Privacy policy

Heritage Independent Living Privacy Policy – your rights, your information and how we use it

Heritage Independent Living Ltd understands that your privacy is important to you and that you care about how your personal data is used. We respect and value the privacy of anyone who approaches us for help and will only collect and use personal data in ways that are described here, and in a way that is consistent with our obligations and your rights under the law.

When you share personal data with us or when we collect personal data about you, we will use it in line with this Privacy Policy. Please read this information carefully. If you have any questions or concerns about your personal data, please contact us at admin@heritageliveincare.co.uk.

We may change this Privacy Notice from time to time. This may be necessary, for example, if the law changes, or if we change our business in a way that affects personal data protection. Any changes will be made available on this website. This version of our Privacy Policy was last updated on 20th August 2018

1. WHO WE ARE

Heritage Independent Living Ltd is an established, nationwide, introductory agency for experienced live-in or daily carers, companions and housekeepers. We match experienced companions and professional carers, generally working in a self-employed capacity, with a wide range of people who wish to continue living in the comfort of their own home and pursue an independent lifestyle on their terms for as long as possible.

We are a limited company registered in England under Company Number: 08322274.

Our registered address is: Summers Orchard, Speke Close, Ilminster, TA19 9BJ.

Our main operating address is: Battersea Studios, 80, Silverthorne Road, London, SW8 3HE.

VAT number: GB 168 7977 32.

Email address: admin@heritageliveincare.co.uk.

Telephone number: 020 3011 2222 or 01460 395001.

Postal Address: Summers Orchard, Speke Close, Ilminster, TA19 9BJ.

2. WHAT DOES THIS POLICY COVER?

This Privacy Policy explains how we use your personal data, how it is collected, how it is held, and how it is processed. It also explains your rights under the law relating to your personal data.

3. WHAT IS PERSONAL DATA?

Personal data is defined by the General Data Protection Regulation (EU Regulation 2016/679) (the “GDPR”) as ‘any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier’.

Personal data is, in simpler terms, any information about you that enables you to be identified. Personal data covers obvious information such as your name and contact details, financial information and health information but it also covers less obvious information such as your computer’s IP address or cookies.

This Privacy Policy covers the personal data that we collect and use.

4. WHAT ARE YOUR RIGHTS?

Under the GDPR, you have the following rights, which we will always work to uphold:

  1. The right to be informed about our collection and use of your personal data. This Privacy Notice should tell you everything you need to know, but you can always contact us to find out more or to ask any questions using the details at the end.
  2. The right to access the personal data we hold about you (commonly known as a “data subject access request”). Part 10 will tell you how to do this.
  3. The right to have your personal data rectified if any of your personal data held by us is inaccurate or incomplete. Please contact us using the details in Part 11 if you need to do this.
  4. In some cases, you might have the right to be forgotten, i.e. the right to ask us to delete or otherwise dispose of any of your personal data that we have. Note this is not an absolute right, as we may have legal or legitimate grounds for retaining your personal data. Please contact us using the details in Part 11 to find out more.
  5. In certain circumstances you have the right to restrict (i.e. prevent) the processing of your personal data.
  6. The right to object to us using your personal data for a particular purpose or purposes.
  7. Rights relating to automated decision-making and profiling. (We do not use your personal data in this way).
  8. The right to withdraw consent. In the limited circumstances where you may have provided your consent to the collection, processing and transfer of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.

Further information about your rights can also be obtained from the Information Commissioner’s Office or your local Citizens Advice Bureau.

If you have any cause for complaint about our use of your personal data, you have the right to lodge a complaint with the Information Commissioner’s Office.

5. WHAT PERSONAL DATA DO WE COLLECT?

We may collect some, or all, of the following personal data (this may vary according to your relationship with us):

  • Contact details that may include some of the following: first name, surname, address, email address(es), telephone number(s), skype details.
  • Date of birth;
  • Gender;
  • Business name/job title/profession
  • Other information that you have chosen to share with us via the website e.g. uploading of CV’s, messages
  • Information about your contact with us e.g. emails, letters, notes on phone calls, meetings etc

Clients:

For Clients who choose to use our carer introduction service (or are enquiring about becoming a client of ours) we may additionally collect the following information:

  • An overview of your care requirements. This will mainly be health data, which under the GDPR is defined as special category personal data. We need this information so that we can select a carer who has the necessary experience and will be able to provide the care required for your individual and particular needs. This information will only be collected and used where it is needed to provide the service you have requested
  • Information about your preferences and interests; We need this information to help us select a good match with a suitable carer who shares a compatible outlook on life with you. Occasionally some of the information that you chose to share with us will be special category personal data such as religion. This information will only be collected and used where you feel that it is needed by us to help provide the service you have requested and where you give us your consent to do so.
  • Payment information for invoicing purposes;

More details on the personal information that we require from you, and how we use it, can be found in our separate Clients Privacy Policy that will be sent to you when you make contact with us.

Carers:

For carers wishing to become registered to be introduced to our clients we may additionally need data to:

  • Confirm your identity.
  • Check your right to work in the United Kingdom
  • Check your qualifications and training
  • Contact your referees directly, using the details you have supplied to us
  • Seek assurances as to your integrity and reliability.
  • Understand the experience that you have and your particular likes and dislikes so that we can try to make the best possible match with a client for you
  • Carry out the necessary checks to ensure that you are able to work with vulnerable adults. This will require an up to date DBS enhanced certificate (or equivalent)

More details on the personal information that we require from you, and how we use it, can be found in our separate Carers Privacy Policy that will be sent to you when you make contact with us.

Employee Applicants:

We do not collect more information than we need to assess you for a position working with us and we will not retain it for longer than is necessary. The information we ask for is used to assess your suitability for employment with Heritage Independent Living in whichever role you are applying for – you don’t have to provide the information that we request but it might affect our ability to assess your application if you don’t.

  • CVs, application forms, covering letters, and similar documents.
  • Previous experience and companies worked for
  • Details of Referees. We will contact your referees, using the details you provide to us, directly to obtain references

Website Users

When you use our website, information is collected using cookies. A cookie is a file containing an identifier (a string of letters and numbers) that is sent by a web server to a web browser, and stored by the browser. The identifier is then sent back to the server each time the browser requests a page from the server.

Cookies store small pieces of information. For example – they will remember you’ve visited our website or performed a certain action. We use cookies to help us improve your experience when you visit our website. For example, a cookie might store information so you don’t have to keep entering it. Cookies also let us know which pages of our website you visited; they help us develop and market our products and services. They also help us track sales. We may use both “session” cookie and “persistent” cookies on the website. Session cookies will be deleted from your computer when you close your browser. Persistent cookies will remain stored on your computer until deleted, or until they reach a specified expiry date.

You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website however.

You can find more detail about our use of Cookies in our Heritage Independent Living Cookie Policy.

6. HOW DO WE USE YOUR PERSONAL DATA?

Your personal data may be used for one or more of the following purposes:

  • Providing and managing your account.
  • Entering into a contract with you (or taking steps to enter into a contract with you).
  • It is necessary to provide the service you have requested
  • Personalising and tailoring our services for you.
  • Communicating with you. This may include responding to emails, letters or calls from you.
  • It is necessary for us to meet our legal or regulatory obligations (e.g. invoicing, telling you about changes to Terms and Conditions)

We will never use your personal data for marketing purposes.

We never use automated decision making (automated decision making means the ability to make decisions using technology, without human involvement).

We never use profiling (this means automatically processing personal data to evaluate certain personal aspects about an individual).

Under the GDPR, we must always have a lawful basis for using your personal data. We rely on the following grounds within the GDPR:

a) Article 6(1)(f) – to process your personal data in pursuit of legitimate interests. Where we rely on a legitimate interest to process your personal data our legitimate interest is as follows:

To provide the introduction service to both Clients, requiring care and Carers, providing care. We process personal data to be able to provide these services. We need to understand the requirements of Clients and check the identity of Carers, their right to work, qualifications and experience. It is in the legitimate interest of all parties involved, Heritage Independent Living Ltd, the Client and the Carer, that Heritage Independent Living Ltd can process this personal data. By providing us with your personal data, we are able to better understand your needs and expectations when it comes to the services we offer. This understanding means we can improve our services so they match your specific needs.

b) Article 6(1)(d) – processing is necessary to protect the vital interests of an individual (normally where there is evidence of danger to your (or someone else’s) health and/or safety.

c) Article 6(1)(c) – processing is necessary for us to comply with a legal obligation – for instance so that we can demonstrate compliance with our regulatory framework and the law, or, for example where you pay for our services we need to keep your transaction information to comply with our tax and financial reporting obligations

d) Article 6(1)(b) – processing is necessary for the performance of our contracts to introduce suitable carers to our clients requiring support with care

In addition, the GDPR recognises that additional diligence is required when processing special category data. Special category data includes information about an individual’s health, race, religion etc.

a) Where we need to store and process your health data we rely on the following:

Article 9(2)(h) – processing is necessary for the provision of social care or the management of social care systems and services

b) For other special category data (not covered by Article 9(2)(h)) above that you choose to share with us, because you feel it is relevant to your relationship with us and will help us to carry out the service we are providing you with, then we rely on the following:

Article 9(2) (a) – the data subject has given explicit consent to the processing of those personal data for one or more specified purposes.

7. HOW LONG WILL WE KEEP YOUR PERSONAL DATA?

We will keep your personal information for as long as we need it to provide you with your requested services and for a reasonable time thereafter. We may also keep your personal data to meet our commercial or legal obligations.

To determine the retention period of your personal data, we consider several criteria to make sure that we do not keep your personal data for longer than is necessary or appropriate. These criteria include:

  • The purpose for which we hold your personal data;
  • Our legal and regulatory obligations in relation to that personal data, for example any financial reporting obligations;
  • Whether our relationship with you is ongoing or you are no longer actively engaged with us;
  • Any specific requests from you in relation to the deletion of your personal data; and
  • Our legitimate business interests in relation to managing our own rights, for example the defence of any claims.

When we no longer need to retain your personal data, it will either be deleted or it will be anonymised so that you can no longer be identified from it.

Clients:

If you are a Registered Client with us (which means that you have signed our terms and conditions and paid us your one-off registration fee) we will keep any personal and special category data for up to 20 years. Initially this is to provide you with the service you have requested, whenever you require it. In the longer term (where you have previously been introduced to a carer) we need to keep this information for safeguarding reasons.

If you are a potential Client (who has not registered with us but who we have had limited contact with in response to your request for further information on our services) we will keep the information that you have provided to us for 6 years from the date of our last contact with you. We keep it for this length of time, as in our experience, some of the people who contact us do not require our services immediately, but at some stage in the future, which can be many years later on.

Carers:

If you are Carer who we have introduced to and who has worked for one of our clients we may need to keep any personal and special category data relating to your suitability for the role that you undertook for up to 20 years. This is in order to comply with safeguarding and insurance requirements and to be able to prove that the required checks and clearances were in place, and valid, at the time of your introduction.

If you are carer who has contacted us to be introduced to one of our clients, but who, to date, has not worked for our clients, we will keep the information you have provided us with for 6 years, from the date of our last contact with you.

Employees or Job Applicants:

If you are successful applicant, then we have an Employee Privacy Policy that will cover the details of the information that we will hold about you. If you are unsuccessful in your application, then we will hold your details for up to 3 years after our last contact with you.

In all cases we may also keep your information after any period specified but only where required to meet our legal or regulatory obligations. The length of time we keep your information for these purposes will vary depending on the obligations we need to meet.

8. HOW AND WHERE DO WE STORE OR TRANSFER YOUR PERSONAL DATA?

We take information and system security very seriously and we strive to comply with our obligations at all times. Any personal information which is collected, recorded or used in any way, whether on paper, online or any other media, will have appropriate safeguards applied in line with our data protection obligations. Your information is protected by controls designed to minimise loss or damage through accident, negligence or deliberate actions. Our employees also protect your confidential information when storing or transmitting information electronically.

Where we can, we aim to store your personal data in the UK. This means that it will be fully protected under the GDPR. We may also store or transfer some or all of your (electronic) personal data, protected through GDPR aligned contracts, in countries that are not part of the European Economic Area (the “EEA”) including, in particular, the United States. By submitting your personal data, you agree to this transfer, storing and/or processing. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this privacy policy.

Our website may, from time to time, contain links to and from the websites of our associate member organisations and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.

Unfortunately, and outside of our control, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of the data transmitted to our site; any transmission of your data is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.

9. DO WE SHARE YOUR PERSONAL DATA?

We only share your data, where necessary, to provide the service you have requested. We will never sell your details to someone else. Whenever we share your personal information, we will do so in line with our obligations to keep your information safe and secure. We share your information as follows:

  • Trusted third parties that we have carefully selected to support us in the delivery of the services we offer to you e.g. support for invoicing and payment services. Also third parties that assist and help us in providing IT services, such as platform providers, hosting services, maintenance and support on our databases as well as on our software and applications;
  • Our regulators and Supervisory Authority e.g. the Financial Conduct Authority (FCA), the Information Commissioner’s Office for the UK (the ICO)
  • Law enforcement, credit and identity check agencies for the prevention and detection of crime
  • In some limited circumstances, we may be legally required to share certain personal data, which might include yours, if we are involved in legal proceedings or complying with legal obligations, a court order, or the instructions of a government authority. In these instances, we will try to contact you beforehand.
  • In the event that we sell any or part of our business or assets, we may disclose your personal data to the prospective buyer of such business or assets. If Heritage Independent Living Ltd or a part of its assets are acquired by a third party, personal data we hold about our customers relating to those assets will be one of the transferred assets. In such cases, your personal data will be processed by the buyer acting as the new data controller and its privacy policy will govern the processing of your personal data.

Clients Data

We share your data with a potential carer only when you have been consulted and you have decided that you would like to contact the carer to determine whether you wish to proceed with engaging them. Prior to this, an anonymised, general description of the required care role may be given out to potential carers in order for them to determine if the role is one that they would be interested in and available for. More detail can be found in our Clients Privacy Policy which will be sent to you when you make contact with us

Carers Data

If we find a suitable client that we feel would be a good match for you we will contact you and give you a brief anonymised outline of the role. If you wish to be considered for the role we will then ask your permission to share your personal information with the client so that they can decide if they wish to consider engaging you and if so, contact you for further discussions. The information we send to them will include some of the personal data we hold on you, except your address which we never share with anyone unless instructed to by you. More detail can be found in our Carers Privacy Policy which will be sent to you when you make contact with us.

10. HOW CAN YOU ACCESS YOUR PERSONAL DATA?

If you want to know what personal data we have about you, you can ask us for details of that personal data and for a copy of it (where any such personal data is held). This is known as a “subject access request”.

All subject access requests should be made in writing and sent to the email or postal addresses shown in Part 11. To make this as easy as possible for you, a Subject Access Request Form is available for you to use. You do not have to use this form, but it is the easiest way to tell us everything we need to know to respond to your request as quickly as possible.

There is not normally any charge for a subject access request. If your request is ‘manifestly unfounded or excessive’ (for example, if you make repetitive requests) a fee may be charged to cover our administrative costs in responding. We will need to verify your identity before being able to proceed with a subject access request.

We will respond to your subject access request within one month of receiving it. Normally, we aim to provide a complete response, including a copy of your personal data within that time. In some cases, however, particularly if your request is more complex, more time may be required up to a maximum of three months from the date we receive your request. You will be kept fully informed of our progress.

11. HOW DO YOU CONTACT US?

To contact us about anything to do with your personal data and data protection, including to make a subject access request, please use the contact information below:

Email address: admin@heritageliveincare.co.uk

Telephone number: 020 3011 2222 or 01460 395001

Postal Address: Heritage Independent Living Ltd, Summers Orchard, Speke Close, Ilminster, TA19 9BJ.

12. HOW TO MAKE A COMPLAINT?

We will always strive to collect, use and safeguard your personal information in line with data protection laws. If you do not believe we have handled your information as set out in our Privacy Policy please use the details above to contact us and we will do our utmost to make things right.

If you are still unhappy, you can complain to the Supervisory Authority the Information Commissioners Office (ICO) at https://ico.org.uk/