We ask that you read this privacy promise carefully as it contains important information on who we are and how we collect, use, store and share personal information. It outlines your rights and how to contact us and other relevant organisations in the event you have a complaint.
Who we are
We are RUBY247 (Home Care), registered number 13121611, registered address: 3 Mayfield Street, Kirkby-in-Ashfield, Nottinghamshire, NG17 8LU
As a ‘data controller’, we are responsible for how we process your information in the UK. The UK General Data Protection Regulation (UK GDPR) sits alongside an amended version of the Data Protection Act (DPA) 2018 and applies to most UK businesses and organisations. We must comply with this data protection regime with regards to the data protection principles, our obligations, and your rights as a UK citizen.
All our data processing activities are monitored to ensure that the information we collect is:
- Used lawfully, fairly and in a transparent way
- Relevant and for reasons that we have told you about
- Accurate and up to date
- Kept only for as long as it is needed
- Kept securely
Customer Privacy Promise
Information collected by us
We define personal information as information about you or that makes you identifiable to others. This falls into two categories:
- Personal Data such as your name, address, email address, contact information, financial information, health and lifestyle details (including opinions and intentions) relevant to the services we are providing.
- Special Category Data such as information relating to your health, medical history, treatments both current and to be prescribed.
We collect this information:
- When you make enquires about our care and support services through our website, telephone, email, post, face to face or social media.
- Through audio recordings of telephone calls to and from our office and branch teams.
- By written correspondence by email or post.
- Through service providers (data processors) who are contracted by us to deliver:
– IT and Telecoms support
– Payment and financial systems
– Software support
– Marketing & Analytics systems
– Email client platforms
– Record archiving
Information collected from our website
We collect device identifiers such as internet protocol (IP) addresses and information about the web pages visited, the type of device, and software. This is used for statistical and analytical purposes to improve your customer journey and experience.
We also collect personal information when you submit a web-based form or use the ‘Live Chat’ window to have text-based conversations with our customer support team. These are retained only for as long as it is necessary and for no more than 12 months.
Our website may also provide links to other websites which have their own privacy policies. We do not accept any responsibility or liability should you access or use these links.
Information collected from other sources
We obtain additional information about you from third parties such as social and healthcare professionals and public bodies.
A ‘public body ‘being any organisation in the United Kingdom that delivers, commissions, or reviews a public service and includes (but is not limited to) the Ombudsman, local authorities, councils, unitary authorities, clinical commissioning groups, health, and social care trusts, the National Health Service as well as their arm’s length bodies and regulators.
A ‘social or health care professional‘is any person who provides direct services, acts as a consultant, or is involved in the commission of your healthcare or social care services, including (but not limited to) your general practitioner (GP), dental staff, pharmacists, nurses, and health visitors, clinical psychologists, dieticians, physiotherapists, occupational therapists, hospital staff, social workers and other care and support related professionals.
We may also collect and use personal data and other information about other people that contribute to or affect your care and support needs such as next of kin, power of attorney or emergency contact.
The purpose for collecting and using your personal information
We process your information in different ways under the following legal bases:
- Where processing is conducted with your consent for specified purposes
- Where processing is necessary for the performance of our contracts
- Where processing is necessary for us to demonstrate compliance with the law and regulatory frameworks
- When processing in pursuit of legitimate interests for:
- Direct marketing communications to customers and potential prospects
- Responding to enquiries and other communications with customers and 3rd parties
- Corporate due diligence, engagement, service development and innovation
- Call recording to evidence business transactions, resolve disputes and monitor service quality and staff
- When processing special category (sensitive) data concerning health and biometrics, as is necessary for the provision of social care or the management of social care systems and services on the basis of Union or Member State law or pursuant to contract with a health professional and subject to the conditions and safeguards
How we use your personal information
|We use your personal information to:||And we keep it for:|
|Prepare, assess, review and update care plans and records Communicate with you, your representatives and other appropriate social or health care professionals about your needs or our concerns Arrange care provision at your home to deliver your required service Make reasonable adjustments to the care delivery, maintain safety and to personalise the service to meet your needs||Care plans/notes/records 3 years after the termination of contract or end of care Email communications 2 years|
|Set up and manage payment arrangements for the care and support services you receive in accordance with our terms and conditions||6 years* from the end of the corresponding financial year *direct debit forms are retained indefinitely against indemnity claims|
|Record and manage complaints, compliments or concerns about the service we provide||10 years from the closure of the case|
|Record details of accidents, incidents or near misses which occurs to you our employees||Accidents – 3 years Minor incidents – 10 years Serious incidents – 20 years|
|Perform contractual and compliance procedures with other care providers and public bodies involved in your care delivery||–|
|Send you information or offer on similar or relevant services following a request or inquiry which you can opt-out from at any time||–|
|Notify you about changes to terms and conditions, tariffs, service delivery or interruptions that are relevant to you as part of our terms and conditions||–|
|Record telephone calls to and from the company telephony system only. This is for training and quality assurance purposes and to resolve potential disputes||10months|
|Conduct market research to review our service and improve our customer experience through feedback/review requests. Please note that this feedback can also be given anonymously||1 year|
|We may send you news or email communication from time to time about our products and services.||n/a|
|We will get consent for the following:|
|With your explicit consent, we may also post images and content about you to promote RUBY247 social media platforms, events, print, and digital publications||3 years with options to review and extend with further consent|
Sharing your personal information with others
We share appropriate information with:
- External social and health care professionals and any individuals that you nominated as your representative or who have a legal entitlement. At your request, we would share information with another an alternative provider.
- Law enforcement authorities on request or following a court order
- Public bodies that require evidence of our compliance with contractual obligations and to satisfy regulatory frameworks.
- Local safeguarding Advisory Boards (SAB) regarding issues and concerns.
- Third party data processors and service providers who are contracted to support us
- Relevant internal RUBY247 personnel to provide safe and effective services.
- External suppliers/partners that support business functions and service development.
We will not sell or trade your personal information with another third party without your consent.
Data Transfers and Storage
RUBY247 transfers and stores data under contractual agreements with data processors in the UK. Data transfers and storage may also occur in the European Economic Area (EEA) and third countries. These are now known as Restricted Data Transfers.
Restricted Data Transfers
Under the UK GDPR, restricted data transfers from the UK to the EEA and other countries covered by a European Commission ‘adequacy decision’ are currently permitted subject to review by the UK Government.
Restricted data transfers from the EEA and other countries covered by a European Commission ‘adequacy decision’ continue to comply with Eu GDPR with the appropriate safeguards we have put in place.
Restricted Data Transfers between the UK to other third countries are permitted in compliance with the UK GDPR ‘adequacy regulations’ or the appropriate safeguards we have put in place.
These appropriate safeguards ensure that your individual rights and freedoms are protected with respect to your personal data in accordance with the UK data protection regime.
Keeping your personal information safe
We have appropriate organisational and technical security measures to protect your personal information and limit who has access. There are also appropriate safeguards in place for data transfers to protect your privacy rights.
Data transfers are subject to appropriate safeguards designed to protect your privacy rights and give you recourse in the unlikely event of misuse of your personal information.
We have procedures in place to detect and respond to suspected data security breaches. We may notify you and any relevant authority as part of our data risk management where we are legally obliged to.
You have rights over the way we use your information:
- You have the right to be informed about what information we collect and how it is used as outlined in this privacy promise.
- You have the right to ask for access to the information we hold on you. We would usually provide copies free of charge.
- You have the right to ask us to correct or update any information you think is incorrect or incomplete.
- You have the right to object to your information being used and/or withdraw consent.
- You have the right to ask us to stop using your information. This ‘right to be forgotten is only applied where there is no legal reason for us to continue to hold or use it.
- You have the right to object to any automated decision making. This could affect your ability to fully access our services.
- You have the right to ask us to stop using your information for marketing purposes by opting out at any point of the registration process or by updating your preferences once registered. The unsubscribe feature on our emails are actioned immediately but may take up to 14 days to complete.
- You have the right to ask us to transfer certain personal information or a copy of some of your information to you or to another organisation, including service providers, in a format they can use where this is technically possible, known as the ‘right to data portability’.
- You have the right to withdraw any permission you have previously given us to use your information.
For detailed information on each of those rights, including the circumstances in which they apply, see the Guidance from the UK Information Commissioner’s Office (ICO) on individuals’ rights under the UK General Data Protection Regulation. If you would like to exercise a right, please contact the Compliance team at firstname.lastname@example.org or see the contact us section.
If you have any questions about this privacy promise, your rights or wish to contact the Data Protection Officer, get in touch by:
- Email – email@example.com
- Post – Compliance Department, RUBY247 – 3 Mayfield St, Kirkby-in-Ashfield, Nottinghamshire, NG17 8LU
- Telephone – 0115 837 0203
How to complain
If you contact us, we hope to resolve any query or concern you raise about our use of your information.
The UK GDPR also gives you the right to lodge a complaint with a supervisory authority with the Information Commissioner Office (ICO) who are the supervisory body in the UK and can be contacted at https://ico.org.uk/concerns/ or telephone: 0303 123 1113.
Changes to this privacy promise
This privacy notice was first published on 13 May 2019, and last updated on 9th January 2021.
We may change this privacy promise and update our website from time to time.