ENABLE AND THRIVE LTD PRIVACY POLICY V2.0
Last updated 17/04/2024
This Privacy Policy describes how we collect, use, process, and disclose your information, including personal information, in conjunction with your matter at Enable Ltd. When this policy mentions “Enable Ltd,” “we,” “us,” or “our,” it refers to the company Enable and Thrive Ltd that is responsible for your information under this Privacy Policy (the “Data Controller”).
As a Management of Affairs company whose core principle is the safeguarding of elderly and vulnerable adults, we take privacy seriously. We therefore take every step to ensure your data is stored and used as safely as possible.
We offer a service which provides bespoke support for elderly and vulnerable adults, our services include:
– Managing your finances
– Checking your mail
– Appointment reminders
– Paying utility bills, setting up direct debits
– Home and car insurance
– Benefit entitlement checks an completing benefit applications
– Arranging gardeners, cleaners, trades people and carers
– Booking taxis
– Medication reviews and support
– Weekly food shopping ordering and delivering
Collection
We collect most of the personal data we process directly from you, for example, if you contact us with an enquiry or sign up to our service.
Due to the nature of the services we provide, each client has individual needs and as such can consent as to what information they would like us to have and how they would like us to use it.
When you join our service, we ask you personal questions such as your address, date of birth and also some more private questions such as your National Insurance number and banking details. We only use these details as you consent us to, which is expressed on the ‘Consent to Share Information’ document which would have been presented to you at the initial meeting. This document allows you to confirm with us what data you would like shared and with whom. This information is known as ‘personal data’ which is data that can be used to identify you. The personal data we collect is largely determined by you, and the nature of your interaction with us (such as using our website, or contacting us with an enquiry and joining our service). Some of this more sensitive data is called “special category data”, and there are additional conditions which must be met when it is processed.
Depending on the package you are on and the level of services you require, we may need different information. We use this information to provide the best service possible.
We may also collect your personal data through observation, including when you visit our website. For more information about this, please refer to our cookie policy.
We may also receive information about you from people who:
• contact us with an enquiry, complaint or concern
• are involved in your life, such as family, friends, social workers, students, medical professionals and care workers
• We may not have any control over what personal data is sent to us (and received by us) through such channels. However, in this privacy notice, we have described the main types of personal data we expect to receive, and how we will use it.
For the avoidance of any doubt, we do not buy or sell your personal data.
Privacy and our role as your Attorney’s:
As part of our services you may sign a General Power of Attorney and Lasting Power of Attorney documents which authorise Emily Allchurch and Lindsey Balchin to act as your Attorneys, this gives them special powers with regards to information
gathering.
For Lasting Powers of Attorney this could include:
– Speaking with medical professionals regarding a client’s health and medical conditions. This may also require the attorneys to store this information and pass on this information to family members and others involved in your care, such as care agencies and appropriate members of their staff.
– Storing your financial information such as banking details in order to manage your finances.
This data is of the utmost privacy and confidentiality, and the attorneys will try to involve you (where appropriate) to obtain consent regarding personal data storage and disclosure. Of course, this can only be done if you still have capacity. If a client does lack capacity, Attorneys should only ask for private information that will help them make a decision they need to make on behalf of the person who lacks capacity.
For a General Power of Attorney this could include:
– Access to banking information which is stored for our records to manage the client’s finances, in a secure manner.
Storage
We retain your personal data in accordance with our regulatory functions and legal obligations. This means as your Attorney’s and advocates, we require your data in order to best support you. However, if data is not needed or requested by a client to be removed from our system, we are happy to safely dispose of data.
It may be necessary to retain information that is integral or intrinsically linked to other information which we continue to require. Holding, and deleting this information, would diminish the integrity of the other information, which could be essential to delivering our service.
Data Retention and Erasure:
We generally retain your personal information for as long as is necessary for the performance of the matter between you and us and to comply with our legal obligations. If you no longer want us to use your information to provide our services to you, you can request that we erase your personal information after the applicable minimum time. Please note that if you request the erasure of your personal information:
We may retain some of your personal information as necessary for our legitimate business interests, such as fraud detection and prevention and enhancing safety. Please refer to our Data Retention and Right to Erasure policies which are available upon request.
Where we store your personal data
Most of the data collected by Enable Ltd will be stored on UK-hosted data centres. In some cases, when necessary, your data will be transferred to and processed in countries outside of the UK.
We ensure GDPR compliant safeguards are applied to the storage of your personal data, for example through gaining your consent for the data to be transferred and through “standard contractual clauses” when applicable. These can be found on the website of the Information Commissioner and where relevant, the European Commission.
Your personal data will be stored by Enable Ltd staff, or with third parties or data processors in accordance with this privacy notice. We take steps to ensure we have high levels of data protection and confidentiality processes in place.
Lawful basis for proceeding
We are allowed to process your personal data for different reasons. Our lawful basis will depend on the data we are processing but will include:
Vital interests- we may use information and data to protect the vita interests of you or another person, for example in an emergency.
Consent- As a client you have consented, through agreeing to sign up to our services, to have your personal data processed, your personal preference would have been discussed and signed in the ‘Consent to Share Information’ document we hold with all of our clients.
Legal obligation- If you have appointed Emily Allchurch and Lindsey Balchin as your Attorney’s, they have a legal obligation to act within your best interests.
Public interest- As a public organisation we require personal data processing in accordance with legal obligations and other data processing operations which are seen as being of public interest such as public health.
Legitimate interests- This is where there is a relevant and appropriate relationship between the data subject and the controller in situations such as this, where the data subject is a client or in the service of the controller.
Sharing
Who we share your interests with:
Depending on each individual circumstance, we may share your personal data or
receive it from the following:
– Our employees
– Health care professionals
– Utility companies
– Maintenance companies and individual contractors
– Legal representatives
– Social workers
– Local authorities
– Public authorities
– Law enforcement
– Social Media Platforms: Where permissible, according to applicable law, we may share general blog information on social media platforms, such as Facebook or Google, to generate leads, drive traffic to our websites or otherwise promote our services.
– Business Transfers: In the unlikely event that Enable Ltd undertakes or is involved in any merger, acquisition, reorganisation, sale of assets, bankruptcy, or insolvency event, then we may sell, transfer or share some or all of our assets, including your information in connection with such transaction or in contemplation of such transaction (e.g., due diligence). In this event, we will notify you in advance before your personal information is transferred and becomes subject to a different privacy policy.
Powers to share information
– We gain consent from our clients to share their information through the ‘Consent to Share Information’ document which is completed during the initial meeting.
– Where we are appointed as your attorneys we also have your authority to liaise on your behalf with third parties where it is in your best interests to do so.
Third parties
We will only share personal data with third parties when the sharing has one or more appropriate legal bases and is carried out in a way which upholds data protection principles. This includes ensuring that there are adequate legal, technical and operational protections in place when we share your data.
We carry out due diligence checks on any contractors who will or could process personal data as part of the work they are doing on our behalf. We ensure that all contractors have a legally binding, written contract, with sufficient guarantees as required by the UK GDPR and the DPA 2018.
Raising concerns
If you raise a concern, we will ask you for relevant details, which may include, if not already known:
– your contact details
– if you raise a concern for (or on behalf) of someone else, their contact details
– details of the concern, including relevant information to help us assess or investigate it
– details of witnesses and other people you may have consulted about your concern
We may ask you for other information depending on the nature of the case.
We will use the information you give us to help us assess what action may be necessary. We may go on to investigate and some cases may progress to a hearing.
We are likely to contact you if we need to clarify something you have told us, or if we need more information. If we investigate the concern, we will ask you for a statement and may ask you to attend a hearing.
We will use your personal information where it is necessary for the investigation or hearing, in accordance with this privacy notice. For example, we will pass it on to the panel members conducting the hearing.
In deciding whether to share information, we weigh up and balance the wider public interest in disclosing information against individual rights, including the right to privacy. We review this on a case-by-case basis. In doing so, we will take your views into account and we will treat any concerns you have seriously. You can tell us at any time if you do not want us to share information or if you have any concern about us sharing information with certain people. However, there may be occasions where our duty to protect the public takes priority over your views or wishes, and we may need to share that information in accordance with that duty. We will always do our best to tell you before we do so.
Depending on the circumstances, the information you provide may mean we are compelled to act, which could mean that the information you provide and/or your identity is shared with or otherwise made known to the subject of the concerns, including by virtue of the circumstances of your concerns or the details you provide. If a complaint or concern is raised by or about you, we need to assess or verify information related to your fitness to practise or registration, or we need to investigate an incident alleged to have taken place, we may share your personal data and the information you provide (or provided about you) with third parties (such as referees, education and training providers, qualification awarding bodies, other regulators, employers, other authorities such as the police, relevant NHS organisations, external lawyers and witnesses to any incident that is alleged to have taken place).
We will not share your contact details with people or organisations you raised the concern about.
Feedback and enquiries
If you contact us with feedback or an enquiry, the data we may collect or otherwise
process may include:
• the contact details you provide to enable us to respond to your request
• the details contained within your feedback or enquiry
Freedom of information requests
Information we hold may need to be disclosed in response to a Freedom of Information request. We endeavour to follow guidelines from the Information Commissioner’s Office in responding to requests, including through the appropriate application of exemptions to the duty to confirm or deny whether information is held, and the duty to communicate it if so.
If you submit a Freedom of Information request to us, we may publish the request, or details of it, and our response. Where we do so, we will not publish information which identifies you and will redact or remove any other personal data mentioned in your request as appropriate, if applicable. For example, we may remove the names of our less senior members of staff, but may publish the names of our senior employees or board members.
Changes to this Privacy Policy
Enable Ltd reserves the right to modify this Privacy Policy at any time in accordance with this provision. If we make changes to this Privacy Policy, we will post the revised Privacy Policy on Enable Ltd website and update the “Last Updated” date at the top of this Privacy Policy.
Contact Us
If you have any questions or complaints about this Privacy Policy or Enable’s Ltd information handling practices, you may contact us at: Enable Ltd, Old Market House, Market Avenue, Chichester, West Sussex PO19 1JR.