Our commitment to protecting your personal information.
Last revised on 30 May 2018.
This policy applies to information we collect when you choose to use our Website, www.carefound.co.uk, and also to personal information which we process further to supplying services to you or receiving products or services from you.
We are required to collect and use personal data relating to our clients, their families, carers, and staff in order to provide the proper care for our clients and to run our business. We are sensitive to the fact that much of this information is what the law now describes as 'Special Category' personal data.
This policy describes how all personal data is collected, handled and stored in order to meet our obligations under data protection laws and in particular, the General Data Protection Regulation (‘GDPR’) also referenced in this policy as 'Legislation'.
If there are any questions relating to how we handle personal data or this policy these should be directed to our Data Protection Officer, Oliver Stirk. He can be contacted at firstname.lastname@example.org or on 01423 774070.
We believe that a transparent policy is essential in building solid relationships with our clients and that the security of your data is of paramount importance. We will only ever collect the minimal amount of data we require in order to provide our services to you and your family. We will never sell this data and we only share this data with a third party if it relates to the well-being of our client.
Who we are
Carefound Home Care (Harrogate) Limited with company number 07449703 and a registered office at Oakwood Park, Bishop Thornton, Harrogate, North Yorkshire, HG3 3JN and Carefound Home Care (Wilmslow) Limited with company number 08809516, registered at the same address, are both owned by Oliver Stirk, who runs the business known as " Carefound Home Care" and owns the Website.
Carefound Home Care ('we' or 'us') are a 'data controller' for the purposes of the GDPR, where we control the purposes for which we process your personal information. We take all appropriate steps to ensure compliance with the Legislation.
What information we collect
We collect personal information about you (such as your name, address, email address and telephone number), when you make an enquiry via our online form or by telephone or when you purchase services from us or supply us with goods or services.
When you or a family member becomes a client we will take detailed information relating to health and care needs. We may also collect a photograph of a client, however these will only be collected and used with your consent on our marketing materials including our Website.
Special Category personal information
We will process sensitive personal information for example when carrying out an assessment of care needs. If we request such information, we will explain why we are requesting it and how we intend to use it.
Special category personal information is information relating to:
- ethnic origin
- political opinions
- religious beliefs
- trade union membership
- physical or mental health or condition
- sexual life
We will only process your Special Category personal information relating to your health and then only with your explicit consent.
We use the data we collect from cookies to monitor how many times you visit the website, which pages you go to, traffic data, location data and the originating domain name of your internet service provider, to improve your experience whilst visiting the website, and better understand how you use it. This information helps us to build a profile of our users. Some of this data will be aggregated or statistical, which means that we will not be able to identify you individually.
You can set your browser not to accept cookies and the websites below tell you how to remove cookies from your browser. However, some of our website features may not function as a result.
Third party cookies
Personal information about other individuals
If you give us information on behalf of someone else, you confirm that either:
- the other person has a contractual relationship with you and knows that you will be transferring their personal data to us for specific purposes and / or
- s/he has appointed you to act on his/her behalf and/or has agreed that you can:
- give consent on his / her behalf to the processing of his/her personal data
- receive on his / her behalf any data protection notices
- give consent to the processing of his / her sensitive personal data (as listed below)
How we use information about you
We process information about you so that we can:
- prepare, review and update a suitable care plan, describing the nature and level of care and support services which you have requested we supply to you
- communicate with you, your representatives and any appropriate external social or health care professionals about your individual needs and personalise the service delivered to you
- provide the services requested and notify you of any changes to them
- make reasonable adjustments, when required, to meet your individual needs and to ensure we have suitable facilities to ensure your safety
- invoice you for the care and support services in accordance with our terms and conditions
- carry out quality assurance procedures, review our service and improve our client experience (please note that feedback can also be provided anonymously)
- identify you and manage any account you hold with us
- let you know about other services that may be of interest to you (see 'Marketing’ section below)
- detect and prevent fraud
- customise our Website and its content to your particular preferences
- notify you of any changes to our Website that may affect you
- improve our services
Sharing your personal information
We may send information about you to other parties for example to:
- appropriate external social or health care professionals (including your GP and pharmacist) and any individuals you have nominated as your representative
- within Carefound Home Care in order to provide safe and effective services to you
- IT and telecoms support companies to ensure the safe, secure and resilient operation of our IT infrastructure including computers, servers, phones and mobile devices
- software support companies to provide specialist support and resolve issues with the software that we run, for example the systems we use to store and manage your client records
- financial agencies to process payments
- service providers
- law enforcement agencies in connection with any investigation to help prevent unlawful activity
Sometimes we are required by law to share your personal information, such as with local safeguarding groups to ensure your safety. Sometimes we share your personal information to improve the way in which we run our services (for example where we license software and use this to manage personal data).
Where we share your data with a third party, unless it is with a law enforcement agency, we always make sure that we have appropriate legal safeguards in place, usually written agreements which require the third party to comply with the Legislation and our commitment to you as set out in this policy.
Any comments you make on these social media platforms in general must be not offensive, insulting or defamatory. You are responsible for ensuring that any comments you make comply with any relevant policy on acceptable use of those services.
We use any information submitted to us by you to provide you with further information by email about the services we offer which you have requested and / or which may be of interest to you. You can choose to unsubscribe at any point by clicking on the link at the bottom of the email or by contacting us at email@example.com.
Email marketing campaigns published by us may contain tracking facilities within the actual email. Subscribed activity is tracked and stored in a database for future analysis and evaluation. Such tracked activity may include: the opening of emails, forwarding of emails, the clicking of links within the email consent, times, dates and frequency of activity (this is by no means a comprehensive list).
Lawful basis for processing personal data
We will only process your personal data where we have a legal basis for doing so. There are 6 lawful reasons for processing personal data which are:
- Contractual - the processing is necessary to fulfil a contract we have with you, or because you have asked you to take specific steps before entering into a contract
- Legal Obligation - the processing is necessary for us to comply with the law
- Vital Interests - the processing is necessary for us to protect a person’s life
- Legitimate Interest - the processing is necessary for our legitimate interest and this does not override an individual' s personal data rights and freedoms
- Consent - you have given clear consent for that processing of your personal data
- Public Task - the processing is necessary for us to perform a task in the public interest or for our official functions
Most of the processing we carry out in relation to your personal data is done in order to fulfil our contractual obligations with you but we also have legal obligations to keep and use certain personal data, vital interest (to keep and use certain health information such as allergies), legitimate interest and consent.
If we are relying on the legitimate business interest basis for lawful processing be assured that we only do this where we have considered carefully the risks to your rights and freedoms (as we are required to do by the GDPR) and we will not process personal data on this basis if we have any doubt that your rights might be adversely affected. We also revisit this assessment regularly and update our procedures according to our findings.
Keeping your data secure
Our staff are bound by obligations of confidentiality and trained in the protection of personal data. We will take all reasonable steps to comply with the Legislation and use the appropriate technical and organisational measures necessary to safeguard your personal data. We only share your personal data with third parties who are required to comply with the Legislation.
While we will use all reasonable efforts to safeguard your personal data, you acknowledge that the use of the internet is not entirely secure and for this reason we cannot guarantee the security or integrity of any personal data that is transferred from you or to you via the internet. If you have any particular concerns about your information, please contact us (see ‘How to contact us’ below).
If you want detailed information from Get Safe Online on how to protect your information and your computers and devices against fraud, identity theft, viruses and many other online problems, please visit www.getsafeonline.org. Get Safe Online is supported by HM Government and leading businesses.
We do not send your data outside the EEA but should we need to do so we will ensure that the appropriate legal safeguards are in place.
We store your personal data on secure servers for a period of:
- 3 years from the date on which your contract with us ends
- 3 years from the last date of entry in the case of hard copy files
- in relation to any photographs of you these will be used indefinitely for marketing purposes or
- until you ask us to destroy it
in each case unless the law requires us to store the data for a longer period.
The GDPR provides the following rights for individuals whose personal data is processed:
- The right to be informed
- The right of access
- The right to rectification
- The right to erasure
- The right to restrict processing
- The right to data portability
- The right to object to processing
- Rights in relation to automated decision making and profiling
Right to access, rectification, erasure, and to restrict or object to processing
You can request a copy of your information which we hold; or request that we amend it, erase it, or only contact you for certain purposes, or stop contacting you, or stop using certain personal data, by emailing or writing to us (see ‘How to contact us’ below). Please let us have proof of your identity (a copy of your driving licence or passport) and let us know what information you want.
Right to lodge a complaint with the Supervisory Authority
If you have any concerns or complaints about how we use your personal data we hope you will alert us to these directly (see ‘How can you contact us?’ below). You are entitled to complain to the Information Commissioners Office (ICO) which is the supervisory authority in the UK. Their contact details and the procedure can be found at www.ico.gov.uk.
How to contact us