Amber Home Carers Privacy Policy

Last updated: October 2024

This is the data protection policy for Amber Home Carers Limited. It outlines the privacy practices relevant to all our carers including our self-employed carers.

Overview:

  • Introduction
  • How we handle your data
  • Fraud prevention and credit assessments
  • Legal bases for processing your data
  • Keeping you informed about our services and products
  • Data sharing practices
  • Transferring information outside the European Economic Area (EEA)
  • Updating and storing information
  • Your data protection rights
  • Updates to this privacy policy and your feedback
  • Protection of carer information

Introduction
Amber Home Carers Limited is registered with the Information Commissioner’s Office (ICO) as data controllers.

We (“Amber Home Carers Limited,” “we,” or “us”) are dedicated to safeguarding your privacy. We adhere to the principles outlined in the General Data Protection Regulation (GDPR) and other relevant data protection laws, striving to uphold best practices in handling both personal data and special category data (often referred to as sensitive personal data).

How we handle your data

We utilize the information you provide, along with data collected through our interactions with you (including the products or services we offer and your use of them), to deliver the requested services or products, communicate with you, and tailor the information we share with you.

We do not sell, trade, or rent your personal details to third parties.

All information you share with us, including details entered into forms on our website and data we collect from your browsing activity, is stored securely. Like most web servers, our server records every page accessed on our site. If you contact us electronically, we may collect your digital identifiers, such as your IP address or phone number, to track website visits, detect fraudulent activity, or identify mystery shoppers.

We request your home and mobile numbers, along with your email address, to follow up on inquiries, address any issues with your order, inform you about significant changes to our website, or for other legitimate reasons. For instance, if you participate in a contest or promotion, we use your details to manage the competition and notify the winners.

At times, we may need to gather information classified as special category data (sensitive personal data), which may include details about race, ethnic background, sexual orientation, health conditions, or criminal history. We will only collect or use this type of data with your explicit consent or when legally permitted, ensuring it complies with relevant laws and guidelines set by the Information Commissioner’s Office (ICO).

Any new details you provide may be used to update the records we already hold. If you give us a work email address, we cannot be responsible for any third-party access to communications we send.

We collect your credit or debit card information to process payments for products or services securely and will only use these details with your consent or for necessary refunds.

When you contact us by phone, we may ask security questions to verify your identity, as we deem appropriate.

Fraud prevention and credit assessments

To protect against fraud and money laundering, we may share your information with fraud prevention agencies and other relevant organizations, where your records might be reviewed.

To evaluate financial and insurance risks, we conduct comprehensive checks using the electoral roll and public data supplied by credit reference agencies and other external sources.

As part of our security protocols, we may occasionally require proof of your identity or verify your listing on the electoral roll.

Legal bases for processing your data

We aim to clearly explain why we need your data before you provide it to us. In some instances, we may require sensitive (special category) personal information, and when this is the case, we will seek your consent beforehand, unless it is essential to deliver the service you’ve requested. Without this data, we might not be able to meet your service or product needs.

A customer can give consent on behalf of their partner over the phone or via the website, provided they confirm they have received the partner’s permission. For written consent, the spouse must independently validate this by adding their own signature.

The information we gather from you—whether shared orally, in writing, through our website, or from other interactions, including third-party data—is used to provide the service you requested. Additionally, this data may be utilized for market analysis and statistical evaluations.

We process the personal data we collect from you based on our legitimate interests, which include various reasons such as marketing, improving and personalizing our services, fraud detection and prevention, strengthening the security of our network and systems, and conducting market research to evaluate the success of our campaigns and services. “Legitimate interests” refer to our company’s need to manage our business effectively to provide you with the best possible service and a secure experience.

When relying on our legitimate interests to use your information, we carefully consider and assess any potential impact on you and your rights under data protection laws. Where required, we carry out legitimate interest assessments to ensure your rights are adequately safeguarded.

Keeping You Informed About Our Services and Products

When you reach out to us through our website or contact centres, we may ask for your consent to inform you about our products and services. If you grant us permission, we will reach out to you by mail, phone, email, or other channels to share details about offers, products, and services that might interest you.

We also have a legitimate interest in keeping you updated about our products, services, special offers, and rewards. Based on this interest, we may use your information to send personalized communications tailored to your preferences.

You have the right to opt out of receiving these communications at any time, adjust your preferences for the products you wish to hear about, or change the way we contact you. You can modify these settings by getting in touch with us through our usual contact methods.

We use your personal information to help us determine which products, services, and offers may be of interest to you, a practice known as profiling for marketing purposes. You can ask us to stop using your information in this way at any time. With your consent, we may display or send you marketing content via email, phone, post, or online platforms, including our website and social media.

We make outbound calls for various reasons related to our services and strictly adhere to Ofcom regulations to ensure compliance.

Additionally, we may use data collected for one product to promote another product that we believe would be suitable and relevant to you, based on the information we have gathered.

Data sharing practices
As previously stated, we do not sell, trade, or rent your personal information, and we will not share your details (including data obtained through our interactions with you) with third parties, except in the following circumstances:

a) When we have a legal interest in a related company.

b) To fulfil your specific requests for a product, service, or information when third parties are involved in delivering those products, services, or information. In such cases, while your data will be shared with these third parties, it will strictly be used for administering the service, including verifying quotes, determining pricing, conducting tests, and maintaining business analytics.

c) If third parties are responsible for managing all or part of the product or service. Additionally, we may be legally required to share your information with law enforcement or other regulatory bodies, and in some instances, data protection laws may permit us to release your personal data to prevent or detect criminal activity or in relation to legal proceedings.

d) You have the right to request that we transfer your personal data to another organization or directly to you in specific situations. In certain circumstances, you can also ask us to erase your personal data.

If, after purchasing a product or service, we engage a new third-party provider for that service, the terms of your agreement with us will state that you consent to the transfer and processing of your personal and sensitive data by the new provider, in accordance with GDPR and relevant laws.

Whenever we share information with a third party (such as a product or service provider or an external data processing agency), we implement strict contractual controls to ensure that they, along with their agents or suppliers, will:

a) Keep the information secure and confidential, limit access to only those employees who need it, use the data solely for the agreed purpose, and avoid any unauthorized communication with you beyond what is necessary for the service.

b) Return the data to us once the contractual agreement ends and securely delete or destroy any copies unless retaining them is required by law.

Moreover, we limit the shared information to the minimum necessary to deliver the requested product or service.

Transferring information outside the European Economic Area (EEA)

Occasionally, we may engage service providers and organizations located outside the EEA to assist with service processing, system testing, and maintenance. It’s important to note that some countries outside the EEA may not offer the same level of data protection as the UK. Nevertheless, we make every reasonable effort to ensure that adequate safeguards are in place to protect your personal data. To maintain data security, we implement at least one of the following safeguards when transferring your personal data outside the EEA:

  • We only transfer data to countries that the European Commission has deemed to have an adequate level of data protection.
  • When using specific service providers, we may employ contracts, codes of conduct, or certification mechanisms approved by the European Commission that ensure your data receives the same protection as within Europe.
  • If using providers based in the United States, we may transfer data to those that participate in the EU-US Privacy Shield, which requires them to offer similar protection to personal data as provided within the EEA.

If none of these safeguards are available, we may seek your explicit consent for the transfer, and you can withdraw this consent at any time.

For more information about the specific measures we use for international data transfers, please contact us at info@amberhomecarers.com .

Updating and storing information

Please inform us in writing if there are any changes to your personal details or if you believe the information we have about you is inaccurate, so we can update our records accordingly.

We manage your personal data following the principles of the GDPR and related regulations, as well as our Data Retention Policy. We are legally required to keep specific types of data for a minimum duration.

Typically, the minimum retention period is six years, though it may be extended if required by applicable laws or regulations.

Your data protection rights


Access to Your Information:
You have the legal right to access the personal and sensitive data we hold about you. To exercise this right, you need to submit your request in writing, either by letter or email. Please specify the information you wish to access and include dates if possible. We may ask you to provide proof of identity where necessary.

We do not process Subject Access Requests made by a third party unless they are accompanied by written consent from the individual to whom the request pertains. We are required to respond to a valid request within one month.

Rights Related to Automated Decision-Making, Including Profiling: We use the information we have about you to make decisions that influence our pricing, fraud prevention, and the products and services we can offer.

Automated decision-making helps us make effective and fair decisions, enhancing the service we provide to our customers. You have the right to object to this form of data use, though doing so may affect the range of products or services we can offer you. We utilize automated decision-making in the following areas:

  • Personalized Marketing: We use your data to make decisions about the products, services, and offers that may interest you, ensuring that our communications are relevant to your preferences. You can opt out of these tailored communications at any time by contacting us.

The Right to Erasure: You have the right to request the deletion of your personal data and to prevent its processing under specific conditions as outlined by the ICO.

The Right to Data Portability: You have the right to obtain and reuse the personal data you provided to us for your own purposes, including transferring it to another service.

For more information about your rights or to make a request, please contact the Data Protection Officer at Amber Home Carers Limited, 51a Sheen Lane, East Sheen SW14 8AB.

Updates to this privacy policy and your feedback

Should we decide to modify our privacy policy, we will update all pertinent documentation and display any changes on our websites, ensuring you are informed about the information we collect, how we use it, and the circumstances under which we may share it.

We welcome any questions or feedback regarding privacy matters. You can reach out to the Data Protection Officer at Amber Home Carers Limited, 51a Sheen Lane, East Sheen SW!4 8AB.

If you believe that your personal information has not been managed properly, you have the right to file a complaint with the Information Commissioner’s Office (ICO). This can be done at www.ico.org.uk/concerns or by sending a letter to: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF. However, we would appreciate the opportunity to address your concerns directly before you contact the ICO.
Please keep your personal information updated by emailing us at info@amberhomecarers.com if there are any changes.

Protection of carer information

Amber Home Carers Limited serves as the data controller for your personal information. In accordance with the Data Protection Act 2018, we are obligated to inform you about how we collect, store, share, and retain your personal data.

We will process your personal information (whether provided by you or third parties) for the following purposes:

a) To evaluate your skills, suitability, and eligibility to work as a companion/carer; if you are accepted, we will facilitate your introduction to our clients.

b) This may also involve providing clients with copies of your photographs for identification purposes.

c) To connect you with clients, gather feedback regarding your service, and assess the success of the introductions between you and each client.

d) To keep you informed about relevant updates concerning our agency and our clients.

You acknowledge that, as part of this process and before introducing you to potential clients, we will request references from your previous employers and/or clients.

We may retain specific personal data you provide even after you are no longer a carer with our agency to comply with legal and client obligations. We will keep your personal information for up to two years following your last introduction, after which it will be destroyed.

While we may need to share certain information as an agency, we only do so with authorized individuals who have a legal right to request your information or if you have given us consent to share your personal data. We do not sell your personal information.