GDPR Privacy Policy - Papillon Home Care
page-template-default,page,page-id-465,ajax_fade,page_not_loaded,,footer_responsive_adv,qode-content-sidebar-responsive,qode-theme-ver-14.0,qode-theme-bridge,disabled_footer_top,wpb-js-composer js-comp-ver-5.4.7,vc_responsive

GDPR Privacy Policy

The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) is a new regulation which replaces the Data Protection Directive (Directive 95/46/EC). The General Data Protection Regulation builds on previous legislation but enhances privacy rights for individuals. The GDPR will apply in the UK from 25th May 2018. Despite the UK’s intention to leave the European Union in March 2019, the GDPR will still apply in accordance with the Information Commissioner’s Office (ICO) guidance to continue a similar level of regulation post March 2019, together with a new Data Protection Act.

Papillon Home Care Ltd are dedicated to being responsible when collecting and using your personal data. The privacy policy below outlines how we will adhere to the GDPR. Your GDPR specific rights will come into effect once the GDPR becomes law on 25th May 2018.

This policy will outline:

The details of the Data Controller and how to contact the Data Protection Officer (DPO)

The types of personal data we collect and how we use it

Our purpose and legal basis for processing your data

How and when we share data

How and when we use your data for marketing purposes

Your rights to request your personal data and how to do so

How you can raise a complaint with the ICO

Who controls my personal data?

The Data Controller is Papillon Home Care Ltd:

Papillon Home Care Ltd is a UK registered company - 11183121

The registered address is Suite 5, 61 High Street, New Romney, Kent TN28 8AH

The Data Controller’s representative is the Data Protection Officer (DPO)

You can contact the DPO by email:

Papillon Home Care Ltd is registered as a Data Controller with the Information Commissioner’s Office. Certificate number A8333735

Our purpose and legal basis for processing your data

Papillon Home Care Ltd is a domiciliary and social care agency providing services to the public in their own home.

We collect the personal data on the following types of people:

All staff registered and/or employed by Papillon Home Care Ltd

Our Board members and business connections

All clients using our services

What data will you give to us or will we collect from you?

You provide us with your personal data by filling in forms, either in person or on our website, and by corresponding with us by telephone and/or e-mail

The types of personal data we collect may vary according to its purpose. We typically collect information such as: your full name, telephone number, email address, postal address. We will also record any other relevant professional or personal information which is relevant to your relationship with Papillon Home Care Ltd

Personal Data may also include links to professional sites such as LinkedIn, Twitter, Facebook or our website

What information do we obtain from other sources?

We do not anticipate that we will obtain your information from other sources, but if this occurs we will let you know we are holding your data by sending you this privacy policy within a maximum of 30 days of collection

What are the purposes and legal basis for our processing?

We use information held about you in the following ways:

To carry out our obligations arising from any contracts we intend to enter or have entered between you and us and to provide you with the information, products, and services that you request from us, or we think will be of interest to you because of its relevance

To provide you with information about services that we offer, or that you have enquired about

Our main legal basis for the processing of personal data is our legitimate business interests, described in more detail below, although we will also rely on contract, legal obligation, and consent for specific uses of data

We will rely on our contract if we are negotiating, or have entered into an agreement with you or contract, to provide services to you

We will rely on legal obligation if we are legally required to hold information on to you to fulfil our legal obligation, for example, our statutory obligation as an employer and CQC

We will in some circumstances rely on consent for uses of your data and you will be asked for your express consent e.g. before sharing your details with a third party

Our Legitimate Business Interests

To manage information in order to be able to provide you with a service

To manage employee and contractor relationships

To manage our organisational rights and obligations


Should we want or need to rely on consent to lawfully process your data, we will request your consent by mail, email or by an online process for the specific activity we require consent. Your response would then be held securely on our system. Where consent is the lawful basis for our processing, you have the right to withdraw your consent to this processing at any time

Other uses we will make of your data

To notify you about changes to our services

To ensure that content from our site is presented in the most effective manner for you and for your computer

To administer our site and for internal operations, including troubleshooting, security, data analysis, testing, research, statistical and survey purposes

To allow you to participate in interactive features of our service, should you choose to do so

Who will have access to your data inside and outside of European Economic Area (EEA)?

We do not foresee that we will share your personal information with any third parties outside of the EEA. In the unlikely event that changes, we will notify you in good time

Will your data be used for marketing?

We will only send you information about our services that are relevant to you

We may send the communication in several ways, including email and post

When you register your details with us we will ask your preferences on receiving marketing communications. You also have the right to change your preferences at any time by phone or email

Where will we store and process your personal data?

All information you provide to us is stored on our secure servers. Any payment transactions will be encrypted. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our site, you are responsible for keeping this password confidential. We ask you not to share this password with anyone.

Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access

How long will we retain your data?

We understand our legal duty to retain accurate data that you are happy for us to retain. We will only retain personal data for as long as we need it for our legitimate business interests or to satisfy legal, accounting or reporting requirements. Accordingly, we have a data retention policy and run regular data routines to remove data that we no longer have a legitimate business interest in maintaining.

We do the following to try to ensure our data is accurate:

We keep in touch with you, so you can let us know of changes to your personal data

We may archive part or all of your personal data or retain it on our financial systems. We may pseudonymise parts of your data, particularly following a request for suppression or deletion of your data, to ensure that we do not re-enter your personal data on to our database, unless requested to do so

For your information, pseudonymised Data is created by taking identifying fields within a database and replacing them with artificial identifiers, or pseudonyms

Our current retention policy is available upon request

Changes to this Privacy Policy

Any changes we make to our privacy policy in the future will be posted on this page and, where appropriate, notified to you by e-mail. Please check back frequently to see any updates or changes to our privacy policy.

How safe is your data?

Appropriate technical and organisational measures are taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data

We use electronic safeguards including firewalls, anti-virus and anti-malware software to protect your data

Only authorised staff have access to personal data and are appropriately trained and supported by policies and procedures for handling personal data

For payments, we do not retain your full card details and always require you to provide the last three digits of the security code to process a payment

We do not recommend or guarantee the safety of your payment details sent to us electronically via email

What are your rights to your personal data?

You have the right to request copies of any personal data held by us

To receive a copy of your personal data please send your written request to the Data Controller at Papillon Home Care Limited, Suite 5. 61 High Street. New Romney, Kent TN28 8AH

We will provide you with a hard copy of all personal data held on you

You will not be charged for your personal data request

Your data will be returned within 40 days of receiving the request.

We will require proof of identity

You also have the right to the following:

The right to prevent data being processed for direct marketing

The right to have inaccurate personal data rectified, erased, or destroyed

You have the right to make a complaint to a supervisory body, which in the United Kingdom is the Information Commissioner’s Office. The ICO can be contacted through this link:

You will have the following additional rights under the GDPR:

The right to object to processing that is likely to cause or is causing damage or distress

The right to object to decisions being taken by automatic means

The right to have inaccurate personal data suppressed, rectified, blocked, erased, or destroyed

You can enforce these rights by contacting the Data Controller