sunrise-gracewell-careers | Jobs | Search here for your perfect career

INTRODUCTION

Sunrise Senior Living Ltd (“Sunrise”) and Gracewell Healthcare Ltd (“Gracewell”) (collectively “We”) provide quality private residential and assisted living services including access to nursing, respite and dementia care.

This notice describes how Sunrise and Gracewell as data controllers, collect, use and manage the Personal Data they hold about you, including how the Personal Data may be shared and how the confidentiality of Personal Data is maintained. This notice applies to all employees, workers and contractors of Sunrise and Gracewell whose Personal Data is subject to the EU General Data Protection Regulation (GDPR).

We share and process your Personal Data with certain third parties, including the Operating Companies, as described in the “Data Sharing and Transfers” section below. The Operating Companies process your Personal Data and are controllers in common with Sunrise and Gracewell. Full details of the Operating Companies can be found in the glossary at section 1.12. The information marked * below also applies in relation to processing of your Personal Data by the Operating Companies.

The “At a Glance” section contains some very important information that will help explain what Personal Data we process and why. Capitalised terms used in this notice are defined in the Annex of Personal Data Types (section 1.10) and the glossary (section 1.12).

AT A GLANCE

1. When do we collect Personal Data about you? *

When we refer to Personal Data in this notice, we mean information that can or has the potential to identify you as an individual.

We will collect and process Personal Data about you at the following stages:

Stage	Description
Enquiry	When you enquire about a potential vacancy by visiting one of our websites, speaking to us over the telephone or visiting us at one of our residential homes
Application	When you submit an application for consideration and an assessment of your suitability is undertaken. This may involve collecting your Personal Data from you directly or from third parties including employment/recruitment agencies, referees, former employers and background checking authorities.
Contract and ongoing employment relationship	When you have successfully passed the vetting and on boarding process and have signed a contract of employment and during the course of your ongoing employment

1. What Personal Data may we collect from you and why?

Enquiry

We will largely rely on our ‘Legitimate Interests’ to process your Personal Data with the exception of those areas marked with an (*) below where we will require your ‘Consent’.

Data Category	Reason for Processing
Personal Identifiers Contact Details Personal Information	To communicate with you regarding your initial enquiry
Personal Identifiers Contact Details Personal Information	To retain your personal information and to contact you regarding future career opportunities
Personal Identifiers Contact Details	Internal record keeping and administration

Application

We will largely rely on our ‘Legitimate Interests’ to process your Personal Data with the exception of those items marked with an (#) below where we will rely on ‘Compliance with a Legal Obligation’ and items marked with a (*) below where we will require your ‘Consent’. Where we process Special Category Data (marked with a (+) below) we do so to comply with obligations under employment law.

Data Category	Reason for Processing
Personal Identifiers Contact Details	To communicate with you regarding your application for employment
Personal Identifiers Contact Details Personal Information	To assess your suitability (skills, strengths, behaviours for the role)
Personal Identifiers Contact Details *Third Party Information	To verify the information that you have provided, in particular relating to your previous work history, education and professional qualifications
#Personal Identifiers #Contact Details Personal Information +Special Category Data	To undertake activities needed to complete the on-boarding and screening process should your application be successful

Contract and ongoing employment relationship

We will largely rely on ‘Contractual Necessity’ to process your Personal Data with the exception of those areas marked with an (#) below where we will rely on ‘Compliance with a Legal Obligation’

Where we process Special Category Data (marked with a (+) below) we do so to comply with obligations under employment law, to assess working capacity on health grounds or for reasons of substantial public interest.

Data Category	Reason for Processing
Personal Identifiers Contact Details	General management of personnel and work activities inc. appraisals, performance management, managing disciplinary matters, grievances and terminations, planning and monitoring of training requirements and career development activities and creating and maintaining one or more internal employee directories etc
Personal Identifiers Contact Details Personal Information Financial Information Employment Information Special Category Data Third Party Information	To carry out our obligations and benefits to you arising from any contract inc. payroll processing, healthcare, pensions, loans, business expenses and reimbursements etc
Personal Identifiers Contact Details Personal Information Financial Information +Special Category Data Third Party Information Other Information	For internal audit and accounting purposes together with the preparation and review of management information
#Personal Identifiers #Contact Details	To comply with legal and other requirements, such as income tax and national insurance deductions, record-keeping and reporting obligations, physical access policies, conducting audits, management and resolution of health and safety matters, such as accident and insurance claims, compliance with government inspections and other requests from government or other public authorities, responding to legal process such as subpoenas, pursuing legal rights and remedies, defending litigation and managing any internal complaints or claims, conducting investigations and complying with internal policies and procedures

For further details of the Personal Data types contained within each category please refer to the Annex of Personal Data Types which can be found in section 1.10

Your decision to provide any Personal Data described above to us is voluntary. In addition, we will only contact third party referees if you give consent for us to do so. If you chose not to provide any of the Personal Data requested, or do not consent to us contacting third party referees regarding your application, our ability to consider you as a candidate may be limited, we may not be able to perform your contract of employment (such as paying you or providing a benefit) and we may be prevented from complying with our legal obligations (such as to ensure the health and safety of our workers).

If you are offered a position at Sunrise or Gracewell, you will be required to complete an application form for the Disclosure and Barring Service, and to provide a copy of any certificate conferred by the Disclosure and Barring Service to us. We are allowed to use your Personal Data in this way to carry out our legal rights and obligations in connection with employment and we have in place an appropriate policy and safeguards which are required by law to maintain when processing such Personal Data. If you fail to provide a satisfactory certificate issued by the Disclosure and Barring Service to us, this may lead to rejection of your application for employment or immediate termination of your employment if it has already commenced.

FURTHER DETAILED INFORMATION

1. Data sharing and transfers *

In the usual course of business Sunrise and Gracewell may disclose your Personal Data which will include health information as recorded below (to the extent necessary) to (i) their Affiliates, and (ii) certain third-party processors Sunrise and Gracewell have retained to perform services on their behalf and pursuant to their instructions. This may include sharing with:

Sunrise Senior Living, LLC (US) and Sunrise Senior Living Management, Inc for the provision and delivery of services, IT application support, internal audit reviews and investigations, quality assurance, program monitoring, management reporting and other internal purposes.
Operating Companies to deal with any legal and compliance matters (including compliance with any matters relating to the Care Quality Commission), for record keeping, internal audit, reviews, management information, operational, administrative and reporting purposes. Full details of the Operating Companies can be found in the glossary. The Operating Companies may disclose your Personal Data to their Affiliates, including those based in the U.S. and Canada, as the case may be.
business partners, suppliers and sub-contractors for the provision of the contracted services,
organisations providing IT systems support and hosting in relation to the IT systems on which your Personal Data is stored,
third party debt collectors for the purposes of debt collection,
delivery companies for the purposes of transportation,
third party service providers who perform services on our behalf based on our instructions, for instance, for the purposes of storage of Personal Data and confidential destruction, for the purposes of providing background checking, payroll and benefits services. We do not authorise these service providers to use or disclose the Personal Data except as necessary to perform services on our behalf or comply with applicable legal obligations.

Where a third-party data processor is used, we ensure that they operate under contractual restrictions with regard to confidentiality and security, in addition to their obligations under data protection laws.

Sunrise, Gracewell and the Operating Companies may also disclose your Personal Data (iii) if they are required to do so by law or legal process, or (iv) in response to lawful requests from public authorities, including to meet national security, public interest or law enforcement requirements. Sunrise, Gracewell and the Operating Companies also reserve the right to transfer your Personal Data in the event of an audit or if they or any of their Affiliates sell or transfer all or a portion of their business or assets (including in the event of a merger, acquisition, joint venture, reorganization, dissolution or liquidation).

1. Third Country Data Transfer

Due to the global nature of our operations, we may transfer the Personal Data we collect about you to recipients in countries other than the country in which the Personal Data originally was collected. For example, we may disclose your Personal Data to Sunrise Senior Living, LLC and Sunrise Senior Living Management, Inc. in the U.S. and access to your Personal Data will be limited to individuals who have a need to know the Personal Data for the purposes described in this notice, and may include personnel in the HR, IT, compliance, legal, finance, accounting, internal audit, marketing and risk management functions. The Operating Companies may disclose your Personal Data to their Affiliates based in the U.S. and Canada as the case may be.

Where we or the Operating Companies transfer your Personal Data to a country which may not have the same data protection laws as the country in which you initially provided the Personal Data (such as the U.S.), each such party will protect that Personal Data as described in this Privacy Notice and will comply with applicable legal requirements providing adequate protection for the transfer of Personal Data to recipients in countries other than the one in which you provided the Personal Data. Your Personal Data will also be transferred to our third-party service providers in the U.S. We have implemented appropriate safeguards to ensure an adequate level of data protection, including by concluding data transfer agreements incorporating the European Commission’s Standard Contractual Clauses under Article 46 of the GDPR. You may contact the Data Protection Officer as indicated below to obtain further information on the transfer mechanism.

Sunrise Senior Living, LLC and its subsidiary Sunrise Senior Living Management, Inc are certified under the EU-U.S. Privacy Shield (the “Privacy Shield”) framework developed by the U.S. Department of Commerce and the European Commission respectively, regarding the transfer of personal information from the European Economic Area (“EEA”) and United Kingdom to the US.

Sunrise Senior Living, LLC commits to comply with the Privacy Shield Principles with respect to Consumer Personal Data the company receives from the EEA and United Kingdom in reliance on the Privacy Shield.

Please visit www.sunriseseniorliving.com/eu-us-privacy-shield.aspx to view our EU-US Privacy Shield Privacy Policy.

1. How we protect your Personal Data

We maintain appropriate technical and organisational measures designed to protect your Personal Data against loss or accidental, unlawful or unauthorised, alteration, access, disclosure or use.

1. Retention period

We retain Personal Data for as long as we reasonably require it for legal and business purposes. In determining data retention periods, Sunrise, Gracewell and our Operating Companies also take into consideration local laws, relevant regulations and contractual obligations.

1. Your rights as a data subject

At any point while we are in possession of or processing your Personal Data, you, the data subject, have the following rights:

Right of access – you have the right to request a copy of the Personal Data that we hold about you. Sunrise, Gracewell and our Operating Companies reserve the right to charge a reasonable fee based on our or their administration costs where further copies are requested.
Right of rectification – you have the right to correct Personal Data that we hold about you that is inaccurate or incomplete.
Right to be forgotten – in certain circumstances you can ask for the Personal Data we hold about you to be erased from our records.
Right to restriction of processing – where certain conditions apply you have the right to request that we restrict the processing.
Right of portability – in certain circumstances you have the right to have the Personal Data we hold about you transferred to another organisation.
Right to object – you have the right to object to certain types of processing such as direct marketing.
Right to object to automated processing and profiling

All of the above requests will be forwarded on should there be a third party involved in the processing of your Personal Data.

If you would like to exercise any of your data subject rights, please contact us using one of the methods highlighted below.

1. Contact Information

If you have any questions about this notice or the processing of your Personal Data by us or any of the Operating Companies, please contact the Sunrise and Gracewell Data Protection Officer:

By email at dpo@sunriseseniorliving.com
By writing to us at Data Protection Officer, Sunrise House, Post Office Lane, Beaconsfield, Buckinghamshire HP9 1FN

1. Complaints

In the event that you wish to make a complaint about how your Personal Data is being processed by us (or third parties as described in 1.3 & 1.4 above) please contact the Data Protection Officer at the address detailed above.

If you are not satisfied with how your complaint has been handled you have the right to lodge a complaint directly with the supervisory authority at the Information Commissioner's Office (ICO) Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF. Tel 0303 123 1113 or 01625 5457.

1. Personal data types & items

Data Type	Data Items
Personal Identifiers	National Insurance Number NHS Number Online Identifiers (IP Address) Passport Number Immigration documents Visas
Contact Information	Name Address Email Telephone Room Number Community Name
Personal Information	Date of Birth Gender Marital Status Photograph Nationality
Financial Information	Bank Details Employment Loan Details Life Assurance Details Pension Details PMI Details Tax Details
Employment Information	Absence Details Employment Details (Current) Employment Details (Historic) Maternity Details Performance Details Disciplinary and grievance records Qualification and Training Details Reference Details Remuneration Details
Special Category Data	Ethnic Origin Health Information Race Religion Criminal records
Third Party Information	Children’s Details Dependent Details Guarantor Details NOK Details Reference Details Spouse Details

1. Use of cookies

You can read more about our use of cookies on our Cookies page

1. Glossary

Affiliate

In relation to Sunrise, Gracewell or any Operating Company, any subsidiary or holding company of that entity and any subsidiary of a holding company of that entity.

Consent

In certain circumstances, we are required to obtain your consent to the processing of your Personal Data in relation to certain activities.

Article 4 of the GDPR states that (opt-in) consent is "any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of Personal Data relating to him or her." In plain language, this means that:

you have to give us your consent freely;
you have to know what you are consenting to;
you should have choice over which processing activities you consent to and which you don’t; and
you need to take positive and affirmative action in giving us your consent

We will keep records of the consents that we have received from you.

You have the right to withdraw your consent to these activities. You can do so at any time, and details of how to do so can be found in section 1.8.

Contractual Necessity

Article 6 of the GDPR states that we can process your Personal Data on the basis that such processing is necessary in order to enter into or perform a contract with you.

The "Contractual Necessity" lawful basis permits the processing of personal data in two different scenarios:

Situations in which processing is necessary for the performance of a contract to which you, the data subject, is a party. This may include, for example, processing your health details for the provision of residential care.
Situations that take place prior to entering into a contract such as pre-contractual relations. For example, a formal review of the health confirmation collected during the care package assessment to determine the level of care required and the associated residential costs.

From the point at which contract negotiations commence and throughout your stay with us we will rely on Contractual Necessity as the lawful basis for the majority of Personal Data processing activities.

Compliance with a Legal Obligation

Article 6 of the GDPR states that we can process your Personal Data on the basis that the we have a legal obligation to perform such processing. Processing is permitted if it is necessary for compliance with a legal obligation.

Legitimate Interests

Article 6 of the GDPR states that we can process your Personal Data where it is necessary for the purposes of the legitimate interests pursued by us or by a third party, except where such interests are overridden by the interests or fundamental rights or freedoms of you which require protection of Personal Data.

Operating Companies

Sunrise UK Operations Ltd	Sunrise of Bagshot Sunrise of Banstead Sunrise of Bassett Sunrise of Beaconsfield Sunrise of Chorleywood Sunrise of Eastbourne Sunrise of Edgbaston Sunrise of Elstree Sunrise of Fleet Sunrise of Frognal Sunrise of Guildford Sunrise of Hale Barns Sunrise of Mobberley Sunrise of Purley Sunrise of Solihull Sunrise of Sonning Sunrise of Southbourne Sunrise of Tettenhall Sunrise of Virginia Water Sunrise of Westbourne Sunrise of Winchester
Sunrise Operations Bramhall II Ltd	Sunrise of Bramhall
Sunrise Operations Cardiff Ltd	Sunrise of Cardiff
Sunrise Operations Esher Ltd	Sunrise of Esher
Sunrise Operations Weybridge Ltd	Sunrise of Weybridge

Sunrise Healthcare 4 Ltd	Holding company for Shelbourne Senior Living
Sunrise Healthcare 3 Ltd	Sunrise of Adderbury Sunrise of Bath Sunrise of Bookham Sunrise of Camberly Sunrise of Church Crookham Sunrise of Edgbaston Sunrise of High Wycombe Sunrise of Horley Park Sunrise of Kentford Sunrise of Newbury Sunrise of Salisbury Sunrise of Sutton Sunrise of Sutton Coldfield Sunrise of Weymouth Sunrise of Woking Sunrise of Fareham
Sunrise Healthcare 1 Ltd	Sunrise of Frome
Shelbourne Senior Living Ltd	Sunrise of Sway
Maids Moreton Operations Ltd	Sunrise of Maids Moreton
Bayfield Court Operations Ltd	Sunrise of Chingford
Sunrise Operations (Ascot) Ltd	Sunrise of Ascot

Gracewell Healthcare 4 Ltd	Holding company for Shelbourne Senior Living
Gracewell Healthcare 3 Ltd	Gracewell of Adderbury Gracewell of Bath Gracewell of Bookham Gracewell of Camberly Gracewell of Church Crookham Gracewell of Edgbaston Gracewell of Fareham Gracewell of High Wycombe Gracewell of Horley Park Gracewell of Kentford Gracewell of Newbury Gracewell of Salisbury Gracewell of Sutton Gracewell of Sutton Coldfield Gracewell of Weymouth Gracewell of Woking
Gracewell Healthcare 1 Ltd	Gracewell of Frome
Shelbourne Senior Living Ltd	Gracewell of Sway
Maids Moreton Operations Ltd	Gracewell of Maids Moreton
Bayfield Court Operations Ltd	Gracewell of Chingford
Gracewell Operations (Ascot) Ltd	Gracewell of Ascot