This policy relates to the distribution of free CARE branded badges to the paid adult social care workforce in England. The Department of Health and Social Care (DHSC) has worked with The APS Group (Crown Commercial supplier), who have created an online ordering site to allows registered users to order badges for their organisation. The APS Group will be responsible for the order fulfilment and distribution of badges and are verifying orders using CQC-provided details and other details for non-CQC organisations (internet research).
The Department of Health and Social Care are the data controller and APS the data processor acting under our instruction.
Personal information is collected on the APS site (name, email address, delivery address, number of badges required) for registered users of the site to enable the fulfilment of the orders. All users will use their email address on APS’ site to create a username and password, to track orders.
For CQC registered providers, the email address linked to their CQC listing/entry and Organisation Data Service (ODS) code will be used to verify that orders are from legitimate CQC registered care organisations. ODS codes are unique codes created by the Organisation Data Service within NHS Digital used to identify organisations across health and social care.
Similar information will be collected for orders from non-CQC care organisations with order sizes over 25, where APS will manually check that the postal addresses and phone numbers provided belong to adult social care organisations.
The information provided will be used to fulfil CARE badge orders and to verify orders are from social care providers.
The Department of Health and Social Care will receive anonymised Management Information to monitor progress, problem-solve and forecast trends.
Article 6 of the General Data Processing Regulations:
(e) processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
APS is the Data Processor and will only share data with other parties when necessary to successfully fulfil the order. This will be limited to sharing name and address personal data with the delivery partner, DX, for the badges to be delivered.
As standard we do not transfer your personal data outside the European Economic Area (EEA).
The portal will be open for as long as the badges are available therefore data will be stored for this period of time only to allow for the verification process to be completed. Data will be destroyed when the portal closes.
Disposal of data will be through disabling users’ accounts which are generated via the email addresses, after the portal closes. This means that the accounts will be anonymized with all email addresses removed. All databases of email addresses will also be deleted.
APS’s customer service team have the ability to disable and anonymize users at the request of a user at any time.
APS uses HTTPS communication so data is completely secure. APS hold certificates for Information Commissioner's Office (ICO) Registration certificate, Cyber essential plus certificate and ISO/IEC certificate which comply to high levels of security standards.
In addition, users can request removal of their personal data and the APS run customer services team can disable and anonymize users.
By law, data subjects have a number of rights and this processing does not take away or reduce these rights under the EU General Data Protection Regulation (2016/679) and the UK Data Protection Act 2018 applies.
These rights are:
Anyone unhappy or wishing to complain about how personal data is used as part of this programme, should contact firstname.lastname@example.org in the first instance or write to:
Data Protection Officer
1st Floor North
39 Victoria Street
Anyone who is still not satisfied can complain to the Information Commissioners Office. Their website address is www.ico.org.uk and their postal address is:
Information Commissioner's Office
No decision will be made about individuals solely on the basis of automated decision making (where a decision is taken about them using an electronic system without human involvement) which has a significant impact on them.
This privacy notice is kept under regular review, and new versions will be available on our privacy notice page on our website. This privacy notice was last updated on 11/12/2020