Privacy Policy
1. Who we are
We are HOMACARE LTD ("HomaCare", "We", "Us", "Our"), a company registered in England and Wales with company registration number 15322210. Our registered office address is 167-169 Great Portland Street, London, England, W1W 5PF.
HomaCare operates as a single entity providing domiciliary care services, meaning support and care delivered within an individual's own home. Throughout this policy, we may use the term "home care" to refer to these domiciliary care services.
This privacy policy sets out how HomaCare collects, uses, and protects any personal data you provide to us, or that we collect from you, in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 ("Data Protection Legislation").
2. Our Promise to You
At HomaCare, we are committed to protecting and respecting your privacy. We understand the importance of keeping your personal data safe, secure, and confidential. We promise to handle your data in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and other applicable data protection laws.
The personal information we hold about you will be:
Used lawfully, fairly, and in a transparent way. We will always have a lawful basis for collecting and using your personal data, and we will be clear about how we intend to use it.
Collected only for valid purposes that we have clearly explained to you. We will only collect personal data that is necessary for the purposes we have identified, and it will not be used in any way that is incompatible with those purposes.
Relevant and limited to what is necessary. We will only collect personal data that is relevant to the purposes we have told you about and will not collect more data than we need.
Accurate and kept up to date. We will take reasonable steps to ensure that the personal data we hold is accurate and, where necessary, kept up to date. We encourage you to inform us if your details change.
Kept only for as long as necessary. We will not keep your personal data for longer than is necessary for the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. We will have a clear retention policy for different types of data.
Kept securely. We will implement appropriate technical and organisational measures to protect your personal data from unauthorised access, accidental loss, destruction, or damage.
3. How to Contact Us
If you have any questions about this privacy policy, how we handle your personal data, or if you wish to exercise any of your data protection rights, please do not hesitate to contact us.
Our designated person responsible for data protection matters is our Registered Manager:
Name: Helen Maxwell Role: Registered Manager Email: helen@homacare.co.uk
You can also contact us by post at our registered office address:
HOMACARE LTD 167-169 Great Portland Street London, England W1W 5PF
We recommend contacting us by email for the quickest response to data protection queries.
4. What information we collect about you and why
The type of personal information HomaCare collects about you will depend on your relationship to us. The sections below explain in detail what information is collected for each group of individuals.
Your personal information will only be used for the purposes for which it was collected, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal information for an unrelated purpose, we will notify you and explain the legal basis which allows us to do so.
Please note that we may process your personal information without your knowledge or consent where this is required or permitted by law.
It is important that you read this privacy policy carefully, together with any other privacy notice or fair processing notice we may provide on specific occasions when we are collecting or processing personal data about you. This is so that you are fully aware of how and why we are using your data. This privacy policy supplements other notices and is not intended to override them.
4.1. Clients, Prospective Clients, and their Representatives
a) Enquiries about our Domiciliary Care Services
If you contact us to enquire about the domiciliary care services we offer, HomaCare will record information about you and/or the individual who may require our services. You can make a care enquiry through various channels:
By using the care enquiry booking widget (Calendly) on our website.
By completing the general "Contact Us" form on our website and indicating your enquiry is about care services.
By telephoning us directly using the number provided on our website.
By emailing us directly using the address provided on our website.
When you make a care enquiry, we typically collect the following information:
Personal identification and contact details: Such as your name and surname, contact details (including email address, telephone number, postal address including postcode). If using Calendly, this may include your preferred meeting times.
Relationship to the potential service recipient: The nature of the relationship between the individual making the enquiry and the potential recipient of our services (e.g., self, spouse, son/daughter, advocate).
Care requirements and relevant health information: Details of the care requirements of the potential recipient of our services. This may include special category data such as information about their current medical and/or health conditions, disabilities, medication, and mobility needs, to help us understand the type of care required.
How this information is collected: This information is typically collected directly from you when you use one of the enquiry methods listed above. If using Calendly, Calendly acts as a data processor for the initial collection of your booking information and that data is then passed to us.
Purposes for collecting this information: HomaCare collects the above data for the purposes of:
Responding to your care enquiry and scheduling discussions/assessments.
Understanding the initial care needs.
Determining if we can provide a suitable domiciliary care service.
Arranging an initial assessment if appropriate.
Providing you with further information about the services we can offer.
Legal Basis for processing:
For processing general personal data (like contact details, relationship): We process this data based on our legitimate interests (Article 6(1)(f) UK GDPR) in responding to your enquiry and growing our business, or to take steps at your request prior to entering into a contract (Article 6(1)(b) UK GDPR).
For processing special category data (health-related information) at the enquiry stage: We process this with your explicit consent (Article 9(2)(a) UK GDPR) when you provide it to us to assess your/the potential client's needs, or where processing is necessary for the provision of health or social care (Article 9(2)(h) UK GDPR) when taking steps to assess if we can provide care services.
b) If you become a Client of HomaCare (and for ongoing service provision to Clients and their Representatives)
If you are a client, a prospective client undergoing assessment, or a former client of HomaCare, or a family member or representative acting on behalf of a client, HomaCare may collect, store, and use the following categories of personal information about you (and the client, if you are a representative):
Personal identification and contact details: Such as full name, title, addresses (current and, where relevant, previous), telephone numbers, personal email addresses, date of birth, gender, marital status, next of kin, and emergency contact details.
Financial information: Such as details related to the payment for our services, including information about funding sources (e.g., private, Local Authority, NHS Continuing Healthcare).
Information relating to your care and support needs (Special Category Data): This includes comprehensive information about the client’s health, medical conditions, disabilities, medication administration records (MAR charts), allergies, dietary requirements, mobility needs, mental health status, care plans, risk assessments (including those related to the home environment for safe care delivery), daily care records, preferences for care, and any other information necessary to provide safe, effective, and personalised domiciliary care. This is considered special category data under UK GDPR and is handled with the utmost care and confidentiality.
Information about family or representatives: Contact details and relationship to the client for any nominated individuals involved in the client's care or who hold legal authority (e.g., Power of Attorney for Health and Welfare or Property and Financial Affairs).
Records of communication: Including notes of discussions, emails, and letters related to the client's care and our services.
How this information is collected: This information is collected through various means, including:
Initial assessment meetings and care planning discussions.
Directly from the client or their authorised representatives.
From other health and social care professionals involved in the client's care (e.g., GPs, hospitals, social workers), where appropriate and with necessary permissions or legal basis.
Through the ongoing delivery of care services and regular reviews.
Purposes for collecting and processing this information: HomaCare collects and processes this personal data (including special category data) for the following essential purposes:
To provide safe, effective, and personalised domiciliary care services tailored to the client’s individual needs and preferences.
To create and maintain comprehensive care plans and risk assessments.
To communicate with clients and their representatives regarding the care services.
To liaise with other health and social care professionals, and emergency services where necessary for the client's care and wellbeing (e.g., in an emergency, or as part of a multidisciplinary team).
To manage our services effectively, including staff rotas and quality assurance.
For invoicing and managing payments for services.
To comply with our legal and regulatory obligations as a domiciliary care provider in England (including those set by the Care Quality Commission - CQC).
Please note that without collecting and processing certain personal data, including any data required from you, your family, or next of kin as relevant, HomaCare will be unable to provide its domiciliary care services.
Sharing your information: We may share some of the client’s information (including relevant special category data) with:
Our trained care staff who are directly involved in providing care.
Other health and/or social care professionals (e.g., GPs, district nurses, hospital staff, social workers) and emergency services where appropriate and necessary for the client's direct care, wellbeing, or in their vital interests.
Regulatory bodies such as the CQC, where legally required.
The client’s nominated family members or representatives, in line with agreed communication preferences and consents, or where they hold legal authority.
We will only share the minimum information necessary for the specific purpose.
NHS Systems (e.g., GP Connect, National Data Opt-Out): HomaCare is committed to working in partnership with NHS services to support high-quality care.
GP Connect: HomaCare does not currently utilise services like GP Connect (which allows authorised health and social care staff to access a patient's GP record to support their direct care). Should we consider using such services in the future, we will do so only for the purpose of direct care, in accordance with NHS guidelines and data protection legislation, and we will provide you with specific information at that time.
National Data Opt-Out (England only): The National Data Opt-Out allows individuals to opt out of their confidential patient information being used for research and planning purposes. HomaCare will respect your choices regarding the National Data Opt-Out. Most uses of your data by HomaCare will be for your direct care, to which the National Data Opt-Out does not typically apply. If any proposed use of your data falls within the scope of the National Data Opt-Out, we will take steps to apply your opt-out preference. For more information, you can visit the NHS Digital website.
Legal Basis for processing:
For processing general personal data (e.g., contact details, financial information not related to health funding):
Processing is necessary for the performance of a contract to which the client is party or in order to take steps at the request of the client prior to entering into a contract (Article 6(1)(b) UK GDPR) – this covers the provision of our care services.
Processing is necessary for compliance with a legal obligation to which HomaCare is subject (Article 6(1)(c) UK GDPR) – e.g., regulatory requirements from the CQC.
Processing is necessary for our legitimate interests (Article 6(1)(f) UK GDPR) – e.g., for managing our services and quality assurance, provided these are not overridden by your interests or fundamental rights and freedoms.
For processing special category data (health and social care related information):
Processing is necessary for the purposes of preventive or occupational medicine, for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services on the basis of Union or Member State law or pursuant to contract with a health professional and subject to the conditions and safeguards referred to in paragraph 3 of Article 9 (Article 9(2)(h) UK GDPR). This is the primary basis for processing client health data for care provision.
Processing is necessary to protect the vital interests of the client or of another natural person where the client is physically or legally incapable of giving consent (Article 9(2)(c) UK GDPR) – e.g., in a medical emergency.
Processing may be based on explicit consent (Article 9(2)(a) UK GDPR) for specific purposes outside of direct care provision if explained and obtained separately.
4.2. Website Users
This section applies to individuals who visit and interact with our HomaCare website (www.homacare.co.uk).
a) Information collected via General Website Contact (Non-Care Enquiries)
If you use our general "Contact Us" form (Squarespace managed), or contact us directly by telephone or email for enquiries that are not specifically about requesting domiciliary care services (e.g., for general questions about HomaCare, supplier enquiries, or initial job interest before a formal application), we may collect the following information:
Your name and surname.
Your email address and/or telephone number.
The content of your enquiry or message.
How this information is collected: This information is collected directly from you when you complete the contact form or send us an email/call us for such general purposes.
Purposes for collecting this information: We collect this data for the purposes of:
Responding to your general enquiry or message.
Providing you with any information you have requested that is not related to a direct care service request.
Legal Basis for processing: We process this personal data based on our legitimate interests (Article 6(1)(f) UK GDPR) in responding to communications sent to us and managing general enquiries about our business.
b) Cookies and Website Analytics
Our website, www.homacare.co.uk, which is hosted and built on the Squarespace platform, uses cookies. Cookies are small text files that are placed on your computer or mobile device by websites that you visit. They are widely used to make websites work, or work more efficiently, as well as to provide information to the owners of the site.
How Squarespace handles cookies: Squarespace uses cookies that are essential for our website to function correctly and securely. Squarespace may also provide built-in tools or integrations that use cookies for analytics (to understand how visitors use our site) or for other functionalities. As our website provider, Squarespace has its own information about the specific cookies its platform uses. We recommend you refer to Squarespace's Cookie Policy for details on their specific cookies, as they manage the default cookies on the platform.
Types of cookies that may be used on our website (primarily managed by Squarespace):
Essential Cookies (Strictly Necessary Cookies): These are necessary for the website to function and cannot be switched off in our systems or by Squarespace without affecting core functionality. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in, or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the site will not then work. These cookies do not typically store any personally identifiable information directly usable by HomaCare.
Analytics and Performance Cookies: If enabled by Squarespace's default settings or by your configuration choices within Squarespace (and with your consent via the cookie banner), these cookies allow Squarespace to provide us with data to count visits and traffic sources so we can understand how our site is being used and improve its performance. They help us to know which pages are the most and least popular and see how visitors move around the site. The information Squarespace provides to us from these cookies is typically aggregated and therefore aimed at being anonymous from our perspective. If you do not allow these cookies (via the cookie banner), then data about your specific visit will not be included in these aggregated statistics.
Functionality Cookies: If enabled (with your consent, often managed via Squarespace settings), these cookies allow the website to provide enhanced functionality and personalisation. They may be set by Squarespace or by third-party providers whose services we might add to our pages via Squarespace.
Marketing Cookies: HomaCare currently does not actively implement or use additional marketing cookies beyond any that might be part of the standard Squarespace service for functional or analytical purposes as described above. If we decide to use specific marketing cookies in the future to track users for advertising purposes, we will update this policy and ensure we obtain your explicit consent before they are used.
Your consent for cookies: When you first visit our website, you will be presented with a cookie banner provided by Squarespace. This banner should inform you about the cookies in use and ask for your consent to place non-essential cookies on your device. You can manage your cookie preferences at any time through the cookie settings tool provided on our website (usually part of the Squarespace cookie banner functionality) or by adjusting your browser settings.
Purposes for using cookies:
To ensure our website functions correctly and securely (managed by Squarespace).
To understand how visitors use our website and to improve user experience (where analytics cookies are consented to, with data typically provided by Squarespace).
To remember your preferences (where functionality cookies are consented to).
Legal Basis for processing data collected via cookies:
For Essential Cookies: We rely on Squarespace to ensure these are limited to what is strictly necessary for the functioning of the website, and the legal basis is our legitimate interests (Article 6(1)(f) UK GDPR) in providing a functional and secure website.
For Non-Essential Cookies (e.g., Analytics, Functionality, if any are active beyond essential ones): We process data based on your explicit consent (Article 6(1)(a) UK GDPR), which you provide via our cookie consent mechanism managed through Squarespace.
It is important to note that our website (www.homacare.co.uk) may contain links to other websites (e.g., Calendly, as mentioned previously, or other informational sites). This privacy policy only applies to our HomaCare website. When you link to other websites, you should read their own privacy policies.
We do not knowingly collect data relating to children via our website.
4.3. Employees and Job Applicants
HomaCare collects and processes personal data relating to its job applicants and current and former employees to manage the recruitment process and the employment relationship. We are committed to being transparent about how we collect and use that data and to meeting our data protection obligations.
a) Job Applicants
If you apply for a position at HomaCare, whether directly or through a third-party recruiter (if applicable), we will collect and process the information you provide to us as part of your application. This information typically includes:
Identification and Contact Details: Your name, title, address, telephone number, and email address.
Application Information: Your curriculum vitae (CV), cover letter, employment history, details of your qualifications, skills, experience, and references from previous employers.
Right to Work Information: Information regarding your entitlement to work in the UK (e.g., passport, visa details). This will be verified if you are offered a position.
Interview Information: Notes taken during interviews and any assessments conducted as part of the recruitment process.
DBS Check Information (Conditional): For roles involving regulated activity with vulnerable adults (which will apply to care staff), we will ask for information to conduct a DBS check, and will process the resulting certificate, typically at the conditional offer stage. This is special category data (criminal record information).
Equal Opportunities Monitoring Information (Optional): We may collect information about your ethnic origin, sexual orientation, health, and religion or belief for the purposes of equal opportunities monitoring. This information is optional, anonymised where possible for reporting, and will not affect your application.
Information about Disabilities: If you have a disability, you may provide information about this so that we can make reasonable adjustments during the recruitment process. This is special category data (health information).
How this information is collected: This information is collected in a variety of ways:
Directly from you through application forms, your CV, during interviews, or other forms of assessment.
From third parties, such as recruitment agencies (if used) or referees you provide.
From the Disclosure and Barring Service (DBS) for relevant roles.
Purposes for collecting this information: We collect and process this information for the following purposes:
To assess your skills, qualifications, and suitability for the role you have applied for.
To carry out background and reference checks, where applicable and with your consent or as legally required.
To communicate with you about the recruitment process.
To make decisions about recruitment and appointments.
To comply with legal or regulatory requirements (e.g., checking eligibility to work in the UK, conducting DBS checks for care roles).
To make reasonable adjustments for candidates with disabilities.
For equal opportunities monitoring (if applicable and data is provided).
Legal Basis for processing:
Processing is necessary to take steps at your request prior to entering into an employment contract (Article 6(1)(b) UK GDPR).
Processing is necessary for our legitimate interests (Article 6(1)(f) UK GDPR) in assessing your suitability for a role, managing our recruitment process, and keeping records of the process, provided these are not overridden by your interests or fundamental rights.
Processing is necessary for compliance with a legal obligation (Article 6(1)(c) UK GDPR) – e.g., verifying right to work, DBS checks mandated for certain roles.
For special category data (e.g., health information for reasonable adjustments, criminal record data from DBS checks, optional equal opportunities data):
Processing of health data for reasonable adjustments is based on our legal obligations in connection with employment and social protection law (Article 9(2)(b) UK GDPR) or your explicit consent (Article 9(2)(a) UK GDPR).
Processing of criminal conviction data (DBS checks) is necessary for reasons of substantial public interest (Article 10 UK GDPR and Schedule 1, Part 2, Data Protection Act 2018), specifically for the safeguarding of vulnerable adults, and to comply with our legal obligations as a care provider.
Processing of equal opportunities data is typically based on your explicit consent (Article 9(2)(a) UK GDPR) or where necessary for reasons of substantial public interest for equality of opportunity or treatment (Schedule 1, Part 2, Data Protection Act 2018).
If your application is unsuccessful: If your application for employment is unsuccessful, HomaCare will retain your personal information for 12 months after the recruitment process has ended. This is to allow us to address any legal claims related to the recruitment process and for consideration for future suitable roles with your consent. After this period, your information will be securely deleted or anonymised, unless you have given us explicit consent to retain it for longer.
b) Employees (Current and Former)
If you are a current or former employee of HomaCare, we collect, store, and use a range of personal information about you to manage the employment relationship. This includes information provided during your application process and information generated throughout your employment. The categories of information we process include:
Identification and Contact Details: Your name, title, gender, date of birth, home address, personal telephone number(s), personal email address(es), emergency contact details, and next of kin.
Recruitment Information: Your original application form, CV, references, interview notes, and other information gathered during the recruitment process (as detailed in section 4.3 a)).
Right to Work Documentation: Copies of your passport, visas, or other documents verifying your right to work in the UK.
Employment Contract Information: Your contract of employment, any amendments to it, job title, job description, start date, hours of work, and details of your probation period (if applicable).
Financial Information: Your National Insurance number, bank account details, tax code, salary, details of any other payments or benefits (e.g., mileage, expenses), pension scheme details, and information related to payroll processing.
Qualifications, Training, and Development: Copies of your qualifications and certifications (e.g., Care Certificate, NVQs in Health and Social Care), records of training completed (including mandatory training), details of your continuous professional development, supervision records, and competency assessments.
Attendance and Leave Records: Records of your working hours, overtime (if applicable), holidays, sickness absence (including reasons for absence, where provided), maternity/paternity/adoption/shared parental leave, and other types of leave.
Performance Management: Information relating to your performance, including appraisals, performance reviews, objectives, one-to-one meeting notes, and any performance improvement plans.
Disciplinary and Grievance Information: Information relating to any disciplinary or grievance procedures in which you have been involved, including warnings issued and related correspondence.
Health and Safety Information: Information relating to health and safety at work, including accident reports, risk assessments relevant to your role, and information about any occupational health referrals or assessments.
Communication Records: Records of work-related communications, including emails.
Termination of Employment Information: Information relating to the end of your employment, such as resignation letters, exit interview notes, and details of any final payments.
We may also collect, store, and use the following special categories of more sensitive personal information:
Health Information: Information about your physical or mental health or condition, including sickness absence records, medical reports (e.g., from GPs or occupational health), information on disabilities for which we need to make reasonable adjustments, and information relevant to your fitness to carry out your care duties safely.
Criminal Record Information: Information about your criminal record obtained through Disclosure and Barring Service (DBS) checks (initial and any subsequent updates), which are essential for roles involving regulated activity with vulnerable adults.
Equal Opportunities Monitoring Information (Optional): As during the application stage, we may offer you the opportunity to provide information about your ethnic origin, sexual orientation, religion or belief for the purposes of equal opportunities monitoring. This is optional, and if provided, is used for statistical analysis and reporting in an anonymised form where possible.
How this information is collected: This information is collected in various ways:
Directly from you (e.g., when you complete employment forms, provide documents, update your details, or during meetings and discussions).
From your line manager or other HomaCare personnel as part of operational and HR processes.
Through our IT systems (e.g., email system).
From third parties, such as former employers (references), government bodies (e.g., HMRC, DBS), pension providers, and occupational health professionals (where applicable and with your consent or as legally required).
Where your data is stored: Your personal data is stored in a range of different places, including in your physical personnel file, in HomaCare’s HR systems (if any), payroll systems, and in other IT systems (including our email system).
Purposes for processing your personal information (including special category data): We need to process your personal data to manage the employment relationship and to enable us to run our business and manage our relationship with you effectively, lawfully, and appropriately. This includes using information to:
Fulfil our obligations under your employment contract (e.g., to pay you, provide contractual benefits).
Administer payroll, tax, National Insurance contributions, and pension benefits.
Manage your holiday, sickness, and other leave entitlements.
Make decisions about recruitment, promotion, and succession planning.
Conduct performance reviews, manage performance, and determine training needs.
Manage disciplinary and grievance procedures.
Comply with our legal obligations as an employer (e.g., verifying right to work, health and safety duties, employment tax).
Comply with our regulatory obligations as a domiciliary care provider (e.g., ensuring staff are fit and properly trained, CQC requirements).
Ensure the safety and wellbeing of our clients by confirming staff suitability (including through DBS checks) and competence.
Make decisions about your continued employment or engagement.
Deal with legal disputes involving you, or other employees, workers, and contractors, including accidents at work.
Ascertain your fitness to work and make appropriate workplace adjustments.
For equal opportunities monitoring (if applicable and data is provided).
To prevent fraud.
Legal Basis for processing:
Processing is necessary for the performance of your employment contract with HomaCare (Article 6(1)(b) UK GDPR).
Processing is necessary for compliance with our legal obligations as an employer and as a CQC regulated care provider (Article 6(1)(c) UK GDPR).
Processing is necessary for our legitimate interests (Article 6(1)(f) UK GDPR) in managing our workforce, running our business efficiently, and protecting our legal position (e.g., in the event of legal claims), provided these are not overridden by your interests or fundamental rights.
For special category data:
Processing is necessary for the purposes of carrying out the obligations and exercising specific rights of HomaCare or of the data subject in the field of employment and social security and social protection law in so far as it is authorised by Union or Member State law or a collective agreement pursuant to Member State law providing for appropriate safeguards for the fundamental rights and the interests of the data subject (Article 9(2)(b) UK GDPR). This covers processing of health data for sick pay, managing absences, making reasonable adjustments, and processing DBS information as required by our regulatory framework.
Processing is necessary for the purposes of preventive or occupational medicine, for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services (Article 9(2)(h) UK GDPR), particularly if we refer you to occupational health.
Processing of criminal conviction data (DBS checks) is necessary for reasons of substantial public interest (Article 10 UK GDPR and Schedule 1, Part 2, Data Protection Act 2018), specifically for the safeguarding of vulnerable adults and to comply with our legal obligations as a care provider.
Processing of equal opportunities data is typically based on your explicit consent (Article 9(2)(a) UK GDPR) or where necessary for reasons of substantial public interest for equality of opportunity or treatment (Schedule 1, Part 2, Data Protection Act 2018).
In limited circumstances, processing may be necessary to protect your vital interests or those of someone else, where you are physically or legally incapable of giving consent (Article 9(2)(c) UK GDPR).
Sharing your information: Your information will be shared internally within HomaCare with individuals who need access to it for the performance of their roles (e.g., your line manager, HR if applicable, payroll staff, senior management). We may also share your personal data with third parties in the following circumstances:
To comply with legal or regulatory requirements (e.g., with HMRC for tax and NI purposes, the DBS, the CQC, Home Office).
With our pension provider for the administration of your pension scheme.
With external payroll providers (if used).
With professional advisors, such as lawyers or accountants, if necessary.
With occupational health providers or other medical professionals, with your consent or where legally required/permitted.
With your future employers, to provide references (only with your consent or at your request).
In the event of an emergency, with emergency services or your nominated emergency contacts.
With our insurers, in relation to any claims.
We will only share the minimum information necessary for the specific purpose and will have appropriate data sharing agreements in place where required.
Data Retention: Personal information about employees will be retained for the duration of their employment and for a specified period after employment ends (e.g., typically 6 years for many employment records to comply with legal and tax obligations, but some records may be kept longer or shorter in line with our data retention policy and legal requirements).
5. Marketing
From time to time, HomaCare may wish to send you information that we believe may be of interest to you. This may include newsletters, updates about our services, or educational material. We will only do this in compliance with applicable data protection and marketing laws.
For our existing clients, we may send newsletters and updates about our services via email, where we have your consent or a lawful basis to do so under marketing regulations (such as the soft opt-in where applicable, always with a clear option to unsubscribe).
For prospective clients, we may contact you by email about our services if you have given us your explicit consent to do so. We may also occasionally contact prospective clients by post with information about our services where we have a legitimate interest and have ensured this is done in a way that respects your privacy rights and provides an option to opt-out.
If you agree to receive marketing communications from us, you will have the opportunity to specify how you wish to receive such material (e.g., by email or post where applicable). We will only contact you by the means you have specified and consented to, where consent is the basis.
You have the right to withdraw your consent to marketing, or object to marketing based on legitimate interests, at any time. You can unsubscribe from our marketing communications by:
Clicking the "unsubscribe" link typically found at the bottom of our marketing emails.
Contacting our Registered Manager, Helen Maxwell, at helen@homacare.co.uk and informing us that you no longer wish to receive marketing materials or wish to opt-out of postal marketing.
Your personal data is safe with us. We will not share your personal data with any third party for their marketing purposes unless we have your explicit consent to do so.
6. How long we keep your data
We will only retain your personal information for as long as necessary to fulfil the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, regulatory, or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.
We have a data retention policy and schedule in place (or are in the process of finalising one) which details specific retention periods for different types of personal data. Key examples of our retention periods are as follows:
General Website Enquiries: For general enquiries submitted via our website contact form or direct email/phone that do not result in you becoming a client or employee, we will typically retain your details for a period of 12 months from the date of our last communication with you. After this period, your data will be securely deleted or anonymised.
Job Applicants (Unsuccessful): As stated previously, if your application for employment is unsuccessful, HomaCare will retain your personal information for 12 months after the recruitment process has ended.
Clients and their Representatives (Care Records and Associated Data):
Client care records (including personal details, care plans, health information, and records of care provided) are retained for 10 years after the provision of our services to the client has ended (e.g., after the last date of care delivery or 10 years after a client's death). This is to comply with our legal and regulatory obligations, for best practice in health and social care, and in consideration of potential future queries or claims.
Once this period has expired, all personal data relating to the client will be securely and permanently deleted or anonymised.
Employees (Current and Former):
Personal information about employees will be retained for the duration of their employment.
After employment ends, HomaCare will retain the majority of core employee records (such as contract of employment, personnel files, training and performance records) for 6 years after the end of employment.
Financial records related to employee pay (e.g., payroll, tax information) will be kept for at least 6 years after the end of the relevant financial year.
Some specific employment-related records may have slightly different statutory retention periods, which are detailed in our internal data retention schedule.
Financial Records (Company and Client Billing): Financial records, such as invoices, payment records, and accounting documents relating to the business and client billing, will be retained for 6 years plus the current financial year (often referred to as 6 years + 1) to comply with HMRC requirements.
HomaCare is committed to ensuring all data is kept only for appropriate periods. If you have any questions about how long we keep specific types of data, please contact our Registered Manager.
7. Where your data is stored
HomaCare is committed to ensuring that your personal data is stored securely.
Your personal data may be stored in a variety of locations, including:
On our secure local IT systems and in paper files within our registered office in the UK.
On the servers of our third-party service providers.
As far as possible, we aim to use data centres located within the United Kingdom (UK) or the European Economic Area (EEA).
However, some of the third-party services we use to effectively run our business and provide our services (such as our website hosting provider, Squarespace, and our online booking tool, Calendly) may be based outside the UK/EEA or may use data centres located outside the UK/EEA.
Where your personal data is transferred outside the UK/EEA, we will take all reasonably necessary steps to ensure that your data is treated securely and in accordance with this privacy policy and applicable data protection laws. This includes ensuring that appropriate legal safeguards are in place, such as relying on adequacy decisions made by the UK government, or using Standard Contractual Clauses (SCCs) with a UK Addendum, or other appropriate legal mechanisms for data transfer. We also conduct due diligence on our third-party suppliers to ensure they have suitable security measures in place.
8. Third Party Processors
In the course of our business, HomaCare uses a number of third-party service providers (also known as data processors) to help us operate effectively and provide our services to you. These may include providers of:
Website hosting and analytics (e.g., Squarespace).
Online booking tools (e.g., Calendly).
Email and communication services.
IT support services.
Payroll services (if applicable).
Accounting and financial services.
DBS checking services.
Professional advisory services (e.g., legal, HR).
When we use any third-party service provider, we only disclose the personal information that is necessary for them to provide their service. We have contracts (Data Processing Agreements or DPAs where required by law) in place with our data processors. These contracts require them to keep your information secure, only use it for the specific purposes for which it was provided, and to process it in accordance with data protection legislation.
We conduct due diligence on our third-party processors to ensure they have appropriate security measures in place to protect your data and that they comply with data protection principles.
9. Your Rights
Under data protection law, you have several rights regarding the personal information HomaCare holds about you. These rights are as follows:
The right to be informed: You have the right to be provided with clear, transparent, and easily understandable information about how we use your personal data and your rights. This is why we are providing you with this privacy policy.
The right of access (Subject Access Request): You have the right to obtain a copy of the personal information we hold about you and certain other information (similar to that provided in this privacy policy). This is so you are aware and can check that we are using your information in accordance with data protection law.
The right to rectification: You are entitled to have your personal information corrected if it is inaccurate or incomplete.
The right to erasure (Right to be Forgotten): This enables you to request the deletion or removal of your personal information where there is no compelling reason for us to keep using it. This is not a general right to erasure; there are exceptions (e.g., where we need to keep the data to comply with a legal obligation or for the establishment, exercise or defence of legal claims).
The right to restrict processing: You have rights to 'block' or suppress further use of your personal information in certain circumstances. When processing is restricted, we can still store your personal information, but may not use it further.
The right to data portability: You have the right to obtain and reuse your personal data for your own purposes across different services. This allows you to move, copy or transfer your personal information easily between our IT systems and theirs safely and securely, without affecting its usability. This right, however, only applies to personal data that you have provided to us, where we are processing it based on your consent or for the performance of a contract with you, and the processing is carried out by automated means.
The right to object to processing: You have the right to object to certain types of processing, including processing for direct marketing (which we do only with your consent or other lawful basis as explained in Section 5). You can also object to processing based on our legitimate interests.
Rights in relation to automated decision making and profiling: You have the right not to be subject to a decision based solely on automated processing (including profiling) that produces legal effects concerning you or similarly significantly affects you. HomaCare does not currently use automated decision-making or profiling in a way that would have a significant legal effect on individuals. If this changes, we will update this policy and ensure appropriate safeguards are in place.
Exercising your rights: If you would like to exercise any of these rights, please contact our Registered Manager, Helen Maxwell, using the contact details provided in Section 3 of this policy ("How to Contact Us"):
Name: Helen Maxwell Role: Registered Manager Email: helen@homacare.co.uk Postal Address: HOMACARE LTD, 167-169 Great Portland Street, London, England, W1W 5PF
Generally, you will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive, or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal information (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
10. Right to Complain
We take any complaints we receive about the way we process your personal data very seriously. We encourage you to bring any concerns to our attention in the first instance by contacting our Registered Manager, Helen Maxwell, using the details provided in Section 3 ("How to Contact Us"). We will endeavour to resolve your concerns.
However, if you are not satisfied with our response, or if you believe that your data protection rights have been breached, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO). The ICO is the UK's independent body set up to uphold information rights.
You can contact the ICO by:
Visiting their website: https://ico.org.uk/concerns/
Telephoning the ICO helpline on: 0303 123 1113
Writing to them at: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF.
For more information about your data rights and privacy or data protection in general, you can visit the Information Commissioner’s Office website at https://ico.org.uk.
11. Changes to this Privacy Policy
We keep our privacy policy under regular review to ensure it is up to date and accurately reflects our data processing practices and any changes in the law. Any changes we may make to our privacy policy in the future will be posted on our website (www.homacare.co.uk) and, where appropriate, notified to you by email or other direct communication if we hold your contact details and the changes are significant.
We encourage you to check back frequently to see any updates or changes to our privacy policy.
This privacy policy was last updated on 03/06/2025.
If you have any questions about this privacy policy, please contact our Registered Manager, Helen Maxwell, using the contact details provided in Section 3 ("How to Contact Us").