top of page

GDPR Statement

GDPR Statement

Aurum Home Care Ltd
Effective Date: 20/11/24
Review Date: 20/11/25

​

1. Purpose

Aurum Home Care Ltd (the “Company”) is committed to protecting the personal data of its clients, employees, and other stakeholders. This policy outlines how the Company complies with the General Data Protection Regulation (GDPR) (EU Regulation 2016/679), Data Protection (Jersey) Law 2018, and any other applicable legislation.

 

2. Scope

This policy applies to all personal data processed by Aurum Home Care Ltd, including data related to clients, employees, suppliers, and other stakeholders. It covers all forms of data processing, whether manual or automated.

 

3. Definitions

  • Personal Data: Any information relating to an identified or identifiable natural person.

  • Data Subject: The individual to whom the personal data relates (e.g., clients and employees).

  • Processing: Any operation performed on personal data, such as collection, storage, and sharing.

  • Data Controller: Aurum Home Care Ltd, responsible for determining the purposes and means of processing personal data.

 

4. Data Protection Principles

Aurum Home Care Ltd is committed to processing personal data in accordance with the following principles:

  1. Lawfulness, Fairness, and Transparency: Personal data must be processed lawfully, fairly, and transparently.

  2. Purpose Limitation: Data will only be collected for specified, explicit, and legitimate purposes.

  3. Data Minimisation: Only the necessary data will be collected and processed.

  4. Accuracy: All personal data must be accurate and up to date.

  5. Storage Limitation: Personal data will not be retained longer than necessary.

  6. Integrity and Confidentiality: Appropriate security measures will be applied to prevent unauthorized access or breaches.

 

5. Responsibilities

  • Management: Responsible for ensuring compliance with this policy and providing necessary resources.

  • Data Protection Officer (DPO): Appointed to oversee GDPR compliance and handle data-related inquiries. [Insert DPO Name/Contact Details if applicable].

  • Employees: Must follow this policy and report any data breaches or concerns.

 

6. Legal Basis for Processing Personal Data

The Company processes personal data based on one or more of the following legal grounds:

  • Consent obtained from the data subject (e.g., clients’ consent for care plans).

  • Performance of a contract (e.g., employment contracts).

  • Compliance with legal obligations (e.g., regulatory requirements).

  • Legitimate interests pursued by the Company, provided they do not override the rights of data subjects.

 

7. Client Data Processing

Aurum Home Care Ltd collects and processes clients' personal data, including:

  • Name, contact details, and next of kin information.

  • Medical history, care requirements, and preferences.

  • Financial details for billing purposes.

Purpose: To deliver high-quality home care services tailored to clients' needs.

Retention: Client data will be retained for [insert timeframe] after the cessation of services, in line with legal and regulatory requirements.

 

8. Data Subject Rights

Clients, employees, and other data subjects have the following rights under GDPR:

  1. Right to Access: Request access to their personal data.

  2. Right to Rectification: Request corrections to inaccurate or incomplete data.

  3. Right to Erasure: Request deletion of personal data where applicable.

  4. Right to Restrict Processing: Limit how their data is processed.

  5. Right to Data Portability: Receive their data in a structured, commonly used format.

  6. Right to Object: Object to processing based on legitimate interests.

  7. Right to Lodge a Complaint: File a complaint with the Office of the Information Commissioner (Jersey).

Requests: Data subjects can submit requests in writing to Lynda Febers – Director Aurum Home Care Ltd.

 

9. Data Security

The Company implements appropriate technical and organizational measures to ensure data security, including:

  • Encryption of sensitive data.

  • Regular staff training on GDPR and data protection practices.

  • Access controls to restrict unauthorized access.

  • Regular audits and data protection impact assessments (DPIAs).

 

10. Data Breach Procedure

In the event of a data breach:

  1. The breach will be reported immediately to the DPO.

  2. The DPO will assess the severity of the breach and notify the relevant authorities (e.g., Jersey’s Office of the Information Commissioner) within 72 hours if necessary.

  3. Affected data subjects will be informed if the breach poses a high risk to their rights and freedoms.

  4. The incident will be logged, and corrective actions will be implemented.

 

11. Training and Awareness

All employees will receive GDPR training during onboarding and regular refresher courses to ensure ongoing compliance.

 

12. Policy Review

This policy will be reviewed annually or as needed to ensure compliance with changes in legislation or business operations.

Next Review Date: 20/11/25

 

13. Contact Information

For queries related to this policy or data protection practices, please contact:
Data Protection Officer
Aurum Home Care Ltd
69 Halkett Place, St Helier
info@aurumhomecare.je
01534 519870

By implementing this GDPR Policy, Aurum Home Care Ltd aims to protect personal data while maintaining trust with its clients and employees.

bottom of page