Purpose of this document
This notice is intended to provide information about how the Company will use (or process)
personal data about individuals including: its staff; clients; partners and suppliers.
The information is provided because data protection law gives individuals rights to understand
how their data is used. You are encouraged to read this notice and understand the Company’s
obligations to its entire community.
The privacy notice applies alongside any other information the Company provide about use of
personal data, for example, when collecting data online or in paper form.
Anyone who works for, or acts on behalf of, the Company should also be aware of and comply with
this privacy notice, which also provides further information about how personal data about those
individuals is used.
Who we are
Christies Care Ltd are a live-in care agency who provide care to people in their own home. We are
committed to protecting the privacy and security of your personal information. This notice sets
out the basis on which we will collect, hold and process any data that you share with us, or
that we collect from you.
For the purposes of the General Data Protection Regulations (GDPR), Christies Care Ltd are a
“Data Processor”. This means that we are responsible for deciding how we hold and use personal
Our Data Protection Nominee is Jill Pass who will deal with requests and enquiries regarding the
use of personal data and endeavour to ensure that all personal data is processed in compliance
with this policy and data protection law.
Data protection principles
The Company understands and agrees to abide by the data protection principles:
Principle 1: Lawfulness, Fairness and Transparency
Personal Data will only be collected for one of the purposes specified in the applicable Data
Protection regulation and the method of processing that will occur will be thoroughly explained
to the Data Subject.
Principle 2: Purpose Limitation
Personal Data shall be collected for specified, explicit and legitimate purposes and not further
processed in a manner that is incompatible with those purposes.
Principle 3: Data Minimisation
Personal Data shall be adequate, relevant and limited to what is necessary in relation to the
purposes for which they are processed.
Principle 4: Storage Limitation
In line with Principle 3, Personal Data shall be kept in a form which permits identification of
a subject for no longer than necessary for the purposes outlined to the Subject.
Principle 5: Accuracy
Personal Data which needs to be stored for a defined period of time must be kept accurate and up
to date, thus adhering to specified processes for identifying and addressing out of date and
redundant personal Data. The Company will adopt all necessary measures to ensure that Personal
Data collected and processed is complete and accurate and reflects the current situation of the
Principle 6: Integrity & Confidentiality
Personal Data shall be processed and stored in a manner that ensures appropriate security of
said data, including protection against unauthorised processing and accidental loss, destruction
Principle 7: Accountability
The Data Nominee shall be responsible for and be able to demonstrate compliance in accordance to
the six previous Data Protection Principles.
The GDPR provides the certain rights for individuals, as outlined in our ‘Your Rights under GDPR’
Why the Company needs to process personal data
The Company uses Personal Data for the purposes of; general running and business administration,
to meet legal requirements in terms of employing and paying employees, carrying out
pre-employment checks, providing services to our clients and ongoing administration and
management of customer services.
The Company, and its partners will process Personal Data in accordance with all applicable laws
and contractual obligations and Data will only be processed once Informed Consent is given.
We have reviewed our processes to ensure that it is necessary, selected the most appropriate
lawful basis for each activity and documented this to demonstrate compliance.
We will only obtain Personal Data by lawful and fair means and with the knowledge and consent of
the individual concerned. Where a need exists to request and receive the consent of an
individual prior to collection or use of their Personal Data, the Company is committed
to seeking such consent.
The term ‘Informed Consent’ suggests that when applicable or reasonably appropriate to do so, the
individual will provide Data Subjects with information as to the purpose of the processing of
their Personal Data. Consent should be given in writing and retained.
To ensure fair processing, Personal Data will not be retained by the Company for longer than
necessary in relation to the purposes for which it was originally collected. All Personal Data
should be deleted or destroyed as soon as possible where it has been confirmed that there is no
longer a reason to retain it. Our retention schedule is outlined on our Data Audit.
Data we collect and process
We collect data in the following ways from the following individuals:
- Via visits to our website
- Details obtained during recruitment projects i.e. applicants
- Our carers
- Our carers and their contacts
- Prospective clients and suppliers
- Our clients
- Our clients’ employees
- Our clients friends and family and other contacts
We may collect and process the following data:
- Information provided by filling in forms
- Information completed when entered onto our website
- Providing CVs or other information about yourself for specific purposes
- Details of your access to our online resources or other materials
- Information collected when you contact us; we may keep a copy of any correspondence you
send to us, including, but limited to, your name, address and email address
We may also collect information about your computer, including where available your IP
address, operating system and browser type, for system administration and to report
aggregate information to our directors. This is statistical data about our users’ browsing
actions and patterns and does not identify any individual.
We hold both personal and sensitive data, as outlined on our HR Data Record.
All the personal data we process is processed by our staff in the UK however for the purposes
of IT hosting and maintenance this information is located on servers within the European
Union. No 3rd parties have access to your personal data unless the law allows them to do so.
We do not use any kind of automated decision making in the running of our business.
How we keep your data secure
We use a number of methods to store data, which we have identified through our Data Audit. The
data that we collect from you will not be transferred to, or stored at, a destination outside
the European Economic Area (“EEA”).
What we do with data we gather
We gather and process data lawfully, in a transparent manner, and for the genuine needs of
running our business.
Data protection principles
We will comply with data protection law. This says that the personal information we hold about
you must be:
- Used lawfully, fairly and in a transparent way.
- Collected only for valid purposes that we have clearly explained to you and not used in any
way that is incompatible with those purposes.
- Relevant to the purposes we have told you about and limited only to those purposes.
- Accurate and kept up to date.
- kept only as long as necessary for the purposes we have told you about.
- Kept securely.
We do not, and have no intention of sharing your information with any organisations for
marketing or any other purpose.
Personal Data Breaches
How we recognise and deal with breaches of personal data is detailed in our Data Breaches
Policy and Procedure.
Questions or complaints
Complaints or questions should be referred to our Data Protection Nominee, Jill Pass.
Back to top