Privacy Policy

Privacy Policy

Last updated: [15th of November 2025]

1. Who we are

This Privacy Policy explains how we collect, use, and protect your personal information.

We are:
Health and Social Ltd
10 Harmer Street, Gravesend, England, DA12 2AX
Company number 14129626

We provide home care services to adults in their own homes.

If you have any questions about this notice or how we use your information, you can contact us at:

  • Email: Info @healthandsocialcare.uk

  • Phone: 0800 6247404

  • Post: Unit 3, Kingsdale Business Centre, Unit 3, Kingsdale Business Centre, Regina Road, Regina Rd, Chelmsford CM1 1PE

If you are unhappy with how we handle your data, you also have the right to contact the Information Commissioner’s Office (ICO).

2. What this policy covers

This Privacy Policy applies to:

  • People who use our services (clients and former clients)

  • People who may use our services in future (enquirers)

  • Family members, representatives, and next of kin

  • Staff and job applicants

  • Professionals and suppliers we work with

  • Visitors to our website

We may provide additional privacy information for specific situations (for example, for staff or job applicants). Where we do, you should read that alongside this policy.

3. The information we collect

The type of information we collect will depend on your relationship with us.

If you receive or enquire about care services

We may collect:

  • Contact details: name, address, phone number, email

  • Personal details: date of birth, gender, preferred name, language

  • Health and care information: medical conditions, disabilities, care needs, medication, risk assessments, care plans

  • Family and support network: details of next of kin, attorneys, advocates, and key contacts

  • Professional contacts: GP, district nurse, social worker, therapists, and other professionals

  • Financial and funding information: details about how your care is funded, invoices, and payments (we do not store full card details if you pay by card via a secure provider)

  • Visit records: notes from carers about the support provided and any changes or concerns

If you are a family member, representative, or attorney

We may collect:

  • Your contact details

  • Your relationship to the person we support

  • Copies of legal documents (for example, Power of Attorney)

If you apply for a job with us

We may collect:

  • Your contact details and CV

  • Education, training, and employment history

  • Interview notes and application forms

  • References and right-to-work documentation

  • Criminal record information (DBS checks)

If you visit our website

We may collect:

  • Information you provide via forms (contact forms, job applications, etc.)

  • Technical information such as IP address, browser type, and basic usage data (via cookies or analytics tools), where enabled

You can control non-essential cookies through your browser settings and any cookie banner we provide.

4. How we collect your information

We may collect information:

  • Directly from you (in person, by phone, by email, through our website, or via forms)

  • From family members, attorneys, or representatives, with your knowledge where possible

  • From health and social care professionals involved in your care

  • From local authorities, the NHS, or other organisations commissioning or funding services

  • From referees and background checks (for staff and applicants)

We will always try to make sure the information we hold is accurate and up to date.

5. Why we use your information (legal bases)

We use personal information for several reasons. The main legal bases under data protection law include:

  • To provide our services: We need certain information to plan, deliver, and manage your care (performance of a contract or steps taken at your request).

  • To meet legal obligations: We must keep certain records to comply with laws and regulations (for example, health and safety, safeguarding, employment law).

  • To protect someone’s vital interests: In emergencies, we may use or share information if it is necessary to protect someone’s life or prevent serious harm.

  • For our legitimate interests: For example, to manage our business, respond to enquiries, improve services, or handle complaints—where this does not override your rights.

  • With your consent: In some situations (for example, some types of marketing or sharing information outside the usual care team), we may rely on your explicit consent. You can withdraw consent at any time.

Because we provide care services, we also process special category data (such as health information). We use this only where it is necessary for providing health or social care, protecting vulnerable people, or where the law specifically allows it.

6. How we use your information

We may use your information to:

  • Assess your needs and plan your care

  • Deliver safe, effective, and personalised care

  • Communicate with you and your chosen contacts about your care

  • Work with health and social care professionals involved in your support

  • Manage our staff, rotas, and service delivery

  • Handle enquiries, complaints, and feedback

  • Keep required records for regulatory, audit, and insurance purposes

  • Recruit, train, and support staff

  • Improve our services and website

We do not sell your personal information to anyone.

7. Who we share your information with

We may share information, where appropriate and necessary, with:

  • Health and social care professionals: GPs, district nurses, hospital teams, social workers, therapists, and other providers involved in your care

  • Local authorities, NHS bodies, and funders: where they are commissioning or funding services for you

  • Regulatory bodies: such as the Care Quality Commission (CQC) or local safeguarding teams, where required

  • Emergency services: in urgent situations to protect life or prevent serious harm

  • Professional advisors: such as our legal or insurance advisors, where needed

  • Service suppliers: for example, secure care management systems, payroll services, or IT providers, who act on our instructions and are bound by confidentiality and data protection obligations

We will share the minimum necessary information and only with people or organisations who have a genuine need to know.

8. International transfers

Most of the time, your information will be processed within the UK [and/or EEA]. If we ever use a service provider that stores or processes data outside the UK, we will:

  • Make sure there are appropriate safeguards in place (for example, approved contracts), and

  • Take reasonable steps to ensure your information is protected to UK standards.

9. How we keep your information safe

We take security seriously. Measures we may use include:

  • Secure systems and passwords to access records

  • Limiting access to those who need it for their role

  • Staff training on confidentiality and data protection

  • Policies on secure handling, storage, and disposal of information

  • Encryption, secure backups, and other technical protections where appropriate

Despite our efforts, no system is completely risk free, but we work hard to reduce the risk of loss, misuse, unauthorised access, or disclosure.

10. How long we keep your information

We do not keep personal information longer than necessary.

  • For people who receive care, we typically keep records for a minimum period required by law or guidance (often several years after services end), in case they are needed for regulatory or legal reasons.

  • For job applicants and staff, we keep records in line with employment and safeguarding requirements.

  • For enquiries, we may keep basic contact details and notes for a reasonable period in case you get back in touch.

When we no longer need information, we will securely delete or anonymise it.

11. Your rights

Under data protection law, you have several rights, including:

  • Right to be informed – to know how we use your data (this policy is part of that).

  • Right of access – to request a copy of the personal information we hold about you.

  • Right to rectification – to ask us to correct incorrect or incomplete information.

  • Right to erasure – in some cases, to ask us to delete information we hold about you.

  • Right to restrict processing – to limit how we use your information in certain circumstances.

  • Right to data portability – in some situations, to request your data in a reusable format.

  • Right to object – to certain types of processing, including direct marketing.

  • Rights related to automated decision-making – we do not currently use fully automated decision-making that has legal or similarly significant effects.

Some rights may be limited where we have legal obligations or strong legitimate reasons to keep information. If that’s the case, we’ll explain why.

12. How to make a data request

If you want to access, correct, or request deletion of your data—or exercise any of your rights—you can contact us using:

  • Email: Info @healthandsocialcare.uk

  • Post: Unit 3, Kingsdale Business Centre, Unit 3, Kingsdale Business Centre, Regina Road, Regina Rd, Chelmsford CM1 1PE

We may need to confirm your identity before we can respond. We aim to respond within one month of receiving your request, as required by law.

13. Concerns and complaints

If you are unhappy with how we use your information, please contact us first so we can try to resolve the issue.

If you remain concerned, you have the right to complain to the Information Commissioner’s Office (ICO):

  • Website: search for “ICO make a complaint”

  • Phone: 0303 123 1113 (UK)

14. Changes to this Privacy Policy

We may update this Privacy Policy from time to time, for example if our services change or if the law changes. The latest version will always be available on our website and will show the date it was last updated.

If the changes are significant, we may also contact you directly where appropriate.

Scroll to Top