Please view below our privacy policies for website users, our service users, our staff and job applicants and for marketing and 3rd party users.
In this Privacy Policy when we refer to “Call-In Homecare ” or “we”, “us” or “our”, we mean Call-In Homecare .
Call-In Homecare is committed to protecting the privacy of individuals who use our services or even if you are just visiting our website.
In accordance with Data Protection legislation Call-In Homecare is registered with the ICO. Our registered address is Floor 6, Sugar Bond House, Bonnington Road, Edinburgh, Scotland, EH6 5NP.
This notice sets out the way Call-In Homecare processes, stores and protects user data and information that you may supply to us. It also outlines the obligations and requirements of the users, the website and website owners.
You may contact us at any point with regards to this privacy notice or the way your personal data is being processed by contacting our Data Protection Officer by one of the following means:
By post: Floor 6, Sugar Bond House, Bonnington Road, Edinburgh, Scotland, EH6 5NP
By phone: 0131 656 7310
By email: edinburgh@call-inhomecare.co.uk
About Us
Call-In Homecare provides individuals with personalised packages of care and support to enable them to remain in their own home for longer.
Working together with individuals and their families we create a support plan to suit the needs of the person in the short and longer term, promoting independence, choice, respect, privacy, security and continuity.
Our experienced, professional Care Assistants, Support Workers and specialist staff are specifically trained to deliver tailored, individual support packages.
We take great pride in our ability to design appropriate person-centred care plans. By understanding the needs of our individual customers we are able to offer a personalised, reliable and high quality service that provides peace of mind to them and their families.
Our commitment is to improve a person’s quality of life and give them the opportunity to maximise their independence through our outcomes based care approach. Our Services include:
- Home care services
- Supported living services
- Live-in Care
- Specialist services
- Respite care
- Palliative care
- End of life care
- Dementia care
- Complex care
- Learning disabilities
Updates to this website Privacy Policy
From time to time we may amend this privacy policy to fall in line with changes to legislation, including but not limited to the General Data Protection Regulation 2016, Privacy and Electronic Communication Regulation 2003 and the Data Protection Act 2018.
Any changes, updates or amendments to this policy will be shown on our website with the date of the latest update.
Personal Data
‘Personal data’ is defined in law as any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
We collect or amass personal data in accordance with our contractual obligations or with consent as set out in our respective privacy policies for service users, staff and job applicants and marketing.
Purposes for the processing of personal data
When you enter a contract with Call-In Homecare, you will always have clear visibility with regards to the type of personal data that is being collected.
You will have the opportunity to review the purposes of the data collection and you will have the choice to either approve or disapprove. Please note, that if you do not approve or agree to disclose the information required for the delivery of our services, we will be unable to provide these services as we are required to collect certain types of data to be able to provide you with those services.
The information that is collected by Call-In Homecare is used for the following purposes:
- The provisioning of home care services
- The provisioning of supported living services
- The provisioning of live-in care services
- The provisioning of specialist services
- The provisioning of respite care services
- The provisioning of palliative care services
- The provisioning of end of life care services
- The provisioning of dementia care services
Consent
Where Call-In Homecare needs to collect or pass on your information to a third party, we will obtain your consent where we require consent as grounds for processing. For example, if we need to process data any highly sensitive or “special categories” of data, we will obtain your consent and explain the purposes of processing prior to doing so.
Third-party sharing
Call-In Homecare will never sell or share any of your details to any organisations to use for their own marketing or advertising purposes. It may be necessary to provide your information onto a third party for the delivery of a service that you have requested, however we will always ensure that the appropriate safeguards are in place to protect your information prior to transferring.
Call-In Homecare may share your information with parties that we have vetted and authorised for the provisioning of a service. Such parties include staff members, technology providers and other services providers that we use to be able to deliver our services. These third party processors may disclose your information to others for the delivery of the service you have requested; please ensure you have familiarised yourself with their terms and conditions and / or their privacy notices.
If you would like a copy of our authorised third parties, please contact us at edinburgh@call-inhomecare.co.uk. Please note that we will only disclose this information to those that we process data regarding.
Where we believe there is a need to investigate, prevent or report illegal activities, issues pertaining to threats to the physical safety of any person we may pass your information onto other 3rd parties including but not limited to The Police and other emergency services, the Care Quality Commission, the Information Commissioner’s Office or the Health and Safety Executive.
Where your data is transmitted internationally, outside of the EEA, we shall ensure that enforceable binding contracts are in place in the absence of a suitable data protection legislation. We will not conduct business where there is neither an enforceable contract nor a suitable data protection legislation.
Cookies in use on this website
For any information regarding the cookies that are used on this website, please refer to the Cookies Policy Cookies Policy.
Security controls
Call-In Homecare has implemented a number of organisational and technical controls to ensure that the confidentiality, the integrity and the availability of the data that we process is always preserved. The main objective of those controls is to help protect your information from loss, destruction, misuse, unauthorised access or disclosure. The combination of organisational and technical controls ensures that your data is processed securely at all times.
Organisational controls
- User access controls and limitation of data access has been implemented to ensure that only the authorised staff members have access to data.
- We have implemented a data retention policy for the different datasets that we process. The retention periods for the data are either based on legal requirements set by the regulatory body or in accordance with legitimate purposes to carry our business operations
- A password policy is in place to ensure that all passwords are changed on a regular basis and that they correspond to the required standards when they are generated
- We regularly review our information security policies and procedures to ensure that it is up to date with the latest technology and most importantly with the latest legislation with regards to data protection and data privacy
- We ensure that our third party processors are carefully vetted and selected with regards to compliance with data protection and data privacy laws
- The access to special categories of data has been limited to staff members on a needs basis in order to reduce the exposure of such type of data
- Our staff members are well trained professionals
Technical controls
- Encryption has been implemented on computer equipment to ensure that data will not be available in the event of loss or theft.
- Encryption controls have been implemented for data that is in transit and for email communication.
- Antivirus and malware protection is installed on all computer equipment.
- Regular backups of our data to ensure that it is readily available in the event of a technical issue or a natural disaster.
Other Sites and external links
Our website may contain links to other sites that are not controlled by us; therefore we are not responsible for the content or use of these services. Please ensure that you understand this and also please review those website privacy policies and terms and conditions. Call-In Homecare cannot and will not be held liable for any damage that might have been caused to your computer equipment by those websites. Such damage includes but are not limited to: loss of data, exfiltration of data, unauthorised intrusion, virus and malware infection, hardware damage. The use of any external link or website is at your own risk.
Special Categories of Data
We do process medical data and child data at times. Such type of data is processed with the prior positive consent of our clients.
General Data Protection Regulation Rights
You have many rights under the GDPR, they are defined as below:
- The right to be informed
- The right of access
- The right to rectification
- The right to erasure
- The right to restrict processing
- The right to data portability
- The right to object
Rights in relation to automated decision making and profiling.
If you are an existing client of ours and wish to exercise any of these rights, please contact our data protection officer who will be able to assist you in exercising your rights with us as a processor.
If you are a former employee or had another relationship with Call-In Homecare and you would like to exercise your rights please contact us at edinburgh@call-inhomecare.co.uk.
When an access request is submitted to us, we must verify your identity before any data can be sent to you. If we are unsure about your identity or if our controls do not match the information that is gathered, we reserve the right to nullify the access request.
Additional information
If you have any questions with regards to this privacy notice, the way your data is handled or if you would like to exercise any of your rights under the General Data Protection Regulation, please contact edinburgh@call-inhomecare.co.uk.
If you would like to learn more about the current regulations and legislations about data protection, please refer to the following links:
The General Data Protection Regulation (GDPR)
https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/
The Privacy and Electronic Communications Regulation (PECR)
https://ico.org.uk/for-organisations/guide-to-pecr/what-are-pecr/
For any concerns with regards to your personal data, please contact the Information Commissioner’s Officer at the following link: https://ico.org.uk/
In this Notice, “We”, “Us” and “Our” means Call-In Homecare Ltd (the Company), the provider of your care, Clece Care Services Ltd, which is the parent company to the Company and also Clece S.A, their parent company. “You” means the client on whose behalf the Company are providing the service that you or your nominated third party, such as your local authority, have requested.
We are committed to maintaining the accuracy, confidentiality and security of your personal information. Data protection law provides you with a right to be informed about the processing of your personal information. This Notice describes the personal information that we collect from or about you, and how we use and to whom we disclose that information. Where it is appropriate to the delivery of the service and in accordance with our contract with you or as required by law, we may also prescribe additional purposes and longer retention periods to those set out below.
What Personal Information Do We Collect?
For the purposes of our Privacy Policy, personal information is any information about an identifiable individual. Personal information does not include anonymous or non-personal information.
We collect and maintain different types of personal information in respect of those individuals who seek to be, are, or were our clients, including the personal information contained in:
- what you tell us about yourself;
- ID Information such as your name, home address, email address, telephone numbers and date of birth;
- Next of kin contact information;
- Medical records and health information (mental and physical) including medicine dosages and Covid-19 or any other pandemic infection and control data;
- Personal preferences;
- Ethnicity and religious affiliation;
- NHS number;
- Telephone call recordings;
- Risk assessments;
- Door access codes;
- Dietary requirements;
- Our records of invoicing and payment;
- Past history medical conditions
The personal information which we collect and maintain includes the above and any other information necessary to permit us to manage your care effectively. In addition we may collect and maintain sensitive personal information about you if that has any relevance to your care.
As a general rule, we collect personal information directly from you or from the local authority or others also involved in your care. In most circumstances where the personal information that we collect about you is held by a third party, we will obtain your permission before we seek out this information from such sources (such permission may be given directly by you, or implied from your actions or agreed under contract).
Where permitted or required by applicable law or regulatory requirements, we may collect information about you without your knowledge or consent.
Why Do We Collect Personal Information?
The personal information collected is used and disclosed for our business purposes, including establishing and managing your relationship with us. Such uses include:
- assessing whether we are able to assist you;
- the management and provision of your care;
- maintaining records of services provided to you;
- invoicing, fee collection and debt recovery;
- keeping records up to date;
- complying with the legal and regulatory obligations including as regards Covid-19 or any other pandemic or matter of public health;
- implementing best practice and guidance from the Care Quality Commission or other regulatory or governmental bodies;
- Such other purposes as are reasonably required by us.
Who is responsible?
The person responsible for the personal information about you which we collect (the “data controller”) is the Company. Clece Care Services Ltd and Clece S.A. processes and/or manages certain information on behalf of the Company.
Monitoring
Some of our premises are equipped with CCTV. Where in use, CCTV cameras are there for the protection of visitors and employees and members of staff, and to protect against theft, vandalism and damage to goods and property on the premises. Generally, recorded images are routinely destroyed and are not shared with third parties unless there is suspicion of a crime, in which case they may be turned over to the police or other appropriate government agency or authority.
This section is not meant to suggest that clients will in fact be monitored or their actions subject to constant surveillance. It is meant to bring to your attention the fact that such monitoring may occur.
Can we use your information for marketing our products and services?
We may send you email newsletters if you opt-in to receive such correspondence. We may also send you details of new services but only if it is within our legitimate interest to do so.
We will always let you know that you can opt out from receiving marketing material and you can let us know at any time if you no longer wish to receive direct marketing offers from us. You can do so by emailing us here, or writing to our Data Protection officer whose contact are below.
How Do We Use Your Personal Information?
We may use your personal information for the purposes described in this Policy, or for any additional purposes that we advise you of and, where your consent is required by law, where we have obtained your consent in respect of the use or disclosure of your personal information.
We may use your personal information without your knowledge or consent where we are permitted or required by law or regulatory requirements to do so.
When Do We Disclose Your Personal Information?
We may share your personal information with our employees and other parties who require such information to assist us with managing the service we provide to you.
This includes but is not limited to sharing your data with the following who may in turn process your data:
- our clients;
- the NHS;
- your doctor;
- pharmacies;
- social services;
- the local authority;
- hospitals;
- emergency services;
- the District Nurse;
- all clinical multi-disciplinary teams;
- specific external suppliers such as systems providers (e.g. of our rostering, H&S reporting and financial systems), IT consultants, debt recovery agents, legal advisers and auditors.
Also, your personal information may be disclosed:
- to comply with valid legal processes;
- in accordance with our legitimate business interests;
- as part of our reporting activities;
- to protect the rights and property of the company;
- during emergency situations or where necessary to protect the safety of a person or group of persons;
- where the personal information is publicly available; or
- with your consent where such consent is required by law.
In any such a case, we will not disclose more personal information than is required in the circumstances and, except under compulsion of law, we will not disclose without your consent any legal advice which is the subject of a duty of confidence owed to you.
For further details of our data processors, please do not hesitate to contact your Data Protection Officer.
Notification and Consent
Privacy laws do not generally require us to obtain your consent for the collection, use or disclosure of personal information for the purpose of establishing and managing our relationship with you. In addition, we may collect, use or disclose your personal information without your knowledge or consent where we are permitted or required by applicable law or regulatory requirements to do so.
Where your consent is required this will be requested and recorded in a clear unambiguous way. Where your consent is required for our collection, use or disclosure of your personal information, you may, at any time, subject to legal or contractual restrictions and to reasonable notice, withdraw your consent. All communications with respect to such withdrawal or variation of consent should be in writing and addressed to the Company.
How is Your Personal Information Protected?
We endeavour to maintain physical, technical and procedural safeguards that are appropriate to the sensitivity of the personal information in question. This includes the use of firewalls and encryption as well as other information security requirements, systems and procedures. These safeguards are designed to protect your personal information from loss and unauthorized access, copying, use, modification or disclosure.
Your personal information will not normally be processed outside the European Economic Area. Our IT servers are securely hosted in Spain by our parent company Clece S.A. which also adhere to the GDPR and vigorous security protocols. We also use data sharing agreements, data processing agreements and the standard contractual clauses to protect your data where it is being shared, processed and/or transferred to a third country.
How Long is Your Personal Information Retained?
Except as otherwise permitted or required by applicable law or regulatory requirements, we will retain your personal information only for as long as we believe is necessary to fulfil the purposes for which the personal information was collected (including, for the purpose of meeting any legal, accounting or other reporting requirements or obligations). As a minimum that will be until one year after the expiry of the legal limitation period for bringing a legal claim against the company in respect of the services provided. However, we may notify you that we will retain your personal information for a longer period for the purposes of maintaining our records of the services provided.
In most cases personal information which is maintained by the Company will be deleted 7 years after the discharge of all fees incurred in your care or at the end of any service we have provided to you, whichever is the later.
All health records are retained in accordance with national guidelines which vary depending of the specific records held.
Updating Your Personal Information
It is important that the information contained in our records is both accurate and current. If your personal information happens to change during the course of your relationship with us, please keep us informed of such changes.
You have a right to have your personal information corrected if it is inaccurate and to have incomplete personal information completed. In some circumstances we may decide to update our record of your personal information by appending additional text without deleting the original record.
Right of Access to Your Personal Information
You can ask to see the personal information that we hold about you. If you want to review, verify or correct your personal information, please contact the Company. Please note that any such communication may be required in writing.
When requesting access to your personal information, please note that we may request specific information from you to enable us to confirm your identity and right to access, as well as to search for and provide you with the personal information that we hold about you. We may charge you a fee to access your personal information, however, we will advise you of any fee in advance. If you require assistance in preparing your request, please contact us.
Your right to access the personal information that we hold about you is not absolute. There are instances where applicable law or regulatory requirements allow or require us to refuse to provide some or all of the personal information that we hold about you. In addition, the personal information may have been destroyed, erased or made anonymous in accordance with our record retention obligations and practices.
If we cannot provide you with access to your personal information, we will try to inform you of the reasons why, subject to any legal or regulatory restrictions.
Your other legal rights
Data protection legislation also provides you with certain other rights. These are not always absolute rights and must be considered in the wider scope of the legislation. These rights are:
- right to erasure, also known as the right to be forgotten. The broad principle underpinning this right is to enable an individual to request the deletion or removal of personal data where there is no compelling reason for its continued processing. In some circumstances this is not an absolute right;
- right to restrict processing. You have the right to ‘block’ or suppress processing of personal data. Again this is not an absolute right and will depend on the circumstances and any other legal/statutory obligations we may have;
- right to data portability;
- right to object to processing based on legitimate interests or the performance of a task in the public interest/exercise of official authority (including profiling);
- rights related to automated decision-making including profiling.
How to contact us & complaints
If you have any questions, concerns or complaint in respect of data protection and this privacy notice, please do not hesitate to contact us. Please contact your local Office/ Registered Manager. Alternatively you may contact our Data Protection Officer, Mark Swatton at: Markswatton@call-inhomecare.co.uk
We will endeavour to address your issue as swiftly as possible.
The Company is committed to maintaining the accuracy, confidentiality and security of your personal information. This Privacy Notice describes the personal information that we collect from or about you, how we use it and to whom we disclose that information.
What Personal Information Do We Collect?
For the purposes of this Privacy Notice, personal information is any information about an identifiable individual. Personal information does not include anonymous or non-personal information.
We collect and maintain different types of personal information in respect of those individuals who seek to be, are, or were employed by us, including the personal information contained in:
- CVs and applications;
- references and interview notes;
- DBS and vetting information;
- Education and training information;
- Right to work information;
- Photographs, testimonials, video and audio recordings including cctv imagery;
- letters of offer and acceptance of employment and other employment records;
- policy acknowledgement sign-off sheets;
- payroll information; including but not limited to national insurance number, banking and deposit information and national insurance number;
- wage and benefit information including annual leave information;
- forms relating to the application for welfare benefits;
- Health questionnaires and risk assessments including details of any medical condition or medication you are taking;
- beneficiary and emergency contact information;
- Disciplinary and grievance records;
- Your driving licence and insurance documentation; and
- Equal opportunities monitoring forms
In addition to the examples listed above, the personal information we collect includes information such as your name, home address, telephone, personal email address, date of birth, employee identification number, ethnicity, marital status, nationality, next of kin/emergency contact information, salary, biometric data provided and any other information necessary for business purposes, which is voluntarily disclosed in the course of an employee’s application for and employment with us.
The above lists are non-exhaustive and applies across the Group. A complete list of information held on you is available from your Data Protection Officer (via your line manager).
As a general rule, we collect personal information directly from you. We may however also use recruitment consultants and recruitment websites to source potential applicants. In most circumstances where the personal information that we collect about you is held by a third party, we will only process it in accordance with our legitimate interests, where necessary for the performance of our contracts or where obligated by law.
From time to time, we may use the services of third parties, such as recruitment agents and may also receive personal information collected by those third parties in the course of the performance of their services for us. In that case, we will take reasonable steps to ensure that such third parties have represented to us that they have the right to disclose your personal information to us.
Where permitted or required by applicable law or regulatory requirements, we may collect information about you without your knowledge or consent.
Why Do We Collect Personal Information?
The personal information collected is used and disclosed for our business purposes, including establishing, managing or terminating the employment relationship and complying with our obligations to you. It is necessary for the performance of our contract with you and/or performing our obligations under a contract as well as to meet our legal obligations and legitimate interests. In respect of special category data, which includes health data, it is necessary for your employment, social security and social protection, reasons of substantial public interest and/or for reasons of public interest in the area of public health, such as protecting against serious threats to health. Such uses include:
- determining eligibility and suitability for initial employment, including profiling from any previous job application to us, right to work checks and the verification of references and qualifications;
- administering pay and benefits including holiday pay;
- processing employee work-related claims (e.g. insurance claims, etc.)
- establishing training and/or development requirements;
- conducting performance reviews and determining performance requirements;
- assessing qualifications and suitability for a particular job, task, bonus or promotion;
- gathering evidence further to the disciplinary, grievance or whistleblowing procedure;
- establishing a contact point in the event of an emergency (such as next of kin);
- considering, assessing and preventing inequality or health & safety incidents or risks;
- for pandemic monitoring and infection control purposes;
- to obtain extra or emergency funding including for wages or personal protective equipment during local, regional or national emergencies and/or pandemics
- complying with all regulatory and legislative requirements;
- compiling contact lists for internal purposes only;
- analysing workforce trends e.g. impact of Brexit, Covid-19 or other pandemics or regulatory or legislative changes;
- ensuring your security and the security of company held information and data; and
- such other purposes as are reasonably required by us for the performance of your contract; to protect vital interests; for the performance of a task in the public interest; to comply with our legal obligations; in accordance with our legitimate business interests or for the purpose of assessing your working capacity.
Monitoring
The work output of staff, whether in paper record, computer files, or in any other storage format belongs to us, and that work output, and the tools used to generate that work output, are always subject to review and monitoring by us.
In the course of conducting our business, we may monitor employee activities, attendance and our premises and property. For example, some of our locations are equipped with fingerprint log-in technology, tracking systems as you touch in and out of service users’ homes and/or CCTV. Where in use, CCTV cameras are there for the protection of employees and third parties, to protect against theft, vandalism and damage to our goods and property and for quality control purposes. Generally, recorded images are routinely destroyed and not shared with third parties unless there is suspicion of a crime, in which case they may be turned over to the police or other appropriate government agency or authority. Staff are referred to our CCTV Policy for further information. Pursuant to our Monitoring of Business Communications Policy and Procedure and our Computer, Email and Internet Usage Policy, we have the capability to monitor all employees’ computer and e-mail use.
This section is not meant to suggest that all employees will in fact be monitored or their actions subject to constant surveillance. It is meant to bring to your attention the fact that such monitoring may occur and may result in the collection of personal information from employees (e.g. through their use of our resources). When using company equipment or resources employees should not have any expectation of privacy with respect to their use of such equipment or resources.
How Do We Use Your Personal Information?
We may use your personal information for the purposes described in this Policy, or for any additional purposes that we advise you of and where your consent is required by law we have obtained your consent in respect of the use or disclosure of your personal information.
We may use your personal information without your knowledge or consent where we are permitted or required by applicable law or regulatory requirements to do so.
When Do We Disclose Your Personal Information?
We may share your personal information with our employees, clients, contractors, advisers or consultants and other parties who require such information to assist us with establishing, managing, funding or terminating our employment relationship with you, including: professional advisers, parties that provide products or services to us or on our behalf and parties that collaborate with us in the provision of products or services to you.
Also, your personal information may be disclosed:
- as necessary for the performance of our contract with you
- as permitted or required by applicable law or regulatory requirements. In such a case, we will try to not disclose more personal information than is required under the circumstances;
- to comply with valid legal processes such as warrants or court orders;
- as part of our regular reporting activities to our clients or other members of the Group, i.e. if necessary for the performance of your contract, to comply with a legal obligation or as part of our legitimate business interests;
- to protect the rights and property of the company or others;
- during emergency situations or where necessary to protect the vital interests or safety of a person or group of persons;
- to assess your working capacity;
- if in the substantial public interest;
- where the personal information is publicly available; or
- with your consent.
Notification and Consent
Privacy laws do not generally require us to obtain your consent for the collection, use or disclosure of personal information for the purpose of establishing, managing or terminating the employment relationship. In addition, we may collect, use or disclose your personal information without your knowledge or consent where we are permitted or required by applicable law or regulatory requirements to do so.
Where your consent was obtained or required for our collection, use or disclosure of your personal information, you may, at any time, subject to legal or contractual restrictions and reasonable notice, withdraw your consent. All communications with respect to such withdrawal or variation of consent should be in writing and addressed to your Operations Manager for passing to the Data Protection Officer.
How is Your Personal Information Protected?
We endeavour to maintain physical, technical and procedural safeguards that are appropriate to the sensitivity of the personal information in question. This includes the use of firewalls and encryption as well as other information security requirements, systems and procedures. These safeguards are designed to protect your personal information from loss and unauthorised access, copying, use, modification or disclosure.
We also use data sharing agreements, data processing agreements and the standard contractual clauses to protect your data where it is being shared, processed and/or transferred to a third country.
How Long is Your Personal Information Retained?
For unsuccessful job applicants or those who do not accept a position with us, we will generally destroy your data after 6 months unless you have requested that we retain it for longer.
For recruited staff, except as otherwise permitted or required by applicable law or regulatory requirements, we will only retain your personal information for as long as we believe it is necessary to fulfil the purposes for which the personal information was collected (including, for the purpose of meeting any contractual, legal, accounting or other reporting and regulatory requirements or obligations). We may, instead of destroying or erasing your personal information, make it anonymous such that it cannot be associated with or tracked back to you. In most cases your data will be deleted 6 years after you have left the company or as otherwise set out in accordance with our data retention schedule and/or as required by law.
Updating Your Personal Information
It is important that the information contained in our records is both accurate and current. If your personal information happens to change during the course of your employment, please keep us informed of such changes.
In some circumstances we may not agree with your request to change your personal information and will instead append an alternative text to the record in question.
Access to Your Personal Information
You can ask to see the personal information that we hold about you. If you want to review, verify or correct your personal information, please contact your Operations Manager or your Data Protection Officer. Please note that we ask that any such communication be in writing.
When requesting access to your personal information, please note that we may request specific information from you to enable us to confirm your identity and right to access, and to assist us in searching for and provide you with the personal information that we hold about you. In specific circumstances, we may charge you a fee to access your personal information however we will advise you if this is the case and of any fee in advance.
Your right to access the personal information that we hold about you is not absolute. There are instances where applicable law or regulatory requirements allow or require us to refuse to provide some or all of the personal information that we hold about you. In addition, the personal information may have been destroyed, erased or made anonymous in accordance with our record retention obligations and practices.
If we cannot provide you with access to your personal information, we will inform you of the reasons why, subject to any legal or regulatory restrictions.
Your other legal rights
Data protection legislation also provides you with certain other rights. These are not always absolute rights and must be considered in the wider scope of the legislation. These rights are:
- right to erasure, also known as the right to be forgotten. The broad principle underpinning this right is to enable an individual to request the deletion or removal of personal data where there is no compelling reason for its continued processing. In some circumstances this is not an absolute right;
- right to restrict processing. You have the right to ‘block’ or suppress processing of personal data. Again this is not an absolute right and will depend on the circumstances and any other legal/statutory obligations we may have;
- right to data portability – this is the right to have information provided in a structured, commonly used machine-readable format;
- right to object to processing based on legitimate interests or the performance of a task in the public interest/exercise of official authority (including profiling);
- rights related to automated decision making including profiling.
In this Notice, “We”, “Us” and “Our” means the Call-In Homecare (the Company), Clece Care Services Ltd, which is the parent company to the Company and also Clece S.A, their parent company.
We are committed to maintaining the accuracy, confidentiality and security of your personal information. Data protection law provides you with a right to be informed about the processing of your personal information. This Notice describes the personal information that we collect from or about you, and how we use it and to whom we disclose that information.
What Personal Information Do We Collect?
For the purposes of our Privacy Policy, personal information is any information about an identifiable individual. Personal information does not include anonymous or non-personal information.
We collect and maintain usually fairly limited information about you for marketing purposes contained in
- What you tell us about yourself;
- Aggregated data of your usage on our websites;
- From your photographs, testimonials, video and audio recordings;
- Interviews with us;
- ID Information such as your name and contact details such as your address, email address, telephone numbers and date of birth (if provided);
- Next of kin contact information;
- Personal preferences;
- Ethnicity and religious affiliation;
- Telephone call recordings;
- Risk assessments; and
- Allergies/dietary requirements (if applicable).
The personal information which we collect and maintain includes the above and any other information necessary for us to safely undertake the marketing campaign. In addition we may collect and maintain sensitive personal information about you such as your health, if that has any relevance, e.g. to your safety.
In most circumstances where the personal information that we collect about you is held by a third party, we will obtain your permission before we seek out this information from such sources (such permission may be given directly by you or implied from your actions). Where permitted or required by applicable law or regulatory requirements, we may collect information about you without your knowledge or consent.
Why Do We Collect Personal Information?
The personal information collected is primarily used for internal and external, online and offline marketing purposes including but not limited to print, websites, email marketing, press and social media activities. It is also used to assist us in managing your relationship with us. Such uses include:
- Maintaining your privacy and upholding your data protection rights;
- Assessing your safety;
- Keeping records up to date;
- Complying with the legal and regulatory obligations;
- Such other purposes as are reasonably required by us.
Who is responsible?
The person responsible for the personal information about you which we collect (the “data controller”) is the Company. Clece Care Services Ltd and Clece S.A. processes and/or manages certain information on behalf of the Company.
Monitoring
Some of our premises are equipped with CCTV. Where in use, CCTV cameras are there for the protection of visitors and members of staff, and to protect against theft, vandalism and damage to goods and property on the premises. Generally, recorded images are routinely destroyed and are not shared with third parties unless there is suspicion of a crime, in which case they may be provided to the police or other appropriate government agency or authority.
Calls to and from our offices are also recorded for our service user’s and staff safety and protection and training purposes.
This section is not meant to suggest that you will be monitored or your actions subject to constant surveillance. It is meant to bring to your attention the fact that such monitoring may occur if you come to our premises.
Can we use your information for marketing our products and services?
We may send you email newsletters if you opt-in to receive such correspondence. We may also send you details of new services or initiatives but only if it is within our legitimate interest to do so.
Further to this, we may use targeted advertising through social media channels to present you to new services or for job opportunities with us. For more information on how we use your information for targeted advertising, please visit our Cookies Policy.
We will always let you know that you can opt out from receiving marketing material and you can let us know at any time if you no longer wish to receive marketing from us. You can do so by emailing us here, or writing to us at, edinburgh@call-inhomecare.co.uk.
How Do We Use Your Personal Information?
We may use your personal information for the purposes described in this Policy, or for any additional purposes about which we advise you; where your consent is required by law; or where we have obtained your consent in respect of the use or disclosure of your personal information.
We may use your personal information without your knowledge or consent where we are permitted or required by law or regulatory requirements to do so.
When Do We Disclose Your Personal Information?
We may share your personal information with our employees and other parties who require such information to assist us with managing our marketing campaigns.
This includes but is not limited to sharing your data with the following who may in turn process your data:
- Our clients or prospective clients including local authorities;
- Service users or prospective service users;
- Our staff or prospective staff;
- The NHS and hospitals;
- Specific external suppliers such as systems providers and marketing affiliates, IT consultants, legal advisers and auditors.
Also, your personal information may be disclosed:
- as part of our marketing and reporting activities;
- as permitted or required by applicable law or regulatory requirements;
- to comply with valid legal processes;
- to protect the rights and property of the company;
- during emergency situations or where necessary to protect the safety of a person or group of persons;
- where the personal information is publicly available; or
- with your consent where such consent is required by law.
In any such a case, we will not disclose more personal information than is required in the circumstances.
Notification and Consent
Privacy laws do not generally require us to obtain your consent for the collection, use or disclosure of personal information for the purpose of establishing and managing our relationship with you although we tend to obtain this for marketing purposes.
Where your consent is required or requested this will be requested and recorded in a clear unambiguous way. We will also seek to consider the views of any minor notwithstanding that the consent from the holder of parental responsibility shall be sought for those below the age of 13
Where your consent is required for our collection, use or disclosure of your personal information, you may, at any time, subject to legal or contractual restrictions and to reasonable notice, withdraw your consent. All communications with respect to such withdrawal or variation of consent should be in writing and addressed to the Company using the details provided below.
How is Your Personal Information Protected?
We endeavour to maintain physical, technical and procedural safeguards that are appropriate to the sensitivity of the personal information in question. These safeguards are designed to protect your personal information from loss and unauthorized access, copying, use, modification or disclosure.
Your personal information will not normally be processed outside the European Economic Area. Where it is necessary or desirable to do so, we will seek your prior consent and we will take steps to ensure that suitable safeguards apply.
How Long is Your Personal Information Retained?
Except as otherwise permitted or required by applicable law or regulatory requirements, we will retain your personal information only for as long as we believe is necessary to fulfil the purposes for which the personal information was collected (including, for the purpose of meeting any legal, accounting or other reporting requirements or obligations). This will be notified to you and may vary between our different marketing campaigns.
Updating Your Personal Information
It is important that the information contained in our records is both accurate and current. If your personal information happens to change during the course of your relationship with us, please keep us informed of such changes.
You have a right to have your personal information corrected if it is inaccurate and to have incomplete personal information completed. In some circumstances we may decide to update our record of your personal information by appending additional text without deleting the original record.
Right of Access to Your Personal Information
You can ask to see the personal information that we hold about you. If you want to review, verify or correct your personal information, please contact the Company. Please note that any such communication may be required in writing.
When requesting access to your personal information, please note that we may request specific information from you to enable us to confirm your identity and right to access, as well as to search for and provide you with the personal information that we hold about you. We may in specific circumstances charge you a fee to access your personal information; however, we will always advise you if there is any fee in advance. If you require assistance in preparing your request, please contact us
Your right to access the personal information that we hold about you is not absolute. There are instances where applicable law or regulatory requirements allow or require us to refuse to provide some or all of the personal information that we hold about you. In addition, the personal information may have been destroyed, erased or made anonymous in accordance with our record retention obligations and practices.
If we cannot provide you with access to your personal information, we will try to inform you of the reasons why, subject to any legal or regulatory restrictions.
Your other legal rights
Data protection legislation also provides you with certain other rights. These are not always absolute rights and must be considered in the wider scope of the legislation. These rights are:
- right to erasure, also known as the right to be forgotten. The broad principle underpinning this right is to enable an individual to request the deletion or removal of personal data where there is no compelling reason for its continued processing. In some circumstances this is not an absolute right;
- right to restrict processing. You have the right to ‘block’ or suppress processing of personal data. Again this is not an absolute right and will depend on the circumstances and any other legal/statutory obligations we may have;
- right to data portability;
- right to object to processing based on legitimate interests or the performance of a task in the public interest/exercise of official authority (including profiling);
- rights related to automated decision making including profiling.
How to contact us & complaints
If you have any questions, concerns or complaint in respect of our handling of data protection and this privacy notice, please do not hesitate to contact us. Please contact your local Office / Registered Manager at Floor 6, Sugar Bond House, Bonnington Road, Edinburgh, Scotland, EH6 5NP or alternatively you may contact our Data Protection Officer, via email at edinburgh@call-inhomecare.co.uk.
We will endeavour to address your issue as swiftly as possible.