Privacy Policy / gDPR
How we handle your data
Kripa Care Limited, is a residential care services provider based in the UK.
Where we use the term “residents” in this Privacy Notice, we refer to residents in our residential care homes and other service users that we provide care for.
We recognise the privacy and security of personal information is of great importance to our residents, their families and friends, our workers and others such as GPs and all those involved in looking after the welfare of our residents.
We have provided this Privacy Notice to set out why we need to collect personal information relating to our residents, families, friends and representatives, how we use it and how we protect it.
We have appointed a Data Protection Officer who is responsible for overseeing questions relating to this Privacy Notice. If you have any questions, please refer to the “How to Contact Us” section below.
Our privacy policy is governed by the overarching principles of collecting and using personal details when they help us provide a better service to our residents and to meet legitimate interests including to protect our residents and workers, lawfully, fairly and transparently.
Since 31 January 2021 your and our data protection rights and obligations are set out in what is known as the United Kingdom General Data Protection Regulation (UK GDPR), which in all material respects replicates EU data protection laws.
The personal information we refer to in this Privacy Notice includes information that can be used to identify you.
Set out below is the personal information we collect and the reasons why we need it.
How do we collect information from you?
We collect information about you when you enquire about our care services, use our website, and become a resident in one of our care homes. We also collect information when you voluntarily complete customer surveys or provide feedback about our services.
What types of information do we collect from you?
Personal data or personal information can be any information about an individual from which that person can be identified. We may collect, use, store and transfer different types of personal data about you which we have grouped together as follows:
When you enquire about our care services
- Personal information including your name, address, telephone numbers and email address.
When you use the Kripa Care Limited’s website or interact with our digital marketing communications
- Any personal details you knowingly provide us with through calls, forms or email, such as your name, address, telephone numbers and email address. We use the information that you provide so we can respond to your requests and communicate with you.
- Your preferences and use of email updates, recorded by emails we send you (if you select to receive email updates)
- Your IP Address: this is a string of numbers unique to your computer that is recorded by our web server when you request any page or component on the website. This information is used to measure your usage of the website.
Where you are resident in one of our residential care homes or receiving care services
- Personal details including your title, full name, maiden name, marital status, date of birth, gender, contact details including address (billing address or correspondence address), telephone numbers, email addresses, contact details for next of kin, your GP and other allied health professionals.
- Financial information including bank account information to enable payment of services.
- Transaction data including details of payments from you for the services we have provided.
- Information about your life, including social history, health and wellbeing, treatment and care. This may also include information about your marital status, ethnicity and sexual orientation and details of medical treatments.
- Notes and reports about your health and care provision including case assessments and medication provided.
- Compliments, complaints, accidents and incidents information.
- Contributions to resident questionnaires and surveys.
Where you are the relative, next of kin, attorney or deputy to one of our residents
- Personal details including title, full name, relationship to the resident, contact details including address, telephone numbers, email addresses.
When you visit one of our care homes
- Name of the visitor, purpose of their visit and car registration details if car parking was used.
- Information relating to the prevention and detection of crime and the safety of residents and workers including CCTV recording.
What information do we get from or supply other sources?
- We work closely with NHS Integrated Care Boards (ICBs, formerly known as CCGs, which are responsible for your health needs), other health authorities, medical professionals, local authorities (who may have responsibilities for your care needs) and regulators to deliver our care services. We will receive information from them regarding your health and care including admission details, care records and medical records.
- We also work with other companies who provide professional services (including IT service providers), advertising and marketing services.
Standard Personal Information and Special Category Information
- Much of the above information is called standard personal information, such as names, addresses, contact details (for you, family, friends and your GP), identification paperwork, financial details and information, and how you use our website and other IT technologies.
- There is also what is called special category information, which tends to be more sensitive and results in additional protection being afforded to it.
- Special category information comprises race, ethnic origin, sex life and sexual orientation, religion, and healthcare.
- Healthcare information covers both physical and mental aspects and includes genetic and biometric information, medical history and records including of disabilities or special requirements, our care plans, risk assessments and records of the care and support we provide for you.
Lawful basis for processing
Article 6 of the UK GDPR sets out the bases for our processing standard personal information, and article 9 likewise for special category information. Different stages and aspects of our relationship with you gives different bases. For example, when assessing whether we can meet your needs if you are admitted into a home and how we should contract with you, there will be bases of considering your healthcare requirements, to meet legal and regulatory requirements, and to enable to us contract with you. To quote the UK GDPR, ‘’processing is necessary”
- For the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract…”
- For the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller….”
- For the purposes of preventive or occupational medicine, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services on the basis of domestic law …”
- Other bases include the necessity to protect your vital interests and our legitimate interests in managing our relationship with you, and your having provided us with your unambiguous consent, but all bases are prescribed by and confined to the specific purposes for the lawful processing of the particular information.
How do we use the information about you?
- We process your personal data to manage the services we provide you, to carry out our obligations arising from any contracts entered into between us and you, to provide you with information or services you have requested and to process payments and refunds.
- Your care record will contain detailed information about your health and well-being including illnesses, medical appointments and treatments. It will also contain details of your attorney, deputies, your close family and next of kin. We will share these with medical and allied health professionals who have a legal and legitimate need to use the information to support the care provided to you.
- We share information within Kripa Care Limited to provide necessary administrative and managerial support and to suppliers who help deliver products or services on our behalf.
- We use either personal or anonymised data to review the performance of our care services as part of our continuing work to improve our services and meet the needs of our residents.
- We may use your details to contact you about any changes to our care services.
- We may use your personal data to send you marketing information describing services that you may be interested in where you have consented to receive this beforehand. You may opt out of receiving this information at any time.
- We share information with ICBs, other health and local authorities, medical professionals and regulators regarding resident’s health and care including admission details, care records and medical records.
- There is a scheme run by the NHS for using shared confidential resident data for the purposes of NHS planning or research. At the moment there is no confidential resident data shared with the NHS for such purposes, but annually we review all confidential resident data, amongst other things, to see if it is being used by the NHS for these purposes. More details of this scheme can be found at https://www.nhs.uk/your-nhs-data-matters/ which includes how at any time you can stop confidential resident data being used for such purposes. Your care will not be adversely affected even if you opt out from the NHS being able to use your information for these purposes.
- We use cookies on our website to collect information to enable us to better present and improve our services. Our Cookies policy provides further information.
Circumstances which override data protection obligations we might otherwise apply and which compel us to provide specific information include:
- Reporting health or safety issues including infectious diseases;
- Where there is a legal or statutory requirement, court order or public authority instructs us to do so;
- Supporting police investigations, professional conduct hearings and safeguarding investigations in the public interest; where a serious crime or fraud has been committed; if there is a serious risk to the public, resident or employees.
- Where there is a need to protect children or vulnerable adults who are not able to decide if their personal data should be shared.
In exceptional circumstances, we may be required to share information without your or your representative’s consent. Circumstances may include:
- Where a serious crime or fraud has been committed.
- If there is a serious risk to the public, resident or employees.
- Where there is a need to protect children or vulnerable adults who are not able to decide if their personal data should be shared
How we store, process and protect your data
- We take the privacy and security of your personal data very seriously. We ensure we handle your data with the highest level of care by having clear internal policies and procedures, physical security to our premises and IT security technologies to prevent the unauthorised access, damage and loss of your data.
- The personal data that we collect from you is only stored inside the UK , therefore ensuring we achieve the maximum privacy and security in line with UK GDPR.
- Credit card payments are processed securely via our third party payment processing partners, who we have vetted and who have agreed to provide a level of data protection no less than ours.
- Calls may be recorded for training and quality purposes. Our inbound calls and associated data capture is processed securely via a software called Infinity Cloud, a contracted third party, who adhere to our standards with extended data protection and detection systems. We use this software to improve the sales experience for both parties.
- Whilst at all times compliant with legislation and acting reasonably, we reserve the right to judge what information we must continue to hold to be able to fulfil our legal and contractual obligations to you and others.
- We may anonymise your personal data (so that you can no longer be identified) for research and analysis purposes in which case we may use this information indefinitely without further notice to you.
- Where we process data based solely on your consent, it will only be processed for the purposes prescribed in your consent, and you have the right to withdraw that consent at any time.
Access to your information and correction
- You have the right to request a copy of the information that we hold about you. If you would like a copy of some or all of your personal information, please email or write to us at the address set out in the “How to Contact Us” section below.
- We try to respond to all legitimate requests within one month. It may take us longer if your request is particularly complex or you have made a number of requests. In which case, we will notify you and keep you updated.
- You will not have to pay a fee to access your personal data and you are entitled to receive a copy of your personal data within one calendar month of receipt of your request and once we have verified your identity.
- We want to make sure that your personal information is accurate and up to date. You may ask us to correct or remove information you think is inaccurate.
- We may ask for proof of identity before we share your personal data with you or your representative.
Request restriction of processing
- You have the right to request us to suspend the processing of your personal data where:
- You want us to establish the data’s accuracy,
- Where our use might be unlawful but you do not want us to erase it,
- You need us to hold the data even if we no longer require it as you need it returned to establish and exercise any legal claims or;
- You have objected to our use of your data but you need to verify whether we can lawfully use it.
If possible we will inform any third parties to whom your data has been disclosed of your requirement.
Changes to our privacy policy
- We regularly review our privacy policy and will place any updates on this webpage.
How to contact us
Please contact us if you have any questions about our privacy policy or information we hold about you.
Email: info@kripacare.co.uk
You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, like to have the opportunity to deal with your concerns before you approach the ICO so please contact us in the first instance.