Health Care Agency

---

This privacy notice explains how and why the Advisory, Conciliation and Arbitration Service processes your personal data under the General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

It tells you what Lite Care Ltd may do with your personal information when you contact us or use one of our services.

If you have a query about this privacy notice, please contact our data protection officer by emailing info@litecare.co.uk

Most of the personal information we process is provided to us directly by 

you when you:

• make a complaint or enquiry
• make an information request (under the Freedom of Information Act, the Environmental Information Regulations or the Data Protection Act)
• subscribe to email updates
• apply for a job with us

What we collect about you and how we do this depends on:

• what system you use
• how much personal data we need to provide these services

If you call our helpline, the number you use to call will be automatically recorded and kept by us for up to 18 months. After this it will be deleted from our helpline database.

We keep your phone number for this period to help us distinguish your call from others. This means we can monitor how many helpline calls we get and what they're about.

Your call to our helpline may be recorded and used:

• for training purposes – you'll be told this by automated voice message before you speak to a helpline adviser
• by a Lite Care Ltd staff to check that our wider services meet our customers' needs – the recording will be anonymized so staff will not know who made the call

We keep recordings for 30 days, after which they're deleted.

You may ask for more information to be sent to you or for your call to be referred back to you. If so, the helpline may pass on relevant personal details about you to our officers who will then process this for you. These details include your name, contact details, and details about your workplace.

• In this Section  we have summarized the rights that you have under data protection law. Some of the rights are complex, and not all of the details have been included in our summaries. Accordingly, you should read the relevant laws and guidance from the regulatory authorities for a full explanation of these rights.
• Your principal rights under data protection law are: 
  • The right to access;
  • The right to rectification;
  • The right to erasure;
  • The right to restrict processing;
  • The right to object to processing;
  • The right to data portability;
  • The right to complain to a supervisory authority; and
  • The right to withdraw consent.
• You have the right to confirmation as to whether or not we process your personal data and, where we do, access to the personal data, together with certain additional information. That additional information includes details of the purposes of the processing, the categories of personal data concerned and the recipients of the personal data. Providing the rights and freedoms of others are not affected, we will supply to you a copy of your personal data. The first copy will be provided free of charge, but additional copies may be subject to a reasonable fee.
• You have the right to have any inaccurate personal data about you rectified and, taking into account the purposes of the processing, to have any incomplete personal data about you completed.
• In some circumstances you have the right to the erasure of your personal data without undue delay. Those circumstances include: the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed; you withdraw consent to consent-based processing; you object to the processing under certain rules of applicable data protection law; the processing is for direct marketing purposes; and the personal data have been unlawfully processed. However, there are exclusions of the right to erasure. The general exclusions include where processing is necessary: for exercising the right of freedom of expression and information; for compliance with a legal obligation; or for the establishment, exercise or defence of legal claims. 

We're committed to the confidentiality and privacy of our users. Any personal information you give us will be held securely. It will not be sold or traded to another organization or company.

We may sometimes need to share information with government departments, the emergency services, law enforcement agencies, and public authorities (such as the Employment Tribunals Service).

If we share personal data with an external company or service we employ as part of our work, we make sure:

• it will be held securely
• they'll only use it to provide the services or information you've asked for

We protect the information you give us using physical, electronic and management procedures on use of personal data. Industry-standard secure sockets layer (SSL) encryption is used on web pages where we collect personal information electronically.

We manage risks around use of personal data using the Steps to Cyber Security' framework, managed by The National Cyber Security Centre (a part of the government). Security of our information technology  systems are evaluated using Her Majesty's Government (HMG) Security Policy Framework.

Customer, claimant and respondent data is held in a government secure data centre in the UK. Back-up services are also provided in a separate government secure data centre in the UK.

Under data protection law, we must have a legal basis to collect, store and use your personal data. If we also use sensitive personal data, we need a second legal basis.

The legal basis for processing most of the personal data we use is that it's necessary:

• to perform a task in the public interest
• in the exercise of our legal duties
• when you have given consent
• when we make a contract with you
• to protect your (or someone else's) interests
• to protect our legitimate corporate interests (to develop our products or services and grow our business)

You may have a right to request:

• a copy of the information that Lite Care Ltd holds about you ('subject access request' (SAR) in the UK GDPR)
• that anything inaccurate in your personal data is corrected ('rectification' in the UK GDPR)
• that we remove your personal data ('right to erasure' in the UK GDPR)
• that we use your personal data only in specific circumstances ('restriction' in the UK GDPR)
• that we stop processing your personal data ('object' in the UK GDPR)
• to get your personal data so you can reuse it across different services ('data portability' in the UK GDPR)

You may also have rights in relation to automated decision-making and profiling.