Privacy Policy & Cookie Policy
Data Protection Privacy Policy
A) INTRODUCTION
We may have to collect and use information about people with whom we work. This personal
information must be handled and dealt with properly, however it is collected, recorded and used, and
whether it be on paper, in computer records or recorded by any other means.
We regard the lawful and correct treatment of personal information as very important to our successful
operation and to maintaining confidence between us and those with whom we carry out business. We
will ensure that we treat personal information lawfully and correctly.
To this end we fully endorse and adhere to the principles of the General Data Protection Regulation
(GDPR).
This policy applies to the processing of personal data in manual and electronic records kept by us in
connection with our human resources function as described below. It also covers our response to any
data breach and other rights under the GDPR.
This policy applies to the personal data of job applicants, existing and former employees, apprentices,
volunteers, placement students, workers and self-employed contractors. These are referred to in this
policy as relevant individuals.
B) DEFINITIONS
“Personal data” is information that relates to an identifiable individual who can be directly or indirectly
identified from that information, for example, a person’s name, identification number, location, online
identifier. It can also include pseudonymised data.
“Special categories of personal data” is data which relates to an individual’s health, sex life, sexual
orientation, race, ethnic origin, political opinion, religion, and trade union membership. It also includes
genetic and biometric data (where used for ID purposes).
“Data processing” is any operation or set of operations which is performed on personal data or on sets of
personal data, whether or not by automated means, such as collection, recording, organisation,
structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission,
dissemination or otherwise making available, alignment or combination, restriction, erasure or
destruction.
C) DATA PROTECTION PRINCIPLES
Under GDPR, all personal data obtained and held by us must be processed according to a set of core
principles:
a) Lawfulness, fairness and transparency: processing will be fair, lawful and transparent
b) Purpose limitation: data be collected for specific, explicit, and legitimate purposes and
will not be processed in a manner incompatible with the original purpose for which it
was collected
c) Minimisation: data collected will be adequate, relevant and limited to what is necessary
for the purposes of processing
d) Accuracy: data will be kept accurate and up to date. Reasonable steps will be taken to
ensure that data found to be inaccurate will be rectified or erased without delay
e) Storage limitation: data is not kept for longer than is necessary for its given purpose
f) Integrity and confidentiality: data will be processed in a manner that ensures appropriate
security of personal data including protection against unauthorised or unlawful
2. Eclipse Nursecall Systems Limited Isle of Man - April 2023
processing, accidental loss, destruction or damage by using appropriate technical or
organisation measures.
D) TYPES OF DATA HELD
We keep several categories of personal data on relevant individuals in order to carry out effective and
efficient processes. We keep this data in a personnel file relating to each relevant individual and we also
hold the data within our computer systems, for example, our holiday booking system.
Specifically, we hold the following types of data:
a) personal details such as name, address, phone numbers
b) information gathered via the recruitment process such as that entered into a CV or included in a
CV cover letter, references from former employers, details on your education and employment
history etc
c) details relating to pay administration such as bank account details, tax codes and national
insurance details
d) medical or health information
e) information relating to your employment with us, including:
i) job title and job descriptions
ii) your salary
iii) your wider terms and conditions of employment
iv) details of formal and informal proceedings involving you such as letters of concern,
disciplinary and grievance proceedings, your annual leave records, appraisal and performance
information
v) internal and external training modules undertaken
All of the above information is required for our processing activities. More information on those
processing activities are included in our privacy notice, which is available from your manager.
E) YOUR RIGHTS
You have the following rights in relation to the personal data we hold on you:
a) the right to be informed about the data we hold on you and what we do with it;
b) the right of access to the data we hold on you. More information on this can be found in the
section headed “Access to Data” below and in our separate policy on Subject Access Requests;
c) the right for any inaccuracies in the data we hold on you, however they come to light, to be
corrected. This is also known as ‘rectification’;
d) the right to have data deleted in certain circumstances. This is also known as ‘erasure’;
e) the right to restrict the processing of the data;
f) the right to transfer the data we hold on you to another party. This is also known as ‘portability’;
g) the right to object to the inclusion of any information;
h) the right to regulate any automated decision-making and profiling of personal data.
More information can be found on each of these rights in our separate policy on your rights in relation to
your data.
F) RESPONSIBILITIES
In order to protect the personal data of relevant individuals, those within our business who must process
data as part of their role have been made aware of our policies on data protection.
We have also appointed employees with responsibility for reviewing and auditing our data protection
systems.
G) LAWFUL BASES OF PROCESSING
3. Eclipse Nursecall Systems Limited Isle of Man - April 2023
We acknowledge that processing may be only be carried out where a lawful basis for that processing
exists and we have assigned a lawful basis against each processing activity.
Where no other lawful basis applies, we may seek to rely on the relevant individual’s consent in order to
process data.
However, we recognise the high standard attached to its use. We understand that consent must be freely
given, specific, informed and unambiguous. Where consent is to be sought, we will do so on a specific
and individual basis where appropriate. Relevant individuals will be given clear instructions on the desired
processing activity, informed of the consequences of their consent and of their clear right to withdraw
consent at any time.
H) ACCESS TO DATA
As stated above, relevant individuals have a right to access the personal data that we hold on them. To
exercise this right, relevant individuals should make a Subject Access Request. We will comply with the
request without delay, and within one month unless, in accordance with legislation, we decide that an
extension is required. Those who make a request will be kept fully informed of any decision to extend the
time limit.
No charge will be made for complying with a request unless the request is manifestly unfounded or
excessive, or repetitive, or unless a request is made for duplicate copies to be provided to parties other
than the relevant individual making the request. In these circumstances, a reasonable charge will be
applied. Alternatively, we may refuse to deal with the request.
Further information on making a subject access request is contained in our Subject Access Request
policy.
I) DATA DISCLOSURES
The Company may be required to disclose certain data/information to any person. The circumstances
leading to such disclosures include:
a) any benefits operated by third parties;
b) disabled individuals - whether any adjustments are required to assist them at work;
c) individuals’ health data - to comply with health and safety or occupational health obligations;
d) HR management and administration - to consider how an individual’s health affects his or her
ability to do their job;
e) the smooth operation of any employee insurance policies or pension plans;
f) to assist law enforcement or a relevant authority to prevent or detect crime or prosecute
offenders or to assess or collect any tax or duty.
These kinds of disclosures will only be made when strictly necessary for the purpose.
J) DATA SECURITY
All our employees are aware that hard copy personal information should be kept in a locked filing
cabinet, drawer, or safe.
Employees are aware of their roles and responsibilities when their role involves the processing of data.
All employees are instructed to store files or written information of a confidential nature in a secure
manner so that are only accessed by people who have a need and a right to access them and to ensure that
screen locks are implemented on all PCs, laptops etc when unattended. No files or written information of
a confidential nature are to be left where they can be read by unauthorised people.
Where data is computerised, it should be coded, encrypted or password protected both on a local hard
drive and on a network drive that is regularly backed up. If a copy is kept on removable storage media,
that media must itself be kept in a locked filing cabinet, drawer, or safe.
4 Eclipse Nursecall Systems Limited Isle of Man - April 2023
Relevant individuals must always use the passwords provided to access the computer system and not
abuse them by passing them on to people who should not have them.
Personal data should not be kept or transported on laptops, USB sticks, or similar devices, unless prior
authorisation has been received. Where personal data is recorded on any such device it should be
protected by:
a) ensuring that data is recorded on such devices only where absolutely necessary.
b) using an encrypted system — a folder should be created to store the files that need extra
protection and all files created or moved to this folder should be automatically encrypted.
c) ensuring that laptops or USB drives are not left where they can be stolen.
Failure to follow the Company’s rules on data security may be dealt with via the Company’s disciplinary
procedure or other termination procedures as appropriate. Appropriate sanctions include dismissal with
or without notice dependent on the severity of the failure.
K) THIRD PARTY PROCESSING
Where we engage third parties to process data on our behalf, we will ensure, via a data processing
agreement with the third party, that the third party takes such measures in order to maintain the
Company’s commitment to protecting data.
L) INTERNATIONAL DATA TRANSFERS
The Company does not transfer personal data to any international recipients.
M) REQUIREMENT TO NOTIFY BREACHES
All data breaches will be recorded on our Data Breach Register. Where legally required, we will report a
breach to the Data Protection Authority within 72 hours of discovery. In addition, where legally required,
we will inform the individual whose data was subject to breach.
More information on breach notification is available in our Breach Notification policy.
N) TRAINING
Relevant individuals must read and understand the policies on data protection.
Training covering basic information about confidentiality, data protection and the actions to take upon
identifying a potential data breach is provided.
The nominated data controller/auditors/protection officers for the Company are trained appropriately in
their roles under the GDPR.
All relevant individuals who need to use the computer system are trained to protect individuals’ private
data, to ensure data security, and to understand the consequences to them as individuals and the
Company of any potential lapses and breaches of the Company’s policies and procedures.
O) RECORDS
The Company keeps records of its processing activities including the purpose for the processing and
retention periods in its HR Data Record. These records will be kept up to date so that they reflect current
processing activities.
5 Eclipse Nursecall Systems Limited Isle of Man - April 2023
DATA PROTECTION COMPLIANCE
Our appointed compliance officer in respect of our data protection activities is:
Andrea Allen
Telephone Number 01624 832821
COOKIE POLICY
This is the cookie policy for ECLIPSE NURSECALL SYSTEMS LIMITED.
What are ‘Cookies’?
As is common practice with almost all professional websites, this site uses cookies which are
tiny files that are downloaded to your computer, to improve your experience. This page
describes what information they gather, how we use it and why we sometimes need to store
these cookies. We will also share how you can prevent these cookies from being stored however
this may downgrade or ‘break’ certain elements of the sites functionality.
How we use Cookies
We use cookies for a variety of reasons. Unfortunately, in most cases there are no industry
standard options for disabling cookies without potentially disabling the functionality and
features they add to this site. It is recommended that you leave on all cookies if you are not sure
whether you need them or not in case they are used to provide a service that you use.
Our use of Cookies
Eclipse Nursecall Systems Limited may use cookies to:
• Measure the performance of our website
• Managing your visit
• Supporting specific elements of the website
• Improve Security
• Support embedded media e.g. YouTube videos
Disabling Cookies
You can prevent the setting of cookies by adjusting the settings on your browser (see your
browser Help for how to do this).
Alternatively, you may wish to visit http://www.aboutcookies.org which contains comprehensive
information on how to do this on a wide variety of browsers. You will also find details on how to
delete cookies from your machine as well as more general information about cookies.
Please be aware that disabling cookies may aƯect the functionality of this and many other
websites that you visit. Disabling cookies will usually result in the disablement of certain
functionality and features of this site.
The Cookies we use
“__cf_bm cookie” this cookie expires after 30 minutes of continuous inactivity.
We will never knowingly include third-party services that compromise or violate the privacy of
our users.
Eclipse Nursecall Systems Limited may also use social media buttons and/or plugins on this
site that allow you to connect with your social network in various ways. For these to work the
following social media sites including;
• Facebook
• X (Twitter)
• LinkedIn
• YouTube
Will set cookies through our site which may be used to enhance your profile on their site or
contribute to the data they hold for various purposes outlined in their respective privacy
policies.
Further Information
Eclipse Nursecall Systems Limited hope that the above provides you with the information you
needed, however if you are still looking for more information, then you can contact us through
one of our preferred contact methods:
Tel: +44 (01624 832821
Email: sales@ens.im
Or by contacting us through our ‘Contact Us’ form
The Experts of Digital Care
Technology.
© 2023 - Eclipse Nursecall Systems - Website Design by First8