Privacy Notice: Kaleidoscope Consultants
Nottinghamshire Social Care Providers

DSPT Submission Support Project: Privacy Notice 
 

The General Data Protection Regulation (GDPR) requires us to provide people with information about what personal data we process, what are their rights, how they can exercise their rights, and how to make complaints. We have tried to make this Privacy Notice clear and transparent. If you would like more information about what data we process, for what purpose or how long we keep it for, please use one of the contact options provided to ask us.    

 

The General Data Protection Regulation is data privacy law that applies to organisations (and sometimes people) that are established in the European Economic Area (the countries of the European Union plus a number of other countries). 

This privacy notice is specific to Kaleidoscope Consultants Ltd project for Nottinghamshire CCG: Nottinghamshire Social Care Providers – DSPT Submission Support.   

Further details about this project are detailed below and also from the projects main website which can be found here.   

Our contact details 

If you have any queries regarding data protection matters, please contact our London office. 

Phone: +44 (0) 20 3637 1111
 

Email: dspt@notts-care-ig.net
 

Write: Kaleidoscope Consultants, East Side, Kings Cross, London, N1C 4AX 

 

Who we are
 

Kaleidoscope Consultants Limited are consultants in data protection law who specialise in health and social care in both the public and private sectors. 

We create innovative and practical solutions to support organisations achieve their objectives, whilst lawfully and ethically processing personal data, ensuring compliance with legislation; national policy; designed technical and organisational controls; and, in ways that minimise risks to the rights and freedoms of individuals. 

 

 

As well as providing advice to our clients, we sometimes act on their behalf as their Data Protection Officer or EEA Representative, two roles required of some organisations by the General Data Protection Regulation.   

 

For this specific project we are providing care providers/homes within Nottinghamshire with data privacy support and advice so that they can successfully meet the requirements of the entry level requirements of the Data Security and Protection Toolkit (DSPT).   More details about the DSPT can be found here    

 

More information about this project can be found here. 

 

Personal data processed 

For the Nottinghamshire Care Home DSPT project we process the following personal data for the purposes listed: 

 

Classes of Data Subject  Purposes of processing  Categories of Data  Retention period  Lawful basis 
Clients
 Clients  

associated with this 

projects 

Project management 

 

Personal data  

Names  

Email addresses  

Telephone numbers 
Care home
CQC Number 

IP address
 

For the duration of this project – 1 year. We  Legitimate interest 

GDPR Article 6(1)(f) 

No other personal data is collected or processed. We are using legitimate interests as our legal basis to process for this project. We would not be able to provide you with products and services without processing the personal data specified above.  

 

How we get the information and why we collect and process this information. 

We will only collect this personal data to support those organisations involved in the Nottinghamshire Care Home DSPT project. 

This is so that you can access the services and products we are offering for this project.  This includes accessing the main website where resources, templates, blogs and other relevant project information can be accessedWe register users to: 

  • verify that users are from a Nottinghamshire care provider 
  • access the website and its content 
  • contact users regarding events, questions and for our users to access our newsletter on the project 
  • enable users to sign up for our webinars and face to face training events 
  • allow users to complete evaluation surveys at the end of events 
  • report on user engagement and progress during the project to our client (Nottinghamshire CCGs and Local Authorities 

Personal data recorded at registration are names and email addresses. Your IP address is recorded when you access the website. We obtain this information from the registration page of the website  https://notts-care-ig.net/register/    

We use systems such as: 

  • Eventbrite to sign up to events 
  • Zoom is also used to broadcast (access and record) the webinars.   

We also receive information from the main client which includes basic contact information of each care provider so that we can provide services and support. Our IG helpdesk also collects data such as name and email address when we receive enquiries 
 

How we store your information
 

We store your information securely using Microsoft office 365.

Other providers used, such as Eventbrite also store your email and name so that a ticket or access can be provided for that webinar.  This personal data is only collected if you have registered for a webinar/event.   

Eventbrites privacy notice can be found here where you can find out more information about how eventbrite uses your email and name and where your data is stored

We also use a product called Zoom which is used to access and record the webinar. 

You can find out more about Zoom’s privacy notice by clicking here.   where you can find out more information about how Zoom uses your personal data and where it is stored.
 

Data protection rights
 

The General Data Protection Regulation secures various rights for people whose data is being processed. The rights are not absolute and so sometimes do not apply. Listed below are the rights and an indication of when they apply related to the table above:
 

Right  Meaning  Engagement 
Access 

GDPR 

Article 15 

You may request a copy of the data held by a controller about you.  This is a fairly universal right with minor exemptions for staff disciplinary records and legal opinions.This right applies to this project  
Rectification 

GDPR 

Article 16 

If you think data held by a controller about you is wrong, you may request that it is corrected.   This is a fairly universal right with minor exemptions.This right applies to this project  
Erasure 

GDPR 

Article 17 

You can request that your data is deleted by a controller.  This is a fairly universal right with minor exemptions.This right applies to this project  
Restriction 

GDPR 

Article 18 

There are circumstances in which a data subject may ask a controller to stop processing their data but in which the controller must otherwise retain the data, for example where required by law.  This right is more complex to apply, but that doesn’t mean it would be respected.This right applies to this project 
Portability 

GDPR 

Article 19 

You can ask for a copy of your data in a format that can be readily transferred to an alternative controller.  This right is only engaged where your data is processed on the basis of consent.This right does not apply to this project  
Objection 

GDPR 

Article 21 

You can object to the processing of your personal data when the controller is relying on a legal obligation or public duty for their legal basis, or they are claiming that it is in their legitimate interest, especially direct marketing.  Engaged where the lawful basis for processing is GDPR article 6(1)(e) or 6(1)(f).This right applies to this project  
Automated decisions 

GDPR 

Article 22 

Where a computer makes a decision about you without a human intervention, for example if an online loan application, you have the right to know how the decision was arrived at.  Where automated decision-making takes place without a human intervention.This right does not apply to this project as we are not using tools for automated decision-making.  

To exercise your rights, please contact dspt@notts-care-ig.netWe have 1 month to respond to an individual rights request.  

Data processors

Below is a list of companies whose services and products we have contracted and who process personal data on our behalf:  

Supplier  Service  Data Subjects  Personal Data processed  Data location 
Combine Studio 

 

Sub-processor: 

Digital Ocean Privacy policy can be found here. 

Internet designer and web host  Customers/clients (including subscribers to our mailing lists).  Personal data 

   

Nottinghamshire Care homes DSPT

User Registration form
Name and other contact information. 

IP address?
 

 

Get in touch form. 
Name and other contact information. 

 

We collect and use your personal data because it is necessary to obtain certain details including personal data from you in providing you with the service you have requested and it is in our legitimate interests in the course of our business, including:  

Providing the requested service and/or information to you.  

Responding to your queries. 

User registration to access our products and services.   

Transmitting Personal Information between our functions for internal administrative purposes. 


 

Mail Chimp  Bulk email mailing and list management service  Clients  

Potential clients 

Past clients 

Personal data 

Name, email address and other basic contact details.  

   
Eventbrite  Online event management tool.  

 

Their privacy notice can be found here. 

Event attendees   Personal data 

Name, email address and other basic contact details. 

 

Special category data 

Dietary needs 

Physical needs 

Delegates wanting to attend events we manage, register and agree to their name and basic contact details (email, phone number) to be used solely for the management of that event.   

A delegate can opt out of an event at any time through cancelling their registration. 
Survey Monkey  Online survey tool which is used for evaluation of events, training, services and products provided by us. 

Their privacy notice can be found here.
 
Customers and delegates that have attended our events, including training.  Personal data 

Name, email address. 

Delegates wanting to attend events we manage register and agree to their name and basic contact details (email, phone number) to be used solely for the management of that event. This includes evaluation.    

A delegate can opt out of an event at any time through cancelling their registration and any evaluation.  
Microsoft Office 365  Microsoft office 365


Provided to store and process and record staff and customers details.   These are controlled through access control levels and can be reviewed through audit logs. 

Their privacy notice can be found here. 
Customers (including subscribers to our mailing lists), and Staff.  Customers and subscribers Name, email address and other basic contact details. 

   

Customer and subscribers We collect and use your personal data because it is necessary to obtain certain details including personal data from you in providing you with the service you have requested and it is in our legitimate interests in the course of our business, including;  

Providing the requested service and/or information to you.  Responding to your queries. 

User registration to access our products and services.   


 

How to complain 

 

If you are unhappy with how we process your personal data, and after you have first made a complaint to us, you can complain to the Information Commissioner’s Office at:

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF 

Tel: 0303 123 1113 (local rate) or 01625 545 745 if you prefer to use a national rate number