Menu
Search

Home Page

Privacy policy

Home Page

Privacy policy

 Corporate Privacy Policy 

Summary 

We are CareTech Holdings Limited, a company registered in England and Wales under company number 04457287, with our registered office at 4th Floor, Parkview, 82 Oxford Road, Uxbridge, England, UB8 1UX (we, us, our). This privacy notice explains how we collect, use, store, share and process your personal data. We respect your privacy and are committed to protecting your personal date in accordance with applicable date protection laws, including the UK General Data Protection Regulation (UK GDPR) and the Date Protection Act 2018. 

This privacy notice explains how we collect and process your personal data when you visit this website. 

This privacy notice should be read alongside any other privacy notices we may provide on specific occasions. It supplements but does not replace other notices. When you visit the website of any of our group companies or any third party linked to our websites you will also be subject to their privacy policies, which we encourage you to review. 

Who we are and how to contact us 

This privacy policy is issued on behalf of the Group so when we mention CareTech, we, us or our in this privacy policy, we are referring to the relevant company in the Group responsible for processing your data.  

This policy sets out how CareTech deals with personal data and applies to CareTech and all its direct and indirect subsidiaries and references to CareTech shall be construed as referring to all such companies. 

We will let you know which entity will be the controller for your data when you submit a contact enquiry through this website, or where data is not collected directly from you, before we first use that data or within one month of obtaining it, whichever is sooner.  

CareTech Holdings Limited is the controller and responsible for this website. 

If you have any questions about this privacy notice or our data protection practices, please contact us using the details below: 

Email:  info@caretech-uk.com 

Post: CareTech Community Services, Parkview, 82 Oxford Road, Uxbridge, UB8 1UX 

CareTech is committed to protecting and respecting your privacy. This policy sets out the basis on which any personal data that you provide to CareTech (including its subsidiaries), will be process by CareTech. 

Your personal data is information which by itself or with other information available to us can be used to identify you, the data subject. By ‘processing, we mean any activity that involves using your personal data. This includes collecting it, recording it, storing it, retrieving it, using it, amending it, disclosing it, destroying it and transferring it to other individuals or organisations outside of the CareTech Group. 

Please read the following carefully to understand CareTech’s views and practices regarding your personal data and how CareTech will treat it. 

The types of personal data CareTech may collect from you 

 Personal data means any information that can identify you as an individual. 

This does not include anonymous data where your identity has been removed. 

Personal information about individual is usually provided to CareTech by the individual (Adult, young person, their parent or guardian, foster carer, contractor, patient, customer or visitor). Personal information that individuals provided to other organisations may also be forwarded to CareTech (for example from a local authority social worker when placing an individual with us). 

CareTech may collect and process the following personal information: 

  • Personal details (name, date of birth, email address, home address, telephone number, national identifiers (such as National Insurance Number or passport number or unique pupil number), gender, disability, sexual orientation, biometrics, criminal convictions, racial or ethnic origin, religious or other beliefs). 

  • Family details (contact details and relationships) 

  • Financial information (bank details) 

  • Information about your employment 

  • Details of any contact we have had with you, such as complaints or incidents 

  • Safeguarding, special educational needs, physical and mental health 

  • Education details (school admission, attendance, absences, behaviour, exclusions, certificates, exams or tests records and progress) 

  • Visual images, personal appearance and behaviour (photographs, CCTV recordings) 

  • Information relation to offences or alleged offences 

  • Details of goods and services provided 

  • Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access the website. 

  • Profile Data includes your preferences in receiving communications from us, feedback and survey responses (if you choose to provide them). 

  • Usage Data includes information about how you use our website and services. 

  • Marketing and Communications Data includes your preferences in receiving marketing from us and our third parties and your communication preferences. 

  • Communications Data includes any communications and conversations between us including feedback and customer support interactions. 

We also collect, use and share aggregated data such as statistical or demographic data which is not personal data as it does not directly (or indirectly) reveal your identity. For example, we may aggregate individuals’ Usage Data to calculate the percentage of users accessing a specific website feature in order to analyse general trends in how users are interacting with our website to help improve the website and our service offering. 

Special categories of personal data 

Personal details about your physical or mental health, biometrics, race, ethnic origin and religion, alleged commission or conviction of criminal offences are considered ‘sensitive’ personal information. We will process any such information only if you have given your explicit consent, it is necessary for a legal reason or you have deliberately made it public. 

As part of our statutory duty in services recruiting staff to work with Children and young Adults, including the Keeping Children Safe in Education 2023 Guidance, we undertake online checks for all prospective applicants, this includes the screening of social media profiles in order to determine an individual’s suitability to work with children and young people. Application for employment will require your consent to these checks. We can confirm that no other aspects of an applicant’s personal profiles will be used to form an opinion of them and that appropriate records will be kept in this regard. 

Recruitment processes for adult services will adhere to Schedule 3 of the Health and Social Care Act 2008. 

CareTech is an Equal Opportunities Employer and does not discriminate unlawfully against or harass any person on the grounds of any of the protected characteristics. 

If you contact CareTech, we may keep a record of that correspondence; details of your visits to CareTech’s sites, and the resources that you access. 

The reasons why CareTech collects personal information 

We collect personal information to enable us to fulfil our legitimate business needs, such as: 

  • Provide education and training 

  • provide residential healthcare, welfare and educational support services 

  • the provision of fostering for children and young people 

  • administer school property and library services 

  • maintain our own accounts and records 

  • administer the boarding and the organisation of alumni associations and events 

  • administer shareholders registration and dividends service 

  • raise funds for our businesses 

  • support and manage our staff 

  • advertising and marketing 

CareTech’s legal basis and purposes for using your personal information  

We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances: 

a) Where our use of your information is necessary for us to perform the contract or contracts that we have with you:  

  • These contracts include the terms and conditions of goods or services that individuals agreed with CareTech. For example, we record the personal details of individuals (such as Foster Parent) who care for children or young people on our behalf. 

  • We also record the names of staff from local authorities which commissioned CareTech to provide services. 

Please note that if you do not agree to provide us with the requested information, it may not be possible for us to agree a contract with you or provide services under a contract. 

 

b) where our use of you information is for the purposes of our legitimate business needs or the legitimate business needs of third-party contractors who we engaged to deliver services on our behalf. 

Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests. Legitimate interests mean our business interests in conducting and managing our business operations to enable us to provide you with the best service and the most secure experience. When we process your personal data based on legitimate interests, we conduct a balancing test to ensure our interests do not override your fundamental rights and freedoms. We only rely on legitimate interests where we are satisfied this balance is met. 

For example: 

As part of our business needs, we collect visual images, personal appearance and behaviours through CCTV recordings to maintain the security of property and premises and for preventing and investigating crime. This information may be about customers, clients, offenders suspected offenders, member so of the public and those inside, entering or in the immediate vicinity of the are under surveillance. Where necessary or required this information is shared with the data subjects themselves, employees and agents service providers, police forces. Security organisations and persons making an enquiry. 

We also keep a record of any communications between us and you, for example, emails and phone calls, because we need it to help us fulfil your requests, keep in touch with you, and offer you communications that are relevant to you. 

c) where we believe it is necessary to use your information to comply with a legal obligation to which we are required to fulfil: 

  • Children and Young Adults: we have a legal duty to record and retain information (gender, age, date of birth) about pupils and share this information wit the Department of Education. 

  • Children and Young Adults: we are required by law to track and record the progress of pupils in our schools so that this information can be shared with Ofsted, the government regulator. 

  • Children and Young Adults: where the law requires, we have a duty to cooperate with local authorities on arrangements for children and young people with special education needs.

  • Adults funded by NHS or Local Authority: where the law requires, we have a duty to cooperate wit local and funding authorities in accordance with contracts. 

d) where our use of your information is necessary for us to carry out a task in the public interest. 

  • We share information with the Police, Local Authority or other agencies where we consider that a child or vulnerable person may be at risk of harm. 

  • For the safe running of our schools and registered premises, we also monitor movement of visitors entering and leaving our sites. 

  • We keep records of day-to-day observations of young persons and adults within services or foster homes so that we can manage and risk and track progress. 

e) where we believe use of your information is necessary in order to protect the vital interests of a person. 

These include: 

  • Next of kin or specified contacts so that we can contact them in case of an emergency. 

  • Information regarding a person’s health needs, including food allergies. 

f) where we have your consent: 

We will rely on your consent: 

  • to use your photographs to promote or market our business 

  • if you choose to receive marketing information (i.e. subscribing to our e-newsletters via our website, service email updates and general news about CareTech). You will also be given the opportunity to indicate that you no longer wish to receive our direct marketing material. 

  • To use your biometrics, for example your finger print, for identification purposes. 

We generally do not rely on consent as our main legal basis for processing your personal data. However, where we do rely on consent (such as for direct marketing or non-essential cookies), you can withdraw it at any time by contacting us at info@caretech-uk.com We will respond to your withdrawal request within one month (though this may be extended by up to two additional months for complex cases, in which case we will inform you of the extension and explain the reasons).  

Withdrawing consent will not affect the lawfulness of any processing we carried out before you withdrew consent. Where we have other legal basis to process your date (such as performance of contract, compliance with legal obligations, or legitimate interests), we may continue processing on those ground even after you withdraw consent, though withdrawal may affect our ability to respond to certain aspects. 

Change of Purpose 

We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible wit the original purpose. If you wish to receive an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us. 

If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so. 

Please note that we may process your personal data without your knowledge or consent, in compliance with UK data protection law, where this is required or permitted by law. 

Who will CareTech share your personal information with: 

In fulfilling our business needs, we may share your information for any of the purposes mentioned at section 3 and 4 above. These are: (a) to perform the contract or contracts that we have with you. (b) our legitimate business needs (c) to comply with a legal obligation (d) to carry out a task in the public interest (e) to protect vital interests; or (f) where we have your consent. 

Specifically, information may be shared with: 

  • Family and representatives of the person whose personal data we are processing 

  • Ofsted, Department for Education and local authorities 

  • Welsh Inspectorate for both care and education 

  • Care Quality Commission (England) 

  • Police, courts, tribunals and security organisations 

  • Contractors who we pay to provide services 

  • Healthcare professionals, social and welfare organisations 

  • Staff, students, governors and school board 

  • Debt collection and tracing agencies 

  • Financial organisations 

  • Foster parent 

  • Education, training and examining bodies 

  • other members of CareTech 

International Transfers 

Whenever we transfer your personal data out of the UK, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented: 

  • We will only transfer your personal data to countries that have been deemed by the UK Secretary of State to provide an adequate level of protection for personal data under the UK GDPR. 

  • Where we use certain service providers, we may use the UK International Data Transfer Agreement (IDTA) or the UK Addendum to the EU Standard Contractual Clauses, which are approved for use in the UK and give personal data the same protection it has in the UK. We also conduct transfer risk assessments to evaluate the laws and practices of the destination country and ensure adequate protection of your personal data.  

Please contact us if you want further information on the specific mechanism used by us when transferring your personal data out of the UK. 

Artificial intelligence and automated decision making 

We may use artificial intelligence tools to assist in creating and improving website content. When we use AI in this way, the content is reviewed by our team to ensure accuracy and appropriateness. Any personal data used in AI processing is handled in accordance with this privacy notice and UK GDPR requirements.  

Data security 

We have implemented appropriate technical and organisational security measures including encryption, access controls, and regular security assessments to protect your personal data from unauthorised access, accidental loss, destruction, alteration, or disclosure. Access to your personal data is strictly limited to employees, agents, contractors and other third parties who have a legitimate business need, are bound by contractual confidentiality obligations, and process data only on our documented instructions. We regularly review and update these measures to maintain the security of your data.  

We have put in place procedures to deal with any suspected personal data breach and will notify the Information Commissioner's Office (ICO) within 72 hours of becoming aware of a breach where legally required, and will notify you without undue delay where the breach is likely to result in a high risk to your rights and freedoms. 

The period for which we will keep your personal information  

We only keep your personal data for as long as necessary for the purposes we collected it, including to meet legal, and accounting requirements. We may keep it longer if there is a complaint or potential legal action. Generally, we keep contact query data for up to 6 years after your last interaction with us to comply with legal obligations unless the law requires us to keep it longer or allows us to delete it sooner.  

To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, accounting or other requirements. 

In some circumstances we will anonymise your personal data (so that it can no longer be associated with you) for website analytics and improvement purposes, in which case we may use this information indefinitely without further notice to you. 

How we keep your personal information safe and who has access to it 

We follow strict security procedures in the storage and disclosure of your personal data, and to protect it against accidental loss, unauthorised access, destruction or damage. 

Personal information held by us electronically is stored on secure computer systems and we control who has access to it. Our staff receive data protection training and we have data protection policies and procedures in place which team are required to adhere to.

Where we use external companies to collect or process personal data on our behalf, we undertake detailed checks on these companies before we work with them, and put a contract in place that sets out our expectations and requirements, especially regarding how they manage the personal data they have collected or have access to. 

We may share your personal data with these types of organisations: 

  1. Other companies within our Group, primarily for business and operational purposes including shared IT systems, contact query management, and consolidated reporting. 

  1. External third parties who act as processors providing IT and systems administration services to us. 

  1. Third party recruitment agencies acting on our behalf, where your enquiry relates to recruitment or career opportunities. 

  1. Professional advisers including lawyers, accountants, auditors, and insurers who provide consultancy, legal, insurance and accounting services. 

  1. HM Revenue & Customs, regulators and other authorities based in the United Kingdom who require reporting of processing activities in certain circumstances 

  1. Third parties to whom we may choose to sell, transfer, or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them, if a change happens to our business, the new owners will be required to use your personal data only in accordance with this privacy notice unless they provide you with a new privacy notice and, where required by law, obtain your consent for any materially different uses..  

We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We implement written data processing agreements with our third-party service providers that comply with Article 28 of the UK GDPR. These agreements require processors to process personal data only on our documented instructions; implement appropriate technical and organisational security measures; maintain records of processing activities; assist with data subject rights requests; notify us of any personal data breaches without undue delay; and delete or return all personal data at the end of the provision of services unless required by law to retain it. 

We do not allow our service providers to use your personal data for their own purposes and they may only process it on our documented instructions - they can only use it to provide services to us in accordance with our data processing agreements. 

Third-party links 

Our website may include links to third-party websites, plug-ins and applications. When you click on these links or enable these connections, third parties may collect or share data about you. We do not control these third-party websites and are not responsible for their privacy practices. Before clicking on any external links or enabling third-party connections, we encourage you to read the privacy policy of the relevant third party. Please note that these third parties may have different data protection standards than we do, and we are not responsible for their practices. 

Our website may include social media features and widgets, such as the Facebook Like button, the Share button or interactive mini programs that run on the website. These features may collect your IP address and which page you are visiting on our website and may set a cookie or other identifier to enable the feature to function properly. Social media features and widgets are either hosted by a third party or hosted directly on our website. Your interactions with these features are governed by the privacy notice of the company providing it. While we take reasonable steps to only work with reputable third parties, we are not responsible for their data processing practices. We encourage you to review their privacy notices before engaging with these features. 

Third-party marketing  

We will obtain your explicit opt-in consent before sharing your personal data with any third party for their own direct marketing purposes.  

Opting out of marketing 

You can ask us to stop sending you marketing communications at any time by following the opt-out links on any marketing message sent to you or by contacting us at info@caretech-uk.com. We will process your opt-out request promptly and in any event within one month.  

Where you opt out of receiving marketing messages, this will not apply to non-marketing communications necessary to respond to your enquiries or provide information you have requested. 

IP addresses and cookies 

CareTech may collect information about your computer, including where available your IP address, operating system and browser type, for system administration.  

Our website uses cookies and similar technologies to distinguish you from other users and improve your experience. We use different types of cookies: essential cookies (necessary for the website to function), functional cookies (to remember your preferences), analytics cookies (to understand how you use the website), and marketing cookies (to show you relevant content about our group's services). Except for essential cookies, we will only place and use non-essential cookies after obtaining your consent through our cookie banner. You can control and manage non-essential cookies through your browser settings and you can withdraw your consent at any time. 

You may refuse to accept cookies by activating the setting on your browser which allows you to refuse the setting of cookies. However, if you select this setting, you may be unable to access certain parts of CareTech’s site. Unless you have adjusted your browser setting so that it will refuse cookies, CareTech’s system will issue cookies when you log on to CareTech’s site. 

Automated decision making and processing 

Automated decision making involves processing your personal information without human intervention to evaluate your personal situation, such as your personal preferences, interests or behaviour. For instances, in relation to a decision on whether to admit or exclude a pupil from one of our schools. All such decisions regarding your personal information are made by one of our employees. Decisions are therefore not made solely by automated devices. 

Your Data Protection Rights 

Under certain circumstances, by law you have the right to: 

Request information about whether we hold personal information about you, and, if so, what that information is and why we are holding/using it. 

Request access to your personal information (commonly known as a "data subject access request"). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it. 

Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected. 

Request erasure of your personal information. This enables you to ask us to delete or remove personal data where there is no good reason for us to continue processing it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully, or where we are required to erase your personal data to comply with local law. Note, however, we may not always be able to comply with your request for erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request. These may include where we need to retain certain information for legal purposes (such as compliance with legal obligations, establishment, exercise or defence of legal claims, or fraud prevention). 

Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms. 

Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms. 

Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios: 

  • If you want us to establish the data’s accuracy. 

  • Where our use of the data is unlawful, but you do not want us to erase it. 

  • Where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims.  

  • You have objected to our use of your data, but we need to verify whether we have overriding legitimate grounds to use it. 

Object to automated decision-making including profiling, that is not to be subject of any automated decision-making by us using your personal information or profiling of you. 

Request transfer of your personal to you or a third party (data portability). We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format (such as CSV or XML). Note that this right only applies to personal data you have provided to us where the processing is based on your consent or for the performance of a contract, and the processing is carried out by automated means. 

Withdraw consent. In those circumstances where you may have provided your consent to the collection, processing and transfer of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law. 

If you want to exercise any of these rights, then please email the Data Protection Officer: data.protection@caretech-uk.com or by post to: CareTech Community Services Ltd, Parkview, 82 Oxford Road, Uxbridge, UB8 1UX. 

You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances. 

We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response. 

Changes to CareTech’s privacy policy 

Any changes CareTech may make to CareTech’s privacy policy in the future will be posted on this page. 

Contacting our Data Protection Officer 

You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK regulator for data protection issues (www.ico.org.uk).  

We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance. 

You can make a complaint or raise a concern about how we process your personal information by contacting our Data Protection Officer: data.protection@caretech-uk.com. 

Contact us 

Questions, comments and requests regarding this privacy policy are welcomed including enquiries concerning your permission and privacy rights, and should be addressed to: CareTech Community Services Ltd, Parkview, 82 Oxford Road, Uxbridge, UB8 1UX.