Protecting your privacy

Phoenix Learning and Care

1. Introduction

This Privacy Notice explains the types of personal data we may collect about individuals when they
interact with Phoenix. It also explains the organisational approach to the handling and storage of data
and to keep it safe. It is important that as a company Phoenix develops and maintains the trust and
confidence of its Customers employees, contractors, and critically the individuals we support to
respect data and handle it with the right ethos.
The purpose of this statement is to inform individuals about their rights, and how the Phoenix Group
of companies uses the data appertaining to individuals.
The following sections should answer many questions you have but if not, please do get in touch with
us.
This Privacy Notice will be updated from time to time.

2. What is Phoenix Learning and Care?

The Phoenix Group of Companies – which we’ll refer to as ‘Phoenix’ in this document – is made up of
a number of component companies:
• Phoenix Learning and Care Holdings Ltd
• Phoenix Childcare Ltd
• Phoenix Learning and Care Ltd
• Phoenix Learning and Care Property Ltd
For simplicity throughout this notice data appertains to the following groups of people (including,
prospect, current and past);
• Individuals Phoenix support (i.e. Young People, Students, Learners, Service Users)
• Customers
• Employees
• Volunteers
• Contractors

3. Explaining the legal bases Phoenix rely on

The law on data protection sets out a number of different reasons for which a company may collect
and process an individual’s personal data, including:
• Consent – In specific situations, the collection and processing of an individual’s data with their
consent.
• Contractual obligations – In certain circumstances, the need to acquire personal data to comply
with an organisation’s contractual obligations.
• Legal compliance – If the law requires an organisation, it may need to collect and process an
individual’s data.
• Legitimate interest – In specific situations, an organisation may require an individual’s data to
pursue its legitimate interests in a way which might reasonably be expected as part of running our
business and which does not materially impact your rights, freedom or interests.

4. When do Phoenix collect personal data?

When an individual applies for a job vacancy with the Company.
When the Company provides a service to an individual we support.
When an individual contacts the Company by any means with an enquiry.
When an individual has given a third party permission to share with Phoenix the information Phoenix
hold about that individual.

5. What sort of personal data does Phoenix collect?

Data related to job vacancy applications (e.g. name, address, career history, qualifications and
experience).
Information for individuals the Company supports (e.g. health and social care data, history and
individual preferences).
Images may be recorded on CCTV when people visit certain locations in the company’s portfolio of
services.
Individual’s contact details, if they interact with Phoenix through appropriate channels, to help Phoenix
respond to the individual’s comments, questions or feedback.

6. How and why do Phoenix use personal data?

Phoenix strive to provide the best possible standard of care so that the individuals supported are
valued equally, listened to and included. One way to achieve that is to get the richest picture the
company can of the individual by combining the data we have about an individual. The data privacy
law allows this as part of a legitimate interest in understanding those Phoenix support and providing
the highest levels of service to them. The information Phoenix collect is used for purpose of
establishing and planning what care provision is needed, where and when, including preparation for
health emergencies.
In order to provide the care described above Phoenix need to employ the most appropriate individuals
with the right skills, values and attitudes. Tri-angulating a job applicant’s career history, character and
experience helps Phoenix recruit the right employees robustly using safer recruitment principles.
Here’s how Phoenix use personal data and why:
• To protect the business and individual’s from fraud and other illegal activities. If Phoenix discover
any criminal activity or alleged criminal activity through its policies and procedures it will process
this data for the purposes of preventing or detecting unlawful acts.
• To protect the individuals Phoenix support and provide the best possible level of care and support
the company can to that individual.
• To send communications required by law or which are necessary to inform individuals about any
changes to the service/s Phoenix provide. These communications will not include any promotional
content and do not require prior consent. If Phoenix do not use personal data for these purposes,
it would be unable to comply with the legal obligations or be able to provide a service to the
individual concerned.
• To comply with Phoenix’s contractual and/or legal obligations to share data with law enforcement
(e.g. when a court order is submitted to share data with law enforcement agencies or a court of
law).
• To send survey and feedback requests to help improve Phoenix’s services. These messages will
not include any promotional content.
Phoenix does not use any individual’s data for direct or indirect marketing purposes of any type.
Phoenix does not sell or trade any individual’s data to any other organisation.

7. How Phoenix protect individual’s personal data

Phoenix know how much data security matters to all prospective and actual employees and the
individuals it supports. With this in mind Phoenix will treat an individuals data with the utmost care and
take all appropriate steps to protect it.
Phoenix achieves this by having policies appertaining to the recording, storing and processing of
information. Phoenix provides its employees training in handling data appropriately including;
professional boundaries, record keeping and data protection. Information systems are encrypted and
IT storage facilities are secure. Documents are kept securely locked.
Phoenix has arrangements for the disposal of confidential records.

8. How long will Phoenix keep personal data?

Whenever Phoenix collects or processes an individual’s personal data, we’ll only keep it for as long as
is necessary for the purpose for which it was collected or indeed a period of time as laid down by
statute.
At the end of that retention period, data will either be deleted completely or anonymised, for example
by aggregation with other data so that it can be used in a non-identifiable way for statistical analysis
and business planning.

9. Who do Phoenix share an individual’s personal data with?

Phoenix sometimes will share an individual’s personal data with trusted third parties.
Phoenix provide only the information those parties need to perform their specific service/s.
They may only use an individual’s data for the exact purposes Phoenix specify in its contract/s with
those third parties.
Phoenix work closely with suppliers to ensure that an individual’s privacy is respected and protected
at all times.
If Phoenix stop using a suppliers services Phoenix will ensure that an individual’s data held by them
will either be deleted, rendered anonymous or supplied to us.
Examples of the kind of third parties Phoenix work with are IT companies who support Phoenix’s
website and other business systems (e.g. payroll, incident management).
For fraud management, Phoenix may share information about fraudulent or potentially fraudulent
activity in its premises or systems. This may include sharing data about individuals with law
enforcement bodies.
Phoenix may also be required to disclose personal data to the police or other enforcement, regulatory
or Government body, upon a valid request to do so. These requests are assessed on a case-by-case
basis and take the privacy of individuals into consideration.

10. Where personal data may be processed

Phoenix do not share personal data with third parties outside the European Economic Area (EEA).
Any transfer of an individual’s personal data will follow applicable laws and Phoenix will treat the
information under the guiding principles of this Privacy Notice.

11. What are an individual’s rights over their personal data?

Remember, if an individual chooses not to share their personal data with Phoenix, or refuse certain
contact permissions, Phoenix might not be able to provide support to or indeed employ an individual.
An individual has the right to request:
• Access to the personal data Phoenix hold about them, free of charge in most cases.
• The correction of personal data when incorrect, out of date or incomplete.
• That Phoenix stop using their personal data for direct marketing (either through specific channels,
or all channels).
• That Phoenix stop any consent-based processing of their personal data after they withdraw that
consent.
• Review (by a Phoenix employee) of any decision made based solely on automatic processing of
the individual’s data (i.e. where no human has reviewed the outcome and criteria for the decision).
The applicable individual can contact Phoenix to request to exercise these rights at any time.
If Phoenix choose not to action the request Phoenix will explain the reasons for refusal.
The individual’s right to withdraw consent;
Whenever an individual has given Phoenix their consent to use their personal data, they have the
right to change their mind at any time and withdraw that consent.
Where Phoenix rely on our legitimate interest;
In cases where Phoenix are processing an individual’s personal data on the basis of our legitimate
interest, an individual can ask Phoenix to stop for reasons connected to their individual situation.
Phoenix must then do so unless we believe Phoenix have a legitimate overriding reason to continue
processing the individual’s personal data.
Checking a individual’s identity;
To protect the confidentiality of an individual’s information, Phoenix will ask them to verify their identity
before proceeding with any request they make under this Privacy Notice.
If the individual has authorised a third party to submit a request on their behalf, Phoenix will ask them
to prove they have the individual’s permission to act.

12. Contacting the Regulator

If an individual feels that their data has not been handled correctly, or they are unhappy with
Phoenix’s response to any requests they have made to Phoenix regarding the use of their personal
data, they have the right to lodge a complaint with the Information Commissioner’s Office.
The information Commissioners Office can be contacted by calling 0303 123 1113 or visit
www.ico.org.uk
Phoenix is Registered with the Information Commissioner’s Office;
Phoenix Child Care Ltd = Z2071709
Phoenix Learning and Care Ltd = Z2071712

13. Any questions?

Phoenix hope this Privacy Notice has been helpful in setting out the way it handles individual’s
personal data and the individual’s rights to control it.
If you have any questions that haven’t been covered, please contact our Data Protection Officer who
will be pleased to help you:
Email us at enquiries@plcl.org.uk with the words For the attention of the Data Protection Officer in
the title bar.

Or write to us at;

Data Protection Officer
Phoenix Learning and Care
Rolle Quay House
Rolle Quay
Barnstaple
EX31 1JE