Privacy Policy

Last updated: 15th August 2024

1. Introduction

1.1 Overview
At Youchoosecare Ltd ("Youchoosecare", "we", "our", "us"), we are committed to protecting and respecting your privacy. This Privacy Policy outlines how we collect, use, and protect your personal data when you use our services, including our websites, mobile applications, and any other online services (collectively referred to as the "Platform"). We process your personal data in compliance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and any other applicable data protection laws.

1.2 Scope
This Privacy Policy applies to all users of the Platform, including Carers, Clients, and visitors. It covers our data collection practices, the ways in which we use and share your data, and your rights regarding your personal data. By accessing or using the Platform, you agree to the terms of this Privacy Policy.

1.3 Company Information
Youchoosecare Ltd is a company registered in the United Kingdom with the company registration number 15582744. For any inquiries related to this Privacy Policy, you can contact us at privacy@youchoosecare.com.

1.4 Legal Compliance
Our data processing activities are conducted in accordance with the UK GDPR, the Data Protection Act 2018, and other relevant UK data protection regulations. We have implemented appropriate technical and organizational measures to ensure the security and confidentiality of your personal data, in compliance with these laws.

2. Definitions

2.1 Key Terms

"Personal Data" refers to any information that relates to an identified or identifiable individual. This includes, but is not limited to, names, addresses, email addresses, identification numbers, and online identifiers.
"Processing" means any operation or set of operations performed on personal data, such as collection, recording, organization, structuring, storage, adaptation, alteration, retrieval, consultation, use, disclosure, or destruction.
"Controller" refers to the entity that determines the purposes and means of processing personal data. For the purposes of this Privacy Policy, Youchoosecare Ltd is the data controller.
"Processor" refers to any entity that processes personal data on behalf of the controller.
"Data Subject" means any individual whose personal data is being processed, including Carers, Clients, and visitors to our Platform.

2.2 User Roles

"Carer" refers to individuals who register on the Platform to provide home care services to Clients.
"Client" refers to individuals who register on the Platform to request and receive home care services from Carers.
"Visitor" refers to individuals who visit the Platform without registering for an account.

3. Legal Basis for Processing

3.1 Consent
We rely on your consent as a legal basis for processing your personal data in certain situations. This includes, for example, when you opt-in to receive marketing communications or when you voluntarily provide sensitive personal data during the registration process. You have the right to withdraw your consent at any time by contacting us at privacy@youchoosecare.com or by adjusting your account settings.

3.2 Contractual Necessity
We process your personal data when it is necessary for the performance of a contract to which you are a party. For example, we process your personal data to facilitate the provision of care services between Carers and Clients, to process payments, and to manage your account.

3.3 Legal Obligations
In some cases, we process your personal data to comply with our legal obligations. This may include verifying the identity of Carers to ensure client safety, maintaining records for tax purposes, or responding to requests from regulatory bodies.

3.4 Legitimate Interests
We may process your personal data based on our legitimate interests, provided that such processing does not override your rights and freedoms. Our legitimate interests include improving our Platform, ensuring the security of our services, and conducting internal analytics and reporting. When we rely on legitimate interests, we carefully consider and balance any potential impact on you and your rights under data protection laws.

4. Personal Data Collected

4.1 Categories of Data Collected

4.1.1 Carers: Carers are required to fill out an online application form via Jotform before they can use our services. We collect personal identification documents (e.g., passport, biometric residence permit, driving license, birth certificate), training qualifications (e.g., diploma, NVQ), DBS checks, a video for identity verification, and bank details (e.g., bank name, sort code, account number) for processing payments. This data is collected to verify your identity, assess your qualifications, ensure the safety of Clients, and manage your earnings.
4.1.2 Clients: We collect payment information (e.g., card number, CVV, expiry date, account holder name) via Stripe, your address via the Google Maps API, your full name, email address, and phone number. This data is essential for processing payments, facilitating care services, and communicating with you.
4.1.3 Visitors: We collect data such as IP addresses, cookie identifiers, and browsing activity from visitors to our Platform. This information helps us improve the user experience and monitor the performance of our services.

4.2 Special Categories of Data
In accordance with the UK GDPR, we take extra care when processing special categories of personal data, which may include biometric data (e.g., face video) used for identity verification of Carers. Such data is processed only with your explicit consent and for the specific purposes outlined in this Privacy Policy.

5. Purpose of Data Collection

5.1 Verification and Identity
We process Carers’ identification documents, qualifications, and DBS checks to verify their identity and ensure they meet the necessary standards to provide care services on our Platform. This includes ensuring the safety of Clients by confirming identity and verifying qualifications before onboarding.

5.2 Payment Processing
We collect and process Clients’ payment information via Stripe to facilitate the payment of services. We also process Carers’ bank details to manage and distribute their earnings. All payment information is handled securely in compliance with PCI-DSS standards and relevant data protection laws.

5.3 Service Provision
We use Clients’ addresses to facilitate the delivery of care services, sharing this information only with the Carer who has accepted the service request. Carers’ data is used to manage their profiles, schedule services, and communicate with Clients.

5.4 Communication
We process Clients’ and Carers’ contact information, such as email addresses and phone numbers, to send verification codes, service updates, and important notifications regarding the use of the Platform. This ensures smooth communication and efficient service delivery.

5.5 Legal Compliance
We process personal data to comply with legal obligations, such as maintaining records for auditing purposes, responding to lawful requests from public authorities, and ensuring compliance with UK laws and regulations.

6. Data Collection Methods

6.1 Forms
We collect data directly from users through various forms on our Platform. Carers must complete an online application form via Jotform, where they provide personal information and upload required documents. Clients provide their data through forms integrated with our payment processor, Stripe, and other service forms powered by FormSpark.

6.2 Automated Technologies
We use automated technologies, such as cookies and the Google Maps API, to collect data when you interact with our Platform. Cookies help us enhance your experience by remembering your preferences and tracking your usage patterns. The Google Maps API is used to collect and process address information for service delivery.

6.3 Third-Party Services
Certain data is collected and processed through third-party services we integrate with, such as Stripe for payment processing and Google Maps for location services. We ensure that these third parties comply with applicable data protection laws and have appropriate safeguards in place to protect your data.

7. Data Use and Sharing

7.1 Internal Use
Your personal data is used internally by Youchoosecare Ltd to provide and improve our services. This includes using your data for account management, service coordination, customer support, and internal analytics.

7.2 Sharing with Carers
Client data, such as addresses and contact information, is shared with Carers who have accepted a service request. This sharing is limited to the information necessary for the Carer to provide the requested service and is done under strict confidentiality agreements.

7.3 Third-Party Sharing
We share personal data with third parties only as necessary to provide our services or comply with legal obligations. This includes sharing payment information with Stripe for processing transactions and sharing address data via the Google Maps API. We do not sell your personal data to any third party.

7.4 No Sale of Data
Youchoosecare Ltd does not sell, rent, or trade your personal data to third parties for their marketing or other purposes. Any data sharing is strictly for the purposes outlined in this Privacy Policy and is done in accordance with applicable data protection laws.

8. Data Retention

8.1 Retention Periods
We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements. Specifically:

Carers: Personal data related to your qualifications, identification, and payment details are retained for as long as you remain an active Carer on our Platform and for seven years thereafter, to comply with legal obligations.
Clients: Payment and service-related data are retained for seven years following the completion of a transaction or service, in line with tax and accounting regulations.
Visitors: Data such as cookies and IP addresses are typically retained for up to one year, unless a longer retention period is required for legal or security purposes.

8.2 Criteria for Retention
The retention periods above are determined based on the nature of the data, the need to fulfill contractual obligations, legal requirements, and the potential for future disputes. We regularly review our data retention practices to ensure compliance with applicable laws.

8.3 Secure Deletion
At the end of the applicable retention period, or upon a valid request for deletion, we securely delete or anonymize your personal data. This may involve the use of technical measures such as encryption and secure erasure tools, ensuring that your data cannot be reconstructed or recovered.

9. Data Storage and Security

9.1 Storage Locations
Your personal data is stored securely in our databases, which are hosted in data centers located within the United Kingdom. We also utilize secure cloud storage services such as Google Drive for backup purposes, ensuring compliance with UK data protection laws.

9.2 Security Measures
We implement a range of technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include encryption of data in transit and at rest, access controls, regular security audits, and employee training on data protection practices.

9.3 Breach Notification
In the unlikely event of a data breach that compromises your personal data, we will promptly notify you and the relevant supervisory authorities as required by law. Our notification will include details of the breach, the potential risks to your data, and the steps we have taken to mitigate the impact.

10. Data Subject Rights

10.1 Right to Access
You have the right to request access to the personal data we hold about you. This includes the right to receive a copy of your personal data and to check that we are lawfully processing it. To exercise this right, you may contact us at privacy@youchoosecare.com.

10.2 Right to Rectification
If any of the personal data we hold about you is inaccurate or incomplete, you have the right to request its correction. You can update certain information directly through your account settings on the Platform, or you may contact us for assistance.

10.3 Right to Erasure
You have the right to request the deletion of your personal data in certain circumstances, such as when the data is no longer necessary for the purposes for which it was collected or when you withdraw your consent. Please note that we may need to retain certain data for legal reasons.

10.4 Right to Restriction of Processing
You may request that we restrict the processing of your personal data under specific circumstances, such as when you contest the accuracy of the data or object to the processing based on our legitimate interests. During the period of restriction, we will limit the processing of your data to storage only, unless you provide your consent or for legal reasons.

10.5 Right to Data Portability
You have the right to request that we transfer your personal data to you or a third party in a structured, commonly used, and machine-readable format. This right applies only to personal data that you have provided to us, and which we process by automated means based on your consent or a contract.

10.6 Right to Object
You have the right to object to the processing of your personal data based on legitimate interests or direct marketing. If you object, we will stop processing your personal data for these purposes unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms.

10.7 Right to Withdraw Consent
Where we rely on your consent to process your personal data, you have the right to withdraw that consent at any time. Withdrawing your consent will not affect the lawfulness of any processing carried out before your withdrawal. You can withdraw your consent by contacting us at privacy@youchoosecare.com or by adjusting your account settings.

11. Data Access and Correction

11.1 User Access to Data
You can access your personal data directly through your account on the Platform. This includes viewing and managing basic account information such as your name, contact details, and service history. For access to additional data, or if you encounter any issues, you may contact us at privacy@youchoosecare.com.

11.2 Updating Information
You are responsible for ensuring that the personal data we hold about you is accurate and up to date. You can update your information through the account settings on the Platform. If you need assistance with updating your data, please contact us.

11.3 Requests for Correction
If you believe that any personal data we hold about you is incorrect or incomplete, you can request a correction. You can either update the data directly via the Platform or submit a request to privacy@youchoosecare.com. We will respond to such requests within 30 days, in accordance with our legal obligations.

12. International Data Transfers

12.1 Cross-Border Transfers
Your personal data may be transferred to, and stored in, locations outside of the United Kingdom if necessary for the provision of our services. When transferring data internationally, we ensure that appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs), to protect your data in compliance with UK GDPR.

12.2 Adequacy Decisions
For transfers of personal data to countries outside the UK that have been recognized by the UK government as providing an adequate level of data protection, we rely on adequacy decisions. This means that your personal data will be treated with the same level of protection as it would within the UK.

12.3 Standard Contractual Clauses (SCCs)
In the absence of an adequacy decision, we use Standard Contractual Clauses (SCCs) or equivalent legal mechanisms to ensure the protection of your personal data during cross-border transfers. These clauses are a legally binding commitment by the recipient to protect your personal data in accordance with data protection standards.

13. Cookies and Tracking Technologies

13.1 Types of Cookies Used
Our Platform uses various types of cookies to enhance your experience and improve our services. These include:

Essential Cookies: Necessary for the operation of the Platform and to enable you to move around and use its features.
Performance Cookies: Collect information about how you use the Platform, such as which pages you visit most often, to help us improve the functionality and user experience.
Targeting Cookies: Record your visit to our Platform, the pages you have visited, and the links you have followed. This information is used to make the Platform and any advertising displayed more relevant to your interests.

13.2 Purpose of Cookies
We use cookies to personalize content, provide social media features, analyze our traffic, and improve our services. Cookies allow us to remember your preferences, track your interactions with the Platform, and provide a more seamless and customized user experience.

13.3 User Control Over Cookies
You can control the use of cookies through your browser settings. Most web browsers automatically accept cookies, but you can modify your browser settings to decline cookies if you prefer. Please note that disabling cookies may affect the functionality of the Platform and your ability to use certain features.

14. Children’s Privacy

14.1 Age Restrictions
Our Platform is not intended for use by individuals under the age of 18. We do not knowingly collect personal data from children under 18. If you are under 18, please do not use the Platform or provide any personal data to us.

14.2 Protection of Minors
We take the privacy of minors seriously. If we become aware that we have inadvertently collected personal data from a child under 18, we will take steps to delete such data as soon as possible. If you believe that we might have any information from or about a child under 18, please contact us at privacy@youchoosecare.com.

14.3 Parental Rights
If you are a parent or guardian and believe that your child under 18 has provided us with personal data without your consent, you may contact us at privacy@youchoosecare.com to request the deletion of that data. We will take appropriate steps to comply with your request in accordance with applicable laws.

15. Third-Party Links

15.1 External Websites
Our Platform may contain links to third-party websites or services that are not operated by Youchoosecare Ltd. We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party websites or services.

15.2 Responsibility for Third-Party Content
Youchoosecare Ltd is not responsible for the privacy practices or the content of any third-party websites linked to or from our Platform. Your interactions with third-party websites are governed by their respective privacy policies, and we encourage you to review those policies before providing any personal data.

15.3 User Caution
We advise users to exercise caution when clicking on third-party links or engaging with third-party services through our Platform. Always review the privacy policies and terms of use of third-party websites to understand how your personal data may be collected, used, and shared.

16. Data Protection Officer (DPO)

16.1 Role of the DPO
Youchoosecare Ltd has appointed a Data Protection Officer (DPO) responsible for overseeing our data protection strategy and ensuring compliance with UK GDPR and other relevant data protection laws. The DPO’s role includes monitoring our data processing activities, providing guidance on data protection issues, and serving as a point of contact for data subjects and supervisory authorities.

16.2 Contact Information
If you have any questions, concerns, or requests related to the processing of your personal data or if you wish to exercise any of your data protection rights, you may contact our DPO at:

Email: privacy@youchoosecare.com
Postal Address: coming soon

16.3 DPO Responsibilities
The DPO is responsible for:

Advising Youchoosecare Ltd on its obligations under data protection laws.
Monitoring compliance with UK GDPR, including data protection policies, awareness-raising, training, and audits.
Cooperating with the Information Commissioner’s Office (ICO) and acting as the contact point for the ICO on issues relating to processing, including data breaches.

17. Data Breach Procedures

17.1 Breach Identification
A data breach occurs when personal data is accidentally or unlawfully destroyed, lost, altered, disclosed, or accessed without authorization. We have established procedures to identify and respond to data breaches promptly. All employees and processors are trained to recognize potential breaches and report them immediately.

17.2 User Notification
If a data breach is likely to result in a high risk to your rights and freedoms, we will notify you without undue delay. This notification will include:

The nature of the breach.
The categories and approximate number of data subjects affected.
The categories and approximate number of data records concerned.
The potential consequences of the breach.
The measures we have taken or propose to take to address the breach and mitigate its possible adverse effects.

17.3 Mitigation and Containment
Upon identifying a data breach, we will take immediate steps to contain and mitigate its impact. This may include isolating affected systems, securing backups, notifying affected data subjects, and cooperating with law enforcement if necessary. We will also conduct a thorough investigation to determine the cause of the breach and implement measures to prevent future occurrences.

18. Legal Obligations

18.1 Compliance with UK Law
Youchoosecare Ltd processes personal data in compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. We are committed to upholding the highest standards of data protection and privacy.

18.2 Record Keeping
We maintain records of our data processing activities, including the purposes of processing, categories of data subjects and personal data, data recipients, and data retention periods. These records are kept in accordance with Article 30 of the UK GDPR and are available to the Information Commissioner’s Office (ICO) upon request.

18.3 Law Enforcement Requests
We may be required to disclose personal data to law enforcement or other governmental authorities in response to lawful requests. We will only comply with such requests when we are legally obligated to do so, and we will always seek to ensure that the requesting authority has the appropriate legal basis to access the data.

19. Marketing Communications

19.1 Consent for Marketing
We may use your personal data to send you marketing communications, such as newsletters, promotional offers, and updates about our services, if you have provided your consent. You can opt-in to receive marketing communications during the registration process or by adjusting your account settings.

19.2 Opt-Out Options
You have the right to opt out of receiving marketing communications at any time. You can do this by clicking the "unsubscribe" link in any marketing email, adjusting your account settings on the Platform, or contacting us at privacy@youchoosecare.com. Opting out of marketing communications will not affect your ability to use our services.

19.3 Third-Party Marketing
Youchoosecare Ltd does not share your personal data with third parties for their marketing purposes without your explicit consent. If you agree to receive marketing communications from third parties, you will be able to manage your preferences through the settings provided by those third parties.

20. Automated Decision-Making

20.1 Use of Automated Decision-Making
Automated decision-making refers to decisions made solely by automated means without any human involvement. Youchoosecare Ltd may use automated decision-making processes for purposes such as identity verification, fraud prevention, and assessing eligibility for certain services. These processes are designed to ensure fairness, accuracy, and efficiency.

20.2 User Rights
You have the right not to be subject to decisions based solely on automated processing, including profiling, which produce legal effects or significantly affect you, unless such processing is necessary for entering into or performing a contract, is authorized by law, or is based on your explicit consent. If you are subject to automated decision-making, you have the right to request human intervention, express your point of view, and contest the decision.

21. Profiling

21.1 What is Profiling?
Profiling involves the automated processing of personal data to evaluate certain aspects of an individual, such as their behavior, preferences, or interests. Youchoosecare Ltd may use profiling to provide personalized services, recommendations, and content to enhance your experience on our Platform.

21.2 Purpose of Profiling
We use profiling to analyze user behavior, preferences, and interactions with our services. This helps us improve our services, tailor our offerings to meet your needs, and deliver relevant content and advertisements. Profiling also assists in detecting and preventing fraudulent activities.

21.3 User Control Over Profiling
You have the right to object to profiling that is based on legitimate interests. If you object, we will cease profiling your data unless we can demonstrate compelling legitimate grounds for the processing. You can manage your profiling preferences through your account settings or by contacting us at privacy@youchoosecare.com.

22. Changes to this Privacy Policy

22.1 Notification of Changes
We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or the way we operate our Platform. Any significant changes will be communicated to you via email or through notifications on the Platform. We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your personal data.

22.2 User Acceptance of Changes
By continuing to use our Platform after any changes to this Privacy Policy have been published, you are confirming your acceptance of those changes. If you do not agree with the updated Privacy Policy, you should stop using the Platform and contact us to discuss your options.

23. User Responsibilities

23.1 Keeping Data Accurate
You are responsible for ensuring that the personal data you provide to Youchoosecare Ltd is accurate, complete, and up to date. Inaccurate or outdated information can affect your ability to use the Platform and receive services. You are encouraged to regularly review and update your account information through the Platform's account settings.

23.2 Security Practices
You are responsible for maintaining the confidentiality of your account credentials, including your password. You should not share your password with others, and you should take precautions to protect your account from unauthorized access. If you suspect that your account has been compromised, you must notify us immediately at privacy@youchoosecare.com.

23.3 Compliance with Terms
Your use of the Platform is subject to our Terms and Conditions, which include this Privacy Policy. By using the Platform, you agree to comply with all applicable laws, regulations, and policies regarding data protection and privacy. Failure to comply may result in the suspension or termination of your account.

24. Contact Information

24.1 General Inquiries
For general inquiries related to this Privacy Policy or the way we handle your personal data, you can contact us at:

Email: privacy@youchoosecare.com

25. Governing Law and Jurisdiction

25.1 Applicable Law
This Privacy Policy and any disputes or claims arising out of or in connection with it, including its formation and validity, shall be governed by and construed in accordance with the laws of England and Wales.

25.2 Jurisdiction
The courts of England and Wales shall have exclusive jurisdiction to settle any disputes or claims that arise out of or in connection with this Privacy Policy. By using the Platform, you agree to submit to the jurisdiction of these courts.