This includes the privacy information applicable to our self-employed carers.
Last updated: February 2020
How we use your information (including fraud prevention & credit checks)
Fraud Prevention and Credit Checks
Lawful bases for using your information
Sharing your information (including information sent outside the European Economic Area – EEA)
Keeping you informed about our products and services
Amendment and retention of information
Carer Data Protection statement
Consolidated Healthcare Agency Limited, together with its subsidiaries are registered as data controllers with the Information Commissioner’s Office (ICO).
Companies within Consolidated Healthcare Agencies Limited use a variety of well-known brand and trading names including, but not limited to, Country Cousins and Patricia White’s.
Consolidated Healthcare Agencies Limited ("we","us") are committed to protecting your privacy. We comply with the principles of the General Data Protection Regulation (GDPR) and associated data protection legislation. We aim to maintain best-practice standards in our processing of personal and/or special category personal data (this is also referred to as sensitive personal data).
How we use your information
We use the information we receive from you, together with information we have obtained from our dealings with you (including in relation to goods and/or services we provide to you and/or your use of those goods and/or services), to provide goods and/or services that you request, to communicate with you, and to personalise information sent to you.
We do not sell, trade, or rent your personal information to others.
We store all the information you provide to us, including information provided via forms you complete on our website, and information which we may collect from your browsing. Our server, in common with nearly all web servers, logs each page that is downloaded from the site. If you contact us electronically we may collect your electronic identifier, e.g. Internet protocol (IP) address or phone number supplied by your service provider. This is to identify the number of visits to our websites, fraudulent behaviour or mystery shoppers using our websites.
We ask for your home, mobile phone number, and email address to enable us to contact you in relation to an enquiry you have made, to contact you if there is a problem with your order, notifying you about important functionality changes to the website, or if there is another genuine reason for doing so. For example, when you enter a contest or other promotional features, we use these details to administer the contest and notify winners.
Sometimes we may need to collect information that the law defines as special category data (also called sensitive personal data). This includes, but is not limited to, information about racial or ethnic origin, sexual orientation, health data, and criminal records. We will not collect or use these types of data without your consent, unless the law allows us to do so. If we do, it will only be when it is necessary as determined by the law and the ICO.
Any new information you provide to us may be used to update an existing record we hold for you. If you provide a work email address we will not be responsible for third parties having access to any communications we send.
We collect credit or debit card details from you in order to pay for a service or product. We will keep such details secure and ensure that the details are only used further with your consent and/or for the purposes of any appropriate refunds.
In the event of phone calls from you, we also reserve the right to ask security questions (which we in our sole discretion deem appropriate) in order to satisfy ourselves that you are who you say you are.
Fraud prevention and credit checks
To help us prevent fraud and money laundering, your details may be submitted to fraud prevention agencies and other organisations where your records may be searched.
In order to assess financial and insurance risk, we will make full and open checks on the electoral roll registers and public data provided to us by credit reference bureaus and other third parties.
Our own security procedures mean that we may occasionally have to request proof of identity or check your presence on the electoral roll.
Lawful bases for using your information
Before you provide any data to us we will endeavour to make it clear why we need it. Sometimes we may need special category (sensitive) personal data. When this is required, we will obtain your consent first, unless the information is necessary to provide the service requested by you. Without this information, we may not be able to fulfil the product or service you have requested.
A customer may properly give their partner's consent over the phone or via the website providing the customer confirms they have permission to do so. If the consent is written, the spouse must independently endorse such consent via counter signature.
We use the information you provide to us, either orally or in writing and the information we obtain from you through the use of our website, and as a result of our dealings with you (including any data we obtain from third parties) to provide the service requested by you. It may also be used for market research and statistical purposes.
We recognise that we have a legitimate interest in processing the personal data we collect about you for a number of reasons, including, but not limited to: marketing purposes, to enables us to enhance, modify, personalise, or otherwise improve our services, identify and prevent fraud, enhance and protect the security of our network and systems, and market research (e.g. determining the effectiveness of campaigns and the products / services we offer). “Legitimate interests” means the interests of our company in conducting and managing our business to enable us to give you the best service and most secure experience.
When we use your information for our legitimate interests, we make sure to consider and balance any potential impact on you and your data protection rights. Where applicable, legitimate interest assessments are conducted to ensure that these rights are protected.
Keeping you informed about our products and services
When you contact us, either online or via one of our contact centres, we may ask for your permission to contact you about the products and services we offer. Where we have obtained your permission to do so we will contact you by post, telephone, email or other means to tell you about offers, products and services that may be of interest to you.
We also recognise that it is in our legitimate interests to send communications about our products and services, latest offers and rewards, so we may process your information to send you communications that are tailored to your interests.
At any time, you can opt out of receiving such information, revise the products you would like to hear about or change the method we use to communicate with you. You can update these preferences by contacting us in the normal ways.
We also use your personal information to make decisions about what products, services and offers we think you may be interested in. This is called profiling for marketing purposes. You can contact us at any time and ask us to stop using your personal information this way. If you allow it, we may show or send you marketing material online (on our own and other websites including social media), or by email, phone or post.
We make outbound phone calls for a number of reasons relating to our services. We are fully committed to the regulations set out by Ofcom and follow strict processes to ensure we comply with them.
We may use personal data, collected in respect of one product to market another product that we may deem appropriate and relevant to you based on the information we have collected.
Sharing your information
As previously mentioned, we do not sell, trade or rent your information, and will never disclose information about you (including information obtained from our dealings with you) to third parties, except:
a) where we have a legal interest in a company;
b) to fulfil your specific orders for a product or service or information in the event that third parties deliver the relevant product or service or information. In these instances, while the information you provide will be disclosed to them, it will only be used for the administration of the service provided, including (but not limited to), verification of any quote given to you, pricing purposes as appropriate, testing, and to maintain management information for business analysis.
c) where third parties administer part or all of the product or service.
We may of course be obliged by law to pass on your information to the police or any other statutory or regulatory authority and in some cases, exemptions may apply under relevant data protection legislation, whereby we can legitimately release personal data e.g. to prevent or detect crime or in connection with legal proceedings.
Subsequent to your purchase of a product or service, we may enter into an arrangement for that service to be provided by a new third party. If this happens, the terms and conditions of your contract with us will provide that you consent to the transfer and processing of personal and/or special category personal data to the new provider, subject to the requirements of the GDPR and associated legislation.
If we provide information to a third party (either a provider of a product or service, or an external data processing agency such as a mailing house) or a company we have a legal interest in, we will exercise the strictest control over them contractually, requiring it and any of its agents and/or suppliers to:
maintain the security and confidentiality of the information and restrict access to those of its own employees
use the data for the agreed purpose only and prevent it being used for any other purpose by any other party
refrain from communicating with you other than concerning the product in question
return the data to us at the conclusion of any contract term, and destroy or delete any copies made of all or any part of the information unless copies are needed to be kept to comply with regulations
In addition, we will restrict the information disclosed to the absolute minimum necessary, for example, to provide the product or service.
Information sent outside the EEA
From time to time we may use service providers and organisations outside the EEA for the purpose of processing services, system testing and maintenance.
It is worth noting, however, that some non-EEA countries do not afford the same level of data security as the UK. We will always use every reasonable effort to ensure sufficient protections are in place to safeguard your personal information.
Amendment and retention of information
Please advise us in writing as to any changes in your circumstances, or if you feel we hold inaccurate information about you so that we can update our records accordingly.
We will hold your personal information in accordance with the principles of the GDPR (and associated legislation) and in line with our Data Retention Policy. We are obliged and permitted by law and regulation to retain certain types of data for a minimum period of time. The minimum period of time tends to be for six years but can be longer if the statute or regulation requires.
Access to your information: You have a statutory right of access to accessible personal and/or sensitive personal data that we hold about you. In order to exercise this right, your application must be in writing, either via letter or email. Please refer to the information you wish to see giving dates if possible. Please note that where relevant we may ask for proof of your identity.
We will not administer Subject Access Requests by a third party unless accompanied by a written authority of the individual who is the subject of the request.
We have one month to respond to a valid request.
Rights related to automated decision making including profiling: We use the information we know about you to make decisions which inform our pricing, fraud prevention and the products and services we can offer. Automated decision making enables us to make efficient and fair decisions, providing a better service for our customers. Whilst you have the right to object to us using your information in this way, this could have an impact on the products or services we may be able to offer you. We use automated decision making in the following areas:
Tailoring our marketing communications – as mentioned previously, we use your personal information to make decisions about what products, services and offers we think you may be interested in. This ensures the communications you receive from us are tailored and relevant to your interests. You can opt out of this at any time by contacting us.
The right to erasure: you have the right to request that your personal data is erased and to prevent processing in specific circumstances which are detailed by the ICO.
The right to data portability: you have the right to obtain and reuse the personal data that you have provided to us for your own purposes which includes transferring it to other services.
For further information regarding your rights, or to make a request; please write to the Data Protection Officer, Consolidated Healthcare Agencies Limited at Aviation House, Cross Oak Lane, Redhill, RH1 5EX.
We welcome your questions and comments about privacy. Please write to the Data Protection Officer, Consolidated Healthcare Agencies Limited at Aviation House, Cross Oak Lane, Redhill, RH1 5EX.
You have the right to lodge a complaint with the Information Commissioner’s Office (ICO) if you feel your personal information has not been handled correctly. You can do this via ico.org.uk/concerns or by writing to: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Carer data protection
Consolidated Healthcare Agencies Ltd, trading as Patricia White’s and Country Cousins, are the data controller in respect of your personal data. Under the Data Protection Act 2018 we are required to provide you with certain information about how we collect, store, share and retain your personal data.
The purposes for which we will process your personal data (whether provided by you or third parties) are as follows:
to assess your skills, suitability and eligibility to become a companion/carer;
if you subsequently are accepted as one of our carers, to assist in introducing you to our clients;
this may also include providing clients with copies of photographs for identification purposes;
to introduce you to clients, to collect feedback about your service delivery and to review the success of the introduction between you and each client;
to update you with relevant information about us and our clients.
You understand that as part of the above process and prior to introducing you to potential clients, we will seek references from your previous employer(s) and/or clients. We may retain certain personal data supplied by you after you have ceased to be a carer with our agency in order to comply with current legislation and client requirements. We will hold your personal data for up to 2 years, after the end of your most recent introduction, at which time it will be destroyed.
Although we have to share some details as an agency, we only do so with the appropriate people, who have a legal right to request your information, or where you provide us with consent to share your personal data. We do not sell your personal data.