skip to main content
COVID-19 Update from Father Hudsons Care

Privacy Notice

This document is about your data. It describes what we may do with your data, why we need your data and your rights under the General Data Protection Regulations (GDPR) of 2018.

Data Controller

Father Hudson’s Care is the ‘data controller’. Father Hudson’s Care determines the purposes and means of processing personal data.

Father Hudson’s Care is a working name of Father Hudson’s Society. It is a company, registered in England and Wales under number 1653388. It is also a charity, registered with the Charity Commission under number 512992. The contact details are below.

Father Hudson’s Care
St George’s House
Gerards Way
Coleshill
Birmingham B46 3FG

Telephone: 01675 434000

Email: dpo@fatherhudsons.org.uk

Website: www.fatherhudsons.org.uk

Data Protection Officer

Father Hudson’s Care has nominated a member of staff to be its Data Protection Officer. This person knows about data protection and ensures the regulations are followed. The name of the Data Protection Officer is Andy Quinn. He can be contacted by the Information Commissioner or members of the public at Father Hudson’s Care using the details above.

Data Processing

This means collecting, recording, organising, altering, storing or using personal data.

Why does Father Hudson’s Care process data?

Father Hudson’s Care processes personal data only when it has a lawful basis. These bases are:

  • Consent. Sometimes an individual will give clear consent for us to process their personal data for a specific purpose. This will include people who have allowed us to use their photograph on one of our leaflets.
  • Contract. We may need to process data to carry out a contract. This will include an employment contract or a contract to provide a service.
  • Legal obligation. We may have to keep data on people to comply with the law. This includes keeping records of former employees for a set period of time.
  • Vital interests. We care for vulnerable people. In some instances keeping details such as medical records is necessary to protect someone’s life.
  • Public task. Processing may be necessary for us to perform a task that has a clear basis in law and is in the public interest. An example of this is our work providing foster carers.
  • Legitimate interests. Father Hudson’s Care supports people in their time of need and relies on data for its daily operation. An example of this is data on individual donors, who support the charity financially. Writing to supporters raises funds for vital work.

Father Hudson’s Care aims to ensure the data we have about individuals is accurate and not excessive.

Special categories of personal data

Some personal information can be especially sensitive. Examples include biometrics, ethnicity, genetics, health, political views, race, religion, sex life, sexual orientation and trade union membership. We will only process such data if we have one of the six legal bases listed above or:

  • Where this data is manifestly made public by the individual.
  • Where it is necessary for a legal claim or judicial procedure.
  • Where it is needed on medical grounds, including occupational health.
  • Where a reasonable level of archiving is necessary to enable scientific or historical research in the public interest.

Transfers to third countries

Most of the work of Father Hudson’s Care’s is in England. We also have supporters in Wales, Scotland, Northern Ireland and the Republic of Ireland, where the GDPR applies. We have historic links with Australia and Canada. Transfers to these countries are infrequent and concern relatively few individuals.

For how long will we keep your data?

Your data will be deleted or disposed of securely when we no longer have a legal basis to hold it. We have set retention periods for certain types of data.

  • Application forms where the candidate is unsuccessful: delete after six months.
  • Employee files and payroll information: delete six years after the employee leaves Father Hudson’s Care.
  • Pensions: delete ten years after the death of the pensioner, or ten years after the death of a spouse who may receive the pension.
  • Accident books: destroy 25 years after the last entry.
  • Creditors, debtors and staff or volunteer expenses: destroy six years after the end of the financial year to which these matters relate.
  • CCTV: destroy four weeks from the date recorded, unless needed as evidence in an investigation or as required by the Care Quality Commission.
  • Royal Mail special and recorded delivery information: destroy after one year.
  • Unsuccessful tenders: destroy two years after procurement.
  • Building contracts and leases: destroy six years from the end of the contract or lease, or at the end of warranties if they are longer in specific circumstances.

Your rights

You have eight rights under the GDPR. Father Hudson’s Care respects your rights.

The right to be informed

You have the right to be informed about the collection and use of their personal data. This document forms part of that information. We will provide specific information when we collect personal data from an individual.

The right of access

You have the right to obtain access to the personal data we hold on you. Unless your request is manifestly unfounded or excessive, we will provide this data free of charge within a month of your request. The data will be in an accessible format (see ‘the right to data portability’ below). Please contact the manager of your service in the first instance. If you are not satisfied with their response, please contact the Data Protection Officer.

The right to rectification

If the data we hold about you is incorrect or incomplete, please let us know – verbally or in writing – and we will correct it or complete it within one month. Please contact the manager of your service in the first instance. If you are not satisfied with their response, please contact the Data Protection Officer.

The right to erasure

If you wish to be ‘forgotten’ we will delete your data within one month of asking. Please contact the Data Protection Officer. If your request is manifestly unfounded or excessive, we may charge a reasonable fee for this request. We may refuse your request if:

  • We need your data to exercise the right of freedom of expression and information.
  • We need your data to comply with a legal obligation or for the establishment, exercise or defence of legal claims.
  • We need your data to perform a task carried out in the public interest or in the exercise of official authority.
  • Archiving your data is in the public interest, to benefit scientific or historical research or for statistical purposes.
  • We need your data for public health purposes in the public interest.
  • Health professionals working for Father Hudson’s Care need your data for the purposes of preventative or occupational medicine.

The right to restrict processing

In some cases, you may wish us to keep hold of your data but not to use it in certain ways. For example, you may allow us to keep your photograph, but not to post it on our website. Or you may allow us to keep your address details, but not send you our newsletter. These are just two examples. If you want us to restrict processing, please contact the Data Protection Officer.

The right to data portability

With electronically stored personal data that you have provided with consent, or personal data needed to carry out a contract, we will ensure the data can easily be transferred to you or a third party when required. We will send the data in a format (such as Word or PDF) that can be read by almost all computers, without the need for a particular software package.

The right to object

You have the right to object to your data being used for any of the following:

  • Processing that is in the legitimate interests of Father Hudson’s Care.
  • Performance of a task in the public interest.
  • Direct marketing.
  • Processing for purposes of statistical, scientific or historical research.

Please contact the Data Protection Officer.

Rights in relation to automated decision making and profiling

Some organisations use computer algorithms to make decisions or assumptions about people. If we ever do this we will let you know and you will be able to challenge the decision or refute the assumption with a human being. Please contact the Data Protection Officer.

Sources of data

In most cases, when we have your data it is because you have given it to us. In these cases we will inform you of your rights when the data is obtained.

In some cases, we may have received your data from other sources. In these cases we will inform you of your rights when we are first in contact.

The data we have

We keep the data of a variety of people for the reasons listed earlier. These people include:

  • Contacts at companies, trusts and other supporting organisations.
  • Contacts at companies that do business with Father Hudson’s Care.
  • Contacts at partner organisations.
  • Foster carers.
  • Members of the public who make enquiries.
  • Members of staff, past and present.
  • Parish priests and other clergy in the Archdiocese.
  • People who apply for our jobs.
  • People who access our services.
  • Residents and former residents of our homes.
  • Supporters of our work.
  • Teachers at Catholic schools in the Archdiocese of Birmingham.
  • Tenants of our domiciliary care programme.
  • Volunteers, past and present.

The data we keep on individuals will vary from person to person. We take strides to ensure this information is accurate and not excessive. The data may include:

  • Name, address, telephone number and e-mail address.
  • Qualifications and work experience, for staff, volunteers and job applicants.
  • Medical notes, for staff, volunteers, residents and people who access our services.
  • Financial details, for people who give or receive money from us.
  • Interests and life stories, for people we look after.

Data storage

We will store your data securely in locked cabinets and password-protected computers. Members of staff will have access to your data on a need-to-know basis. If we transfer your data, we will encrypt it. When there remains no justification to keep your data, we will delete it from our computers and shred any paper copies.