top of page

Privacy Policy

Your Care Plus – Data Protection and GDPR Policy

 

Policy Statement

Your Care Plus Ltd is committed to protecting the privacy and confidentiality of all personal data we handle. We comply with the Data Protection Act 2018, the UK GDPR, and the Privacy and Electronic Communications Regulations (PECR). Jon Sharpin is the registered Data Controller with the ICO and the appointed Caldicott Guardian.

 

We recognise personal data belongs to the individual. We have a duty to collect, process, store, and share it lawfully, fairly, and transparently.

 

⸻

 

Lawful Bases for Processing

 

We only process personal data where one of the following applies:

 • Legal obligation – required by law and regulations (e.g. Health and Social Care Act 2008).

 • Legitimate interests – necessary to run our services in ways people reasonably expect.

 • Consent – freely given, specific and informed consent for certain uses.

 

⸻

 

Data Protection Principles

 

All personal data will be:

 1. Processed lawfully, fairly, and transparently.

 2. Collected for clear, specified purposes only.

 3. Adequate, relevant, and limited to what is necessary.

 4. Accurate and kept up to date.

 5. Retained only as long as necessary.

 6. Processed securely to prevent loss, damage, or unauthorised access.

 7. Shared only with those who have a legal or professional need to know.

 8. Demonstrably compliant with these principles.

 

⸻

 

Individual Rights

 

Individuals have the right to:

 • Be informed about how we use their data.

 • Access their records (subject access request).

 • Have inaccurate data corrected.

 • Request erasure where appropriate.

 • Restrict or object to processing.

 • Data portability where applicable.

 • Challenge decisions made solely by automated means.

 

Requests will be acknowledged within one month, free of charge.

 

⸻

 

Privacy Notices

 

We provide clear privacy information to everyone whose data we hold, explaining:

 • Who we are.

 • What data we collect and why.

 • How data is stored and protected.

 • Who it may be shared with (e.g. NHS professionals, local authorities, family/representatives, where appropriate).

 • Contact details for concerns or complaints.

 

Privacy notices are available in accessible formats and displayed on our website and in client information packs.

 

⸻

 

Security and Retention

 • Records are kept securely, in line with NHS and CQC requirements.

 • Retention follows statutory and contractual requirements (e.g. Local Authority and NHS guidance).

 • Data breaches will be reported to the ICO within 72 hours where legally required.

 

⸻

 

Training and Compliance

 • All staff are trained on GDPR and confidentiality at induction and through ongoing refreshers.

 • Compliance is monitored through audits and supervision.

 • Related policies: Safeguarding, Confidentiality, Record Keeping, Cyber Security, Consent.

 

⸻

 

Complaints and Oversight

 

Concerns about data handling can be raised directly with:

 • Data Controller / Caldicott Guardian: Jon Sharpin, Your Care Plus Ltd

 • ICO: Information Commissioner’s Office, www.ico.org.uk, 0303 123 1113

 

This policy will be reviewed annually or when legislation changes.

 

⸻

 

Privacy Notice Summary for Service Users

 

We collect personal and sensitive information during assessments to provide safe and effective care. We may share this with health professionals, local authorities, and authorised representatives involved in your care. We will not share information with anyone else unless required by law.

 

You can request to see or correct your records at any time by contacting our office.

​

bottom of page