Data Protection Privacy Policy for Website Users

In this Privacy Policy when we refer to “Kelly Park Limited” or “we”, “us” or “our”, we mean Kelly Park Limited.  

Kelly Park Limited is committed to protecting the privacy of individuals who use our services or even if you are just visiting our website. 

Under the General Data Protection Regulation 2016, Kelly Park Limited, registered at Suite 32-33 Derwentside Business Centre, Consett Business Park, Consett, County Durham DH8 6BP. This notice sets out the way Kelly Park Limited processes, stores and protects user data and information that you may supply to us. It also outlines the obligations and requirements of the users, the website and website owners.  

You may contact us at any point with regards to this privacy notice or the way your personal data is being processed by one of the following means:

Suite 32-33 Derwentside Business Centre, Consett Business Park, Consett, County Durham DH8 6BP.

Telephone: 01207 580091

Email: dpo@kellypark.co.uk 

About Us  

Kelly Park Limited provides individuals with personalised packages of care and support to enable them to remain in their own home 

Working together with individuals and their families we are able to create a care and support plan to suit the needs of the person. Promoting independence, choice, respect, privacy, security and continuity at all times.

Our experienced, professional Health Care Assistants are specifically trained to deliver tailored, individual, Domiciliary Home Care support packages. 

We take great pride in our ability to create person-centred care and support plans. By understanding the needs of our customers we are able to offer a personalised, reliable and high-quality service that provides peace of mind to all customers and their families.

Our commitment is to improve a person’s quality of life and give them the opportunity to maximise their independence through our outcomes-based care approach. Our Services include: 

  • Home Care
  • Domestic Care
  • Live-in Care 
  • Respite Care 
  • Palliative Care 
  • End of life Care 
  • Dementia Care 
  • Complex Care 

Updates to this website Privacy Policy 

From time to time we may amend this privacy policy to fall in line with changes to legislation, including but not limited to the General Data Protection Regulation 2016, Privacy and Electronic Communication Regulation 2003 and the Data Protection Act 2018. 

Any changes, updates or amendments to this policy will be shown on our website with the date of the latest update. 

Personal Data 

Personal data’ is defined in law as any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person

We do not collect or amass personal data outside the delivery of a service based on a contractual basis or on consent. The data and information collected will not be used for anything other than delivering the services that you requested. 

Purposes for the processing of personal data 

When you enter a contract with Kelly Park Limited, you will always have clear visibility with regards to the type of personal data that is being collected

You will have the opportunity to review the purposes of the data collection and you will have the choice to either approve or disapprove. Please note, that if you do not approve or agree to disclose the information required for the delivery of our services, we will be unable to provide these services as we are required to collect certain types of data to be able to provide you with those services. 

The information that is collected by Kelly Park Limited is used for the following services:

  • The provisioning of home care
  • The provisioning of domestic care
  • The provisioning of live-in care  
  • The provisioning of respite care
  • The provisioning of palliative care
  • The provisioning of end of life care
  • The provisioning of dementia care

Consent  

Where Kelly Park Limited needs to collect or pass on your information to a third party, we will obtain your consent where we require consent as grounds for processing. For example, if we need to process data any highly sensitive or “special categories” of data, we will obtain your consent and explain the purposes of processing prior to doing so. 

Third-party sharing 

Kelly Park Limited will never sell or share any of your details to others for marketing or advertising purposes. It may be necessary to provide your information onto a third party for the delivery of a service that you have requested, however, we will always ensure that the appropriate safeguards are in place to protect your information prior to transferring.  

Kelly Park Limited may share your information with parties that we have vetted and authorised for the provisioning of a service. Such parties include staff members and other services providers that we use to be able to deliver our services. These third-party processors may disclose your information to others for the delivery of the service you have requested; please ensure you have familiarised yourself with their terms and conditions and/or their privacy notices. 

If you would like a copy of our authorised third parties, please contact us at dpo@kellypark.co.uk. Please note that we will only disclose this information to those that we process data regarding. 

Where we believe there is a need to investigate, prevent or report illegal activities, issues pertaining to threats to the physical safety of any person we may pass your information onto other 3rd parties including but not limited to The Police, Care Quality Commission, Information Commissioners Office or the Health and Safety Executive. 

Where your data is transmitted internationally, outside of the EEA, we shall ensure that enforceable binding contracts are in place in the absence of a suitable data protection legislation. We will not conduct business where there is neither an enforceable contract nor a suitable data protection legislation. 

Cookies in use on this website 

For any information regarding the cookies that are used on this website, please refer to the Cookies Policy

Security controls 

Kelly Park Limited has implemented a number of organisational and technical controls to ensure that the confidentiality, the integrity and the availability of the data that we process is always preserved. The main objective of those controls is to help protect your information from loss, destruction, misuse, unauthorised access or disclosure. The combination of organisational and technical controls ensures that your data is processed securely at all times. 

Organisational controls 

  • User access controls and limitation of data access has been implemented to ensure that only the authorised staff members have access to data.  
  • We have implemented a data retention policy for the different datasets that we process. The retention period for the data is either based on legal requirements set by the regulatory body or on legitimate purposes to carry our business operations.
  • A password policy is in place to ensure that all passwords are changed on a regular basis and that they correspond to the required standards when they are generated.
  • We regularly review our information security policies and procedures to ensure that it is up to date with the latest technology and most importantly with the latest legislation with regards to data protection and data privacy.
  • We ensure that our third-party processors are carefully vetted and selected with regards to compliance with data protection and data privacy laws.
  • The access to special categories of data has been limited to a handful of staff members in order to reduce the exposure of such type of data.
  • Our staff members are well-trained professionals.

Technical controls

  • Encryption has been implemented on all computer equipment to ensure that data will not be available in the event of loss or theft.  
  • Encryption controls have been implemented for data that is in transit and for email communication.
  • Antivirus and malware protection is installed on all computer equipment. 
  • Regular backups of our data to ensure that it is readily available in the event of a technical issue or a natural disaster.

Other Sites and external links 

Our website may contain links to other sites that are not controlled by us; therefore we are not responsible for the content or use of these services. Please ensure that you understand this and also please review those website privacy policies and terms and conditions. Kelly Park Limited cannot and will not be held liable for any damage that might have been caused to your computer equipment by those websites. Such damage includes but is not limited to: loss of data, exfiltration of data, unauthorised intrusion, virus and malware infection, hardware damage. The use of any external link or website is at your own risk. 

Special Categories of Data 

We do process medical data and child data at times. Such type of data is processed with the prior positive consent of our clients.

General Data Protection Regulation Rights 

You have many rights under the GDPR, they are defined as below: 

  • The right to be informed 
  • The right of access 
  • The right to rectification 
  • The right to erasure 
  • The right to restrict processing 
  • The right to data portability 
  • The right to object 

Rights in relation to automated decision making and profiling. 

If you are an existing customer of ours please contact your data controller who will then assist you in exercising your rights with us as a processor. 

If you are a former employee or had another relationship with Kelly Park Limited and you would like to exercise your rights please contact us at dpo@kellypark.co.uk 

When an access request is submitted to us, we must verify your identity before any data can be sent to you. If we are unsure about your identity or if our controls do not match the information that is gathered, we reserve the right to nullify the access request. 

Additional information 

If you have any questions with regards to this privacy notice, the way your data is handled or if you would like to exercise any of your rights under the General Data Protection Regulation, please contact dpo@kellypark.co.uk. 

If you would like to learn more about the current regulations and legislation about data protection, please refer to the following links: 

The General Data Protection Regulation (GDPR) 

https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/

The Privacy and Electronic Communications Regulation (PECR) 

https://ico.org.uk/for-organisations/guide-to-pecr/what-are-pecr/

For any concerns with regards to your personal data, please contact the Information Commissioner’s Officer at the following link: https://ico.org.uk/  

Privacy Policy for Service Users

In this Notice, “We”, “Us” and “Our” means Kelly Park Limited (the Company), the provider of your care. “You” means the client on whose behalf the Company are providing the service that you or your nominated third party, such as your local authority, have requested.

We are committed to maintaining the accuracy, confidentiality and security of your personal information. Data protection law provides you with a right to be informed about the processing of your personal information. This Notice describes the personal information that we collect from or about you, and how we use and to whom we disclose that information. Where it is appropriate to the delivery of the service and in accordance with our contract with you or as required by law, we may also prescribe additional purposes and longer retention periods to those set out below. 

What Personal Information Do We Collect? 

For the purposes of our Privacy Policy, personal information is any information about an identifiable individual. Personal information does not include anonymous or non-personal information.  

We collect and maintain different types of personal information in respect of those individuals who seek to be, are, or were our clients, including the personal information contained in: 

  • what you tell us about yourself; 
  • ID Information such as your name, home address, email address, telephone numbers and date of birth; 
  • Next of kin contact information; 
  • Medical records and health information including medicine dosage; 
  • Personal preferences; 
  • Ethnicity and religious affiliation; 
  • NHS number; 
  • Telephone call recording; 
  • Risk assessments; 
  • Door access codes; 
  • Dietary requirements; 
  • our records of invoicing and payment. 

The personal information which we collect and maintain includes the above and any other information necessary to permit us to manage your care effectively. In addition, we may collect and maintain sensitive personal information about you if that has any relevance to your care.  

As a general rule, we collect personal information directly from you or from the local authority or others also involved in your care. In most circumstances where the personal information that we collect about you is held by a third party, we will obtain your permission before we seek out this information from such sources (such permission may be given directly by you, or implied from your actions or agreed under contract). 

Where permitted or required by applicable law or regulatory requirements, we may collect information about you without your knowledge or consent. 

Why Do We Collect Personal Information? 

The personal information collected is used and disclosed for our business purposes, including establishing and managing your relationship with us. Such uses include: 

  • assessing whether we are able to assist you; 
  • the management of your care; 
  • maintaining records of services provided to you; 
  • invoicing, fee collection and debt recovery; 
  • keeping records up to date; 
  • complying with the legal and regulatory obligations; 
  • implementing best practice and guidance from the Care Quality Commission or other regulatory or governmental bodies; 
  • such other purposes as are reasonably required by us. 

Who is responsible?

The person responsible for the personal information about you which we collect (the “data controller”) is the Company Kelly Park Limited processes and/or manage certain information on behalf of the Company. 

Monitoring

Some of our premises are equipped with CCTV. Where in use, CCTV cameras are there for the protection of visitors and employees and members of staff, and to protect against theft, vandalism and damage to goods and property on the premises. Generally, recorded images are routinely destroyed and are not shared with third parties unless there is suspicion of a crime, in which case they may be turned over to the police or other appropriate government agency or authority.  

This section is not meant to suggest that clients will, in fact, be monitored or their actions subject to constant surveillance. It is meant to bring to your attention the fact that such monitoring may occur.  

Can we use your information for marketing our products and services? 

We may send you email newsletters if you are opt-in to receive such correspondence. We may also send you details of new services but only if it is within our legitimate interest to do so.  

We will always let you know that you can opt out from receiving marketing material and you can let us know at any time if you no longer wish to receive direct marketing offers from us. You can do so by emailing us here or writing to us at, dpo@kellypark.co.uk

 How Do We Use Your Personal Information? 

We may use your personal information for the purposes described in this Policy, or for any additional purposes that we advise you of and, where your consent is required by law, where we have obtained your consent in respect of the use or disclosure of your personal information. 

We may use your personal information without your knowledge or consent where we are permitted or required by law or regulatory requirements to do so. 

When Do We Disclose Your Personal Information? 

We may share your personal information with our employees and other parties who require such information to assist us with managing the service we provide to you. 

This includes but is not limited to sharing your data with the following who may in turn process your data: 

  • our clients;
  • the NHS;
  • your doctor;
  • pharmacies;
  • social services;
  • the local authority;
  • hospitals
  • emergency services;
  • the Fire Authority
  • the District Nurse;
  • specific external suppliers such as systems providers (e.g. of our rostering, H&S reporting and financial systems), IT consultants, legal advisers and auditors.

Also, your personal information may be disclosed: 

  • as permitted or required by applicable law or regulatory requirements; 
  • to comply with valid legal processes; 
  • as part of our reporting activities; 
  • to protect the rights and property of the company; 
  • during emergency situations or where necessary to protect the safety of a person or group of persons; 
  • where the personal information is publicly available; or 
  • with your consent where such consent is required by law. 

In any such a case, we will not disclose more personal information than what is required in the circumstances and, except under compulsion of law, we will not disclose without your consent any legal advice which is the subject of a duty of confidence owed to you.  

Notification and Consent 

Privacy laws do not generally require us to obtain your consent for the collection, use or disclosure of personal information for the purpose of establishing and managing our relationship with you. In addition, we may collect, use or disclose your personal information without your knowledge or consent where we are permitted or required by applicable law or regulatory requirements to do so. 

Where your consent is required this will be requested and recorded in a clear unambiguous way. Where your consent is required for our collection, use or disclosure of your personal information, you may, at any time, subject to legal or contractual restrictions and to reasonable notice, withdraw your consent. All communications with respect to such withdrawal or variation of consent should be in writing and addressed to the Company. 

How is Your Personal Information Protected? 

We endeavour to maintain physical, technical and procedural safeguards that are appropriate to the sensitivity of the personal information in question. These safeguards are designed to protect your personal information from loss and unauthorised access, copying, use, modification or disclosure. 

Your personal information will not normally be processed outside the European Economic Area. Where it is necessary or desirable to do so, we will seek your prior consent and we will take steps to ensure that suitable safeguards apply.   

How Long is Your Personal Information Retained? 

Except as otherwise permitted or required by applicable law or regulatory requirements, we will retain your personal information only for as long as we believe is necessary to fulfil the purposes for which the personal information was collected (including, for the purpose of meeting any legal, accounting or other reporting requirements or obligations). As a minimum that will be until one year after the expiry of the legal limitation period for bringing a legal claim against the company in respect of the services provided. However, we may notify you that we will retain your personal information for a longer period for the purposes of maintaining our records of the services provided. 

In most cases, personal information which is maintained by the Company will be deleted 7 years after the discharge of all fees incurred in your care or at the end of any service we have provided to you, whichever is the later.   

Updating Your Personal Information 

It is important that the information contained in our records is both accurate and current. If your personal information happens to change during the course of your relationship with us, please keep us informed of such changes. 

You have a right to have your personal information corrected if it is inaccurate and to have incomplete personal information completed. In some circumstances, we may decide to update our record of your personal information by appending additional text without deleting the original record. 

Right of Access to Your Personal Information 

You can ask to see the personal information that we hold about you. If you want to review, verify or correct your personal information, please contact the Company. Please note that any such communication may be required in writing.  

When requesting access to your personal information, please note that we may request specific information from you to enable us to confirm your identity and right to access, as well as to search for and provide you with the personal information that we hold about you. We may charge you a fee to access your personal information; however, we will advise you of any fee in advance. If you require assistance in preparing your request, please contact us. 

Your right to access the personal information that we hold about you is not absolute. There are instances where applicable law or regulatory requirements allow or require us to refuse to provide some or all of the personal information that we hold about you. In addition, the personal information may have been destroyed, erased or made anonymous in accordance with our record retention obligations and practices. 

If we cannot provide you with access to your personal information, we will try to inform you of the reasons why subject to any legal or regulatory restrictions. 

Your other legal rights 

Data protection legislation also provides you with certain other rights. These are not always absolute rights and must be considered in the wider scope of the legislation. These rights are: 

  • right to erasure, also known as the right to be forgotten. The broad principle underpinning this right is to enable an individual to request the deletion or removal of personal data where there is no compelling reason for its continued processing. In some circumstances this is not an absolute right; 
  • right to restrict processing. You have the right to ‘block’ or suppress processing of personal data. Again this is not an absolute right and will depend on the circumstances and any other legal/statutory obligations we may have; 
  • right to data portability; 
  • right to object to processing based on legitimate interests or the performance of a task in the public interest/exercise of official authority (including profiling);
  • rights related to automated decision making including profiling.  

How to contact us & complaints 

If you have any questions, concerns or complaint in respect of data protection and this privacy notice, please do not hesitate to contact us. Please contact our Registered Manager.

Alternatively, you may contact our Data Protection Officer at dpo@kellypark.co.uk

We will endeavour to address your issue as swiftly as possible.

Privacy Notice for Staff and Job Applicants 

The Company is committed to maintaining the accuracy, confidentiality and security of your personal information. This Privacy Notice describes the personal information that we collect from or about you, how we use it and to whom we disclose that information. 

What Personal Information Do We Collect? 

For the purposes of this Privacy Notice, personal information is any information about an identifiable individual. Personal information does not include anonymous or non-personal information.  

We collect and maintain different types of personal information in respect of those individuals who seek to be, are, or were employed by us, including the personal information contained in: 

  • CVs and applications; 
  • references and interview notes; 
  • DBS and vetting information; 
  • Education and training information; 
  • Right to work information; 
  • Photographs, video and audio recordings including CCTV imagery; 
  • letters of offer and acceptance of employment and other employment records; 
  • policy acknowledgement sign-off sheets; 
  • payroll information; including but not limited to national insurance number, banking and deposit information and national insurance number; 
  • wage and benefit information including annual leave information; 
  • forms relating to the application for welfare benefits; 
  • Health questionnaires and risk assessments including any medical condition or medication you are taking;  
  • beneficiary and emergency contact information; 
  • Disciplinary and grievance records; 
  • Your driving licence and insurance documentation; and 
  • Equal opportunities monitoring forms  

In addition to the examples listed above, the personal information we collect includes information such as your name, home address, telephone, personal email address, date of birth, employee identification number, ethnicity, marital status, nationality, next of kin/emergency contact information, salary, biometric data provided and any other information necessary for business purposes, which is voluntarily disclosed in the course of an employee’s application for an employment with us. 

The above lists are non-exhaustive and apply across the Group. A complete list of information held on you is available from your Data Protection Officer (via your line manager). 

As a general rule, we collect personal information directly from you. We may however also use recruitment consultants and recruitment websites to source potential applicants. In most circumstances where the personal information that we collect about you is held by a third party, we will only process it in accordance with our legitimate interests, where necessary for the performance of our contracts or where obligated by law.  

From time to time, we may use the services of third parties, such as recruitment agents and may also receive personal information collected by those third parties in the course of the performance of their services for us. In that case, we will take reasonable steps to ensure that such third parties have represented to us that they have the right to disclose your personal information to us. 

Where permitted or required by applicable law or regulatory requirements, we may collect information about you without your knowledge or consent. 

Why Do We Collect Personal Information? 

The personal information collected is used and disclosed for our business purposes, including establishing, managing or terminating the employment relationship. It is necessary for the performance of our contract with you and/or performing our obligations under a contract as well as to meet our legal obligations and legitimate interests. Such uses include: 

  • determining eligibility and suitability for initial employment, including profiling from any previous job application to us, right to work checks and the verification of references and qualifications; 
  • administering pay and benefits including holiday pay; 
  • processing employee work-related claims (e.g. insurance claims, etc.) 
  • establishing training and/or development requirements; 
  • conducting performance reviews and determining performance requirements; 
  • assessing qualifications and suitability for a particular job, task, bonus or promotion; 
  • gathering evidence further to the disciplinary, grievance or whistleblowing procedure; 
  • establishing a contact point in the event of an emergency (such as next of kin); 
  • considering, assessing and preventing inequality or health & safety incidents or risks;  
  • complying with all regulatory and legislative requirements; 
  • compiling contact lists for internal purposes only; 
  • analysing workforce trends e.g. impact of Brexit or other regulatory or legislative changes; 
  • ensuring your security and the security of company held information and data; and 
  • such other purposes as are reasonably required by us for the performance of your contract; to protect vital interests; for the performance of a task in the public interest; to comply with our legal obligations; in accordance with our legitimate business interests or for the purpose of assessing your working capacity. 

Monitoring 

The work output of staff, whether in paper records, computer files, or in any other storage format belongs to us, and that work output, and the tools used to generate that work output, are always subject to review and monitoring by us. 

In the course of conducting our business, we may monitor employee activities, attendance and our premises and property. For example, some of our locations are equipped with fingerprint log-in technology, tracking systems as you touch in and out of service users’ homes and/or CCTV. Where in use, CCTV cameras are there for the protection of employees and third parties, and to protect against theft, vandalism and damage to our goods and property. Generally, recorded images are routinely destroyed and not shared with third parties unless there is suspicion of a crime, in which case they may be turned over to the police or other appropriate government agency or authority. Staff are referred to our CCTV Policy for further information. Pursuant to our Monitoring of Business Communications Policy and Procedure and our Computer, Email and Internet Usage Policy, we have the capability to monitor all employees’ computer and e-mail use. 

This section is not meant to suggest that all employees will, in fact, be monitored or their actions subject to constant surveillance. It is meant to bring to your attention the fact that such monitoring may occur and may result in the collection of personal information from employees (e.g. through their use of our resources). When using company equipment or resources employees should not have any expectation of privacy with respect to their use of such equipment or resources. 

How Do We Use Your Personal Information? 

We may use your personal information for the purposes described in this Policy, or for any additional purposes that we advise you of and where your consent is required by law we have obtained your consent in respect of the use or disclosure of your personal information. 

We may use your personal information without your knowledge or consent where we are permitted or required by applicable law or regulatory requirements to do so.

When Do We Disclose Your Personal Information? 

We may share your personal information with our employees, contractors, advisors or consultants and other parties who require such information to assist us with establishing, managing or terminating our employment relationship with you, including: professional advisers, parties that provide products or services to us or on our behalf and parties that collaborate with us in the provision of products or services to you.   

Also, your personal information may be disclosed: 

  • as necessary for the performance of our contract with you 
  • as permitted or required by applicable law or regulatory requirements. In such a case, we will try to not disclose more personal information than is required under the circumstances; 
  • to comply with valid legal processes such as warrants or court orders; 
  • as part of our regular reporting activities to other members of the Group, i.e. if necessary for the performance of your contract, to comply with a legal obligation or as part of our legitimate business interests; 
  • to protect the rights and property of the company or others; 
  • during emergency situations or where necessary to protect the vital interests or safety of a person or group of persons; 
  • to assess your working capacity; 
  • if in the substantial public interest; 
  • where the personal information is publicly available; or 
  • with your consent. 

Notification and Consent 

Privacy laws do not generally require us to obtain your consent for the collection, use or disclosure of personal information for the purpose of establishing, managing or terminating the employment relationship. In addition, we may collect, use or disclose your personal information without your knowledge or consent where we are permitted or required by applicable law or regulatory requirements to do so. 

Where your consent was obtained or required for our collection, use or disclosure of your personal information, you may, at any time, subject to legal or contractual restrictions and reasonable notice, withdraw your consent. All communications with respect to such withdrawal or variation of consent should be in writing and addressed to your line manager for passing to the Data Protection Officer. 

How is Your Personal Information Protected? 

We endeavour to maintain physical, technical and procedural safeguards that are appropriate to the sensitivity of the personal information in question. This includes the use of firewalls and encryption as well as other information security requirements, systems and procedures. These safeguards are designed to protect your personal information from loss and unauthorised access, copying, use, modification or disclosure. 

How Long is Your Personal Information Retained? 

For unsuccessful job applicants or those who do not accept a position with us, we will generally destroy your data after 6 months unless you have requested that we retain it for longer.   

For recruited staff, except as otherwise permitted or required by applicable law or regulatory requirements, we will only retain your personal information for as long as we believe it is necessary to fulfil the purposes for which the personal information was collected (including, for the purpose of meeting any contractual, legal, accounting or other reporting and regulatory requirements or obligations). We may, instead of destroying or erasing your personal information, make it anonymous such that it cannot be associated with or tracked back to you. In most cases, your data will be deleted 6 years after you have left the company or as otherwise set out in accordance with our data retention schedule and/or as required by law. 

Updating Your Personal Information 

It is important that the information contained in our records is both accurate and current. If your personal information happens to change during the course of your employment, please keep us informed of such changes. 

In some circumstances, we may not agree with your request to change your personal information and will instead append an alternative text to the record in question. 

Access to Your Personal Information 

You can ask to see the personal information that we hold about you. If you want to review, verify or correct your personal information, please contact your line manager. Please note that any such communication must be in writing. 

When requesting access to your personal information, please note that we may request specific information from you to enable us to confirm your identity and right to access, and to assist us in searching for and provide you with the personal information that we hold about you. In specific circumstances, we may charge you a fee to access your personal information however we will advise you if this is the case and of any fee in advance. 

Your right to access the personal information that we hold about you is not absolute. There are instances where applicable law or regulatory requirements allow or require us to refuse to provide some or all of the personal information that we hold about you. In addition, the personal information may have been destroyed, erased or made anonymous in accordance with our record retention obligations and practices. 

If we cannot provide you with access to your personal information, we will inform you of the reasons why subject to any legal or regulatory restrictions. 

Your other legal rights 

Data protection legislation also provides you with certain other rights. These are not always absolute rights and must be considered in the wider scope of the legislation. These rights are: 

  • right to erasure, also known as the right to be forgotten. The broad principle underpinning this right is to enable an individual to request the deletion or removal of personal data where there is no compelling reason for its continued processing. In some circumstances this is not an absolute right; 
  • right to restrict processing. You have the right to ‘block’ or suppress processing of personal data. Again this is not an absolute right and will depend on the circumstances and any other legal/statutory obligations we may have; 
  • right to data portability – this is the right to have information provided in a structured, commonly used machine-readable format; 
  • right to object to processing based on legitimate interests or the performance of a task in the public interest/exercise of official authority (including profiling); 
  • rights related to automated decision making including profiling.

Privacy Notice for Marketing and 3RD Parties

In this Notice, “We”, “Us” and “Our” means Kelly Park Limited (the Company).

We are committed to maintaining the accuracy, confidentiality and security of your personal information. Data protection law provides you with a right to be informed about the processing of your personal information. This Notice describes the personal information that we collect from or about you, and how we use and to whom we disclose that information

What Personal Information Do We Collect?

For the purposes of our Privacy Policy, personal information is any information about an identifiable individual. Personal information does not include anonymous or non-personal information.

We collect and maintain usually fairly limited information about you for marketing purposes contained in: 

  • What you tell us about yourself; 
  • From your photographs, video and audio recordings;
  • Interviews with us; 
  • ID Information such as your name and contact details such as your address, email address, telephone numbers and date of birth (if provided);
  • Next of kin contact information;
  • Personal preferences;
  • Ethnicity and religious affiliation;
  • Telephone call recordings; 
  • Risk assessments; and
  • Allergies/dietary requirements (if applicable)

The personal information which we collect and maintain includes the above and any other information necessary for us to safely undertake the marketing campaign. In addition, we may collect and maintain sensitive personal information about you such as your health, if that has any relevance, e.g. to your safety.

In most circumstances where the personal information that we collect about you is held by a third party, we will obtain your permission before we seek out this information from such sources (such permission may be given directly by you or implied from your actions). Where permitted or required by applicable law or regulatory requirements, we may collect information about you without your knowledge or consent.

Why Do We Collect Personal Information?

The personal information collected is primarily used for internal and external, online and offline marketing purposes including but not limited to print, websites, email marketing, press and social media activities. It is also used to assist us in managing your relationship with us. Such uses include:

  • Maintaining your privacy and upholding your data protection rights;
  • Assessing your safety;
  • Keeping records up to date;
  • Complying with the legal and regulatory obligations; 
  • Such other purposes as are reasonably required by us.

Who is responsible? 

The person responsible for the personal information about you which we collect (the “data controller”) is the Company Kelly Park Limited. processes and/or manage certain information on behalf of the Company.

Monitoring

Some of our premises are equipped with CCTV. Where in use, CCTV cameras are there for the protection of visitors and members of staff, and to protect against theft, vandalism and damage to goods and property on the premises. Generally, recorded images are routinely destroyed and are not shared with third parties unless there is suspicion of a crime, in which case they may be provided to the police or other appropriate government agency or authority. 

Calls to and from our offices are also recorded for our service user’s and staff safety and protection and training purposes.

This section is not meant to suggest that you will be monitored or your actions subject to constant surveillance. It is meant to bring to your attention the fact that such monitoring may occur if you come to our premises.

Can we use your information for marketing our products and services? 

We may send you email newsletters if you are opt-in to receive such correspondence. We may also send you details of new services or initiatives but only if it is within our legitimate interest to do so. 

We will always let you know that you can opt out from receiving marketing material and you can let us know at any time if you no longer wish to receive direct marketing offers from us. You can do so by emailing us here or writing to us at, dpo@kellypark.co.uk

How Do We Use Your Personal Information?

We may use your personal information for the purposes described in this Policy, or for any additional purposes about which we advise you; where your consent is required by law; or where we have obtained your consent in respect of the use or disclosure of your personal information.

We may use your personal information without your knowledge or consent where we are permitted or required by law or regulatory requirements to do so. 

When Do We Disclose Your Personal Information? 

We may share your personal information with our employees and other parties who require such information to assist us with managing our marketing campaigns.

This includes but is not limited to sharing your data with the following who may in turn process your data:   

  • Our clients or prospective clients including local authorities;
  • Service users or prospective service users;
  • Our staff or prospective staff;
  • The NHS and hospitals;
  • Specific external suppliers such as systems providers and marketing affiliates, IT consultants, legal advisers and auditors.

Also, your personal information may be disclosed:

  • as part of our marketing and reporting activities;
  • as permitted or required by applicable law or regulatory requirements;
  • to comply with valid legal processes;
  • to protect the rights and property of the company;
  • during emergency situations or where necessary to protect the safety of a person or group of persons;
  • where the personal information is publicly available; or
  • with your consent where such consent is required by law. 

In any such a case, we will not disclose more personal information that is required in the circumstances. 

Notification and Consent

Privacy laws do not generally require us to obtain your consent for the collection, use or disclosure of personal information for the purpose of establishing and managing our relationship with you although we tend to obtain this for marketing purposes. 

Where your consent is required or requested this will be requested and recorded in a clear unambiguous way. We will also seek to consider the views of any minor notwithstanding that the consent from the holder of parental responsibility shall be sought for those below the age of 13. 

Where your consent is required for our collection, use or disclosure of your personal information, you may, at any time, subject to legal or contractual restrictions and to reasonable notice, withdraw your consent. All communications with respect to such withdrawal or variation of consent should be in writing and addressed to the Company using the details provided below. 

How is Your Personal Information Protected? 

We endeavour to maintain physical, technical and procedural safeguards that are appropriate to the sensitivity of the personal information in question. These safeguards are designed to protect your personal information from loss and unauthorised access, copying, use, modification or disclosure.

Your personal information will not normally be processed outside the European Economic Area. Where it is necessary or desirable to do so, we will seek your prior consent and we will take steps to ensure that suitable safeguards apply. 

How Long is Your Personal Information Retained? 

Except as otherwise permitted or required by applicable law or regulatory requirements, we will retain your personal information only for as long as we believe is necessary to fulfil the purposes for which the personal information was collected (including, for the purpose of meeting any legal, accounting or other reporting requirements or obligations). This will be notified to you and may vary between our different marketing campaigns.

Updating Your Personal Information

It is important that the information contained in our records is both accurate and current. If your personal information happens to change during the course of your relationship with us, please keep us informed of such changes.

You have a right to have your personal information corrected if it is inaccurate and to have incomplete personal information completed. In some circumstances, we may decide to update our record of your personal information by appending additional text without deleting the original record.

Right to Access to Your Personal Information 

You can ask to see the personal information that we hold about you. If you want to review, verify or correct your personal information, please contact the Company. Please note that any such communication may be required in writing.

When requesting access to your personal information, please note that we may request specific information from you to enable us to confirm your identity and right to access, as well as to search for and provide you with the personal information that we hold about you. We may in specific circumstances charge you a fee to access your personal information; however, we will always advise you if there is any fee in advance. If you require assistance in preparing your request, please contact us.

Your right to access the personal information that we hold about you is not absolute. There are instances where applicable law or regulatory requirements allow or require us to refuse to provide some or all of the personal information that we hold about you. In addition, the personal information may have been destroyed, erased or made anonymous in accordance with our record retention obligations and practices.

If we cannot provide you with access to your personal information, we will try to inform you of the reasons why subject to any legal or regulatory restrictions.

Your other legal rights 

Data protection legislation also provides you with certain other rights. These are not always absolute rights and must be considered in the wider scope of the legislation. These rights are:

  • right to erasure, also known as the right to be forgotten. The broad principle underpinning this right is to enable an individual to request the deletion or removal of personal data where there is no compelling reason for its continued processing. In some circumstances this is not an absolute right;
  • right to restrict processing. You have the right to ‘block’ or suppress processing of personal data. Again this is not an absolute right and will depend on the circumstances and any other legal/statutory obligations we may have;
  • right to data portability;
  • right to object to processing based on legitimate interests or the performance of a task in the public interest/exercise of official authority (including profiling);
  • rights related to automated decision making including profiling.

How to contact us & complaints

If you have any questions, concerns or complaint in respect of our handling of data protection and this privacy notice, please do not hesitate to contact us. Please contact the Registered Manager at Suite 32-33 Derwentside Business Centre, Consett Business Park, Consett, County Durham DH8 6BP or alternatively you may contact our Data Protection Officer, via email at dpo@kellypark.co.uk

We will endeavour to address your issue as swiftly as possible.