Privacy Policy

Every Step Social Care

Committed to Protecting Your Privacy

 

 

Version: 1.0

Effective Date: May 2025

Last Reviewed: May 2025

Applies to: All service users, families, referrers, staff, and website visitors

 

1. Who We Are

Every Step Social Care is a social care provider based in South East London. We deliver a range of services including Independent Social Care, Social Work Assessments, Supported Living, and Adult Social Care to individuals and families across the local community.

Registered Office:  South East London, UK

Email: info@everystepsocialcare.co.uk

Website: www.everystepsocialcare.co.uk

Every Step Social Care is the Data Controller for all personal data collected and processed through this website and in the course of delivering our services.

2. Our Commitment to Your Privacy

We take your privacy seriously. As a social care provider, we handle some of the most sensitive personal information imaginable — including health, family, and safeguarding information. We are committed to handling all data with the highest standards of care, confidentiality, and respect, in full compliance with:

  • UK General Data Protection Regulation (UK GDPR)
  • Data Protection Act 2018
  • Care Act 2014
  • Children Act 1989 and 2004
  • Human Rights Act 1998
  • NHS Confidentiality Code of Practice (where applicable)
  • ICO guidance and codes of practice

3. What Personal Information We Collect

3.1 Service Users and Families

When providing social care services, we may collect:

  • Full name, date of birth, gender, and nationality
  • Contact details including address, phone number, and email
  • Health and medical information, including diagnoses and medications
  • Mental health and wellbeing information
  • Family composition and relationships
  • Safeguarding history and risk assessments
  • Housing circumstances and financial information (where relevant to care needs)
  • Immigration status (where relevant to service eligibility)
  • Details of other professionals and agencies involved in care

 

3.2 Website Visitors

When you visit our website, we may collect:

  • IP address and browser type
  • Pages visited and time spent on site
  • Cookies (see Section 10 for our Cookie Policy)
  • Information submitted via contact or appointment forms

 

3.3 Staff and Job Applicants

For those working with or applying to work with us, we collect:

  • Identity documents and right to work evidence
  • DBS (Disclosure and Barring Service) check results
  • Employment history, qualifications, and references
  • Health information relevant to safe working
  • Bank details and National Insurance number for payroll

4. How and Why We Use Your Information

We use personal information only for legitimate and lawful purposes. The legal bases we rely on under UK GDPR are:

 

4.1 Performance of a Contract / Provision of Care

We process your information to deliver the care and services you or your referrer have requested, including assessments, care planning, and ongoing support.

4.2 Legal Obligation

We are required by law to process certain data — for example, to comply with safeguarding duties, to report concerns to local authorities, or to provide records to courts or regulators.

4.3 Vital Interests

In an emergency, we may share information to protect someone’s life or safety, even without consent.

4.4 Legitimate Interests

We may process some data for our legitimate business interests, such as improving our services, managing complaints, and maintaining staff records — always balanced against your rights.

4.5 Explicit Consent

Where we rely on consent (for example, to use your story as a case study with your permission), you have the right to withdraw that consent at any time.

4.6 Special Category Data

For health, ethnicity, religion, and other sensitive data, we additionally rely on Article 9 UK GDPR grounds, including:

  • Health or social care purposes (Article 9(2)(h))
  • Substantial public interest, including safeguarding (Article 9(2)(g))
  • Explicit consent (Article 9(2)(a))

5. Who We Share Your Information With

We treat your information with strict confidentiality. We will only share your data where necessary and lawful. Recipients may include:

  • Local authorities and social services (where we are commissioned or legally required to report)
  • NHS healthcare providers and GPs involved in your care
  • Courts and legal professionals, when we are preparing court assessments or reports
  • Ofsted or the Care Quality Commission (CQC) during inspections
  • Other social care providers involved in your care
  • Our insurance providers and legal advisors
  • IT service providers and software platforms (under strict data processing agreements)

 

We do not sell your personal data. We do not share your data for marketing purposes without explicit consent.

6. How Long We Keep Your Data

We retain personal data only as long as necessary for the purposes it was collected, and in accordance with legal obligations. Our retention periods are guided by:

  • Care records for adults: minimum 8 years after last contact
  • Children’s records: until the child’s 25th birthday, or 26th if they were 17 at last contact, or 8 years after death
  • Staff records: 6 years after employment ends
  • Financial records: 6 years (HMRC requirements)
  • Website enquiry data: 12 months

 

When data is no longer required, it is securely deleted or anonymised in line with our Data Retention Policy.

7. Your Rights Under UK GDPR

You have the following rights regarding your personal data:

  • Right of Access — You can request a copy of the personal data we hold about you (Subject Access Request).
  • Right to Rectification — You can ask us to correct inaccurate or incomplete information.
  • Right to Erasure — In certain circumstances, you can ask us to delete your data.
  • Right to Restrict Processing — You can ask us to limit how we use your data.
  • Right to Data Portability — You can ask for your data in a portable format.
  • Right to Object — You can object to certain types of processing, including direct marketing.
  • Rights Related to Automated Decision-Making — We do not make decisions about you using solely automated means.

 

To exercise any of these rights, please contact us using the details in Section 1. We will respond within one month. There is no charge for most requests.

8. Data Security

We take appropriate technical and organisational measures to protect your personal data against accidental loss, unauthorised access, or disclosure. These include:

  • Encrypted storage of digital records
  • Password-protected systems with access controls
  • Regular staff training on data protection and confidentiality
  • Secure physical storage of paper records
  • Data Processing Agreements with all third-party processors

 

In the unlikely event of a data breach that is likely to affect your rights and freedoms, we will notify you and the ICO within 72 hours of becoming aware of it, as required by law.

9. International Transfers

We do not routinely transfer your data outside the UK. If any transfer outside the UK is ever necessary, we will ensure appropriate safeguards are in place, such as standard contractual clauses approved by the ICO.

10. Cookies

Our website uses cookies to improve your browsing experience. A cookie is a small file stored on your device. We use:

  • Essential cookies — Required for the website to function. These cannot be disabled.
  • Analytics cookies — Help us understand how visitors use the site (e.g., Google Analytics). These are only set with your consent.
  • Preference cookies — Remember your settings and choices.

 

You can control and delete cookies through your browser settings. Disabling cookies may affect some website functionality. For full details, please see our separate Cookie Policy.

11. Changes to This Policy

We review this Privacy Policy at least annually, or whenever there is a significant change to our services or applicable law. When we make changes, we will update the ‘Last Reviewed’ date at the top of this document. We encourage you to review this policy periodically.

12. How to Complain

If you are unhappy with how we have handled your personal data, please contact us in the first instance so we can try to resolve your concerns. You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO):

 

ICO Website: www.ico.org.uk

ICO Helpline: 0303 123 1113

ICO Address: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

 

 

© 2025 Every Step Social Care. All rights reserved.