Skip to main content

Our Privacy Promise

We ask that you read this privacy promise carefully as it contains important information on who we are and how we collect, use, store and share personal information. It outlines your rights and how to contact us and other relevant organisations in the event you have a complaint.

We are Kandle Care Limited , registered number 14132045, registered address Colonial House Swinemoor Lane, Beverly, HU17 0LS

As a ‘data controller’, we are responsible for how we process your information in the UK. The UK General Data Protection Regulation (UK GDPR) sits alongside an amended version of the Data Protection Act (DPA) 2018 and applies to most UK businesses and organisations. We must comply with this data protection regime with regards to the data protection principles, our obligations and your rights as a UK citizen.

All our data processing activities are monitored by our appointed Data Protection Officer to ensure that the information we collect is:

  • Used lawfully, fairly and in a transparent way
  • Relevant and for reasons that we have told you about
  • Accurate and up to date
  • Kept only for as long as it is needed
  • Kept securely

You may also be interested in our:

Customer Privacy Promise

Information collected by us

We define personal information as information about you or that make you identifiable to others. This falls into two categories:

  • Personal Data such as your name, address, email address, contact information, financial information, health and lifestyle details (including opinions and intentions) relevant to the services we are providing.
  • Special Category Data such as information relating to your health, medical history, treatments both current and to be prescribed.

We collect this information:

  • When you make enquires about our care and support services through our website, telephone, email, post, face to face or social media.
  • Through audio recordings of telephone calls to and from our office and branch teams.
  • By written correspondence by email or post.
  • Through service providers (data processors) who are contracted by us to deliver:

– IT and Telecoms support

– Payment and financial systems

– Software support

– Marketing & Analytics systems

– Email client platforms

– Record archiving

Information collected from our website

We collect device identifiers such as internet protocol (IP) addresses and information about the web pages visited, the type of device and software. This is used for statistical and analytical purposes to improve your customer journey and experience.

We also collect personal information when you submit a web -based form or use the ‘Live Chat’ window to have text-based conversations with our customer support team. These are retained only for as long as it is necessary and for no more than 12 months.

Our website may also provide links to other websites which have their own privacy policies. We do not accept any responsibility or liability should you access or use these links.

Visit https://www.getsafeonline.org/get-safe-top-10/ to find out more about protecting your information and staying safe online.

Information collected from other sources

We obtain additional information about you from third parties such as social and healthcare professionals and public bodies.

A ‘public body ‘being any organisation in the United Kingdom which delivers, commissions or reviews a public service and includes (but is not limited to) the Ombudsman, local authorities, councils, unitary authorities, clinical commissioning groups, health and social care trusts, the National Health Service as well as their arm’s length bodies and regulators.

A ‘social or health care professional‘ any person who provides direct services, acts as consultant or is involved in the commission of your healthcare or social care services, including (but not limited to) your general practitioner (GP), dental staff, pharmacists, nurses and health visitors, clinical psychologists, dieticians, physiotherapists, occupational therapists, hospital staff, social workers and other care and support related professionals.

We may also collect and use personal data and other information about other people that contribute to or affect your care and support needs such as next of kin, power of attorney or emergency contact.

Purpose for collecting and using your personal information

We process your information in different ways under the following legal bases:

  1. Where processing is conducted with your consent for specified purposes
  2. Where processing is necessary for the performance of our contracts
  3. Where processing is necessary for us to demonstrate compliance with the law and regulatory frameworks
  4. When processing in pursuit of legitimate interests for:
  • Direct marketing communications to customers and potential prospects
  • Responding to enquiries and other communications with customers and 3rd parties
  • Corporate due diligence, engagement, service development and innovation
  • Call recording to evidence business transactions, resolve disputes and monitor service quality and staff
  • Training
  1. When processing special category (sensitive) data concerning health and biometrics, as is necessary for the provision of social care or the management of social care systems and services on the basis of Union or Member State law or pursuant to contract with a health professional and subject to the conditions and safeguards

Sharing your personal information with others

We share appropriate information with:

  • External social and health care professionals and any individuals that you nominated as your representative or who have a legal entitlement. At your request, we would share information with another an alternative provider.
  • Law enforcement authorities on request or following a court order
  • Public bodies that require evidence of our compliance with contractual obligations and to satisfy regulatory frameworks.
  • Local safeguarding Advisory Boards (SAB) regarding issues and concerns.
  • Third party data processors and service providers who are contracted to support us
  • Relevant internal Kandle Care personnel to provide safe and effective services.
  • External suppliers/partners that support business functions and service development.

We will not sell or trade your personal information with other third party without your consent.

National Data Opt-Out

At this time, we do not share any data for planning or research purposes for which the national data opt-out would apply. We review this on an annual basis and for any new processing.

Data Transfers and Storage

Kandle Care transfers and stores data under contractual agreements with data processors in the UK. Data transfers and storage may also occur in the European Economic Area (EEA) and third countries. These are now known as Restricted Data Transfers.

Restricted Data Transfers

Under the UK GDPR, restricted data transfers from the UK to the EEA and other countries covered by a European Commission ‘adequacy decision’ are currently permitted subject to review by the UK Government.

Restricted data transfers from the EEA and other countries covered by a European Commission ‘adequacy decision’ continues to comply with Eu GDPR with the appropriate safeguards we have put in place.

Restricted Data Transfers between the UK to other third countries are permitted in compliance with the UK GDPR ‘adequacy regulations’ or the appropriate safeguards we have put in place.

These appropriate safeguards ensure that your individual rights and freedoms are protected in respect to your personal data in accordance with the UK data protection regime.

Keeping your personal information safe

We have appropriate organisational and technical security measures to protect your personal information and limit who has access. There are also appropriate safeguards in place for data transfers to protect your privacy rights.

Data transfers are subject to appropriate safeguards designed to protect your privacy rights and give you recourse in the unlikely event of misuse of your personal information.

We have procedures in place to detect and respond to suspected data security breaches. We may notify you and any relevant authority as part of our data risk management where we are legally obliged to.

Your rights

You have rights over the way we use your information:

  • You have the right to be informed about what information we collect and how it is used as outlined in this privacy promise.
  • You have the right to ask for access to the information we hold on you. We would usually provide copies free of charge.
  • You have the right to ask us to correct or update any information you think is incorrect or incomplete.
  • You have the right to object to your information being used and/or withdraw consent.
  • You have the right to ask us to stop using your information. This ‘right to be forgotten is only applied where there is no legal reason for us to continue to hold or use it.
  • You have the right to object to any automated decision making. This could affect your ability to fully access our services.
  • You have the right to ask us to stop using your information for marketing purposes by opting out at any point of the registration process or by updating your preferences once registered. The unsubscribe feature on our emails are actioned immediately but may take up to 14 days to complete.
  • You have the right to ask us to transfer certain personal information or a copy of some of your information to you or to another organisation, including service providers, in a format they can use where this is technically possible, known as the ‘right to data portability’.
  • You have the right to withdraw any permission you have previously given us to use your information.

For detailed information on each of those rights, including the circumstances in which they apply, see the Guidance from the UK Information Commissioner’s Office (ICO) on individuals’ rights under the UK General Data Protection Regulation. If you would like to exercise a right, please contact the Compliance team at  datarequest@kandlecare.com or see the ‘how to contact us’ section.

How to contact us

If you have any questions about this privacy promise, your rights or wish to contact the Data Protection Officer, get in touch by:

  • Email – datarequest@kandlecare.com 
  • Post – Compliance Department, Colonial House, Swinemoor Lane, Beverly, HU17 0LS
  • Telephone – 01482458148

Other information

How to complain

If you contact us, we hope to resolve any query or concern you raise about our use of your information.

The UK GDPR also gives you right to lodge a complaint with a supervisory authority with the Information Commissioner Office (ICO) who are the supervisory body in the UK and can be contacted at https://ico.org.uk/concerns/ or telephone: 0303 123 1113.

Changes to this privacy promise

This privacy notice was first published on 2nd of July 2023.

We may change this privacy promise and update our website from time to time.

Do you need extra help?

If you would like this privacy promise in another language or format such as audio, large print or braille, please contact us.