Privacy Policy
Last updated: [DATE — update before go-live]
Who we are
GENESIS HEALTH CARE is a domiciliary care provider registered with the Care Quality Commission, providing personal care and support services to adults in their own homes across Ripon and North Yorkshire.
We are registered with the Information Commissioner's Office. Our ICO registration number is ZB123456.
We are the data controller for all personal data we collect and process. The person responsible for data protection within our organisation is our founder and registered manager. You can contact her at dpo@yourdomain.co.uk.
What data we collect and why
Service users and their families
We collect personal information including name, address, contact details, date of birth, and health and care information. Health and care information is special category data under UK GDPR. We collect this because it is necessary to provide safe, person-centred care. We cannot provide our services without it. The legal basis for processing special category health data is Article 9(2)(h) of UK GDPR, which covers processing necessary for the provision of health or social care.
Website enquiries and contact forms
When you contact us through our website we collect your name, email address, and the content of your message. We use this to respond to your enquiry. We do not add you to any mailing list without your explicit consent.
Job applicants
When you send us your CV we collect your name, contact details, employment history, and any other information you choose to include. We use this to assess your suitability for working with us. We retain CV information for [RETENTION PERIOD — confirm with solicitor] after which it is securely deleted.
Website visitors
We use cookies and analytics tools to understand how people use our website. Please see our cookie policy for full details.
How we store your data
Service user care records are stored in our own secure in-house care management system. This system is not shared with any third party. Access is restricted to authorised staff only.
Website data is processed by Netlify, our website hosting provider. Newsletter data, where applicable, is processed by Mailchimp. Both are reputable processors with their own data protection obligations.
We do not sell your data. We do not share your data with third parties except where we are legally required to do so, or where it is necessary for the provision of your care.
How long we keep your data
We retain service user care records for a minimum of seven years after the end of the care relationship, in line with health and social care record keeping guidance. [CONFIRM WITH SOLICITOR — mental health records may require longer retention periods.]
We retain job applicant data for [RETENTION PERIOD].
We retain website enquiry data for [RETENTION PERIOD].
Your rights
Under UK GDPR you have the right to: access the personal data we hold about you; correct inaccurate data; request deletion of your data in certain circumstances; object to or restrict processing in certain circumstances; receive your data in a portable format; withdraw consent where consent is the basis for processing.
To exercise any of these rights, contact us at dpo@yourdomain.co.uk. We will respond within one month. If you are unhappy with how we have handled your data you have the right to complain to the Information Commissioner's Office at ico.org.uk.
Changes to this policy
We review this policy regularly. The date at the top of this page shows when it was last updated. Significant changes will be communicated directly to service users and their families.