Data Privacy Notice

“Special categories” of particularly sensitive personal information require higher levels of protection. We need to have further justification for collecting, storing and using this type of personal information. We have in place appropriate safeguards which we are required by law to maintain when processing such data. We may process special categories of personal information in the following circumstances:

1. In limited circumstances, with your explicit written consent.
2. Where we need to carry out our legal obligations.

Less commonly, we may process this type of information where it is needed in relation to legal claims or where it is needed to protect your interests (or someone else’s interests) and you are not capable of giving your consent, or where you have already made the information public.


Do we need your consent?

We do not need your consent if we use special categories of your personal information in accordance with our written policy to carry out our legal obligations. In limited circumstances, we may approach you for your written consent to allow us to process certain particularly sensitive data. If we do so, we will provide you with full details of the information that we would like and the reason we need it, so that you can carefully consider whether you wish to consent.

You should be aware that it is not a condition of your contract with us that you agree to any request for consent from us.


Who has access to data?

Your information will be accessible internally with ROC Group staff. We will not share your data with any third party unless legally required to do so or with your written consent. We will not transfer your data to countries outside the European Economic Area.


Where your information may be held

Information may be held at our offices and those of our affiliates.


How do we protect your data?

We take the security of your data seriously. We have internal policies and controls in place to try to ensure that your data is not lost, accidentally destroyed, misused or disclosed. We limit access to your personal data to those who have a genuine business need to know or use it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality. Physical personal data is stored securely in locked filing cabinets or
drawers. Electronic data stored on our IT systems is password protected, encrypted and information is held on drives with restricted access.

Where we engage third parties to process personal data on our behalf, the third parties do so on the basis of written instructions, are under a duty of confidentiality and are obliged to implement appropriate technical and organisational measures to ensure the security of your data. We have procedures in place to deal with any suspected data security breach.

We will notify you and any applicable regulator of a suspected breach
where we are legally required to do so.


For how long do we keep your data?

We shall not retain your data for any longer than is necessary for the purpose we obtained it or for longer that we are required to by law.


For how long do we keep your data?​

We shall not retain your data for any longer than is necessary for the purpose we obtained it or for longer that we are required to by law.


Your rights

As a data subject, you have a number of rights. You can:

• access and obtain a copy of your data on request;
• require us to change incorrect or incomplete data;
• require us to delete or stop processing your data, for example where the data is no longer necessary for the purposes of processing;
• object to the processing of your data where we are relying on our legitimate interests as the legal ground for processing;
• and request the transfer of your data to another party.

In the limited circumstances where you may have provided your consent to the collection, processing and transfer of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law or to comply with fostering regulations.

If you would like to exercise any of these rights, please contact our Data Protection Officer Sally Bishop at ROC Group, Hope House, Burnhope, Newton Aycliffe, Co. Durham DL5 7ER.

If you believe that we have not complied with your data protection rights, we hope that we can resolve any query or concern you have. If not, you can complain to the Information Commissioner. You can contact the Information Commissioners Office on 0303 123 1113 or via email https://ico.org.uk/global/contact-us/email/ or at the Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF.


What if you do not provide personal data?

You have obligations in submitting an enquiry to provide us with data. If you fail to provide certain information when requested, we may not be able to conduct your assessment which would in turn prevent you from working with us.

Certain information (such as contact details, payment details, health information) have to be provided to enable us to enter into a contract with you. If you do not provide requested information, this will hinder our ability to fulfil our obligations.