Privacy Policy Overview

Please find below our comprehensive privacy policies for website users, service users, staff and job applicants, and mobile app users.In this Privacy Policy when we refer to “JR Care” or “we”, “us” or “our”, we mean JR Care Ltd.
JR Care is committed to protecting the privacy of individuals who use our services, visit our website, apply for employment with us, or use our mobile application. This notice sets out the way JR Care processes, stores and protects user data and information that you may supply to us. It also outlines the obligations and requirements of the users, the website and website owners.
In accordance with Data Protection legislation, JR Care is registered with the Information Commissioner’s Office (ICO)

Website Users Privacy Policy

About Us

JR Care provides individuals with personalised packages of care and support to enable them to remain in their own home for longer.Working together with individuals and their families we create a support plan to suit the needs of the person in the short and longer term, promoting independence, choice, respect, privacy, security and continuity.Our experienced, professional Care Assistants, Support Workers and specialist staff are specifically trained to deliver tailored, individual support packages.We take great pride in our ability to design appropriate person-centred care plans. By understanding the needs of our individual customers we are able to offer a personalised, reliable and high quality service that provides peace of mind to them and their families.
Our commitment is to improve a person’s quality of life and give them the opportunity to maximise their independence through our outcomes based care approach. Our Services include:

• Home care services
• Supported living services
• Live-in Care
• Specialist services
• Respite care
• Palliative care
• End of life care
• Dementia care
• Complex care
• Learning disabilities

Information We Collect from Website Users

When you visit our website, we may collect the following information:

• IP address and geographic location derived from your IP address
• Browser type, version, and language settings
• Operating system and platform
• Referral source and entry pages
• Length of visit, page views, website navigation paths, and timing of page interactions
• Information about the timing, frequency, and pattern of your service use
• Technical information about your device including screen resolution and browser settings
• Any information you voluntarily submit through our website forms

How We Use Website User Data

We use the information we collect from website users for:

• Improving our website’s functionality and user experience
• Personalizing your experience on our website based on your preferences
• Administering the website and ensuring its security
• Enabling your use of the services available on our website
• Processing inquiries submitted through contact forms
• Analyzing your use of our website to identify trends and improve our services
• Gathering feedback for quality improvement
• Ensuring the technical functionality and security of our website
• Maintaining audit trails for security purposes
• Complying with legal obligations

Cookies

Our website uses cookies to collect information about your browsing activities. Cookies are small text files that are placed on your device when you visit our website. We use both session cookies (which expire once you close your web browser) and persistent cookies (which stay on your device until they expire or you delete them).
We use the following types of cookies:

1. Essential cookies: These are necessary for the website to function prop erly and cannot be turned off in our systems.
2. Performance cookies: These help us understand how visitors interact with our website by collecting and reporting information anonymously.
3. Functionality cookies: These allow our website to remember choices you make and provide enhanced, more personal features.
4. Targeting cookies: These cookies record your visit to our website, the pages you have visited, and the links you have followed.

For a detailed list of the cookies we use, please refer to our Cookies Policy on our website.

Third-Party Sharing

We will never sell or share your details with any organizations for their own marketing or advertising purposes. Your data may be shared with:

• Our authorized IT service providers who help maintain our website
• Analytics providers (such as Google Analytics) to help us improve our website functionality and user experience
• Third-party service providers who assist in the operation of our website
• Regulatory authorities if required by law
• Law enforcement agencies in connection with any investigation to help prevent unlawful activity

e require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

Data Retention for Website Users

We will retain your website user data for a maximum of 24 months from your last interaction with our website. After this period, your personal data will be anonymized or securely deleted unless we have a legitimate reason to retain it longer (such as for compliance with legal obligations).

Security Measures

We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:

• Encryption of personal data during transmission using SSL technology
• Secure servers with regular security updates and patches
• Regular testing of security measures and vulnerability assessments
• Restricting access to personal information on a need-to-know basis
• Firewalls and intrusion detection systems
• Regular data backup procedures
• Staff training on data protection and information security
• Physical security measures at our premises

Service Users Privacy Policy

What Personal Information We Collect

We collect and maintain different types of personal information for service users, including:

• ID Information such as your name, home address, email address, telephone numbers and date of birth
• Next of kin contact information including emergency contacts
• Medical records and health information (mental and physical) including medicine dosages, allergies, treatment plans, and pandemic infection and control data
• Medical records and health information (mental and physical) including medicine dosages, allergies, treatment plans, and pandemic infection and control data
• Ethnicity and religious affiliation if relevant to your care needs
• NHS number and healthcare identifier information
• Telephone call recordings related to your care arrangements
• Risk assessments and care plans
• Risk assessments and care plans
• Dietary requirements and preferences
• Invoicing and payment records including bank details for direct debit ar rangements
• Past medical conditions history and ongoing health status
• Lifestyle information relevant to your care
• Photographs that may be necessary for identification or care purposes
• Records of communications between you and our staff

Why We Collect Service User Information

We collect and use your personal information for:

• Assessing whether we are able to assist you and determine appropriate care requirements
• The management and provision of your personalized care
• Maintaining accurate and up-to-date records of services provided to you
• Care planning and risk assessment
• Invoicing, fee collection and debt recovery
• Keeping records up to date and ensuring continuity of care
• Complying with legal and regulatory obligations including CQC require ments
• Implementing best practice and guidance from the Care Quality Commis sion or other regulatory bodies
• Safeguarding your health and safety
• Coordinating with other healthcare providers involved in your care
• Responding to feedback, concerns or complaints
• Quality assurance and service improvement
• Training and supervising our staff
• Emergency response planning

Legal Basis for Processing

• Fulfillment of our contract with you to provide care services
• Our legitimate interests in operating an effective care service
• Legal obligations under healthcare, social care, and health and safety leg islation
• Your explicit consent for special categories of data (such as health infor mation) where applicable
• Protection of vital interests in emergency situations where you might be physically or legally incapable of giving consent
• Public interest in the area of public health, such as protecting against serious cross-border threats to health
• For the establishment, exercise or defense of legal claims

Special Categories of Data

Due to the nature of our services, we process special categories of personal data, including data concerning health, which requires a higher level of protection. We process this information where:

• You have given explicit consent
• Processing is necessary for the purposes of preventive or occupational medicine, for the assessment of working capacity, medical diagnosis, the provision of health or social care or treatment
• Processing is necessary to protect your vital interests where you are phys ically or legally incapable of giving consent
• Processing relates to personal data which are manifestly made public by you
• Processing is necessary for reasons of substantial public interest

Who We Share Service User Information With

We may share your personal information with:

• Our staff members who provide care (on a need-to-know basis)
• The NHS and healthcare providers directly involved in your care
• Your doctor (GP) and specialist medical professionals
• Pharmacies that dispense your medication
• Social services departments responsible for your care arrangements
• Local authorities funding or overseeing your care
• Hospitals and treatment centers
• Emergency services in case of medical emergencies
• District Nurses and community healthcare teams
• Clinical multi-disciplinary teams coordinating your care
• Specific external suppliers (e.g., IT systems providers, rostering systems, electronic care planning systems)
• Regulators such as the Care Quality Commission during inspections
• Legal representatives where necessary to establish or defend legal claims
• Family members or representatives with your consent or when it is in your best interests

We will always ensure that:- Information shared is limited to what is necessary- Recipients understand their duty of confidentiality- Information is transferred securely- Sharing complies with all applicable data protection laws

Data Retention for Service Users

We will retain your personal information for 7 years after the discharge of all fees incurred in your care or at the end of any service we have provided to you, whichever is later. All health records are retained in accordance with national guidelines, which may vary depending on the specific records held.
For medical records and care plans, retention periods may be longer in accor dance with NHS record keeping guidelines. Records relating to children and young people may be kept until the person’s 25th birthday or 26th if they were 17 at conclusion of treatment, or 8 years after death.

Staff & Job Applicants Privacy Policy

What Personal Information We Collect

We collect and maintain different types of personal information for employees and job applicants, including:

• CVs, resumes, application forms and covering letters
• References and interview notes from recruitment processes
• DBS (Disclosure and Barring Service) checks and vetting information
• Education and training information, qualifications, and certificates
• Right to work documentation and immigration status
• Photographs, testimonials, video and audio recordings including CCTV imagery
• Employment contracts, letters of offer and acceptance
• Policy acknowledgment sign-off sheets and training records
• Payroll information, including bank details, tax codes, and national insurance number
• Wage and benefit information including annual leave records, pension details, and other benefits
• Forms relating to the application for welfare benefits or statutory entitlements
• Health questionnaires and risk assessments including details of any medical condition or medication relevant to your work
• Occupational health reports and fit notes
• Beneficiary and emergency contact information
• Performance reviews and career development information
• Attendance records, including time and attendance data
• Disciplinary and grievance records
• Driving license and insurance documentation for roles requiring driving
• Equal opportunities monitoring forms (anonymized)
• Professional registration numbers and information
• Training and development records
• Internal communication records relevant to employment

Why We Collect Staff Information

We use your personal information for:

• Determining eligibility and suitability for employment
• Conducting background checks within legal limits
• Administering pay, pensions, and benefits
• Processing work-related claims (e.g., insurance claims, expense reimbursements)
• Establishing training and development requirements and records
• Conducting performance reviews and determining performance requirements
• Workforce planning and management
• Gathering evidence for disciplinary, grievance or whistleblowing procedures
• Establishing emergency contacts
• Preventing inequality or health & safety incidents
• Pandemic monitoring and infection control
• Complying with regulatory and legislative requirements including industry-specific regulations
• Compiling directories for internal communication purposes
• Analyzing workforce trends and monitoring equality and diversity
• Ensuring security of company information and property
• Managing absence and leave entitlements
• Providing employment references
• Meeting statutory reporting requirements

Legal Basis for Processing

We process your information based on:

• Performance of our employment contract with you
• Legal obligations under employment, tax, and social security laws
• Our legitimate interests in effectively managing our workforce
• Your consent (where specifically required)
• Processing necessary for carrying out obligations in the field of employment law
• Public interest for pandemic-related processing and public health measures
• Protection of vital interests in emergency situations

Monitoring

We may monitor staff activities, attendance, and our premises for:

• Protection of employees and third parties
• Prevention of theft, vandalism, and damage
• Quality control and service assurance purposes
• Computer and email usage monitoring in accordance with our IT policies
• Call recording for training and quality purposes
• Location tracking through care management systems to ensure staff safety when working alone
• Electronic visit verification for regulatory compliance

This monitoring may include:- CCTV systems in our premises- Biometric attendance systems- Electronic care monitoring systems- Vehicle tracking for company vehicles- IT system and email monitoring
Where in use, CCTV cameras are there for the protection of staff, service users and visitors, to protect against theft, vandalism and damage to goods and prop erty. Generally, recorded images are routinely destroyed and not shared with third parties unless there is suspicion of a crime, in which case they may be turned over to the police or other appropriate government agency or authority
When using company equipment or resources, employees should not have any expectation of privacy with respect to their use of such equipment or resources.

Who We Share Staff Information With

We may share your personal information with:

• Other employees on a need-to-know basis for administrative purposes
• Professional advisers including lawyers, auditors, and insurers
• Service providers who process data on our behalf (payroll, pension, benefits administrators)
• HMRC and other tax authorities
• Regulatory authorities including the Care Quality Commission
• The Disclosure and Barring Service
• Professional registration bodies
• Training and certification providers
• Occupational health providers
• Emergency services where necessary
• Potential future employers when providing references (with your consent)
• Legal representatives in case of disputes or legal proceedings

Data Retention for Staff and Applicants

For unsuccessful job applicants, we will generally destroy your data after 6 months unless you request that we retain it longer or there is a legal reason to retain it.
For recruited staff, we will retain your personal information for 6 years after you have left the company, in accordance with statutory requirements for employ ment records. However, certain information may be kept for different periods:

• Payroll records: 6 years after the end of the tax year they relate to
• Accident records: 3 years after the date of the last entry
• Assessments under health and safety regulations: 40 years
• Information related to potential legal claims may be kept until the statutory limitation period for bringing such claims has expired

Mobile App Users Privacy Policy

What Personal Information We Collect Through Our Mobile App

When you use our care home mobile application, we may collect:

• Personal identification information (name, address, date of birth, gender)
• Contact information (email address, phone number, alternative contact details)
• Login credentials including username and encrypted password
• Device information (device type, operating system version, unique device identifiers, and mobile network information)
• Usage data including how you interact with the app, features used, and time spent on different sections
• Location data when permitted and relevant for care delivery (GPS data or derived from network-based methods)
• Documents uploaded for verification (such as ID documents or medical information)
• Care-related information relevant to service delivery including care schedules, preferences, and requirements
• Photographs uploaded for profile or identification purposes
• Communication preferences and notification settings
• Health and medical information when relevant to care needs
• In-app communications between users and care providers
• Technical diagnostic data to troubleshoot app performance issues

Why We Collect Mobile App User Information

We use this information to:

• Create and manage your account within our care management system
• Verify your identity to maintain security and prevent fraud
• Provide and personalize our services to meet your specific care needs
• Facilitate communication between caregivers, service users, and administrators
• Send service-related notifications about care visits, schedule changes, or important updates
• Track and coordinate care delivery to ensure quality and consistency
• Improve our mobile application functionality and user experience
• Ensure compliance with regulatory requirements in the care sector
• Process payments and manage billing (if applicable)
• Generate anonymized statistics and reports for service improvement
• Troubleshoot technical issues and optimize app performance
• Respond to your inquiries and support requests
• Maintain audit trails for security and quality assurance

Data Storage and Security for Mobile App User

All personal data collected through our mobile application will be:

• Stored only on our own secure servers within the UK/EEA
• Protected using industry-standard encryption both in transit and at rest
• Secured with multiple layers of protection including firewalls and intrusion detection
• Accessible only to authorized personnel on a need-to-know basis
• Subject to regular security audits and penetration testing
• Not shared with any third parties except those necessary for service provision
• Backed up regularly with secure, encrypted backup systems
• Protected by secure authentication mechanisms including password requirements and session timeouts
• Subject to our comprehensive information security management system

Data Visibility and Access Controls in the Mobile App

• Uploaded documents and personal data will be visible only to the respective user and authorized platform administrators
• Different user roles have specifically defined access levels to ensure data is only accessible to those who need it
• Strict access control measures are implemented through role-based permissions
• All access to personal data is logged and monitored for security purposes
• Two-factor authentication is available for sensitive operations
• Automatic session timeouts protect data when the app is not in active use
• Users can control visibility settings for certain profile information
• Regular access reviews ensure permissions remain appropriate

Legal Basis for Processing Mobile App Data

We process your information based on:

• Fulfillment of our contract with you to provide care services through the app
• Our legitimate interests in operating an effective and secure care service
• Legal obligations under healthcare, social care, and data protection legislation
• Your explicit consent (where required, particularly for special categories of data)
• Protection of vital interests in emergency situations
• Public interest in the area of public health, such as pandemic monitoring

Data Retention for Mobile App Users

We will retain your personal information for as long as your account remains active, plus 7 years after account closure or last use of our services, whichever is later. This retention period allows us to:

• Comply with legal and regulatory requirements in the care sector
• Respond to any questions or complaints
• Defend against potential legal claims
• Maintain continuity of care if services are resumed

You can request deletion of your account at any time, though we may need to retain certain information for legal and regulatory purposes. Upon account deletion, personal data that is not required to be retained will be either deleted or anonymized.

Your Rights Under the GDPR

Under the General Data Protection Regulation (GDPR), you have several rights regarding your personal data:

1. The right to be informed- You have the right to be informed about the collection and use of your personal data, which we address through this privacy policy.
2. The right of access- You have the right to request a copy of the information we hold about you. We will respond to such requests within one month.
3. The right to rectification- You have the right to have inaccurate personal data rectified or completed if it is incomplete. We will respond to such requests within one month.
4. The right to erasure (also known as ‘the right to be forgotten’)- In certain circumstances, you have the right to request that we delete your personal data. Please note that there may be legal or other official reasons why we need to retain your data.
5. The right to restrict processing- You have the right to request that we restrict the processing of your personal data in certain circumstances, such as while we verify its accuracy or if you have objected to processing.
6. The right to data portability- You have the right to request that we transfer your personal data to another service provider in a structured, commonly used, and machine-readable format.
7. The right to object- You have the right to object to processing based on legitimate interests, direct marketing, and processing for research and statistical purposes.
8. Rights related to automated decision-making and profiling- You have rights related to automated decision-making and profiling, including the right to obtain human intervention, express your point of view, and contest decisions made by purely automated means.

To exercise any of these rights, please submit a request in writing to our Data Protection Officer. We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data. This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it.

Children’s Privacy

Our services and mobile application are not intended for use by children under the age of 16 without parental consent. We do not knowingly collect personally identifiable information from children under 16. If you are a parent or guardian and you believe we may have collected information about a child, please contact us, and we will take appropriate steps to remove that information from our systems.

International Data Transfers

JR Care primarily operates in the UK, and your personal data will generally be stored and processed within the UK or European Economic Area (EEA). However, in some cases, your data may be transferred to, stored, or processed in countries outside the UK/EEA. In such cases, we will ensure appropriate safeguards are in place, such as:

• Transferring data to countries deemed to provide an adequate level of protection by the UK or EU authorities
• Using Standard Contractual Clauses approved by the UK or EU authorities
• Implementing binding corporate rules for transfers within a corporate group

Updates to this Privacy Policy

From time to time, we may amend this privacy policy to align with changes to legislation, including but not limited to the General Data Protection Regulation 2016, Privacy and Electronic Communication Regulation 2003, and the Data Protection Act 2018, or to reflect changes in our services or business practices.
Any changes, updates, or amendments to this policy will be posted on our website with the date of the latest update. We encourage you to review this privacy policy periodically to stay informed about how we are protecting your information.
For substantial changes that may significantly affect your rights, we will provide a prominent notice on our website or send you a direct notification.

Complaints

If you have any questions, concerns, or complaints regarding data protection and this privacy notice, please contact your local Office/Registered Manager. Alternatively, you may contact our Data Protection Officer.
If you are not satisfied with our response, you have the right to lodge a com plaint with the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk).

Contact Information

JR Care Ltd17 Morris Road
Newtongrange
Dalkeith EH22 4STPhone:+44 07802416170, +44 01316771557Email: info@jrcareltd.com

Data Protection Officer

You can contact our Data Protection Officer directly at info@jrcareltd.com