Privacy Policy

We ask that you read this Privacy Notice carefully as it contains important information on who we are, how and why we collect, store, use and share personal information, your rights in relation to your personal information and on how to contact us and other organisations in the event you have a complaint.


1. Who are we?

We are 1st Homecare.   The full name of the company through which we provide services in Oxford and the surrounding area is 1st Homecare (Oxford) Limited., in Leighton Buzzard and the surrounding area the company is 1st Homecare Solutions Limited., and in Kings Langley in Hertfordshire, it is 1st Homecare Kings Langley (a branch of 1st Homecare Solutions Limited).

As a provider of social care and support services, we collect and use certain personal information about our clients.


2. The personal information we collect and use in relation to people who enquire about and use our services

When you enquire about our care and support services, and for so long as we provide care and support services to you, we collect and use some or all of the following personal information (depending on what is relevant):

  • your name, home address, date of birth and contact details (including your telephone number and an email address if you have one), your emergency contacts (including the name(s) of your emergency contacts, your relationship to them, and their home and mobile telephone numbers and/or email addresses)
  • where this applies, your needs assessments and financial assessments from any appropriate external social or health care professionals/public body
  • your allergies, your background medical, physical and mental history, your current medical, physical or mental conditions, and your care and support needs. We may collect this from you and also from any appropriate external social or health care professionals (including your GP) and/or public body
  • your likes, dislikes, hobbies and interests, and lifestyle preferences (including your religious beliefs or other beliefs of a similar nature, racial or ethnic origin, and health) so far as they relate to providing you with suitable care) both from you and where appropriate from your family/ friends/any other person you have nominated as your representative
  • credit or direct debit details (if you pay for some or all of our services using one of these methods)
  • details of anyone you have appointed as your Attorney
  • other personal information regarding you not covered by the above but which is strictly required for the purposes of providing you with care and support services

3. How we use the personal information we collect

3.1 Our responsibilities as “controller”

We are what is called the ‘controller’ of the personal information we collect regarding you, and we are responsible for how that information, or “data” is managed. The General Data Protection Regulation (“GDPR”) sets out our obligations to you and your rights in respect of how we manage your personal information.

As the ‘controller’ of your personal information, we will ensure that the personal information we hold about you is:

  1. used lawfully, fairly and in a transparent way.
  2. collected only for valid purposes that we have clearly explained to you and not used in any other way
  3. relevant to the purposes we have told you about and limited only to those purposes
  4. accurate and kept up to date
  5. kept only as long as necessary for the purposes we have told you about
  6. kept securely.

3.2 How we use your personal information

We use your personal information to:

  • set you up as a client within our care planning and monitoring and delivery systems, and to prepare, review and update risk assessments and care plans and related documentation
  • to provide you with appropriate care and support according to your assessed needs
  • to communicate with you, and if appropriate your representative(s) (if any), your family, and any appropriate external social or health care professionals or public body about your individual needs to ensure we deliver the best possible service to you
  • invoice you or a public body (as appropriate) for the care and support services we provide to you, in accordance with our terms and conditions
  • carry out quality assurance procedures, review our service and improve our customer experience (please note that feedback can also be provided anonymously)
  • comply with our legal and regulatory requirements.

3.3 Who we share your personal information with

We only share your personal information with third parties where it is strictly necessary in order to provide you with the care services we have undertaken to provide, or as a requirement placed upon us as a care provider by law.  Our starting point is that information we hold regarding you will be kept confidential in accordance with the terms of our Confidentiality Policy, however, in order to provide care services to you that meet your needs, we may share personal information with the wider team involved in your care.  For example, we share your medical information with appropriate external social or health care professionals (including your GP and pharmacist), and we also share information relating to you and to the care we provide to you, with any individuals you have nominated as your representative, with any Attorney you have appointed, and/or with your family, where this is appropriate.  This data sharing enables us to establish the type of care and support you need, and to ensure you have the right care package to suit your individual circumstances and your changing needs.  Were you to change care provider at any point, we may also need to share information with the incoming care provider to ensure that you continue to receive the care and support you need.

We will share personal information with regulatory bodies, law enforcement bodies or other authorities if required by law. This includes information required by public bodies to evidence our compliance with the applicable regulatory framework for social care providers and/or compliance with a contract with a public body to provide services.  We are also required to share personal information with external social or health care professionals, including public bodies and local safeguarding groups (in some circumstances) to ensure your safety.

In order to be able to provide you with care services, we have contracts with third parties for the use of rota planning and care delivery software, and for cloud-based data storage (as we operate on a “paperless” basis).   These third parties also comply with the terms of the GDPR including with regard to security measures.

We will not share your personal information with any third party who is not involved in the provision of care services to you.  We will not sell or trade any personal information regarding you.


4. The lawful bases on which we can collect and use your personal information

We rely on one or more of the following grounds within the GDPR as the lawful bases on which we collect and use your personal data and special category data (such as your health):

  • Article 6(1)(b) – processing is necessary for the performance of our contracts to provide individuals with care and support services to comply with our obligations under the contract
  • Article 6(1)(c) – processing is necessary for us to demonstrate compliance with our regulatory framework and the law
  • Article 6(1)(f) – processing is necessary for the purposes of our legitimate interests, namely the processing of your personal information in order to provide you with necessary care and support services that we have been commissioned to provide by a public body (local authority or NHS)
  • Article 9(2)(h) – processing is necessary for the provision of social care or the management of social care systems and services
  • Article 6(1) (a) – in appropriate circumstances, where none of the lawful bases referred to above in this paragraph will apply, your consent has been sought and given to processing.


5. Keeping your personal information secure

We have appropriate security measures in place to prevent personal information from being accidentally lost or used or accessed in an unauthorised way. We limit access to your personal information to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.  Where third parties process personal information on our behalf for the purposes of providing you with care and support services, they also have security measures in place and their staff are under a duty of confidentiality.

We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.

If you want detailed information from Get Safe Online on how to protect your information and your computers and devices against fraud, identity theft, viruses and many other online problems, please visit Get Safe Online is supported by HM Government and leading businesses.


6. Transfer of your information out of the EEA

In order to provide our clients with care services, we use third parties, which include a cloud-based storage platform, to store and process our client records and also for our care planning and rota planning processes.  These third parties may store your data outside the European Economic Area, including in the United States.  We have satisfied ourselves that these third parties have appropriate systems and safeguards in place to protect your privacy rights and give you remedies in the unlikely event of any misuse of personal information, as permitted under the GDPR.  We will not otherwise transfer or permit the transfer of your personal data outside of the UK.  If you would like any further information, please contact us. 


7. Your Rights

Under the GDPR you have a number of important rights free of charge. In summary, this includes rights to:

  • fair processing of information and transparency over how we use your use personal information;
  • access to your personal information;
  • require us to correct any mistakes in your information which we hold;
  • require the erasure (i.e. deletion) of personal information concerning you, in certain situations. Please note that if you ask us to delete any of your personal information which we believe is necessary for us to comply with our contractual or legal obligations, we may no longer be able to provide care and support services to you;
  • receive the personal information concerning you which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those data to a third party in certain situations.

For further information on your rights, including the circumstances in which they apply, see the Guidance from the UK Information Commissioner’s Office (ICO) on individuals’ rights under the General Data Protection Regulation.


8. How to contact us

If you would like to exercise any of your rights, please:

  • email, call or write to us
  • let us have enough information to identify you (eg your name and address),
  • let us have proof of your identity and address (a copy of your driving licence or passport and a recent utility or credit card bill), and
  • let us know the information to which your request relates.


9. Whether information is required, and why

Without information regarding your medical, physical, or mental condition, we cannot assess your care needs or provide any care services to you.

The provision of your name, home address, information on accessing your home and also your telephone number(s), is required so that we can arrange a care worker or workers to attend your home to deliver the services.  Information on your key contacts is required so that we can contact them in an emergency situation and/or to be able to provide you with the care and support services you need.


10. How long your personal information will be kept

We will hold information for as long as we need in order to comply with our legal and regulatory requirements.  We will normally hold the personal information kept within your client file for 3 years from the last date on which we provide you with care services.


11. How to complain

We hope that we can resolve any query or concern you raise about our use of your information.  In the first instance, you can raise a concern using our complaints procedure, which is included in your client handbook given to you when we first start providing services to you.

The GDPR also gives you right to lodge a complaint with a supervisory authority.  The supervisory authority in the UK is the Information Commissioner who may be contacted at or telephone: 0303 123 1113.


12. Changes to this privacy notice

We may change this privacy notice from time to time, when we do we will inform you via email or letter, depending how we normally correspond with you.


13. Do you need extra help?

If you would like this notice in another format (for example: audio, large print) please contact us (see ‘How to contact us’ above).


14. Other

If you have any questions about this privacy notice or would like further explanation as to how your personal information is managed, please send an email to us, write to us or call the Office.

Please note when we refer in the above notice to:

  • A “public body” we mean any organisation in the United Kingdom which delivers, commissions or reviews a public service and includes (but is not limited to) local authorities, councils, unitary authorities, clinical commissioning groups, health and social care trusts, and the National Health Service, as well as their arm’s length bodies and regulators.
  • A “social or health care professional” we mean any person who provides direct services, acts as consultant or is involved in the commission of your healthcare or social care services, including (but not limited to) your General Practitioner (GP), dental staff, pharmacists, nurses and health visitors, clinical psychologists, dieticians, physiotherapists, occupational therapists, hospital staff, social workers and other care and support related professionals.

Updated: April 2023