ExemplaCare Privacy Policy

Effective Date: 20 June 2025

1. Introduction

ExemplaCare Ltd ("ExemplaCare", "we", "us" or "our") is committed to protecting the privacy and security of the personal data we hold. This Privacy Policy explains how we collect, use, share, and safeguard personal information in connection with our domiciliary care services in the United Kingdom, in accordance with the UK Data Protection Act 2018 and the UK General Data Protection Regulation (UK GDPR).

2. Data Controller

Name: ExemplaCare Ltd
Address: Unit B, Bourton Business Centre, Buckingham MK18 7DS
Contact: milesnottage@exemplacare.co.uk
ICO Registration Number: ZA842081

3. Types of Personal Data We Collect

Identity and Contact Information: Name, date of birth, gender, address, telephone number, email address.
Health and Medical Data (Special Category Data): Care plans, clinical notes, medication records, dietary requirements, health conditions, treatment history, risk assessments.
Financial and Billing Information: Bank details, payment histories, invoicing records.
Operational and Usage Data: Service scheduling and visit logs, communication records (phone calls, emails, SMS).
Technical and Usage Data: Device identifiers, IP addresses, browser and device information.

4. Sources of Data

Directly from Service Users: Intake forms, registration, communications.
Care Management Software: OnCare
Google Workspace: Gmail, Drive, and other services for storing and sharing documents.

5. Purposes and Legal Bases for Processing

Purpose	Legal Basis
Provision of domiciliary care services	Contractual necessity (UK GDPR Art. 6(1)(b))
Management of care records and clinical notes	Legal obligation (UK GDPR Art. 6(1)(c)); Explicit consent for special category data (UK GDPR Art. 9(2)(a))
Billing and payment processing	Contractual necessity (UK GDPR Art. 6(1)(b))
Quality assurance and auditing	Legitimate interests (UK GDPR Art. 6(1)(f))
Compliance with regulatory requirements	Legal obligation (UK GDPR Art. 6(1)(c))
Staff training and safeguarding	Legal obligation (UK GDPR Art. 6(1)(c))

6. Special Category Data

We process special category data only where you have given explicit consent, or where necessary for health and social care purposes (UK GDPR Art. 9(2)(h), 9(2)(i)).

7. Data Sharing and Third-Party Processors

Recipient	Purpose	Data Protection
OnCare	Care planning and record management	UK GDPR compliant; processor under OnCare
Google Workspace	Secure email, document storage, collaboration	Google Cloud Platform compliant with UK GDPR
Healthcare Professionals	Coordination of care	With explicit consent or legal basis
Regulatory Bodies (e.g., CQC, ICO)	Regulatory compliance	Disclosures permitted by law

8. Data Retention

We retain personal data for as long as necessary to fulfil the purposes for which it was collected and to comply with legal obligations. Care records are typically retained for a minimum of 8 years after the end of care provision, unless otherwise required by law.

9. Data Subject Rights

Access to personal data (Subject Access Request)
Rectification of inaccurate data
Erasure (right to be forgotten) where applicable
Restriction or objection to processing
Data portability
Withdrawal of consent

To exercise these rights, contact our Data Protection Officer at milesnottage@exemplacare.co.uk.

10. Security Measures

Encryption in transit and at rest (SSL/TLS, Google encryption)
Access controls and authentication
Regular security assessments and audits
Staff training on data protection and confidentiality

11. International Data Transfers

Data may be transferred outside the UK via Standard Contractual Clauses and other safeguards as required by UK GDPR.

12. Changes to this Policy

We may updatethis Privacy Policy periodically. The latest version will be published at https://www.exemplacare.co.uk/privacy.

13. Contact Us

Data Protection Officer: milesnottage@exemplacare.co.uk
Postal Address: Unit B, Bourton Business Centre, Buckingham MK18 7DS