Confidentiality and Privacy Policy

At relatecare.com we take your privacy and the protection of your information seriously. We have created this policy in line with the Data Protection Commissioner guidelines to demonstrate this commitment and to tell you how we handle and use your data. If after reading this policy you have any questions, please contact us using the details below. Please review this statement periodically as we will amend and update it from time to time. This policy relates to transactions and activities in which you voluntarily engage and it relates to data gathered on relatecare.com but it does not extend to any offline activities between you and any of our third party advertisers.

 

We endeavor to comply with the guidelines laid out by Ireland’s Data Commissioner in the collection, protection and distribution of data we may collect about you on our website. You should be aware of your rights and your right to contact us;

Data Protection Officer,
Unit 10/11,
IDA Industrial Estate,
Cork Rd,
Waterford
dataprotection@relatecare.com

By using our website, you consent to our online/website privacy policy. Relatecare.com is committed to protecting the privacy of our users, and strives to provide a safe, secure user experience. This Privacy Policy describes how we collect and use online data. By using this site or application, you explicitly accept the collection, use and transfer of your data as described in this Privacy Policy.

If you do not want your information to be collected, used, and transferred as described by this policy, you may revoke your consent to our Privacy Policy. To revoke your consent, please contact us. If you do revoke your consent, your account and profile information will be deleted. Information collected on our sites and applications is stored in whole or in part in Ireland.

1.0 Overview:
In its everyday business operations RelateCare collects and stores records of many types and in a variety of different formats. The relative importance and sensitivity of these records also varies and is subject to the organisation’s security classification scheme. It is important that these records are protected from loss, destruction, falsification, unauthorised access and unauthorised release and a range of controls are used to ensure this, including backups, access control and encryption. RelateCare also has a responsibility to ensure that it complies with all relevant legal, regulatory and contractual requirements in the collection, storage, retrieval and destruction of records. Of particular relevance is the European Union General Data Protection Regulation (GDPR) and ISO27001-2013 and its requirements concerning the storage and processing of personal data.

2.0 Purpose:
This policy establishes the main principles that must be adopted when considering record retention and protection. It then sets out the types of records held by RelateCare and their general requirements before discussing record protection, destruction and management.

3.0 Scope:
The scope of this policy covers all company data stored on company-owned, company-leased, and otherwise company-provided systems and media, regardless of location. Note that the need to retain certain information can be mandated by local, industry regulations and will comply with EU General Data Protection Regulation GDPR and the Data Protection Act 1988 and the Data Protection (Amendment) Act 2003. Where this policy differs from applicable regulations, the policy specified in the regulations will apply.

4.0 Policy:
There are several key general principles that must be adopted when considering record retention and protection policy.
These are:
• Records must be held in compliance with all applicable legal, regulatory and contractual requirements
• Records must not be held for any longer than required
• The protection of records in terms of their confidentiality, integrity and availability must be in accordance with their security classification
• Records must remain retrievable in line with business requirements at all times
• Where appropriate, records containing personal data must be subject as soon as possible to techniques that prevent the identification of a living individual
Some data, however, must be retained in order to protect the company’s interests, preserve evidence, and generally conform to good business practices. Some reasons for data retention include:
• Litigation
• Accident investigation
• Security incident investigation
• Regulatory requirements
• Intellectual property preservation

5.0 Retention Requirements:
This section sets guidelines for retaining the different types of company data.
Electronic documents-Electronic documents can be word processing, spreadsheet, or presentation files and should only be stored for a period of time for which the information is valid and necessary in line with the Data Protection Act of 1998.

Email – Emails are removed by the user and retained in their mailbox for as long as they see as necessary. It is possible for emails to be recovered once captured in the daily backup job in the event of litigation or other purposes where information may need to be recovered.

Voice Recordings – RelateCares policy is to maintain all voice recordings for 2 years. This is a broad policy across all clients and campaigns and can be tailored to suit the needs of each client depending on client requirements. Further requirements for data retention must be specified by the client and should be based on the period of time the client adjudges the calls to be necessary for their own purposes in line with the requirements set out in the Data Protection Act 1998.

Email – Emails are removed by the user and retained in their mailbox for as long as they see as necessary. It is possible for emails to be recovered once captured in the daily backup job in the event of litigation or other purposes where information may need to be recovered. Voice Recordings – RelateCares policy is to maintain all voice recordings for 2 years. This is a broad policy across all clients and campaigns and can be tailored to suit the needs of each client depending on client requirements. Further requirements for data retention must be specified by the client and should be based on the period of time the client adjudges the calls to be necessary for their own purposes in line with the requirements set out in the Data Protection Act 1998


CCTV Footage -CCTV footage is retained and over written on a FIFO (first in first out) basis where the oldest CCTV footage is overwritten first to make space for the newest recordings. This typically means the storage period for CCTV runs to 1 month and then is automatically removed.

HR Data – General employee data will be held for the duration of employment and then for 6 years after the last day of contractual employment. Hours worked and related information such as breaks, annual leave and public will be kept for 3 years. Employee contracts will be held for 6 years after last day of contractual employment. Employment permit records will be held for 5 years or for the duration of the employment (whichever is longer). Collective redundancy information will be collected for 3 years. Information regarding accidents will be kept for 10 years from the date of the accident (Safety Health and Welfare at Work). Carers leave records will be kept for 8 years. Interview notes of unsuccessful applicants will be held for 6 months to a year 1 year after interview.

Financial Records- Tax payments, accounting invoices, purchase orders accounts and budgeting and forecasting, forward-looking financial estimates and plans and other financial records will be held for six years. Planning data will be stored for 7 years. Tax and VAT is considered critical data and must be retained for 6 years.

Public data- Public data will be retained for 3 years.

Operational data- Most company data will fall in this category. Operational data will be retained for 5 years.

Confidential data- Confidential data must be retained for 7 years.


6.0 Data Destruction:
Data destruction is a critical component of a data retention policy. Data destruction ensures that the company will use data efficiently thereby making data management and data retrieval more cost effective. Exactly how certain data should be destroyed is covered in the Data Classification Policy. When the retention timeframe expires, the company must actively destroy the data covered by this policy. If a user feels that certain data should not be destroyed, he or she should identify the data to his or her supervisor so that an exception to the policy can be considered. Since this decision has long-term legal implications, exceptions will be approved only by a member or members of the company’s management team. The company specifically directs users not to destroy data in violation of this policy. Destroying data that a user may feel is harmful to himself or herself is particularly forbidden, or destroying data in an attempt to cover up a violation of law or company policy.

7.0 Enforcement:
This policy will be enforced by the IT and/or Support Services Manager. Violations may result in disciplinary action, which may include suspension, restriction of access, or more severe penalties up to and including termination of employment. Where illegal activities or theft of company property (physical or intellectual) are suspected, the company may report such activities to the applicable authorities.

top