General Data Protection Regulation (GDPR) Privacy Notice

How we use your personal information for applicants, staff, volunteers and trustees.

Introduction

At mirus, we’re committed to protecting and respecting your privacy.

This Policy provides information about the use of personal information while you are a member of staff, volunteer or trustee at mirus. As a member of staff (or equivalent) you also have certain legal and contractual responsibilities to protect the personal information of other people (e.g. other employees and people we support) by handling it appropriately; relevant policies and guidance

We may change this Policy from time to time so please check this page occasionally to ensure that you’re happy with any changes.

Any questions regarding this Policy and our privacy practices should be sent by email to GDPR@mirus-wales.org.uk alternatively, you can telephone 02920 236216 and speak to delegated data protection officer lead for staff.

Who are we?

We are a not-for-profit charity providing specialist support to children and adults of all ages with disabilities, autism, physical disabilities, dementia, mental health, complex health and complex need associated with behaviours that challenge.

  • MirusWales is a registered charity (no. 517149) and company limited by guarantee (no. 1966665).
  • Our registered address is Unit 5, Cleeve House, Lambourne Crescent, Llanishen, Cardiff CF14 5GP.
  • mirus is registered with the Care Inspectorate Wales
  • mirus runs respite care homes, supports over 150 people in their own homes and more than 100 people within the community.


  • Aims of this notice

    mirus is required by law to tell you about your rights and our obligations regarding our collecting and processing any of your personal information, which you might provide to us. We have a range of policies and procedures to ensure that any personal information you supply is only with your active consent and will always be held securely and treated confidentially in line with the applicable regulations.

    How we use your personal information for applicants, staff, volunteers and trustees.

    What is ‘personal information’?

    ‘Personal information’ means any information which relates to or identifies you as an individual.

    Who will process my personal information?

    The information published here applies to the use, sharing and disclosure of your personal information by mirus

    What personal information will be processed?

    mirus will keep a record of the details you provided on your application form, any supporting documents requested and additional details provided by any referees and recorded following any interview process. We will maintain various administrative and financial records about your employment at mirus.

    Your personal information is created, stored and transmitted securely in a variety of paper and electronic formats, including databases.

    Access to your personal information is limited to staff who have a legitimate interest in it for the purpose of carrying out their contractual duties, and our use of your personal information will not be excessive.

    In addition to this, mirus may process some information about you that is classed as ‘sensitive’ or ‘special category’ personal data, and which requires additional protections. This includes information concerning your ethnicity, sexual orientation, religious beliefs or health/disability for planning and monitoring purposes, or in order to provide care, help or suitable adjustments.

    For certain roles, other sensitive information may be processed, such as information about past criminal convictions, working with children or vulnerable adults, and your fitness to practise in the social care sector.

    Access to, and the sharing of, your ‘sensitive’ personal data are controlled very carefully. You will normally be given further details about our use of any such data when we collect it from you.

    How we use your personal information for applicants, staff, volunteers and trustees.

    What is the purpose and legal basis of the processing?

    mirus will process your personal information for a range of contractual, statutory or public interest purposes, including the following:

  • To assess your suitability for a particular role or task (including any relevant right to work checks).
  • To support you in implementing any health-related adjustments to allow you to carry out a particular role or task.
  • To administer remuneration, payroll, pension and other standard employment functions.
  • To administer HR-related processes, including those relating to performance / absence management, disciplinary issues and complaints / grievances.
  • To operate security, governance, audit and quality assurance arrangements.
  • To deliver staff benefits to you.
  • To monitor your use of those facilities in accordance with mirus policies (e.g. Acceptable use of IT Policy).
  • To communicate effectively with you by post, email and phone, including the distribution of relevant newsletters and information.
  • To support your training, health, safety, welfare and religious requirements.
  • To compile statistics and conduct surveys and research for internal and statutory reporting purposes.
  • To fulfil and monitor our responsibilities under equalities, immigration and public safety legislation.
  • To enable us to contact others in the event of an emergency (we will assume that you have checked with the individuals before you supply their contact details to us).


  • We consider the processing of your personal information for these purposes to be either necessary for the performance of our contractual obligations with you (e.g. to manage your employment contract), or necessary for compliance with a legal obligation (e.g. equal opportunities monitoring) or necessary for compliance with our regulators. We require you to provide us with any information we reasonably ask for to enable us to administer your contract.

    If we require your consent for any specific use of your personal information, we will collect it at the appropriate time and you can withdraw this at any time. We will not use your personal information to carry out any wholly automated decision-making that affects you.

    How we use your personal information for applicants, staff, volunteers and trustees.

    Who will my personal information be shared with?

    Your personal information is shared as permitted or required by law, on a considered and confidential basis, with a range of external organisations, including the following:

  • The external providers of any staff benefits or pensions.
  • Relevant Government Departments
  • HM Revenue and Customs,
  • The Health and Safety Executive
  • Any relevant professional or statutory regulatory bodies e.g. Care Inspectorate Wales

  • If you agree, the relevant trade unions.
    On occasion and where necessary:
  • The police and other law enforcement agencies,
  • Auditors,
  • Other organisations providing specific services to, or on behalf of mirus. This would include as an example Occupational Health interventions.


  • We will provide references about you to external enquirers or organisations where you have requested or indicated that we should do so.

    We will include your basic contact details in our SLS Database System.

    Some information about staff (e.g. committee memberships) is also published on our external internet.

    Other than as set out above, we will not normally publish or disclose any personal information about you to other external enquirers or organisations unless you have requested it or consented to it, or unless it is in your vital interests to do so (e.g. in an emergency situation).

    How we use your personal information for applicants, staff, volunteers and trustees.

    How can I access my personal information?

    You have the right to access the personal information that is held about you by mirus. Further details are published in the Data Protection Policy - Accessing Employee Records.

    You also have the right to ask us to correct any inaccurate personal information we hold about you, to delete personal information, or otherwise restrict our processing, or to object to processing or to receive an electronic copy of the personal information you provided to us.

    Who can I contact?

    If you have any questions about how your personal information is used, or wish to exercise any of your rights, please consult GDPR@mirus-wales.org.uk

    How long we keep information

    There are strict protocols in place that determine how long mirus will keep the information, which are in line with the relevant contracts, legislation and regulations. Please refer to the Data Retention and Destruction Policy.

    mirus archiving policy for Jobtrain applicants is set to 12 months and will automatically email all applicants whose accounts have been inactive for this period of time. All applicants will receive an email at this point and then have a 15 day window to either: –

  • Access their account (and effectively re-set the clock)
  • Take no action and be archived automatically


  • How we keep your information safe

    mirus has a range of policies that enable us to comply with all data protection requirements. Foremost are:

  • Data Protection Policy
  • Password Policy
  • Data Retention and Destruction Policy


  • How we use your personal information for applicants, staff, volunteers and trustees.

  • IT Security Policy
  • IT Acceptable Usage Policy
  • Reporting a Security Breach
  • Confidentiality Policy
  • Social Media Policy
  • Bring Your Own Device Policy


  • mirus is also accredited with Cyber Essentials Plus.

    How do I complain?

    If you are not happy with the way your information is being handled, or with the response received from us, you should follow our Grievance Policy. If you are still not happy them you can contact the Information Commissioner’s Office. (https://ico.org.uk/).

    How we keep our privacy policies up to date

    The staff appointed to control and process personal information in mirus are delegated to assess all privacy risks continuously and to carry out comprehensive reviews of our data protection policies, procedures and protocols at least annually.

    We keep this Policy under regular review.

    This Policy was last updated in May 2018.

    Please take the time to read on to determine how mirus use your personal information for website users

    How we use your personal information for website users

    Introduction

    At mirus, we’re committed to protecting and respecting your privacy.

    This Policy provides information about the use of personal information while you are using our internet site “website”.

    We may change this Policy from time to time so please check this page occasionally to ensure that you’re happy with any changes.

    Any questions regarding this Policy and our privacy practices should be sent by email to GDPR@mirus-wales.org.uk alternatively, you can telephone 02920 236216 and speak to delegated data protection officer lead for IT.

    Who are we?

    We are a not-for-profit charity providing specialist support to children and adults of all ages with disabilities, autism, physical disabilities, dementia, mental health, complex health and complex need associated with behaviours that challenge.

  • Mirus-Wales is a registered charity (no. 517149) and company limited by guarantee (no. 1966665).
  • Our registered address is Unit 5, Cleeve House, Lambourne Crescent, Llanishen, Cardiff CF14 5GP.
  • mirus is registered with the Care Inspectorate Wales
  • mirus runs respite care homes, supports over 150 people in their own homes and more than 100 people within the community.


  • Aims of this notice

    mirus is required by law to tell you about your rights and our obligations regarding our collecting and processing any of your personal information, which you might provide to us. We have a range of policies and procedures to ensure that any personal information you supply is only with your active consent and will always be held securely and treated confidentially in line with the applicable regulations.

    How we use your personal information for website users

    What is ‘personal information’?

    ‘Personal information’ means any information which relates to or identifies you as an individual

    How we collect and use the information about you?

    We collect information about you when you browse through our website through cookies and google analytics.

    We also collect information when you voluntarily complete surveys or poll and provide feedback. Website usage information is collected using cookies.

    Use of Cookies

    Like many other websites, the mirus website uses cookies. 'Cookies' are small pieces of information sent by an organisation to your computer and stored on your hard drive to allow that website to recognise you when you visit.

    They collect statistical data about your browsing actions and patterns and do not identify you as an individual. This helps us to improve our website and deliver a better more personalised service.

    We will not use cookies to collect personal data about you.

    However, if you wish to restrict or block the cookies which are set by our websites, or indeed any other website, you can do this through your browser settings.

    The ‘Help’ function within your browser should tell you how. Alternatively, you may wish to visit www.aboutcookies.org which contains comprehensive information on how to do this on a wide variety of browsers. You will also find details on how to delete cookies from your machine as well as more general information about cookies.

    Please be aware that restricting cookies may impact on the functionality of our website

    How we use your personal information for website users

    Google Analytics

    We may collect information about your computer, including where available your IP address, operating system and browser type and for system administration. This is statistical data about our users’ browsing actions and patterns and does not identify any individual.

    For the same reason, we may obtain information about your visit to our site, which pages you used etc.

    Full details on the cookies set by Google Analytics are published on the Google website. Google also publishes a browser add-on to allow you to choose that information about your website visit is not sent to Google Analytics.

    Plug Ins or Embedded Media

    On number of pages we use ‘plug ins’ or embedded media; for example, we might embed YouTube videos on some pages or use plugins to gather information through polls of surveys.

    The suppliers of these services may also set cookies on your device when you visit the pages where we have used this type of content.

    These are known as ‘third-party’ cookies. To opt-out of third-parties collecting any data regarding your interaction on our website, please refer to their websites for further information.

    How can I access my personal information?

    You have the right to access the personal information that is held about you by mirus. You also have the right to ask us to correct any inaccurate personal information we hold about you, to delete personal information, or otherwise restrict our processing, or to object to processing or to receive an electronic copy of the personal information you provided to us.

    How we use your personal information for website users

    Who can I contact?

    If you have any questions about how your personal information is used, or wish to exercise any of your rights, please consult GDPR@mirus-wales.org.uk

    How long we keep information

    There are strict protocols in place that determine how long mirus will keep the information, which are in line with the relevant contracts, legislation and regulations.

    How we keep your information safe

    mirus has a range of policies that enable us to comply with all data protection requirements. Foremost are:

  • Data Protection Policy
  • Password Policy
  • Data Retention and Destruction Policy
  • IT Security Policy
  • IT Acceptable Usage Policy
  • Reporting a Security Breach
  • Confidentiality Policy
  • Social Media Policy
  • Bring Your Own Device Policy


  • mirus is also accredited with Cyber Essentials Plus.

    How do I complain?

    If you are not happy with the way your information is being handled, or with the response received from us, you should follow our Complaints Policy. If you are still not happy them you can contact the Information Commissioner’s Office https://ico.org.uk/.

    How we keep our privacy policies up to date

    The staff appointed to control and process personal information in mirus are delegated to assess all privacy risks continuously and to carry out comprehensive reviews of our data protection policies, procedures and protocols at least annually.

    How we use your personal information for website users

    We keep this Policy under regular review.

    This Policy was last updated in May 2018.

    Thank you for taking the time to read mirus ‘Privacy Notices’