Privacy Protection Policy
We respect your privacy. So that we can provide care services, we collect and use certain personal information while being committed to protecting and respecting your privacy. We are clear why we need these details and ensure your personal information is kept as secure as possible.
CareJules is a trading name of Attalventure Ltd. With this statement, we fulfil our legal requirement to protect your privacy. In it, we set out ways we may gather, use, disclose, and manage your data. This policy is set out to provide clear information surrounding any personal data we collect, or that you provide, and how it will be processed and may be used by us.
Data is handled in accordance with the law on data protection and privacy for all individuals within the European Union and the European Economic Area. The General Data Protection Regulation (GDPR), "the protection of natural persons with regard to the processing of personal data and on the free movement of such data", sets out our obligations and your rights with our management of your personal information (excluding anonymous data).
Information we collect and may use
Here's an outline of the personal information we collect when you inquire about and use our services. We may collect information by means of contact through our website, in person, by phone, mail, email, or any other media. During the process of enquiries, comments, providing care services, request for published information materials, referrals, recruitment and employment, we collect, while not limited to, the following personal information:
- Name, address, date of birth and contact details (telephone number(s), email), gender, sex and emergency contacts details (name, address, relationship, telephone numbers, etc.)
- Health info; care needs, health conditions; medical, physical or mental conditions, allergies etc.
- Interests; likes, dislikes and lifestyle preferences.
- Records of correspondence.
- User experiences; any feedback, testimonials, compliments, questionnaires, surveys, concerns or complaints about our service.
- Details of accidents or incidents you were involved in while receiving our care service or on our premises.
- Multimedia files; any photographs, audio and video files provided. Audio recordings of phone calls with us.
- Payment information; Credit/debit card, direct debit details.
- Special category data
We collect credit or debit card details in order to pay for a service or product. We keep details secure and ensure they are only used with your consent and/or for the purposes of any appropriate refunds.
The law defines some information as special category data. This includes, but is not limited to, information about marital status, health, ethnic origin, sexuality, criminal records, religious or theological beliefs, sexuality, and biometrics. We strictly only collect and use this type of data with your consent unless the law allows us otherwise. Article 9(2)(h) of the GDPR allows us to process special category data necessary for the provision of social care or the management of social care systems and services.
Any new information provided may be used to update an existing record we hold. If you provide information where a third-party has access, we will not be responsible for unauthorised access. For example, if you provide a work email address, then we take no responsibility for any communications being accessed by the third-party.
- Visitor tracking such as your IP address and type of computer or device used.
- Session management to improve page load times, pages visited and logging in.
- Personalisation to remember information and preferences.
Other sources of data
We work with third-parties to provide better services and to protect our business. Nevertheless, we do not sell or trade or rent personal information to third-parties. With that in mind, we may collect or provide personal information through, but not limited to, the following:
- Nominated representatives; family, friends, or any other person.
- Legal representative.
- Social and healthcare professionals.
- Public bodies.
- Debt collection agents or other regulators.
- Fraud prevention agencies
- Credit reference bureaus
Our security procedures determine that we may request proof of identity or make checks to the electoral roll.
Why & how we use personal information
We process personal data in accordance with applicable data protection laws and regulations. To demonstrate compliance with the regulatory framework and the law. Concerning this, we strive to be clear why we need personal information before the request. So we seek consent to process personal data for specified purposes, such as gaining permission to make contact about requested or promoted information and products and services we offer. In this case, we may attempt contact by telephone, post, email or other means.
Additionally, personal information is collected and used for legitimate interests. To monitor performance, for research and statistical purposes, administration, technology, maintenance, marketing and fulfilment, business and financial modelling, development and innovation to provide quality care services, products, information, and security.
As well as this, personal information is processed and used to enable us to assess and contact you in relation to any enquiry you have made. To provide requested and personalised information and services and products. We may process information to communicate tailored information and service and product offers and rewards. To reach you if there is a problem. To notify important functionality or service changes. Or any other valid reasons for doing so. Personal data is used to communicate with the client, representatives, appropriate professionals, and third-parties.
We also access personal data for administrative purposes. In order to prepare, review and update a personalised care plan. To make needed modifications to ensure best practice, quality service, suitable facilities and safety. To prepare and make payments and invoices for our services. To perform quality control procedures, service reviews and to improve customer experience. To monitor and analyse our services so we can make improvements.
In the case of contact, we reserve the right, with our discretion, to ask appropriate security questions to satisfy and determine who you are.
Information storage & security
All the information we collect is confidential and secure. Therefore, it is transferred and stored and encrypted in our database on servers. Digital tracking information is also logged and stored. The data may be processed and uploaded manually by persons working for us or automated with code and web forms.
Since the law and regulations require that we keep information for set periods of time, information is retained and securely archived with restricted access. In general, personal data is held for as long as considered necessary with appropriate protective safeguards in place. While financial records and transactions are kept for a minimum of 7 years dictated by legislation.
To protect personal information, security measures are in place to prevent accidental loss or use or unauthorised access. Information access is limited and only granted to those with a genuine need. Data processing is authorised beforehand and subjected to strict confidentiality with procedures in place to protect personal data should we share any information with a third-party.
Also, we have procedures to handle a suspected data security breach. If applicable, as soon as we are aware of a suspected breach of your data, we will notify you and any relevant regulators where we are legally required to do so.
If you want more information on how to protect yourself against fraud, identity theft, viruses and many other issues, please visit Get Safe Online as supported by HM Government.
Sharing personal data
As mentioned above, personal information is shared with representatives, appropriate professionals and third-parties. Only minimal and relevant information is shared within our organisation and with involved persons and groups to provide safe and effective services. Despite sharing data to fulfil our service, we do not sell or trade or rent personal information to third-parties.
Personal information is disclosed to facilitate services. This allows us to design and implement the correct assistance for individual circumstances. To fulfil specific orders for a product or service or information. Therefore, to deliver such a service, we collaborate with third-parties for their specialist services.
In this case, they will need access to and will be responsible for the protection of, certain information. This data may be limited for the administration and delivery of the product or service or information. Although, succeeding a purchase of a product or service, where a third-party administer part or all of the product or service, the terms and conditions of your contract with us will provide consent to the transfer and processing of personal and/or special category personal data to the new provider. This is subject to the requirements of the GDPR and associated legislation.
During the course of operation, we may be required to share personal information. For instance, appropriate external social or health care professionals may require medical information. Any nominated or legal representatives, public bodies, law enforcement or other authorities, may be privy to personal data. In some incidences, to ensure safety, local safeguarding groups may need access to information.
Admittedly, we may be obliged by law to release information to statutory or regulatory authorities. In addition to this, we can legitimately release personal data through data protection legislation exemptions. For instance, to prevent, detect, or assist investigations of crime, misconduct, or corruption. To protect the rights and assets and safety of entities.
Additionally, some third-party providers may have access or limited access to personal information. In particular, technology and fulfilment and marketing companies may be contracted to ensure secure infrastructure and to deliver and analyse communications. While doing so, they will be obligated to provide the same level of privacy written in this policy.
Should this be the case, a provider and any of its agents and/or suppliers will be required to proceed with confidentiality. They will maintain the information's security and privacy. Restrict access to employees and third-parties. Only use the data and communications for the agreed purpose. Prevent data from being used for any other purpose within the organisation or by any other party. In conclusion of the contract, the data must be returned, destroyed or deleted, including any copies or partial copies of the information. This being subject to any laws or regulations that state their need to preserve copies.
Information shared outside of the EEA
In some circumstances, we transfer personal information to countries outside of the European Economic Area (EEA). For example, we may obtain service providers and organisations outside the EEA for, but not limited to, administrative purposes, technology and maintenance, marketing and fulfilment.
By the same token, after accepting a carer's services, where the carer is living outside of the EEA, they would be provided with the required name, address, contact details and care needs information to deliver a safe service. This international transfer is necessary to fulfil the contract between the data subject and the controller. It is covered by law under Article 49(1)(b).
However, the data protection laws in the EEA do not apply. Furthermore, non-EEA countries might not provide the same level of data security. Therefore, we utilise reasonable and relevant safeguards to help protect your privacy when transferring personal information. In the unlikely event personal data is misused, possible remedies will be provided.
Following the law on data protection and privacy as stated in the GDPR, your rights include neutral and transparent processing and use of personal information.
They contain a statutory right of access, and you can request us to correct any mistakes, to your personal information and/or sensitive personal data that we hold about you.
They give the right to request erasure of your personal data and prevent or restrict the continued processing in specific circumstances as detailed by the ICO. Plus, there is the right to opt-out from processing your personal data for direct marketing purposes. Notably, a request to delete any necessary personal information we believe is needed to comply with contractual obligations may hinder our ability to provide your care services, products, and information. Also, legal obligations may prevent us from deleting information.
Provide the ability to receive the personal information that you have provided to us. The data should be structured in a general machine-readable format, and in certain situations, you have the right to reuse and send the data to a third-party.
They involve the ability to limit automated decision making which may be used to profile and deliver personalised pricing, products, services, information, and communications. Also used to help prevent fraud. An objection to automation may affect you receiving our best business offers.
For the objective to execute your rights, an application must be made in writing, either via letter or email. Please state the information you wish to see, delete, receive, opt-out of, and provide details and dates where possible.
Please note that we may seek proof of your identity where relevant. We will not administer Subject Access Requests by a third party unless written authorization from the subject/individual accompanies the request. Then, with a valid request, we have one month to respond.
Should we be in breach of any data protection laws whereby damages have occurred, you have the right to claim compensation.
For further information regarding the General Data Protection Regulation, including your rights and the circumstances they apply, please visit the UK Information Commissioner’s Office (ICO) for guidance.
Contacting us about privacy
We welcome questions and comments about privacy and requests for further information regarding your rights. You can contact us by writing to:
If you would like to exercise any of your rights, then please contact us using the details above. Within the correspondence, please make clear the privacy right you wish to exercise. Also, please provide information to identify you (e.g. your name and address), proof of identity and address (a copy of your driving licence or passport and a recent utility or credit card bill), and as much detail as you can to help us proceed.
Should you would desire to unsubscribe from receiving emails, please click the ‘unsubscribe’ button at the bottom of our emails.
Lastly, if you feel your personal information has not been handled correctly, you have the right to make a complaint with the Information Commissioner’s Office (ICO). You can do so via ico.org.uk/concerns or by writing to:
Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF