Heritage Independent Living Ltd understands that your privacy is important to you and that you care about how your personal data is used. We respect and value the privacy of anyone who approaches us for help and will only collect and use personal data in ways that are described here, and in a way that is consistent with our obligations and your rights under the law.
1. WHO WE ARE
Heritage Independent Living Ltd is an established, nationwide, introductory agency for experienced live-in or daily carers, companions and housekeepers. We match experienced companions and professional carers, generally working in a self-employed capacity, with a wide range of people who wish to continue living in the comfort of their own home and pursue an independent lifestyle on their terms for as long as possible.
We are a limited company registered in England under Company Number: 08322274.
Our registered address is: Summers Orchard, Speke Close, Ilminster, TA19 9BJ.
Our main operating address is: Battersea Studios, 80, Silverthorne Road, London, SW8 3HE.
VAT number: GB 168 7977 32.
Email address: email@example.com.
Telephone number: 020 3011 2222 or 01460 395001.
Postal Address: Summers Orchard, Speke Close, Ilminster, TA19 9BJ.
2. WHAT DOES THIS POLICY COVER?
3. WHAT IS PERSONAL DATA?
Personal data is defined by the General Data Protection Regulation (EU Regulation 2016/679) (the “GDPR”) as ‘any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier’.
Personal data is, in simpler terms, any information about you that enables you to be identified. Personal data covers obvious information such as your name and contact details, financial information and health information but it also covers less obvious information such as your computer’s IP address or cookies.
4. WHAT ARE YOUR RIGHTS?
Under the GDPR, you have the following rights, which we will always work to uphold:
- The right to be informed about our collection and use of your personal data. This Privacy Notice should tell you everything you need to know, but you can always contact us to find out more or to ask any questions using the details at the end.
- The right to access the personal data we hold about you (commonly known as a “data subject access request”). Part 10 will tell you how to do this.
- The right to have your personal data rectified if any of your personal data held by us is inaccurate or incomplete. Please contact us using the details in Part 11 if you need to do this.
- In some cases, you might have the right to be forgotten, i.e. the right to ask us to delete or otherwise dispose of any of your personal data that we have. Note this is not an absolute right, as we may have legal or legitimate grounds for retaining your personal data. Please contact us using the details in Part 11 to find out more.
- In certain circumstances you have the right to restrict (i.e. prevent) the processing of your personal data.
- The right to object to us using your personal data for a particular purpose or purposes.
- Rights relating to automated decision-making and profiling. (We do not use your personal data in this way).
- The right to withdraw consent. In the limited circumstances where you may have provided your consent to the collection, processing and transfer of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.
Further information about your rights can also be obtained from the Information Commissioner’s Office or your local Citizens Advice Bureau.
If you have any cause for complaint about our use of your personal data, you have the right to lodge a complaint with the Information Commissioner’s Office.
5. WHAT PERSONAL DATA DO WE COLLECT?
We may collect some, or all, of the following personal data (this may vary according to your relationship with us):
- Contact details that may include some of the following: first name, surname, address, email address(es), telephone number(s), skype details.
- Date of birth;
- Business name/job title/profession
- Other information that you have chosen to share with us via the website e.g. uploading of CV’s, messages
- Information about your contact with us e.g. emails, letters, notes on phone calls, meetings etc
For Clients who choose to use our carer introduction service (or are enquiring about becoming a client of ours) we may additionally collect the following information:
- An overview of your care requirements. This will mainly be health data, which under the GDPR is defined as special category personal data. We need this information so that we can select a carer who has the necessary experience and will be able to provide the care required for your individual and particular needs. This information will only be collected and used where it is needed to provide the service you have requested
- Information about your preferences and interests; We need this information to help us select a good match with a suitable carer who shares a compatible outlook on life with you. Occasionally some of the information that you chose to share with us will be special category personal data such as religion. This information will only be collected and used where you feel that it is needed by us to help provide the service you have requested and where you give us your consent to do so.
- Payment information for invoicing purposes;
For carers wishing to become registered to be introduced to our clients we may additionally need data to:
- Confirm your identity.
- Check your right to work in the United Kingdom
- Check your qualifications and training
- Contact your referees directly, using the details you have supplied to us
- Seek assurances as to your integrity and reliability.
- Understand the experience that you have and your particular likes and dislikes so that we can try to make the best possible match with a client for you
- Carry out the necessary checks to ensure that you are able to work with vulnerable adults. This will require an up to date DBS enhanced certificate (or equivalent)
We do not collect more information than we need to assess you for a position working with us and we will not retain it for longer than is necessary. The information we ask for is used to assess your suitability for employment with Heritage Independent Living in whichever role you are applying for – you don’t have to provide the information that we request but it might affect our ability to assess your application if you don’t.
- CVs, application forms, covering letters, and similar documents.
- Previous experience and companies worked for
- Details of Referees. We will contact your referees, using the details you provide to us, directly to obtain references
When you use our website, information is collected using cookies. A cookie is a file containing an identifier (a string of letters and numbers) that is sent by a web server to a web browser, and stored by the browser. The identifier is then sent back to the server each time the browser requests a page from the server.
You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website however.
6. HOW DO WE USE YOUR PERSONAL DATA?
Your personal data may be used for one or more of the following purposes:
- Providing and managing your account.
- Entering into a contract with you (or taking steps to enter into a contract with you).
- It is necessary to provide the service you have requested
- Personalising and tailoring our services for you.
- Communicating with you. This may include responding to emails, letters or calls from you.
- It is necessary for us to meet our legal or regulatory obligations (e.g. invoicing, telling you about changes to Terms and Conditions)
We will never use your personal data for marketing purposes.
We never use automated decision making (automated decision making means the ability to make decisions using technology, without human involvement).
We never use profiling (this means automatically processing personal data to evaluate certain personal aspects about an individual).
Under the GDPR, we must always have a lawful basis for using your personal data. We rely on the following grounds within the GDPR:
a) Article 6(1)(f) – to process your personal data in pursuit of legitimate interests. Where we rely on a legitimate interest to process your personal data our legitimate interest is as follows:
To provide the introduction service to both Clients, requiring care and Carers, providing care. We process personal data to be able to provide these services. We need to understand the requirements of Clients and check the identity of Carers, their right to work, qualifications and experience. It is in the legitimate interest of all parties involved, Heritage Independent Living Ltd, the Client and the Carer, that Heritage Independent Living Ltd can process this personal data. By providing us with your personal data, we are able to better understand your needs and expectations when it comes to the services we offer. This understanding means we can improve our services so they match your specific needs.
b) Article 6(1)(d) – processing is necessary to protect the vital interests of an individual (normally where there is evidence of danger to your (or someone else’s) health and/or safety.
c) Article 6(1)(c) – processing is necessary for us to comply with a legal obligation – for instance so that we can demonstrate compliance with our regulatory framework and the law, or, for example where you pay for our services we need to keep your transaction information to comply with our tax and financial reporting obligations
d) Article 6(1)(b) – processing is necessary for the performance of our contracts to introduce suitable carers to our clients requiring support with care
In addition, the GDPR recognises that additional diligence is required when processing special category data. Special category data includes information about an individual’s health, race, religion etc.
a) Where we need to store and process your health data we rely on the following:
Article 9(2)(h) – processing is necessary for the provision of social care or the management of social care systems and services
b) For other special category data (not covered by Article 9(2)(h)) above that you choose to share with us, because you feel it is relevant to your relationship with us and will help us to carry out the service we are providing you with, then we rely on the following:
Article 9(2) (a) – the data subject has given explicit consent to the processing of those personal data for one or more specified purposes.
7. HOW LONG WILL WE KEEP YOUR PERSONAL DATA?
We will keep your personal information for as long as we need it to provide you with your requested services and for a reasonable time thereafter. We may also keep your personal data to meet our commercial or legal obligations.
To determine the retention period of your personal data, we consider several criteria to make sure that we do not keep your personal data for longer than is necessary or appropriate. These criteria include:
- The purpose for which we hold your personal data;
- Our legal and regulatory obligations in relation to that personal data, for example any financial reporting obligations;
- Whether our relationship with you is ongoing or you are no longer actively engaged with us;
- Any specific requests from you in relation to the deletion of your personal data; and
- Our legitimate business interests in relation to managing our own rights, for example the defence of any claims.
When we no longer need to retain your personal data, it will either be deleted or it will be anonymised so that you can no longer be identified from it.
If you are a Registered Client with us (which means that you have signed our terms and conditions and paid us your one-off registration fee) we will keep any personal and special category data for up to 20 years. Initially this is to provide you with the service you have requested, whenever you require it. In the longer term (where you have previously been introduced to a carer) we need to keep this information for safeguarding reasons.
If you are a potential Client (who has not registered with us but who we have had limited contact with in response to your request for further information on our services) we will keep the information that you have provided to us for 6 years from the date of our last contact with you. We keep it for this length of time, as in our experience, some of the people who contact us do not require our services immediately, but at some stage in the future, which can be many years later on.
If you are Carer who we have introduced to and who has worked for one of our clients we may need to keep any personal and special category data relating to your suitability for the role that you undertook for up to 20 years. This is in order to comply with safeguarding and insurance requirements and to be able to prove that the required checks and clearances were in place, and valid, at the time of your introduction.
If you are carer who has contacted us to be introduced to one of our clients, but who, to date, has not worked for our clients, we will keep the information you have provided us with for 6 years, from the date of our last contact with you.
Employees or Job Applicants:
In all cases we may also keep your information after any period specified but only where required to meet our legal or regulatory obligations. The length of time we keep your information for these purposes will vary depending on the obligations we need to meet.
8. HOW AND WHERE DO WE STORE OR TRANSFER YOUR PERSONAL DATA?
We take information and system security very seriously and we strive to comply with our obligations at all times. Any personal information which is collected, recorded or used in any way, whether on paper, online or any other media, will have appropriate safeguards applied in line with our data protection obligations. Your information is protected by controls designed to minimise loss or damage through accident, negligence or deliberate actions. Our employees also protect your confidential information when storing or transmitting information electronically.
Our website may, from time to time, contain links to and from the websites of our associate member organisations and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
Unfortunately, and outside of our control, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of the data transmitted to our site; any transmission of your data is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
9. DO WE SHARE YOUR PERSONAL DATA?
We only share your data, where necessary, to provide the service you have requested. We will never sell your details to someone else. Whenever we share your personal information, we will do so in line with our obligations to keep your information safe and secure. We share your information as follows:
- Trusted third parties that we have carefully selected to support us in the delivery of the services we offer to you e.g. support for invoicing and payment services. Also third parties that assist and help us in providing IT services, such as platform providers, hosting services, maintenance and support on our databases as well as on our software and applications;
- Our regulators and Supervisory Authority e.g. the Financial Conduct Authority (FCA), the Information Commissioner’s Office for the UK (the ICO)
- Law enforcement, credit and identity check agencies for the prevention and detection of crime
- In some limited circumstances, we may be legally required to share certain personal data, which might include yours, if we are involved in legal proceedings or complying with legal obligations, a court order, or the instructions of a government authority. In these instances, we will try to contact you beforehand.
10. HOW CAN YOU ACCESS YOUR PERSONAL DATA?
If you want to know what personal data we have about you, you can ask us for details of that personal data and for a copy of it (where any such personal data is held). This is known as a “subject access request”.
All subject access requests should be made in writing and sent to the email or postal addresses shown in Part 11. To make this as easy as possible for you, a Subject Access Request Form is available for you to use. You do not have to use this form, but it is the easiest way to tell us everything we need to know to respond to your request as quickly as possible.
There is not normally any charge for a subject access request. If your request is ‘manifestly unfounded or excessive’ (for example, if you make repetitive requests) a fee may be charged to cover our administrative costs in responding. We will need to verify your identity before being able to proceed with a subject access request.
We will respond to your subject access request within one month of receiving it. Normally, we aim to provide a complete response, including a copy of your personal data within that time. In some cases, however, particularly if your request is more complex, more time may be required up to a maximum of three months from the date we receive your request. You will be kept fully informed of our progress.
11. HOW DO YOU CONTACT US?
To contact us about anything to do with your personal data and data protection, including to make a subject access request, please use the contact information below:
Email address: firstname.lastname@example.org
Telephone number: 020 3011 2222 or 01460 395001
Postal Address: Heritage Independent Living Ltd, Summers Orchard, Speke Close, Ilminster, TA19 9BJ.
12. HOW TO MAKE A COMPLAINT?
If you are still unhappy, you can complain to the Supervisory Authority the Information Commissioners Office (ICO) at https://ico.org.uk/