Data Protection Policy – Dynamics Global Ltd
Last Updated: March 2025
At Dynamics Global Ltd, we recognise our legal, moral, and ethical responsibilities when it comes to handling personal data. As a care agency, we often process sensitive personal data, including health-related information, and are fully committed to complying with the United Kingdom General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and related legislation. This policy outlines our commitment to data protection and the measures we implement to ensure compliance.
1. Introduction
This Data Protection Policy sets out how we collect, process, store, and retain personal data, ensuring transparency, security, and accountability across all operations. It applies to all employees, contractors, agency staff, and anyone acting on behalf of Dynamics Global Ltd. We aim to ensure that all personal data handled by the company is managed lawfully, fairly, and transparently and that data subjects can trust us with their personal information.
2. Scope of the Policy
This policy covers all personal data processed by Dynamics Global Ltd, whether it relates to care recipients, employees, job applicants, contractors, suppliers, or website users. It applies to both digital and paper-based records.
The policy applies to:
- Data created during service delivery or internal operations
- Data collected directly from individuals
- Data collected from third-party sources (e.g., references, recruitment agencies)
3. Legal Basis for Processing Data
We ensure that all personal data is processed in accordance with one or more lawful bases as outlined in Article 6 of the UK GDPR. These include consent, performance of a contract, compliance with legal obligations, protection of vital interests, performance of a task carried out in the public interest, and legitimate interest.
We process special category data, such as information relating to health, ethnicity, or criminal background under specific conditions in Article 9 of the UK GDPR, such as for the provision of health or social care or to meet employment obligations.
4. Collection and Use of Data
Personal data is collected only when necessary and relevant to the intended purpose. For example, we collect employee data to manage payroll, recruitment, and compliance, while service user data is collected to deliver safe and effective care.
All data collection activities are conducted transparently, and where necessary, individuals are informed through privacy notices that detail the purpose, use, and rights related to their data. We do not use personal data for purposes beyond what has been communicated unless we inform the data subject and obtain additional consent if required.
5. Data Minimisation and Accuracy
We only collect and retain personal data that is adequate, relevant, and limited to what is necessary in relation to the purposes for which it is processed. Data accuracy is maintained through regular reviews, and we encourage individuals to inform us of any changes to their personal details.
6. Data Storage and Retention
Data is stored securely in physical and digital formats. Access is restricted to authorised personnel, and encryption, passwords, and physical security protect storage systems. Paper-based records are kept in locked cabinets.
Retention periods are based on legal, regulatory, and operational requirements. Personal data is not retained longer than necessary. Once data is no longer needed, it is securely destroyed or anonymised for research and analysis purposes.
7. Data Subject Rights
Under the UK GDPR, individuals have rights regarding their data. These rights include the right to access, rectify, erase, restrict processing, object to processing, and data portability.
We are committed to responding to data subject requests within the legally required timeframe. Any individual wishing to exercise their rights can contact our Data Protection Officer at dataprotection@dynamicsglobal.com.
8. Security and Confidentiality
Dynamics Global Ltd implements a combination of technical, administrative, and physical controls to ensure the security of personal data. Staff are trained in data protection principles, and all employees sign confidentiality agreements as part of their employment contract.
Firewalls, secure passwords, access controls, and encryption protect digital systems. Backups are performed regularly, and software updates are applied to prevent vulnerabilities.
Sensitive personal data, especially health-related information, is accessed only by authorised personnel and is handled with the highest level of confidentiality.
9. Sharing and Disclosure of Data
We only share personal data with third parties when there is a lawful basis to do so, such as fulfilling our contractual obligations or complying with legal requirements. This may include sharing with regulators, healthcare providers, payroll processors, IT service providers, and law enforcement authorities.
Whenever we share data with third-party processors, we ensure they adhere to the same high data protection standards and enter into appropriate contractual agreements.
10. International Transfers
Should personal data need to be transferred outside the UK, we ensure that appropriate safeguards are in place. These include the use of adequacy regulations or standard contractual clauses approved by the UK Information Commissioner’s Office (ICO).
11. Training and Awareness
All staff, including temporary and contracted workers, receive training on data protection as part of their induction and on an annual basis. This includes understanding their responsibilities under this policy, recognising data breaches, and responding to subject access requests.
12. Data Breaches
Dynamics Global Ltd takes data breaches seriously. Any suspected breach must be reported immediately to the Data Protection Officer. We will assess the nature and scope of the breach and determine if it must be reported to the ICO within 72 hours, as required by law. Affected individuals will also be informed when necessary.
An incident register is maintained to record all data breaches, regardless of whether they are reportable.
13. Roles and Responsibilities
The management team is responsible for ensuring that the organisation complies with data protection legislation and that appropriate systems and resources are in place.
All staff are responsible for handling personal data in line with this policy. The Data Protection Officer oversees compliance, advises on best practices, and acts as the main point of contact for data protection matters.
14. Policy Review
This policy is reviewed annually or more frequently if there are changes in legislation, organisational structure, or processing activities. Updates will be communicated to all staff and made available on our internal and external platforms.
15. Contact Information
For questions, concerns, or to exercise your rights under this policy, please contact:
Data Protection Officer
Dynamics Global Ltd
Email: dataprotection@dynamicsglobal.com.
Address: 25 Thonpark Drive, Preston, PR2 1RE
Website: www.dynamicsglobal.com
You also have the right to complain to the Information Commissioner’s Office:
ICO – Information Commissioner’s Office
Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Tel: 0303 123 1113
Website: www.ico.org.uk
By following this policy, Dynamics Global Ltd ensures that the personal data entrusted to us is protected, managed with care, and processed in accordance with the highest legal and ethical standards.