Privacy Notice

We, Kent Surrey & Sussex Community Rehabilitation Company Limited (KSS CRC), are committed to protecting your privacy and promise to collect, process and share your data safely and securely. Our Privacy Notice tells you how we do this and what your rights are.  Any personal data processed in line with our Privacy Notice is being done in our capacity as either a data controller or joint data controller.

We want you to be confident that your personal data will be kept safe and secure whilst in our care, that’s why we will always tell you what we collect and how we use it. We only share your data with our network of trusted partners.

We will never sell your personal information to third parties.

Your data is important to us, that’s why it is protected by industry best practice systems and processes, is stored securely and we are committed to maintaining the Confidentiality, Integrity and Availability of your information at all times.

Data Controller details:
The Kent Surrey & Sussex Community Rehabilitation Company Limited
Registered Office: 75-77 Main Road, Hockley, Essex, SS5 4RG
Company Registration No: 08802556

This privacy notice tells you what to expect when KSS CRC collects personal information. It applies to information we collect about:

People managed by KSS CRC following sentence by the courts, either directly or on behalf of the National Probation Service or Youth Offending Team. People who are not subject to a sentence of the Court but are in receipt of Interventions or Services provided through KSS CRC.

Information we collect about you

 

How we use your personal data

Why we use your personal data

Referral

We use your personal and contact information to register you onto our client management database.

Necessary for the performance of a legal obligation between you and the Ministry of Justice (MOJ).

Verification of identity and address

We may require copies of documents to verify your identity and address.

Necessary for compliance with a legal or contractual obligation.

Communicating with you

We use the personal and contact information provided by you and copies of your communications with us to manage our relationship with you. For example:

  • to notify you about appointments;
  • to communicate with you in response to any query, request or complaint you may have including by email and telephone.

Necessary for the performance of a contract with you and the MOJ.

 

Necessary to comply with a legal obligation.

 

Necessary for our legitimate interests (to keep our records updated and to evidence our interactions).

Staff training

We may use copies of your communications with us (including voice recordings) in order to train our staff.

Necessary for our legitimate interests (to ensure that we are able to provide the best service to you).

Providing rehabilitation services

Whilst you are managed by KSS CRC, we will use your information, including information that is regarded as special categories of data such as health information to manage appointments, complete action plans and assessments, support your progression and to support evidence of our interactions.

 

Necessary for a legal obligation between you and the MOJ.

 

In addition to having a lawful basis for processing, KSS CRC must also indicate which of the conditions it is relying on as set out in Article 9(2) in order to process special categories of data.  For further guidance see: https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/lawful-basis-for-processing/special-category-data/

 

How your information is shared

We sometimes share the data we collect from you with the following trusted third parties:

  • Supply chain partners who are contractually linked with the delivery of the services on our behalf.
  • The Ministry of Justice, NPS or health service or other such regulatory authority – for legal or regulatory purposes.
  • Auditors – to audit our systems and processes for the purposes of ensuring efficiency, or regulatory or contractual compliance.
  • UK law enforcement agencies or third-party security companies – as part of an investigation or for the purposes of ensuring that we comply with the law and have adequate security measures in place.
  • Professional advisers including auditors and insurers and lawyers– for the purposes of providing consultancy, legal, insurance and accounting services.
  • We will disclose your personal information to third parties if we are under a duty to disclose or share your personal data in order to comply with any legal or regulatory obligation or request.

How long do we keep your information?

  • We will only keep your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal or contractual requirements.
  • At the end of that retention period, your data will either be deleted or anonymised (so that it can no longer be associated with you) for research or statistical purposes.
  • To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
  • In some circumstances you may be entitled to ask us to delete your data: see ‘Your rights’ below for further information.

Job applicantsClick to expand

Information we collect about you

  • Personal and contact information when you complete the online application, including your name, address, email address, telephone number(s), employment history, qualifications.  We may collect some of that contact information when you interact with us including during the application process.

  • Details (and copies) of your communications and interactions with us via our recruitment team or otherwise, including by email, telephone (voice recordings) and post.  Further information what we do with voice recordings can be viewed on our Voice Recordings page.

  • Copies of documents you provide to prove your identity (including driving licence and passport) when you are interacting with us through the recruitment process, or where there is a legal reason to request this from you.

  • Information about how you use our website, and which websites you came to our website from.  For more information, please see the Visitors to our website page.

  • We may also receive personal data directly from you or from various third parties and public sources, including from social media channels (if you interact with us through those channels), or other third parties including from employers or recruitment agencies.

How and why we use your personal data

We have set out all of the ways we use your personal data, and why in the table below. We have also identified what our legitimate interests are where appropriate.

It is sometimes necessary for us to process your personal data in order to enter into a contract with you, or to satisfy a contractual requirement (referred to as ‘performance of a contract with you’ below), or to comply with a statutory requirement.

 

How we use your personal data

Why we use your personal data

Initial application

We use your personal and contact information to register you onto our recruitment database.

Necessary for the legitimate interest of the business to process your application for a vacancy.

Verification of identity 

We may require copies of documents to verify your identity.

Necessary for compliance with a legal obligation.

Communicating with you

We use the personal and contact information provided by you and copies of your communications with us to manage our relationship with you. For example:

  • to notify you about interview appointments;
  • to communicate with you in response to any query, request or complaint you may have including by email and telephone.

Necessary for the legitimate interest of your application for a vacancy.

 

Necessary to comply with a legal obligation.

 

Necessary for our legitimate interests (to keep our records updated and to evidence our interactions).

Staff training

We may use copies of your communications with us (including voice recordings) in order to train our staff.

Necessary for our legitimate interests (to ensure that we are able to provide the best service to you).

Progressing an application

We will use your personal information to enable us to progress you through each stage of our recruitment process.

 

Necessary for the legitimate interest of your application for a job vacancy or contract.

 

 

Vetting & background Checks

We will provide your information to third parties to enable us to conduct vetting and background checks as required by the role applied for.

Necessary to comply with a legal obligation.

How your information is shared

We sometimes share the data we collect from you with the following trusted third parties:

  • As a successful applicant, with Payroll, pension providers as part of your contract of employment and our legal obligations.
  • Police or other such regulatory authority – as part of an investigation or otherwise for legal or regulatory purposes.
  • Auditors – to audit our systems and processes for the purposes of ensuring efficiency, or regulatory or contractual compliance.
  • UK law enforcement agencies and third-party security companies – for the purposes of ensuring that we comply with the law and have adequate security measures in place.
  • Professional advisers including lawyers, auditors and insurers – for the purposes of providing consultancy, legal, insurance and accounting services.

How long do we keep your information?

We will only keep your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal or contractual requirements

  • Unsuccessful applicants:  We only keep your personal information as provided to us by you during the recruitment process for 6 months from the closure of the recruitment campaign for the role in question.  Information generated throughout the assessment process, such as interview notes, will be held for 6 months following the closure of the recruitment campaign for the role you applied for.
  • Successful applicants: Your information, including information generated, will be saved in your employee file and will be deleted in accordance with terms of your contract of employment and Employee Handbook.
  • At the end of that retention period, your data will either be deleted or anonymised (so that it can no longer be associated with you) for research or statistical purposes.
  • To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

In some circumstances you may be entitled to ask us to delete your data: see ‘Your rights’ below for further information.


Enquiries through our Contact Us pageClick to expand

Information we collect about you

  • Details (and copies) of your communications and interactions with us via our Communications team or otherwise, including by email, telephone (voice recordings) and post.
  • Information about how you use our website, and which websites you came to our website from.  For more information, please see the Visitors to our website page.
  • We may also receive personal data directly from you or from various third parties and public sources, including from social media channels (if you interact with us through those channels), or other third parties including from employers or recruitment agencies.

How and why we use your personal data

We have set out all of the ways we use your personal data, and why in the table below. We have also identified what our legitimate interests are where appropriate.

It is sometimes necessary for us to process your personal data in order to enter into a contract with you, or to satisfy a contractual requirement (referred to as ‘performance of a contract with you’ below), or to comply with a statutory requirement. 

 

How we use your personal data

Why we use your personal data

Enquiry

We use your personal and contact information to deal with your enquiry.

Necessary for the legitimate interest of dealing with your enquiry.

Verification of identity and address

We may require copies of documents to verify your identity.

Necessary for compliance with a legal or contractual obligation.

Communicating with you

We use the personal and contact information provided by you and copies of your communications with us to manage our relationship with you. For example:

  • to notify you about appointments;
  • to communicate with you in response to any query, request or complaint you may have including by email and telephone.

Necessary for our legitimate interests (to ensure your enquiry is dealt with).

 

Necessary to comply with a legal obligation.

 

Necessary for our legitimate interests (to keep our records updated and to evidence our interactions).

Staff training

We may use copies of your communications with us (including voice recordings) in order to train our staff.

Necessary for our legitimate interests (to ensure that we are able to provide the best service to you).

How your information is shared

Depending on the nature of your enquiry, we sometimes share the data we collect from you with the following trusted third parties:

  • General enquiries made through the Contact Us page and not shared outside the organisation.
  • Supply chain partners who are contractually linked with the delivery of our programmes on behalf of us.
  • Recruitment and employment agencies to assist in the fulfilment of our contractual obligations to help you find employment.
  • Police or other such regulatory authority – as part of an investigation or otherwise for legal or regulatory purposes.
  • Auditors – to audit our systems and processes for the purposes of ensuring efficiency, or regulatory or contractual compliance.
  • English law enforcement agencies and third-party security companies – for the purposes of ensuring that we comply with the law and have adequate security measures in place.
  • Professional advisers including lawyers, auditors and insurers – for the purposes of providing consultancy, legal, insurance and accounting services.

How long do we keep your information?

  • We will only keep your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal or contractual requirements.
  • At the end of that retention period, your data will either be deleted or anonymised (so that it can no longer be associated with you) for research or statistical purposes.
  • To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

In some circumstances you may be entitled to ask us to delete your data: see ‘Your rights’ below for further information.


Voice Recordings

Information we collect about you

  • Personal and contact information when you contact us via telephone such as voicemail and answerphones.

How and why we use your personal data

We have set out all of the ways we use your personal data, and why in the table below. We have also identified what our legitimate interests are where appropriate.

It is sometimes necessary for us to process your personal data in order to enter into a contract with you, or to satisfy a contractual requirement (referred to as ‘performance of a contract with you’ below), or to comply with a statutory requirement. 

 

 

How we use your personal data

Why we use your personal data

Staff training

We may use copies of your communications with us (including voice recordings) in order to train our staff.

Necessary for our legitimate interests (to ensure that we are able to provide the best service to you).

How your information is shared

Depending on the nature of your enquiry, we sometimes share the data we collect from you with the following trusted third parties:

  • Supply chain partner who are contractually linked with the provision of the recording services.
  • Police or other such regulatory authority – as part of an investigation or otherwise for legal or regulatory purposes.
  • Auditors – to audit our systems and processes for the purposes of ensuring efficiency, or regulatory or contractual compliance.
  • Professional advisers including lawyers, auditors and insurers – for the purposes of providing consultancy, legal, insurance and accounting services.

How long do we keep your information?

  • We will only keep your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal or contractual requirements.
  • At the end of that retention period, your data will either be deleted or anonymised (so that it can no longer be associated with you) for research or statistical purposes.
  • To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
  • In some circumstances you may be entitled to ask us to delete your data: see ‘Your rights’ below for further information.

Visitors to our website

Information we collect about you

  • Information about how you use our website, and which websites you came from.
  • Technical information about your device or browser when you use our website, including geolocation data to determine what country you are accessing our website from, your internet protocol (IP) address, device ID, browser type and version and time zone setting, which may in some circumstances be personal data.

How and why we use your personal data

We have set out all of the ways we use your personal data, and why in the table below. We have also identified what our legitimate interests are where appropriate.

It is sometimes necessary for us to process your personal data in order to enter into a contract with you, or to satisfy a contractual requirement (referred to as ‘performance of a contract with you’ below), or to comply with a statutory requirement. 

 

How we use your personal data

Why we use your personal data

Maintaining the website

We use browsing history and online ID to provide a better service to you.

Necessary for our legitimate interests (to ensure that we are able to provide the best service to you).

Staff training

We may use your browsing history to train our staff.

Necessary for our legitimate interests (to ensure that we are able to provide the best service to you).

Statistical Analysis

Review of visitor traffic and trends.

Necessary for legitimate interests (to improve our website experience).

How your information is shared

Depending on the nature of your visit, we sometimes share the data we collect from you with the following trusted third parties:

  • Parent organisation for governance and statistical monitoring.
  • Law enforcement agencies and third-party security companies – for the purposes of ensuring that we comply with the law and have adequate security measures in place.

How long do we keep your information?

  • We will only keep your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal or contractual requirements.
  • At the end of that retention period, your data will either be deleted or anonymised (so that it can no longer be associated with you) for research or statistical purposes.
  • To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
  • In some circumstances you may be entitled to ask us to delete your data: see ‘Your rights’ below for further information.

Click the headings above to read more about how it applies to each of these areas.

How we protect your personal data

We have put various technical and organisational measures in place to protect your personal data:

  • We are independently certified to a number of industry recognised standards, including ISO27001:2013 which helps us maintain the highest levels of security across our entire business.
  • Our online security controls maintain confidentiality at all times.
  • As described in this Privacy Notice, we may in some instances disclose your personal data to third parties. Where we do, we require that third party to have appropriate technical and organisational measures in place to protect your personal data; however in some instances we may be compelled by law to disclose your personal data to a third party, and have limited control over how it is protected by that party.
  • Our website and technical security controls are regularly audited by an independent auditor to ensure we maintain our security accreditations.
  • Your personal data is not processed or transferred outside of the European Economic Area (EEA).

Your rights

You have the right:

  • to ask us not to use your personal data for direct marketing.
  • to ask us not to process your personal data where it is processed on the basis of legitimate interests, if there are no compelling reasons for that processing;
  • to request from us access to personal information held about you (see below for how to make such a request);
  • to ask for the information we hold about you to be rectified if it is inaccurate or incomplete;
  • to ask that we stop any consent-based processing of your personal data after you withdraw that consent;
  • to ask, in certain circumstances, to delete the personal data we hold about you;
  • to ask, in certain circumstances, for the processing of your personal data to be restricted; and
  • to ask, in certain circumstances, for your data to be moved to another controller.

In order to request a copy of the personal data that KSS CRC holds about you, please send your request in writing to the Data Protection Officer at the address below. To enable us to verify your identity and process your request, you must include all of the following information and documentation with your request:

  • your full name;
  • a description of the data that you are requesting, including a date range;
  • a copy of your current and valid photo ID (e.g. passport photo page);
  • proof of your address in the form of a photocopy of a utilities or service provider bill; and
  • the date of the request.

Get in touch with us

If you have any questions about our Privacy Notice, including any requests to exercise your rights, please contact the Data Protection Officer using the details set out below:

By post to:

Data Protection Officer
Kent Surrey & Sussex Community Rehabilitation Company Limited (KSS CRC),
Maidstone Corporate Centre,
3rd Floor Maidstone House,
King Street, Maidstone
ME15 6AW

By email to:

dataprotection@ksscrc.scc.gsi.gov.uk

If you are unhappy with our processing of your personal data, you have the right to complain to the Information Commissioners Office (ICO) at any time. The ICO contact details are available here: https://ico.org.uk/concerns/ .

We would, however, appreciate the chance to deal with any concerns before you approach the ICO, so please contact the Data Protection Officer in the first instance.