Privacy Notice

We would like to assure you that we take our responsibilities as a data controller seriously and are committed to using the personal data that we hold in accordance with the data protection law. Your privacy is important to us and it is essential that we advise you of how your data is processed.

Data Protection Principles

We will comply with data protection law. This says that the personal information we hold about you must be:

  1. Used lawfully, fairly and in a transparent way
  2. Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes
  3. Relevant to the purposes we have told you about and limited only to those purposes
  4. Accurate and kept up to date
  5. Kept as long as necessary for the purposes we have told you about
  6. Kept securely and processed in line with data subjects’ rights

Why do we collect and use client information?

We collect and use client information under section 6 of the GDPR, for one or more of the following purposes:

  • processing is necessary for the performance of a Supported Employment Service to which the client is party or in order to take steps at the request of the client prior to entering into a contract;
  • the client has given consent to the processing of their personal data for one or more specific purposes;
  • processing is necessary for compliance with a legal obligation to which GET is subject;
  • processing is necessary in order to protect the vital interests of the client or of another person;
  • processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in GET;

We use client data:

  • to support employment opportunities
  • to monitor and report on client progress in terms of gaining and retaining employment
  • to provide appropriate support
  • to assess the quality of our services
  • to comply with the law regarding data sharing

Processing for limited purposes

From the point of collection, your personal data may be processed for the purpose of providing you with a supported employment service or for any other purposes specifically permitted by the Act. This means that personal data must not be collected for one purpose and then used for another. If it becomes necessary to change the purpose for which the data is processed, we will inform you of the new purpose before any processing occurs, unless the new purpose is related to complying with another law.

The kind of information we hold about you

Personal data, or personal information, means any information relating to an identified or identifiable individual.

There are “special categories” of personal data which require a higher level of protection (Special Category Data). Special Category Data means personal data revealing a person’s racial or ethnic origin, political opinion, religious or philosophical belief or trade union membership, genetic data, biometric data, health data, personal data concerning an individual’s sex life or sexual orientation, or criminal data.

The categories of client information that we may collect, hold and share include:

  • Personal information (such as name, age, gender, date of birth, address, social security and population management numbers)
  • Characteristics data (such as language, nationality and country of birth)
  • Attendance information (such as sessions/meetings attended, number of absences and absence reasons)
  • Relevant medical information
  • Criminal record information
  • Specialist support needs information
  • Behavioural information

We will take reasonable steps to ensure that personal data that we hold about you is accurate and updated as required. In order that we may do so, please inform us if your circumstances change as soon as possible.

Whilst the majority of client information you provide to us is provided to us on a voluntary basis, we may need to collect some information to comply with another law, such as criminal convictions information. In order to comply with the General Data Protection Regulation, we will inform you whether you are required to provide certain information to us or if you have a choice in this.

How we use particularly sensitive personal information

What was referred to as sensitive personal data under the previous data protection law is now referred to as Special Category Data which requires a higher level of protection. We need to have further justification for collecting, storing, using this type of personal information. We may process special categories of personal information in the following circumstances:

  1. With your explicit written consent
  2. Where we need to carry out our legal obligations and in line with our data protection policy
  3. Where it is needed in the public interest, such as for equal opportunities monitoring, and in line with our data protection policy
  4. Where it is needed to assess your working capacity on health grounds, subject to appropriate confidentiality safe guards.

Less commonly, we may process this type of information where it is needed in relation to legal claims or where it is needed to protect your interests (or someone else’s interests) and you are not capable of giving your consent, or where you have already made the information public.

Data retention

Client details will be retained by us for as long as you are involved in our service and for a period up to six years after we have closed your case.

Change of Purpose

We will only use your personal information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal information for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

Data sharing

It may sometimes be necessary to share personal data with third party organisations. It is our responsibility to ensure that the data we share is processed correctly and shared in a safe manner. We do not share information about our clients with anyone without consent unless the law and our policies allow us to do so.

We routinely share client information with:

  • HR providers and potential Employers
  • Payroll providers
  • Employment and Social Security
  • Occupational health providers
  • Health and wellbeing services- States of Guernsey and Charitable Sector

The Guernsey Employment Trust may share information about our clients with Employment and Social Security and other private investors, who provide funding for the service. This is for:

  • conducting research or analysis
  • producing statistics
  • providing information, advice or guidance

The Guernsey Employment Trust has robust processes in place to ensure the confidentiality of our data is maintained and there are stringent controls in place regarding access and use of the data. Decisions on whether Guernsey Employment Trust releases data to third parties are subject to strict approval and based on a detailed assessment of:

  • who is requesting the data
  • the purpose for which it is required
  • the level and sensitivity of data requested: and
  • the arrangements in place to store and handle the data

We require third parties to respect the security of your data and to treat it in accordance with the law.

We may transfer your personal information to an unauthorised jurisdiction which is a jurisdiction which is not a) the Bailiwick, b) a Member State of the European Union, c) any country, any sector within a country, or any international organisation that the Commission has determined ensures an adequate level of protection within the meaning of Article 45(2) of the GDPR (or the equivalent article of the former Directive), and for which the determination is still in force, or d) a designated jurisdiction which is i) the United Kingdom, ii) a country within the United Kingdom, iii) any other country within the British Islands, or iv) any sector within a country mentioned in i), ii), or iii) (Unauthorised Jurisdictions).

If we do, you can expect a similar degree of protection in respect of your personal information.

Data security

We must ensure that appropriate security measures are taken against unlawful or unauthorised processing of your personal data, and against the accidental loss of, or damage to, personal data. You may apply to the courts for compensation if you have suffered damage from such a loss.

Processing in line with your rights

Under certain circumstances by law you also have the right to:

  • be informed
  • request the transfer of your data to another party
  • object to processing of personal data that is likely to cause, or is causing, damage or distress
  • prevent processing for the purpose of direct marketing
  • object to decisions being taken by automated means
  • have inaccurate personal data rectified
  • request that your data is erased
  • right of access to your personal information (subject access request)
  • be notified of rectification, erasure and restrictions
  • claim compensation for damages caused by a breach of the Data Protection regulations

Requesting access to your personal data

Under data protection legislation, clients have the right to request access to information about them that we hold. To make a request for your personal information, or be given access to records, contact the Chief Executive (whose details are below).

No fee usually required

You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.

Changes to this privacy notice

We reserve the right to update this privacy notice at any time, and will provide you with a new privacy notice when we make substantial updates. We may also notify you in other ways from time to time about the processing of your personal information.

Further information

If you have a concern about the way we are collecting or using your personal data, you should raise your concern with us in the first instance or directly to the Guernsey Data Protection Office.

If you would like to discuss anything in this privacy notice, please contact: Nicola Ioannou-Droushiotis (Chief Executive) on 247999 or email Nicola.ioannou.d@get.org.gg