The Police Rehabilitation Centre (PRC), is registered as a data controller with the ICO, registration number Z3180307. The PRC operates as a data controller in the delivery of rehabilitation services and in the operation of The PRC Lottery.
The PRC collects, stores and processes personal data from those that support, use or facilitate its services.
The General Data Protection Regulation (GDPR) is a new European framework for data protection laws. It gives individuals greater protection and rights and will give them more control over how their data is used.
This policy applies to information that The PRC collects about:
- Patients applying for treatment and/or have been treated by The PRC
- Professional contacts and suppliers of services to The PRC
- Job applicants
- PRC Staff
- Trustees (The PRC is a registered Charity)
- Subscribers to The PRC Lottery
- Complainants of services delivered by The PRC
- Visitors to The PRC website
- Individuals accessing (using) The PRC premises
The Data Protection Officer
The Police Rehabilitation Centre
Goring on Thames
2. The information we collect about you
The PRC collects and processes a range of personal data. Personal data is any information about an individual from which the individual can be identified
- If you are a patient we will hold information on name, address, telephone numbers, email address, title, date of birth, gender, previous names, vehicle registration, next of kin, your Police role, force, length of service, retirement date, dietary requirements, medical history, medical records, contact details for your doctor, consultant, or other healthcare professional. We may receive information about you from other sources such as your parent Police organisation, which we will add to the information which we already hold about you in order to help us provide the required services or comply with our legal and regulatory obligations
- If you are a supplier we will hold information on goods and services we source from you and account payment details
- for a job application we will hold information such as name, title, address, email address, telephone number, date of birth, gender, national insurance number, marital status and forms of identification.
- for work experience we will hold details of your school or college, personal details including name, address, telephone number and email address
- for staff members we will hold personal details including name, title, address, email address, telephone number, date of birth, gender, next of kin, bank details, remuneration including entitlements and deduction, tax status, national insurance number, marital status, details of leave and sickness, driving license, passport, details of disciplinary or grievance procedures and performance management records.
- for Trustees we will hold information such as name, title, address, email address, telephone number
- for individuals making donations we will hold personal details such as name and address, financial payment details and the amount donated for auditing purposes. This excludes regular pay roll or direct debit donors.
- If you are buying lottery tickets we will hold financial information including bank details and personal details such as name, address and phone number
- For complainants we will hold information such as name, title, address, email address, telephone number, your legal representatives contacts and details of your complaint
- For visitors to our website you are not required to register unless applying for The PRC Lottery. We collect users’ browsing actions and patterns. We do not identify individuals.
3. Data Protection Principles
The Centre complies with data protection law.
This means that the personal information the Centre holds about you must be:
- Used lawfully, fairly and in a transparent way
- Collected only for valid purposes that have been explained to you clearly and not used in any way that is incompatible with these purposes
- Relevant to the purposes we have described and limited to those purposes
- Accurate and kept up to date
- Retained only for such time as is necessary for the purposes for which it was collected
- Kept securely
4. Legal Basis for processing your data
Where we provide services to you or you make an application for treatment, apply for a job or you are a member of staff our legal basis for processing your data is contract.
We also have a legal and regulatory basis for holding some of your data. Details on individuals, sole traders or limited liability partnerships who are not current clients use consent.
- 5. Sensitive Personal Data
- We only collect sensitive information where legally required or as part of the recruitment or treatment process. This would be necessary to make provision and reasonable adjustments as an employer or healthcare facility. Sensitive information includes data relating to race or ethnic origin, political opinions, religious or other similar beliefs, trade union membership, physical or mental health, sexual life or criminal records.
6. How we will use the information about you
- Provide the treatment and rehabilitation services
- Process any application for employment
- Manage an employee contract
- Improve the quality of services we provide
- Enable payment to be taken or made
- Handle requests to 3rd parties to source additional information
- Maintain our records of your treatments for administrative purposes
- Assist with appropriate third parties performing investigations and/or enquiries when obliged to by statutory authority
- Comply with statutory and/or regulatory obligations
- To defend legal claims or prospective legal claims
7. Photos and CCTV
We use photographs to display and market the services, facilities and treatments we offer.
If you are present when photographs are being taken you will be asked for consent for photographs to be taken and used. You may withdraw your consent at any time by contacting the Data Protection Officer.
CCTV is in operation at The PRC for the purposes of crime prevention and safety of staff, patients and visitors. No images will be disclosed to a third party unless we have a legal obligation to do so.
8. Who we share your information with
We will only share information with third parties where necessary to conduct the services we provide. A list of the categories of processors we use can be seen below;
Data used for IT Support purposes
Data used to provide Patient Treatment
Data used for Payments processing
Data used for Payment processing for Direct Debit
Data to enable participation in a Lottery
Data required to provide Telecommunications services
Data required for providing and supporting IT services hosting
Data that describes the Wireless Network
Data that defines and operates Email services
Data required to Pension
Data to support On-line training
Data to enable the provision of and use of Childcare vouchers
Data to provide Occupational Health services
Data captured as part of patient/employee Surveys
Data required for our legal representatives or insurers
9. How we protect your information
We have put in place various security measures, including physical, technical and organisational, to protect your personal data from loss, misuse, alteration or destruction. Our security and privacy policies are regularly reviewed. All staff and suppliers handling your data are subject to policies and procedures designed to protect that data.
10. Overseas transfers
The information you provide will not be held or transferred outside the UK. We will take steps to ensure adequate protections are in place to ensure the security of your information wherever it is held and processed in the UK.
11. Access to your information, updating and correcting your information
You have the right to request details of the information that we hold about you. If you would like details of some or all of your personal information, please contact the Data Protection Officer.
You may ask us to remove information under the GDPR Right to Erasure by contacting the Data Protection Officer.
12. Data Retention
We will only retain your personal data for as long as required to deliver treatment and operate under other legal and regulatory obligations we are subject to. Different types of data will have different retention periods and this is detailed in the Data Retention Schedule (available on request).
Patient data may need to be held for the duration of the patient’s life other data will be retained for the period specified in the PRC Data Retention Schedule.
If you have a question about data retention contact the Data Protection Officer.
14. Links to other websites
15. Cookies usage and tracking technologies on www.flinthouse.co.uk
We may obtain information about your general internet usage by using a cookie file which is stored on the hard drive of your computer. Cookies contain information that is transferred to your computer’s hard drive. They help us to improve our site and to deliver a better and more personalised service. They enable us:
- To estimate our audience size and usage pattern
- To store information about your preferences whilst navigating our website and so allow us to customise our site according to your individual interests
- To speed up your searches
- To recognise you when you return to our site.
Most web browsers allow some control of most cookies through the browser settings. To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit www.allaboutcookies.org.
To opt out of being tracked by Google Analytics across all websites visit https://tools.google.com/dlpage.gaoptout.