Privacy Policy

1. Introduction

Heart & Haven Healthcare ("we", "our", or "us") is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, store, and protect your personal information when you visit our website, use our services, or interact with us in any way.

We are registered as a data controller with the Information Commissioner's Office (ICO) and comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. Information We Collect

2.1 Personal Information

We may collect the following personal information:

• Name and contact details (email, phone number, address)
• Information about care needs and requirements
• Health and medical information (with your explicit consent)
• Emergency contact information
• Payment and billing information
• Communication preferences

2.2 Technical Information

We automatically collect:

• IP address and browser type
• Pages visited and time spent on our website
• Device information and operating system
• Cookies and similar technologies

3. How We Use Your Information

We use your personal information for the following purposes:

• To provide and manage our domiciliary care services
• To communicate with you about your care needs
• To process payments and manage billing
• To comply with legal and regulatory obligations
• To improve our services and website
• To send you relevant information about our services (with your consent)

4. Legal Basis for Processing

We process your personal information based on:

• Contract: To provide our care services
• Legitimate Interest: To improve our services and communicate with you
• Consent: For marketing communications and sensitive health data
• Legal Obligation: To comply with healthcare regulations

5. Information Sharing

We may share your information with:

• Our care staff and healthcare professionals (on a need-to-know basis)
• Regulatory bodies (CQC, local authorities) as required by law
• Service providers who assist in our operations
• Emergency services in case of emergency

We will never sell your personal information to third parties for marketing purposes.

6. Data Security

We implement appropriate technical and organisational measures to protect your personal information against unauthorised access, alteration, disclosure, or destruction. This includes encryption, secure servers, and regular security assessments.

7. Data Retention

We retain your personal information for:

• Care records: 8 years after the end of care (NHS guidelines)
• Financial records: 7 years (HMRC requirements)
• Marketing data: Until you withdraw consent
• Website analytics: 26 months

8. Your Rights

Under UK GDPR, you have the right to:

• Access your personal information
• Correct inaccurate information
• Request deletion of your information
• Restrict processing of your information
• Data portability
• Object to processing
• Withdraw consent

9. Cookies

Our website uses cookies to improve your experience. You can control cookie settings through your browser preferences. For more information, please see our Cookie Policy.

10. Contact Us

If you have any questions about this Privacy Policy, please contact us: