This policy supplements any materials or contracts you receive as a regulated service user — where clinical and social-care confidentiality duties apply your care team can explain specifics. Everything here aligns with UK data-protection law including the UK GDPR and the Data Protection Act 2018.
In plain English
You should leave this page knowing the essentials — what we collect, why it matters to you, and how to contact us if something doesn't look right.
- Transparency. We tell you upfront what categories of information we use and for which purposes — no hidden resale of your profile.
- Lawful & proportionate. We rely on lawful grounds under UK GDPR (reasonable business needs + explicit consent where that is legally required).
- Security. We protect data with organisational and technical safeguards and expect the same diligence from processors who work under our instructions.
- You are in control. Subject to exemptions, you can ask to see what we hold, correct mistakes, restrict use, or escalate to the ICO — details below.
Who we are — the data controller
Several My Homecare offices may operate as separate controllers for statutory purposes. Who is responsible for your information is clarified on correspondence and your branch page (look for the registered address and ICO registration details where published). Website-only visitors or people making a general enquiry are typically interacting with those details shown in our site footer.
Prefer to talk to a human? Use the telephone or mail link in any page footer — we will route your request to privacy or safeguarding colleagues when necessary.
What categories of personal data we may collect
Exactly what arrives in our records depends how you interact with us. Broadly speaking we may hold:
- 1.
Identity & communications
Names, postal address snippets, postcode, telephone numbers and email supplied through forms or when you correspond with us verbally or in writing.
- 2.
Enquiry narratives
Facts you voluntarily share concerning care needs — sometimes including wellbeing information classified as higher sensitivity under GDPR when we formally deliver care.
- 3.
Technical metadata
IP address, rudimentary geo derived from telecom networks, timestamps, diagnostic data from crashes and abusive traffic — used purely to safeguard infrastructure and analyse basic traffic patterns unless you approve deeper analytics separately.
Why we process data — lawful bases in brief
The law requires each purpose have a lawful “peg”. For most enquiries and legitimate business activity we cite Legitimate interests balancing your rights against our need to organise responses, safeguard sites and train responders. Dedicated marketing beyond service updates will ordinarily rest on Consent which you may withdraw freely.
Regulated caregivers may process what UK law terms special category information strictly where clinically or contractually unavoidable — always gated by substantive public interest, employment or health-sector provisions together with meticulous internal policy. Your individual care-plan documentation supplements this webpage.
How long we keep personal data
Routine marketing leads delete or anonymise on rolling cycles absent an active relationship. Serious incident, complaints and statutory registers may linger longer precisely because regulators require demonstrable histories — we will not park data “just because”.
You may request indicative retention notes for typical datasets when writing in.
Your rights — and where to escalate
You can normally ask us to:
- Confirm processing & provide a portability-friendly copy (“subject access”).
- Rectify inaccuracies or incompleteness.
- Restrict how we manipulate disputed facts while verified.
- Object to reliance on legitimate interest where imbalance shifts unfavourably to you.
- Request deletion if no superseding lawful duty survives.
We respond without undue delay and within statutory maximums absent complex multi-party review. If we refuse wholly or partly we explain rationale and escalation paths verbatim.