ATHOME CARE GROUP LTD 

APPROPRIATE POLICY DOCUMENT - SPECIAL CATEGORY DATA 

  1. Introduction 

  1. AtHome Care Group Ltd processes special category data, as defined in Article 9 of the General Data Protection Regulation (GDPR). This data must be processed in accordance with the requirements of the Data Protection Legislation.  

For the purpose of this policy, Data Protection Legislation includes all applicable data protection and privacy legislation in force from time to time in the UK including, but not limited to, the UK GDPR; the Data Protection Act 2018 (and regulations made thereunder) (DPA 2018); and the Privacy and Electronic Communications Regulations 2003 as amended; or any successor legislation, and all other legislation and regulatory requirements in force from time to time which apply to a party relating to the use of personal data (including, without limitation, the privacy of electronic communications). 

  1. Some of the conditions for processing special category, as set out in DPA 2018 Schedule 1, require us to have an Appropriate Policy Document (APD) in place. The APD must set out and explain our procedures for securing compliance with the principles in Article 5 of the GDPR and our policies regarding the retention and erasure of such personal data. 

  1. The information in this policy supplements AtHome Care Group Ltd’s Data Protection Policy and also our privacy notices, the main one of which is on our website: www.athomecaregroup.co.uk 

  1. Purpose 

  1. This document explains our processing in relation to special category and satisfies the requirement to have an APD in place, as set out in Schedule 1, Part 4 of the DPA 2018. 

  1. Scope and status 

  1. This policy applies to all processing of special category, undertaken by or on behalf of AtHome Care Group Ltd, which is based on a condition in Schedule 1 of the DPA, which requires an APD. 

  1. Special category data is defined at Article 9 of the GDPR as personal data revealing:  

  • Racial or ethnic origin; 

  • Political opinions; 

  • Religious or philosophical beliefs; 

  • Trade union membership; 

  • Genetic data; 

  • Biometric data for the purpose of uniquely identifying a natural person; 

  • Mental or physical disability; 

  • Data concerning health; or 

  • Data concerning a natural person’s sex life or sexual orientation.  

  1. Conditions for processing 

  1. We process special categories of personal data as set out in our website privacy notice. 

  1. Compliance with the principles 

  1. Accountability principle 

We have put in place appropriate technical and organisational measures to meet the requirements of accountability. These include: 

  • taking a ‘data protection by design and default’ approach to our activities; 

  • maintaining documentation of our processing activities; 

  • adopting and implementing data protection policies and ensuring we have written contracts in place with our data processors; 

  • implementing appropriate security measures in relation to the personal data we process; and 

  • carrying out data protection impact assessments for our high-risk processing and where otherwise deemed helpful.  

We regularly review our accountability measures and update or amend them where required.  

  1. Principle (a): lawfulness, fairness and transparency 

We have put in place appropriate measures to ensure we meet this principle. These include: 

  • ensuring that we always meet relevant lawful basis/bases for processing, including at least one of the conditions in Schedule 1 of the DPA 2018, where required (please refer to the table below); 

  • providing clear and transparent information about why we process personal data including our lawful basis for processing in our privacy notices; and setting out our main processing activities in our website privacy notice. 

Principle (b): purpose limitation 

Our purposes for processing are set out in our website privacy notice. We will not process personal data for purposes incompatible with the original purpose it was collected for. 

  1. Principle (c): data minimisation 

We collect personal data necessary for the relevant purposes and ensure it is not excessive. The information we process is necessary for and proportionate to our purposes. Where personal data is provided to us or obtained by us, but is not relevant to our stated purposes, we will erase it.  

  1. Principle (d): accuracy 

Where we become aware that personal data is inaccurate or out of date, having regard to the purpose for which it is being processed, we will take every reasonable step to ensure that data is erased or rectified without delay. If we decide not to either erase or rectify it, for example because the lawful basis we rely on to process the data means these rights don’t apply, we will document our decision. 

  1. Principle (e): storage limitation 

All special category data processed by us is retained for the periods set out in our retention schedules. Where bespoke retention schedules have been created for AtHome Care Group, the retention periods for this data are based on our business needs, best practice and/or legal obligations. Our retention schedules are reviewed regularly and updated when necessary. 

  1. Principle (f): integrity and confidentiality (security) 

Electronic information is processed within our secure network. Hard copy information is processed in line with appropriate security procedures. Both our electronic systems and physical storage have appropriate access controls applied. The systems we use to process personal data allow us to erase or update personal data at any point in time, where required. 

  1. Retention policies 

Our retention policies are available via our website in our website privacy policy. 

  1. APD review 

This policy will be reviewed in line with the review procedures for AtHome Care Group Ltd’s Data Protection Policy. It may be revised more frequently if necessary. 

This Appropriate Policy Document has been approved and authorised by: 

Name: 

L Lewis 

Position: 

Director  

Date: 

September 2022 

Due for Review by: 

September 2023