This Data Protection Policy (“Policy”) sets out how Abbeyfield York Society (”we”, “our”, “us”, “the Care Provider”) handle the Personal Data of our residents (and their families), suppliers, employees, workers and other third parties.

This Policy applies to all Personal Data we Process regardless of the media on which that data is stored or whether it relates to past or present employees, workers, residents, supplier contacts, website users or any other Data Subject.

This Policy applies to all Personnel (”you”, “your”). You must read, understand and comply with this Policy when Processing Personal Data on our behalf and attend training on its requirements. This Policy sets out what we expect from you in order for the Society to comply with applicable law. Your compliance with this Policy is mandatory. Any breach of it may result in disciplinary action.

Definitions can be found in the Schedule to this Policy.

Through the delivery of this policy we aim to:
• To ensure that records required to be kept for legal and other relevant purposes are kept for the appropriate period;
• To manage and maintain records in such a way that there is full compliance with all regulatory and statutory requirements, and in particular to avoid fines from the Information Commissioner’s Office.
• To ensure records are stored in the most economical way, are accessible and are disposed of in a way which is auditable and meets all legal, environmental and other requirements.
• To ensure records are kept secure and safe from loss, damage or tampering and are destroyed in a secure manner.
• To protect Abbeyfield’s reputation.