption and theft, consequently:

• When working with personal data, employees should ensure that the computer screen is locked when left unattended.
• Personal data should not be shared informally. In particular, it should never be sent by email, as this form of communication is insecure.
• Data must be encrypted before being transferred electronically, via the Anycomsᶧ system for example.
• Employees should not save copies of personal data to their own computers or other mobile devices.

Data Accuracy

The law requires Seaton Hall Residential Home to take reasonable steps to ensure data is kept accurate and up to date. The more important the data, the greater the effort will be required, to keep said data accurate and up to date.

It is the responsibility of all employees who work with data to take reasonable steps to ensure it remains accurate and up to date.

Data is to be stored in as few places as necessary. There is no requirement for additional copies of personal data other than the copies needed to perform your job function

Subject Access Requests

All individuals who are the subject of personal data held by Seaton Hall Residential Home are entitled to:

• Ask what information the home holds about them and why.
• Ask how to gain access to it
• Be informed how the home keeps it up to date
• Be informed how the home is meeting its data protection obligations

Only the Data Processing Officer is authorised to release this information and will always insist on verifying the identity of anyone making a Subject Access Request, before handing over any information

Disclosing data for other reasons

In certain circumstances, the Data Protection Act allows personal to be disclosed to law enforcement agencies without consent from the data subject.

Under these circumstances, Seaton Hall Residential Home will disclose requested data. However, the Data Protection Officer will have to ensure that the request is legitimate, and that the Service Provider supports such action.

Providing Information

Seaton Hall Residential Home aims to ensure that individuals are aware that their data is being processed, and that they understand:

• How the data is being used
• How to exercise their rights of confidentiality for said data

Declaration

This Policy is subject to regular review, at least annually or shorter period when/if amendments to the policy are required or should the Data Protection Officer change.