Starling Homecare
a
[email protected]
01727 324 127
M

Privacy & Cookie Policy

1. Business Information

This Privacy and Cookie Policy explains how Starling Homecare (“we”, “our” or “us”) collects, uses, retains and protects personal information in the course of operating our business. This includes information provided via our website, through our communications and during the provision of our services.

STARLING HOMECARE is the trading name of TRIARA LIMITED, registered in England and Wales (Company No: 16293338).

Registered Office: Suite 4, STANTA Business Centre, 3 Soothouse Spring, St Albans, Hertfordshire, AL3 6PF
Website: www.starlinghomecare.co.uk
Email for Data and Privacy Queries: [email protected]

We are committed to protecting your privacy and ensuring your personal information is handled responsibly and in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, the Privacy and Electronic Communications Regulations (PECR) and other applicable laws and regulations.

This policy applies to:

  • Visitors to our website
  • Clients and prospective clients
  • Representatives or relatives of clients
  • Job applicants and employees
  • Suppliers, contractors and professional contacts

2. What Personal Data We Collect

We may collect and process the following categories of personal data, depending on how you interact with us and the nature of our relationship with you. This includes information you provide directly, information we generate during our dealings with you, and information we obtain from third parties where permitted by law.

General personal details

  • Full name and preferred name
  • Contact details including postal address, email address and telephone number
  • Date of birth, gender and other identifying information

Client and care-related information

  • Health and social care information relevant to the provision of services
  • Information relating to your care needs, preferences, routines and relevant lifestyle details
  • Financial information necessary for billing and payment
  • Records of communications, enquiries, feedback and complaints
  • Records of assessments, care plans, reviews, risk assessments, accident and incident reports, safeguarding records and any associated documents

Employment and engagement information

  • Job applications, CVs and covering letters
  • Records of qualifications, skills, work history and training
  • Identity verification, right to work documentation and references
  • Results of criminal records checks (including DBS checks) and other statutory disclosures
  • Interview records and recruitment notes
  • Records of employment or engagement with us, including performance, attendance, payroll, disciplinary and grievance records

Supplier and professional contact information

  • Business contact details
  • Contracts, invoices, payment details and correspondence

Website, marketing and communication information

  • Messages and enquiry details provided via our website forms, email, telephone or post
  • Records of your interactions with us, including emails, calls and meeting notes
  • Website usage data such as IP address, browser type, operating system, referral source and browsing activity
  • Cookies and tracking technologies including Google Analytics, Meta Pixel and other similar tools
  • Preferences for receiving marketing or service updates from us

We only collect the information we need for the purposes set out in this policy or as otherwise permitted by law. We may combine information collected from different sources where lawful to do so in order to maintain accurate and up to date records.

Information collected via third-party advertising or social media platforms, such as lead forms, tracking pixels, engagement data or other tools, where you have interacted with our content or adverts on those platforms.

3. How We Use Your Data

We use personal data for the purposes described below and only where we have a lawful basis under the UK GDPR and the Data Protection Act 2018.

Provision of care and related services

  • Arranging, delivering and reviewing care services
  • Preparing and maintaining care plans, risk assessments and records of care delivered
  • Communicating with you and your nominated representatives about your care
  • Coordinating with health and social care professionals, regulators and other authorised third parties involved in your care

Business administration and operations

  • Managing contracts, accounts and payments
  • Maintaining accurate business records, including client, staff and supplier files
  • Conducting audits, quality assurance checks and service reviews
  • Complying with legal, regulatory and insurance requirements

Recruitment, employment and engagement

  • Processing job applications and assessing suitability for roles
  • Verifying identity, right to work and qualifications
  • Conducting criminal records and other statutory checks
  • Maintaining staff records during and after employment or engagement
  • Managing performance, training, payroll, benefits, absences and related matters

Safety, safeguarding and compliance

  • Meeting safeguarding responsibilities, including recording and reporting concerns
  • Investigating and responding to complaints, incidents and accidents
  • Cooperating with law enforcement, regulators or other public authorities where legally required
  • Preventing, detecting and responding to fraud, security breaches or unauthorised access

Training, monitoring and service development

  • Using anonymised or aggregated information to review and improve services
  • Monitoring calls or communications for quality and training purposes
  • Developing new services, systems or processes that support our operations

Marketing, relationship management and communications

  • Providing information about our services where you have enquired or requested it
  • Sending service updates, newsletters or marketing communications where permitted by law and your preferences
  • Understanding engagement with our communications to improve relevance

We process special category data, including health and care-related information, under the lawful bases of legal obligation and the provision of health or social care under UK GDPR Article 9(2)(h). We process criminal records information where required by law and in line with applicable safeguarding legislation.

Where we rely on consent for processing, you may withdraw that consent at any time. In most cases, we rely on other lawful bases such as contract, legal obligation, legitimate interests or vital interests.

We may retain and use personal data after the end of a care relationship, contract or application for the purposes of complying with legal obligations, defending or establishing legal claims, responding to insurance requirements, maintaining business records, or as otherwise permitted by law.

We may also share and use personal data within our company group or with associated companies, including any companies that we establish, acquire, merge with or otherwise have a controlling interest in, where this is necessary for the purposes set out in this policy and where permitted by law. In the event of a reorganisation, merger, sale or transfer of our business, personal data may be transferred to the new owner or controlling entity as part of that process, subject to applicable legal protections.

4. Who We Share Your Data With

We share personal data only where necessary for the purposes set out in this policy and where permitted by law. This may include sharing with:

  • Service providers and sub-processors who supply IT, hosting, telephony, secure messaging, document management, care management systems, payroll, HR, recruitment platforms, training systems, identity verification, analytics, marketing tools and other operational services.
  • Professional advisers including legal, insurance, audit, accounting, compliance and safeguarding specialists.
  • Health and social care professionals and authorised third parties involved in your care or in safeguarding.
  • Third-party suppliers or service providers that we recommend or introduce to you, such as equipment providers, private therapists, tradespeople or other professionals, where you have agreed to use their services. These services are provided under a separate agreement between you and the third party, and we are not responsible for their actions or omissions.
  • Regulators and public authorities where required by law, including CQC, local authorities, DBS and law enforcement.
  • Payment processors and banks for billing and fraud prevention.
  • Advertising and marketing platforms, such as social media networks or search engines, to promote our services where permitted by law and in line with your communication preferences.
  • Our company group and associated companies where necessary for administration, governance, audit, insurance, service delivery or as otherwise permitted by law.
  • Successors or new owners in the event of a reorganisation, merger, sale or transfer of our business, subject to applicable legal protections.

We do not sell personal data.

5. How We Store and Protect Your Data

We take data security seriously and use a combination of technical and organisational measures to keep your information safe.

Personal data is stored securely using trusted systems, including encrypted email and secure cloud-based services. Access is restricted to authorised team members and protected by strong passwords, two-factor authentication and internal access controls. Physical records are kept in secure facilities with controlled access.

We retain personal data for as long as necessary to fulfil the purposes for which it was collected or to comply with legal, regulatory, contractual, insurance or operational requirements. We may also retain personal data for the establishment, exercise or defence of legal claims, for audit or risk management purposes, or as otherwise permitted by law. Retention periods are determined with reference to statutory requirements, regulatory guidance, insurance obligations and our legitimate business interests. In some cases, we may choose to delete or anonymise data earlier than the maximum period if it is no longer required, provided that doing so does not breach any legal, regulatory or insurance minimum retention requirements.

This includes:

  • Contact and general enquiry records: retained for as long as necessary to respond to and manage the enquiry, and generally no longer than six years afterwards, unless needed for ongoing purposes such as resolving a dispute or responding to a legal claim.
  • Job applications and recruitment records: retained for as long as necessary for the recruitment process and, where lawful, for up to six years afterwards to respond to any legal or regulatory challenge, unless the individual becomes employed or engaged by us, in which case the records form part of their employment file.
  • Client and care-related records: including referrals, assessments, treatment and care plans, accident and incident registers, safeguarding records and records of alleged, actual or threatened abuse and actions taken, retained securely for a minimum of 30 years after the last date of care in accordance with legal, regulatory and insurance requirements, or longer where required to meet safeguarding or legal obligations.
  • Employment and engagement records: including applications, references, identity verification, DBS or other statutory disclosure checks, safeguarding policy versions and safeguarding training records, retained securely for a minimum of 30 years after employment or engagement ends in accordance with legal, regulatory and insurance requirements, or longer where required to meet safeguarding or legal obligations.
  • Safeguarding policies and revisions: retained for a minimum of 30 years from the date they are superseded, in accordance with insurance and governance requirements.

Where the maximum retention period for personal data has been reached, or where we no longer need to retain the personal data in identifiable form, we may continue to retain the information in anonymised or pseudonymised form for an indefinite period for statistical analysis, service improvement, quality monitoring, research or business planning, provided that it no longer identifies any individual.

We regularly review our data handling and security measures to ensure your information remains secure, relevant and compliant with the UK GDPR.

6. International Transfers

Some of our service providers and partners may store or process personal data outside the United Kingdom. This can happen, for example, when we use global cloud services such as email hosting, file storage, care management systems or when aspects of our back-office operations are managed abroad.

When personal data is transferred outside the United Kingdom, we work with suppliers and partners who are required to protect that data to standards that meet UK legal requirements. This may include using safeguards such as standard contractual clauses, adequacy regulations or other recognised legal protections.

We do not list all countries where data may be processed, as this can change depending on our suppliers, but we only work with reputable organisations that meet the required standards for international data protection.

7. Cookies and Tracking

Our website uses cookies and similar technologies to help us operate effectively, understand how our website is used and improve the visitor experience. These technologies may also be used for security, analytics, advertising and marketing purposes.

Cookies are small text files stored on your device when you visit a website. They allow us and our service providers to recognise your browser and remember certain information. Similar technologies include scripts, tracking pixels and tags that perform similar functions.

We may use:

  • Essential cookies that are required for basic website functionality, such as navigation or form submission.
  • Performance and analytics cookies to help us understand how people use our site, such as which pages are visited most often.
  • Advertising or marketing cookies set by us or our partners to deliver relevant content and measure the effectiveness of campaigns.
  • Functionality cookies to remember your preferences and improve your browsing experience.

You can manage or disable cookies at any time through your browser settings. You may also be presented with a cookie preferences panel when you first visit our website, which allows you to choose which non-essential cookies you accept.

We do not commit to using any specific provider, tool or cookie lifespan, as these may change over time to reflect our operational and business needs.

We may also use third-party advertising platforms such as Meta, Google, LinkedIn or other social media networks to promote our services. These platforms may collect or process personal data when you interact with our adverts, including through lead forms, website tracking pixels or similar tools. Information you provide via these platforms is also subject to the privacy policy of the platform operator. Where we receive personal data from such platforms, we may combine it with our existing records and use it for the purposes described in this policy.

8. Your Rights Under UK GDPR

Under the UK General Data Protection Regulation, you have certain rights in relation to your personal data. These rights are not absolute and may be subject to limitations, exemptions or lawful grounds for refusal.

You may have the right to:

  • Access the personal data we hold about you.
  • Request correction of any inaccurate or incomplete data.
  • Request deletion of your data, where appropriate.
  • Restrict processing of your data in certain circumstances.
  • Object to processing based on our legitimate interests or for direct marketing.
  • Request transfer of your personal data to another party in a commonly used format where technically feasible.
  • Withdraw consent at any time where we rely on your consent to process data (this will not affect the lawfulness of processing before consent was withdrawn).

To exercise any of these rights, please contact us using the details in Section 9. We may need to verify your identity before processing your request.

We will respond in accordance with our legal obligations and within the time limits allowed by law, which may be extended in complex cases. We may refuse or limit a request where it is unfounded, excessive, repetitive, or where we have another lawful reason to retain or process the data.

9. Contact Details

If you have any questions about this Privacy and Cookie Policy, how we handle your personal data, or if you wish to exercise your data protection rights, please contact us:

Email: [email protected]
Post: Data Protection Lead, Starling Homecare, Suite 4, STANTA Business Centre, 3 Soothouse Spring, St Albans, Hertfordshire, AL3 6PF

For security and accuracy, we ask that all data protection requests are made in writing by email or post. We may need to verify your identity before processing your request.

If you are not satisfied with our response, you have the right to raise your concern with the UK Information Commissioner’s Office (ICO): www.ico.org.uk