Data Privacy Notice for Support Workers - Freelancer

 

Contact details

 

Data controller: Onyx Student Support Ltd, 2 Demswell, Northampton, NN6 9BL

Email: datagovernance@onyxstudents.com

 

Data protection officer: Angela Sargeant, 2 Demswell, Northampton, NN6 9BL

Email: datagovernance@onyxstudents.com / angela@onyxstudents.com

​

Purpose of processing and lawful basis

 

Purpose - Processing of personal data is required to:

 

• Determine the correct level of education and governance,

• Match and allocated support worker to student,

• Keep track of the support the support worker delivers to the student/s

• Initiate administration services such as payroll

​

Lawful Basis for processing:

​

Personal Data – Contract and Legal Obligation.

​

Processing of personal data is necessary for the performance of a contract with the support worker and necessary for us to comply with laws of the land.

​

Reference - Contract | ICO Legal Obligation | ICO

​

Special Category Data – Explicit Consent or, Employment and Social Security and Social Protection Law.

​

Data Subject has given explicit consent to the processing of personal data for a specified purpose or, it is necessary to process the personal data in order to carry out obligations and exercise specific rights regarding employment, social security and social protection laws.

​

Reference: Special Category Date | ICO

​

Criminal Convictions/Offences – Consent or, Legal Obligation.

​

Explicit consent has been given to process the data for a specific purpose or, it is necessary to process the personal data in order to comply with the law.

​

Reference: Criminal Offence Data | ICO

​

Data Source

​

References are provided to us by other parties. Referee details are provided to us by the support worker. All other personal data we hold is provided directly by the support worker (data subject). No personal data comes from publicly accessible sources.

​

The Personal Data we Hold

Support Workers Personal Data includes:

• Name

• Address

• Phone number

• Email address

• Education details

• Employment details

• Training Details

• Professional body registration details

• Identification documents

• Bank account details

• ID photograph

• Date of birth

• Gender details

• References

• Emergency contact details

• Information concerning the work the support worker has provided

 

Support Workers Special Category Data includes:

​

Under the Data Protection Act 2018 we do not currently process special category data about the support worker. However, as a precaution we classify, ID documents as Special Category Data.

 

Disability and health information on occasions is divulged to Onyx by the support worker. Onyx does not process this information.

​

Sharing Data

 

Personal data is shared with:

• The support workers allocated student (support worker contacts student initially with their names and contact details, email/telephone)

• The higher education provider (with consent)

• The students funding body

• HMRC at their request

• The Department of Education if we are audited by them

 

Sharing involves only what is necessary

 

Sharing to Third Countries

We do not transfer your data outside of the UK

​

Retention Periods

Personal Data is retained no longer than necessary regarding the purposes for which it was obtained. The purpose includes the purpose of satisfying any legal, accounting, or other reporting requirements. The retention period is dependent on the type of data therefore, some personal data will be retained for longer periods than others.

​

Example:

​

Support worker (freelancer) notifies us of their leave. Support workers contact details is deleted after 1 year from their exit date. Accounting records – Including remittance advice, will be kept for 6 years from their exit date, in accordance with the laws of the land HMRC.

​

At the end of the retention period the support workers data is deleted.

​

Deleted data will remain on our data backup system for a period of 30 days from the date of deletion.

​

Subject Rights

All processing will be in line with your rights. Your rights are:

• The right to be informed

• The right of access

• The right to rectification

• The right to erasure

• The right to restrict processing

• The right to data portability

• The right to object

• Rights in relation to automated decision making and profiling

• The right to withdraw consent

​

Should the support worker wish to exercise any of their rights listed above, please contact our Data Protection Officer (details at the top of this notice).

 

Complaints

The support worker has a right to make a complaint to the Information Commissioners Office (ICO), if they are unhappy or if they believe Onyx is processing their data unlawfully. In these instances the support worker can contact the ICO using the contact details below:

 

Contact details:

0303 123 1113

casework@ico.org.uk

​

Automated Decision Making

Onyx does not use any automated decision-making process.

 

Consequences of Failing to Provide Personal Data

 

Without the required personal data Onyx will not be able to fulfil our legal and contractual obligations.

​

Data Security 

​

Appropriate security measures are in place to protect personal data from being compromised. Issues that could compromise data include but are not limited to, accidental loss, unauthorised access, unauthorised use, or disclosure. 

​

All of our systems and personal data are diligently managed by an IT management service provider. 

​

Permissions are in place to ensure only those who need to know can gain access to information. 

​

Data protection training including cyber security and confidentiality training, is provided to all staff annually and when additional education is deemed necessary. 

​

Procedures are in place to deal with suspected data breaches. The procedures involve notifying data subjects and the regulating body when required to do so legally.