The EU General Data Protection Regulation (“GDPR”) comes into force across the European Union on 25th May 2018 and brings with it the most significant changes to data protection law in two decades.
The new Regulation aims to standardise data protection laws and processing across the EU; affording individuals stronger, more consistent rights to access and control their personal information.
Personal Data is at the heart of GDPR, and Personal Data means any information that is clearly about a particular person, and could lead their identification.
SimpleNeeds is committed to ensuring the security and protection of the personal information that we process, and to provide a compliant and consistent approach to data protection. We have always had a robust and effective data protection program in place which complies with existing law and abides by the data protection principles. However, we recognise our obligations in updating and expanding this program to meet the demands of the GDPR and the UK’s Data Protection Bill.
SimpleNeeds is dedicated to safeguarding the personal information under our remit and in developing a data protection regime that is effective, fit for purpose and demonstrates an understanding of, and appreciation for the new Regulation.
SimpleNeeds already has a consistent level of data protection and security across our organisation, however it is our aim to be fully compliant with the GDPR by 25th May 2018.
SimpleNeeds is a small website, with low income, and therefore limited resources available to deal with GDPR. We cannot afford lawyers and an off-the-shelf Statement seems inappropriate.
The Information Commission's Office (ICO) has produced a series of publications as guidance to compliance with GDPR, one of which is the Controllers Checklist. We have decided use this as the basis for our Compliance Statement, by providing a response to each and every item in the checklist. This ensures all points are covered and you the reader know what question we are answering.
The ICO's Controllers checklist consists of 4 steps, and each is listed below with our responses.
The ICO's Controllers checklist is designed to help a Controller assess high level compliance with data protection legislation. It covers the rights of individuals, handling requests for personal data, consent, data breaches, and data protection impact assessments under the General Data Protection Regulations.
When you place an Advert on SimpleNeeds we ask for your email address, name, and postcode and then details of the care setting .
Your email address is never shown to anyone.
Your name is shown only in email enquires and replies, to help distinguish from others. Client Adverts display only the first part of the postcode and the village/district/town, without road name. Carer Adverts display the whole postcode and associated partial address, which includes road name. Your data is held in a secure professional data centre.
We collect information relating to your visits, for example searches conducted, adverts looked at, and enquiries made.
We collect information relating to your computer at the time of your visit, for example browser type and version.
Our Cookie policy is that we use them only to recognise a repeat visit and welcome an individual by name.
We use Google Analytics for performance analysis of SimpleNeeds, and Google AdSense to show Google Ads on SimpleNeeds.
We do not share any of your personal data with any 3rd party.
We share Testimonial comments with Facebook and Google. Testimonial comments are not deemed to be personal data.
We are opting for the 'legitimate interests’ basis.
ICO offers this advice: Legitimate interests is most likely to be an appropriate basis where you use data in ways that people would reasonably expect and that have a minimal privacy impact.
There is a three-part test that ICO recommend:
Purpose test: are you pursuing a legitimate interest? Yes, SimpleNeeds offers a legitimate and socially useful introductory service.
Necessity test: is the processing necessary for that purpose? Yes, without processing there would be no service.
Balancing test: do the individual’s interests override the legitimate interest? No, the individual is informed of all uses of their data, and there should be no surprises.
SimpleNeeds offers a simple service connecting Carers and Clients with data exchange limited to postcode and name.Individuals registering for and using the service are deemed to provide consent.
Not applicable
In the very rare event that Officials from Social Services or Police request information, then subject to appropriate identification of the Official, and subject to Legal advice, information may be provided.
We are registered under the Data Protection Act 1998, Registration Number: Z229825X
Our Privacy Statement is published on this website.
All Personal Data is accessible to individuals to change as required.
When an Individual requests cancellation or removal, our policy is to cease all processing, and remove the data from public view, but to retain the data for a period of 1 year, then securely archive the data indefinitely.
When an Individual requests restriction, our policy is to cease all processing, and remove the data from public view, but to retain the data for a period of 1 year.
We make no provision for individuals to move, copy or transfer their personal data from one IT environment to another in a safe and secure way, without hindrance to usability. In the event of such a request we would offer the data securely offline.
When an Individual objects to the processing of their personal data, our policy is to cease all processing, and remove the data from public view, but to retain the data for a period of 1 year.
The GDPR defines profiling as any form of automated processing intended to evaluate certain personal aspects of an individual, in particular to analyse or predict their: performance at work; economic situation; health; personal preferences; reliability; behaviour; location; movements.
We do not engage in automated decision making or profiling, as defined by GDPR.
Data is held in a secure and robust Hosting environment, operated by one of the UK's leading providers. Web traffic between the website and individuals uses encrypted https protocols. We regularly review our procedures.
We have a contract with our Processor Hosting provider.
We operate in the Social Care space where users are particularly vulnerable. Carers are often lone workers, and Clients are often isolated and elderly. We are continually mindful of the information risks that prevail.
To the extent that this is possible we are compliant in this regard.
Adequate DPIA processes are in place.
We have nominated a data protection lead.
Management is fully supportive.
Data is held in a secure and robust Hosting environment, operated by one of the UK's leading providers. Web traffic between the website and individual clients uses encrypted https protocols. We regularly review our procedures.
In the event of a data breach, we rely on notification by our Hosting Provider. Once notified, appropiate steps would be taken.
We have no circumstances under which this could occur.