Privacy Policy

Carlisle Care Ltd is a CQC-registered home care provider based in Carlisle, Cumbria. We provide domiciliary care, live-in care, and specialist support services across Carlisle and the surrounding areas. Data Controller: Carlisle Care Ltd Registered address: Ground Floor, Corby Business Centre, Eismann Way, Corby, NN17 5ZB Email: info@carlislecareltd.co.uk Phone: 07554 601597 CQC Registration: 1-18355462765

We may collect and process the following personal information: Enquiry and contact forms: your name, phone number, email address, and details of your care needs. Service users and clients: full name, date of birth, address, medical history, GP details, emergency contacts, care needs assessments, and care plans. Job applicants and staff: name, address, employment history, references, DBS check results, and right-to-work documentation. Website visitors: anonymised usage data via cookies (see Section 7). We do not collect sensitive personal data from website visitors unless you voluntarily provide it through our enquiry forms.

We use your personal data to: • Respond to your enquiry and provide a care assessment • Deliver and manage care services • Maintain accurate care records as required by the Care Quality Commission (CQC) • Process employment applications and manage staff records • Send service updates where you have given consent • Comply with our legal and regulatory obligations as a care provider We do not sell, rent, or share your personal data with third parties for marketing purposes.

Under the UK GDPR, we process your data on the following legal bases: Contract: to fulfil a care agreement or employment contract. Legal obligation: to comply with CQC regulations, safeguarding duties, and employment law. Legitimate interests: to respond to enquiries and improve our services. Consent: for optional communications such as newsletters or marketing emails. You may withdraw consent at any time by emailing info@carlislecareltd.co.uk. For special category data (health information), we rely on the provision of health or social care services under Article 9(2)(h) of the UK GDPR.

We may share your data with: • NHS services, GPs, hospitals, and social workers involved in your care • The Care Quality Commission (CQC) during inspections or investigations • Our regulated payroll and HR software providers (data processors bound by GDPR) • DBS checking services for staff vetting • Our insurance and legal advisers where required All third parties are required to handle your data securely and in accordance with UK data protection law. We do not transfer data outside the UK/EEA without appropriate safeguards.

We retain personal data only for as long as necessary: • Enquiry data (no contract agreed): 12 months • Client care records: 8 years after care ends (in line with NHS/CQC guidance) • Staff records: 6 years after employment ends • Job application data (unsuccessful): 6 months After the retention period, data is securely deleted or anonymised.

Our website uses a small number of cookies to ensure it functions correctly and to understand how visitors use the site. Essential cookies: required for the site to work. These cannot be disabled. Analytics cookies: we may use anonymised analytics (such as Google Analytics) to understand traffic patterns. No personally identifiable data is collected this way. You can control cookies through your browser settings. Disabling analytics cookies will not affect your ability to use the site.

Under UK GDPR you have the right to: • Access: request a copy of the personal data we hold about you • Rectification: ask us to correct inaccurate data • Erasure: request deletion of your data where there is no overriding legal requirement to retain it • Restriction: ask us to limit how we use your data while a dispute is resolved • Portability: receive your data in a machine-readable format • Object: object to processing based on legitimate interests • Withdraw consent: at any time, where processing is consent-based To exercise any of these rights, please email info@carlislecareltd.co.uk or write to our registered address. We will respond within 30 days.

We take the security of your personal data seriously. We use: • Password-protected, encrypted devices and systems • Role-based access controls — staff only access data relevant to their role • Secure, UK-hosted cloud storage for care management records • Regular staff training on data protection and confidentiality In the unlikely event of a data breach that poses a risk to your rights and freedoms, we will notify the Information Commissioner's Office (ICO) within 72 hours and inform affected individuals without undue delay.

If you are unhappy with how we have handled your data, please contact us first at info@carlislecareltd.co.uk so we can resolve the matter. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO): Website: ico.org.uk Helpline: 0303 123 1113 Address: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

We may update this privacy policy from time to time to reflect changes in our services or legal requirements. The latest version will always be available on this page. We will notify existing clients of material changes by email or letter. Last reviewed: April 2026