GDPR Policy — How We Protect Your Personal DataCare Services
Learn how we collect, process, and protect personal data in compliance with GDPR. Your privacy and confidentiality are our top priorities.
Purpose
This GDPR Policy explains how we collect, use, store, and protect personal data in accordance with the principles of lawfulness, fairness, transparency, purpose limitation, data minimisation, accuracy, storage limitation, integrity, confidentiality, and accountability.
Data We Collect
We collect personal data including but not limited to:
- Identification and contact details (name, address, phone, email)
- Health and care information necessary for service delivery
- Financial information for billing and payment processing
- Usage data from our website and communications
Lawful Bases for Processing
We process personal data based on one or more of the following lawful bases:
- Contractual necessity to deliver agreed care services
- Compliance with legal obligations, including safeguarding
- Legitimate interests pursued in enhancing our services
- Consent where required, such as for marketing or research purposes
Data Subject Rights
Individuals have the following rights under GDPR:
- Right to be informed about data processing
- Right of access to personal data held
- Right to rectification of inaccurate data
- Right to erasure (‘right to be forgotten’) in specific circumstances
- Right to restrict processing
- Right to data portability
- Right to object to processing
- Rights related to automated decision making and profiling
Data Security
We implement technical and organisational measures to safeguard personal data from unauthorised access, loss, or disclosure.
Data Sharing
Personal data may be shared only with:
- Healthcare professionals involved in care delivery
- Trusted third-party service providers under data protection agreements
- Authorities as legally required
- With explicit individual consent
Data Retention
Data is retained only as long as necessary for the purposes it was collected and to comply with legal and regulatory retention periods.
Breach Notification
In the event of a personal data breach, Zuva Care Services will notify the Information Commissioner’s Office (ICO) and affected individuals where required by law, following UK GDPR breach notification protocols.
Updates to this Policy
This GDPR Policy is reviewed regularly and updated as necessary to maintain compliance. Any changes will be communicated clearly and made publicly available.
Contact
For enquiries regarding this GDPR Policy or exercising your data rights, contact:
Zuva Care Services Data Protection Officer
You also have the right to complain to the ICO if you believe your data rights have been infringed.
