IOI Support
Home
Accommodation
Privacy Policy
Contact
Job Oportunities
Policy and Procedures
IOI Support
Home
Accommodation
Privacy Policy
Contact
Job Oportunities
Policy and Procedures
More
  • Home
  • Accommodation
  • Privacy Policy
  • Contact
  • Job Oportunities
  • Policy and Procedures
  • Home
  • Accommodation
  • Privacy Policy
  • Contact
  • Job Oportunities
  • Policy and Procedures

  

                                                                                            DATA PROTECTION POLICY



1. Scope

1.1 IOI Support has a responsibility to respect personal data. IOI Support possesses data of individuals such as residents, employees and agency staff. The General Data Protection Regulations 2016 (GDPR) replaces the Data Protection Act 1998 in regard to the processing of all personal and sensitive data for living individuals. 

1.2 All IOI Support employees, residents and agency staff are responsible for carrying out their responsibilities under this policy. The Safeguarding Officer is responsible for ensuring that all employees (temporary and permanent) are aware of this policy and understand their responsibilities surrounding GDPR.

1.3 Sensitive personal data is a special category of data of which requires extra safeguards regarding processing, including;

· Physical and mental health details

· Personal/family history

· Criminal records

· Protected characteristics

1.4 Data governance has to encompass the full range of law including, for example, the Privacy and Electronic Communications (EC) Regulations, the Law Enforcement Directive and the General Data Protection Regulations.

2. GDPR principles, rights and applicability

2.1 GDPR requires that personal data will be:

· Processed lawfully, fairly and in a transparent manner in relation to individuals;

· Collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes. Further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes will not be considered to be incompatible with the initial purposes; 

· Adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed; 

· Accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay; 

· Kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes subject to implementation of the appropriate technical or organizational measures required by the GDPR in order to safeguard the rights and freedoms of individuals; 

· Processed in a manner that ensures appropriate security of the personal data, including protection against unauthorized or unlawful processing and against accident, loss, destruction or damage, using appropriate technical or organizational measures. 

2.2 GDPR secures the following rights for individuals;

· The right to be informed, usually through Privacy Notices

· The right of access (through a subject access request)

· The right to rectification

· The right to erasure (the right to be forgotten, under certain circumstances)

· The right to restrict processing (under certain circumstances)

· The right to data portability

· The right to object includes profiling, direct marketing and processing for research

· Rights in relation to automated decision making and profiling

2.3 GDPR applies to the processing of personal data/sensitive data carried out by organizations operating in within the EU and to organizations outside the EU that offer goods or services to individuals in the EU. IOI Support, its employees, residents and agency/contracted staff must comply with the GDPR.

3. Policy Statement 

IOI Support is committed to protecting the data of all individuals in accordance with the GDPR and ensuring that data is processed lawfully. IOI Support to process certain information about staff (temporary or permanent), service users, potential service users, job applicants and suppliers to comply with requirements by government bodies, to enable it to provide accommodation and support to service users. IOI Support may also process information for the use of CCTV systems in order to monitor visual images for the purposes of security and crime prevention. 

4. Management and responsibilities

4.1 IOI Support Data Protection Officer (DPO) is the Designated Safeguarding Lead. The DPO is responsible for implementing and coordinating IOI Support's responsibilities for GDPR; for overseeing the management of subject access requests; investigating losses and unauthorized disclosures of personal data.  

4.2 All managers are responsible to ensure that their staff are aware of our policy and regulations on GDPR and their personal obligations. All staff who possess personal data are responsible for meeting the requirements of this policy and data protection regulations.

4.3 Third parties working for IOI Support who handle personal data in connection with IOI Support, must operate in accordance with this policy and the data protection regulations. 

4.4 Members of the senior management team will ensure that the DPO is made aware of all personal data/sensitive personal data held and/or processed within their services and the purpose of retaining such data.

4.5 Staff are required to undertake GDPR training as part of their induction and to undertake refresher training as required.

5. Basis for sharing data

5.1 The General Data Protection Regulations and the Data Protection Act 2018 do not prevent, or limit, the sharing of information for the purposes of keeping children safe. Legal and secure information sharing between homes, Social Care, the Police and other local agencies, will be essential for keeping children and young people safe and ensuring they get the support they need. 

5.2 As set out in the GDPR and the Data Protection Act 2018, personal information and data cannot be shared with another person/organization unless either: the young person has consented to their information being shared; or

The disclosure is necessary to safeguard the welfare of the young person at risk, in which case the sharing of personal information without consent is permitted. 

5.3 Whenever possible, staff should be open with the young person about why and with whom their information will be shared.

5.4 Staff must seek advice from the DPO if they are in doubt regarding the sharing of information.

6. Data Breaches

6.1 All personal and sensitive data breaches must be immediately reported to the DPO, who will maintain a record of any data breaches.

6.2 In the case of a serious breach of data protection that is likely to result in a risk to the rights and freedoms of the individual, the DPO has a duty to inform the Information Commissioner’s Office within 72 hours. The DPO has a responsibility to consider the breach and determine if it is necessary to report the breach. 

Copyright © 2025 IOI Support - All Rights Reserved.

Powered by

  • Home
  • Accommodation
  • Privacy Policy
  • Contact
  • Job Oportunities

This website uses cookies.

We use cookies to analyze website traffic and optimize your website experience. By accepting our use of cookies, your data will be aggregated with all other user data.

DeclineAccept