DataGenius

Privacy Policy

1. Privacy policy

Data controller and Director of Information Services for DataGenius Software Labs Ltd (referred to as DataGenius): Amar Verma: info@DataGenius.co.nz

Note: this privacy policy governs our entire organisation and all our operations. Not all of this policy may apply to you. For example, if you are a website visitor, only the Website Cookies section may apply to you (depending on your individual circumstances).

2. Introduction

DataGenius collects and processes personal information, or personal data of clients, families and employees to manage the work of DataGenius and its working relationships. This personal information may be held by DataGenius on paper or in electronic format.

DataGenius is committed to being transparent about how it handles your personal information, to protecting the privacy and security of your personal information and to meeting its data protection obligations under the General Data Protection Regulation (“GDPR”) and the Data Protection Act 2018. The purpose of this privacy notice is to make you aware of how and why we will collect and use your personal information both during and after your relationship with DataGenius.

This privacy notice applies to all current and former clients, families and employees.

3. Data protection principles

There are six data protection principles that DataGenius must comply with. Therefore, DataGenius will:

  1. Process your personal information in a lawful, fair and transparent manner.
  2. Your personal information will only be collected for the purposes of providing application services to our clients and the employment processes required for this. Your personal information will not be further used or processed in a way that is incompatible with those purposes.
  3. The personal information we hold is limited to that required to provide application services and we only have information which is adequate and relevant to that.
  4. Personal information is accurate and kept up to date, where necessary.
  5. Your personal information is kept for the legal periods as required for the application services records.
  6. Your personal information will be processed and managed in a way that ensures the security of the data.

DataGenius is responsible and accountable for compliance with, these principles.

4. What types of personal information do we collect about you?

4.1 For Clients and families

DataGenius collects, uses and processes a range of personal information about you. This includes:

  • Your contact details, including your name, address, telephone number and personal e-mail address
  • Your emergency contact details/next of kin
  • Your date of birth
  • Your gender
  • Your marital status and dependents

DataGenius will also collect, use and process the following special categories of your personal information:

  • Information about your health, including any medical condition or disability, medical and social care reports and related correspondence

DataGenius may also collect, use and process the following special categories of your personal information where we have been provided it by yourselves or where it has been provided to ensure that DataGenius will be able to provide application services:

  • Financial and benefit information
  • Information about your racial or ethnic origin, religious or philosophical beliefs and sexual orientation
  • Information about criminal convictions and offenses
4.2 For Staff

DataGenius collects, uses and processes a range of personal information about you. This includes:

  • Your contact details, including your name, address, telephone number and personal e-mail address
  • Your emergency contact details/next of kin
  • Your date of birth
  • Your gender
  • The start and end dates of your employment
  • Recruitment records, including interview notes, references, copies of proof of right to work in the country of hire and work, copies of qualification certificates
  • Your information required for payroll purposes
  • Your professional memberships
  • Employee records, for example this will include appraisals, performance reviews, any disciplinary records, training records, leave and sickness records.
  • Information obtained through electronic means
  • Information about your use of our IT systems, including usage of telephones, e-mail and the Internet
  • Photographs

DataGenius may also collect, use and process the following special categories of your personal information (as applicable):

  • Information about your health, including any medical condition, whether you have a disability in respect of which needs to make reasonable adjustments, sickness absence records (including details of the reasons for sickness absence), medical reports and related correspondence
  • Information about your racial or ethnic origin, religious or philosophical beliefs and sexual orientation
  • Information about criminal convictions and offenses.

5. Website Cookies

Cookies are files with small amount of data, which may include an anonymous unique identifier. Cookies are sent to your browser from a website and stored on your computer's hard drive or in your mobile devices. Like many websites, we use “cookies” to collect information. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our Site.

6. How do we collect your personal information?

DataGenius collect personal information about clients and families and employees in a variety of ways.

6.1 For Clients & Families
Information about clients and families is obtained directly from the client and family and a variety of professionals once you have given permission for information sharing. We will also collect additional personal information throughout the period of your relationship with us, this will include the clinical details and records from episodes of care available with you. These will be retained for the statutory period required for application services records. The information is stored in electronic and paper as needed.
6.2 For Staff

Information is collected during the recruitment process and throughout your employment with DataGenius. Information is obtained directly from you or from a third parties, such as references from former employers, information from background check providers, and criminal record checks from third parties as applicable.

We will also collect additional personal information throughout the period of your relationship with us. This may be collected during your work-related activities. Whilst some of the personal information you provide to us is mandatory and/or is a statutory or contractual requirement, some of it you may be asked to provide to us on a voluntary basis. We will inform you whether you are required to provide certain personal information to us or if you have a choice in this.

Your personal information may be stored in different places, including in your personnel file, in DataGenius ‘s HR management system and in other IT systems, such as the e-mail system.

7. Why and how do we use your personal information?

We will only use your personal information when the law allows us to. These are known as the legal bases for processing. We will use your personal information in one or more of the following circumstances:

  • Where the information is required to provide the application services
  • Where we need to do so to perform the employment contract, casual worker agreement, consultancy agreement or contract for services we have with you
  • Where we need to comply with a legal and statutory obligation
  • We may also occasionally use your personal information where we need to protect you or someone else.

We need all the types of personal information listed under previous section primarily to enable us to perform our services to you and to enable us to comply with our legal obligations.

The purposes for which we are processing, or will process, your personal information are to:

  • Enable us to provide the application services
  • Enable us to provide the application services
  • Enable us to maintain accurate and up-to-date records and contact details (including details of whom to contact in the event of an emergency)
  • To ensure DataGenius can safely maintain our services to the clients and carry out our role as an employer from recruitment and during the time that you are employed by DataGenius
  • Please note that we may process your personal information without your consent, in compliance with these rules, where this is required or permitted by law.

8. What if you fail to provide personal information?

If you fail to provide certain personal information when requested or required, we may not be able to provide the application services, or we may be prevented from complying with our legal obligations.

9. Why and how do we use your sensitive personal information?

We will only collect and use your sensitive personal information, which includes the special categories of personal information when the law allows us to.

9.1 For staff

Some special categories of personal information, i.e. information about your health or medical conditions, and information about criminal convictions and offenses, is processed so that we can perform or exercise our obligations or rights under employment law or social security law and in line with our data protection policy. Information about health or medical conditions may also be processed for the purposes of assessing the working capacity of an employee or medical diagnosis, provided this is done under the responsibility of a medical professional subject to the obligation of professional confidentiality, e.g. a doctor, and again in line with our data protection policy.

We may also process these special categories of personal information, and information about any criminal convictions and offenses, where we have your explicit written consent. In this case, we will first provide you with full details of the personal information we would like and the reason we need it, so that you can properly consider whether you wish to consent or not. It is entirely your choice whether to consent. Your consent can be withdrawn at any time.

The purposes for which we are processing, or will process, these special categories of your personal information, and information about any criminal convictions and offenses, are to:

  • Assess your suitability for employment
  • Comply with statutory and/or regulatory requirements and obligations, e.g. carrying out criminal record checks.
  • Comply with the duty to make reasonable adjustments for disabled employees and workers and with other disability discrimination obligations
  • Administer the contract we have with you
  • Ensure compliance with your statutory and contractual rights
  • Ensure that DataGenius can safely provide application services
  • Meet our obligations under application services
  • Make decisions about continued employment or engagement
  • Ensure effective HR, personnel management and business administration
  • Ensure adherence to DataGenius, policies and procedures
  • Monitor equal opportunities

Where DataGenius processes other special categories of personal information, i.e. information about your racial or ethnic origin, religious or philosophical beliefs and sexual orientation, this is done only for equal opportunities monitoring and in line with our data protection policy. Personal information that DataGenius uses for these purposes is either anonymized or is collected with your explicit written consent, which can be withdrawn at any time. It is entirely your choice whether to provide such personal information.

We may also occasionally use your special categories of personal information, and information about any criminal convictions and offenses, where it is needed for the establishment, exercise or defense of legal claims.

9.2 Change of purpose

We will only use your personal information for the purposes for which we collected it. If we need to use your personal information for a purpose other than that for which it was collected, we will provide you, prior to that further processing, with information about the new purpose, we will explain the legal basis which allows us to process your personal information for the new purpose and we will provide any relevant further information on our site. We may also issue a new privacy notice on the site.

9.3 Who has access to your personal information?

Your personal information may be shared internally within DataGenius, including with members of the HR department, payroll staff, your line manager, other managers and IT staff if access to your personal information is necessary for the performance of their roles.

DataGenius may also share your personal information with third-party service providers (and their designated agents), including:

  • External organizations for the purposes of conducting pre-employment reference and employment background checks
  • Pension scheme provider and pension administration
  • Occupational health providers
  • External IT services
  • External auditors
  • Professional advisers, such as lawyers and accountants

DataGenius may also share your personal information with other third parties in the context of a potential sale or restructuring of some or all its business. In those circumstances, your personal information will be subject to confidentiality undertakings.

We may also need to share your personal information with a regulator or to otherwise comply with the law.

We may share your personal information with third parties where it is necessary to administer the contract we have with you, where we need to comply with a legal obligation, or where it is necessary for our legitimate interests (or those of a third party).

10. How does DataGenius protect your personal information?

DataGenius has put in place measures to protect the security of your personal information. It has internal policies, procedures and controls in place to try and prevent your personal information from being accidentally lost or destroyed, altered, disclosed or used or accessed in an unauthorized way. In addition, we limit access to your personal information to those employees, workers, agents, contractors and other third parties who have a business need to know to perform their job duties and responsibilities. You can obtain further information about these measures from our Director of Information Services.

Where your personal information is shared with third-party service providers, we require all third parties to take appropriate technical and organizational security measures to protect your personal information and to treat it subject to a duty of confidentiality and in accordance with data protection law. We only allow them to process your personal information for specified purposes and in accordance with our written instructions and we do not allow them to use your personal information for their own purposes.

DataGenius also has in place procedures to deal with a suspected data security breach and we will notify the Information Commissioner’s Office (or any other applicable supervisory authority or regulator) and you of a suspected breach where we are legally required to do so.

11. For how long does DataGenius keep your personal information?

DataGenius will only retain your personal information for as long as is necessary to fulfil the purposes for which it was collected and processed, including for the purposes of satisfying any legal, tax, health and safety, reporting or accounting requirements.

DataGenius will generally hold your personal information for the duration of your employment or engagement. The exceptions are:

  • Any personal information supplied as part of the recruitment process will not be retained if it has no bearing on the ongoing working relationship
  • Personal information about criminal convictions and offenses collected in the course of the recruitment process will be deleted once it has been verified, unless, in exceptional circumstances, the information has been assessed by DataGenius as relevant to the ongoing working relationship
  • It will only be recorded whether a criminal record check has yielded a satisfactory or unsatisfactory result, unless, in exceptional circumstances, the information in the criminal record check has been assessed by DataGenius as relevant to the ongoing working relationship
  • If it has been assessed as relevant to the ongoing working relationship, a criminal record check will nevertheless be deleted after [six months] or once the conviction is “spent” if earlier (unless information about spent convictions may be retained because the role is an excluded occupation or profession)
  • disciplinary, grievance and capability records will only be retained until the expiry of any warning given (but a summary disciplinary, grievance or performance management record will still be maintained for the duration of your employment).

Personal information which is no longer to be retained will be securely and effectively destroyed or permanently erased from our IT systems and we will also require third parties to destroy or erase such personal information where applicable.

In some circumstances we may anonymize your personal information so that it no longer permits your identification. In this case, we may retain such information for a longer period.

12. Your rights in connection with your personal information

It is important that the personal information we hold about you is accurate and up to date. Please keep us informed if your personal information changes, e.g. you change your home address, during your working relationship with DataGenius so that our records can be updated. DataGenius cannot be held responsible for any errors in your personal information in this regard unless you have notified DataGenius of the relevant change.

As a data subject, you have statutory rights. Subject to certain conditions, and in certain circumstances, you have the right to:

  • Request access to your personal information – this is usually known as making a data subject access request and it enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it -
  • Request rectification of your personal information - this enables you to have any inaccurate or incomplete personal information we hold about you corrected
  • Request the erasure of your personal information - this enables you to ask us to delete or remove your personal information where there’s no compelling reason for its continued processing, e.g. it’s no longer necessary in relation to the purpose for which it was originally collected
  • Restrict the processing of your personal information – this enables you to ask us to suspend the processing of your personal information, e.g. if you contest its accuracy and so want us to verify its accuracy
  • Object to the processing of your personal information – this enables you to ask us to stop processing your personal information where we are relying on the legitimate interests of the business as our legal basis for processing and there is something relating to your own situation which makes you decide to object to processing on these grounds.
  • Data portability – this gives you the right to request the transfer of your personal information to another party so that you can reuse it across different services for your own purposes.

If you wish to exercise any of these rights, please contact the Director of Information Services. We may need to request specific information from you to verify your identity and check your right to access the personal information or to exercise any of your other rights. This is a security measure to ensure that your personal information is not disclosed to any person who has no right to receive it.

In the limited circumstances where you have provided your consent to the processing of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. This will not, however, affect the lawfulness of processing based on your consent before its withdrawal.

If you wish to withdraw your consent, please contact our Director of Information Services. Once we have received notification that you have withdrawn your consent, we will no longer process your personal information for the purpose you originally agreed to, unless we have another legal basis for processing.

As an employee this may affect our ability to maintain our relationship with you as your employer.

As a client or family this may affect our ability to continue to provide application services.

If you believe that DataGenius has not complied with your data protection rights, you have the right to make a complaint to the Information Commissioner’s Office (ICO) at any time. The ICO is the UK supervisory authority for data protection issues.

13. Transferring personal information outside the European Economic Area (EEA)

DataGenius may transfer your personal information to countries outside the European Economic Area (EEA). There is an adequacy decision by the European Commission in respect of the USA. This means that the country to which we transfer your personal information are deemed to provide an adequate level of protection for your personal information.

However, to ensure that your personal information does receive an adequate level of protection, it is transferred outside the EEA on the basis of the following safeguard:

  • All third party services utilized by DataGenius which process your data solely on behalf of and for the use of DataGenius, share the same standard of data protection as you would expect within the EEA, such as the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks (as adopted by the European Commission as a replacement for the Safe Harbor agreement).

Third party services include MailChimp, SurveyMonkey, GoDaddy, Microsoft besides many others. You can obtain further information about these measures from our Director of Information Services.

14. Automated decision making

Automated decision making occurs when an electronic system uses your personal information to make a decision without human intervention.

DataGenius do not envisage that any employment decisions will be taken about you based solely on automated decision making, including profiling. However, we will update this policy documentation if this position changes.

15. Changes to this privacy notice

DataGenius reserves the right to update or amend this privacy notice at any time, including where DataGenius intends to further process your personal information for a purpose other than that for which the personal information was collected or where we intend to process new types of personal information. We will issue a new privacy notice on the site when we make significant updates or amendments. We may also notify you about the processing of your personal information in other ways. In most cases there will be no direct reach, just updating this policy documentation on the site will be considered as having been delivered to you.

16. Contact

If you have any questions about this privacy notice or how we handle your personal information, please contact our Director of Information Services as mentioned in the beginning of this document.

All rights reserved to DataGenius Software Labs Ltd.