Privacy Policy

 

HRM Homecare Services Ltd

1. Introduction

This Privacy Policy explains how HRM Homecare Services Ltd (“we”, “us”, “our”) collects, uses, stores, and protects personal data. We are committed to protecting privacy and handling personal data lawfully, fairly, and transparently.

This policy applies to service users, family members, representatives, website users, and other individuals whose personal data we process.

We comply with:

  • UK General Data Protection Regulation (UK GDPR)

  • Data Protection Act 2018

  • Data (Use and Access) Act 2025

2. Who We Are

HRM Homecare Services Ltd
Registered Office: 75 London Road, Kilmarnock, Scotland, KA3 7BP
Company Number: SC167583

Email: dataprotection@hrmhomecare.co.uk
Telephone: 0344 811 0940

Data Protection Contact: Diane Tinline

Website: https://www.hrmhomecare.co.uk

We act as a Data Controller for most personal data we process. In some cases, we act as a Data Processor on behalf of local authorities or commissioning organisations.

3. Personal Data We Collect

a. Standard Personal Data

  • Name, title, date of birth

  • Address, email address, telephone numbers

  • Payment and billing information

  • Records of services provided

  • Communications with us

  • Website and technical usage data

b. Special Category Personal Data

As a homecare provider, we process special category personal data, including:

  • Health information

  • Care needs, assessments, care plans

  • Mobility, medication, and support requirements

This data is processed only where necessary and with enhanced safeguards.

We do not routinely process criminal conviction data.

4. How We Collect Personal Data

We collect personal data:

  • Directly from you or your representative

  • Through care assessments and care delivery

  • Via phone, email, website, or care software

  • From third parties such as healthcare professionals, local authorities, or payment providers where lawful

5. How and Why We Use Personal Data

We only use personal data where we have a lawful basis. These include:

Purpose

Lawful Basis

Providing care services

Performance of a contract

Managing health and care needs

Provision of health or social care

Regulatory compliance

Legal obligation

Service improvement

Legitimate interests

Marketing communications

Consent or legitimate interests

Under the Data (Use and Access) Act 2025, certain processing activities are clarified as lawful where they support service delivery, quality improvement, or research, provided safeguards are in place.

6. Sharing Personal Data

We may share personal data with:

  • Payment providers

  • Care software providers

  • Healthcare professionals

  • Local authorities and commissioners

  • Regulators and inspectors

  • Professional advisers

All third parties are required to protect personal data and use it only for agreed purposes.

7. International Transfers

We primarily store and process data in the UK.

Where data is transferred outside the UK, we ensure appropriate safeguards are in place. Under the Data (Use and Access) Act 2025, transfers may occur where protection standards are not materially lower than those in the UK.

8. Data Security

We use technical and organisational measures to protect personal data, including:

  • Access controls

  • Secure systems and encryption

  • Staff confidentiality obligations

We have procedures to manage and report data breaches in line with legal requirements.

9. Data Retention

Personal data is retained only as long as necessary for:

  • Care provision

  • Legal and regulatory compliance

  • Managing complaints and disputes

Health and care records are retained in accordance with applicable care-sector guidance.

10. Marketing

We may send information about our services where permitted by law.

You can opt out of marketing at any time. We do not sell personal data or allow third parties to use it for their own marketing without explicit consent.

11. Your Rights

You have rights to:

  • Access your data

  • Correct inaccuracies

  • Request deletion

  • Restrict or object to processing

  • Withdraw consent

  • Request data portability (where applicable)

Subject Access Requests
Requests should be made to dataprotection@hrmhomecare.co.uk.

We normally respond within one month. Where requests are complex, the Data (Use and Access) Act 2025 allows reasonable extensions, which we will explain if needed.

12. Complaints

If you are unhappy with how we handle your data, please contact us first.

You may also complain to the Information Commissioner’s Office:

Website: ico.org.uk