We are Wessex Regional Care (registered company in England and Wales no. 03653283) and we are a registered provider for adults who have varying degrees of learning disability.

WRCL is registered with the Information Commissioner’s Office under the Data Protection Act 1998 and our registration number is Z5516180.

Within the context of this privacy policy, ‘we’, ‘us’, ‘our’ or ‘WRCL'. So whenever you see these words, we are talking about our company.

Basically, to improve the way we communicate and work with you.

When you use our website or services, you are agreeing for us to store and process your personal data. The ways in which we do that are explained in this policy – it is a guide for us to follow too, and we take it very seriously.

You have the right to be informed about the collection and use of your personal information.

When we collect personal information from you, we will provide you with privacy information at the time we obtain your information.

When we obtain your personal information from a source other than you, we will provide you with privacy information:

• within a reasonable period of us obtaining the personal information and no later than one month
• if the information is used to communicate with you, at the latest, when the first communication takes place; or
• if disclosure to someone else is envisaged, at the latest, when the data is disclosed.

There are 2 main ways in which we collect personal information about you: directly or indirectly, including the use of third parties.

When you give your personal information to us directly:

You may give us your information by registering on our website, to request a service from us or communicate with us, we are responsible for your data at all times.

When you give your personal information to us indirectly:

This is when you give permission to other organisations to share or it is available publicly

We may combine information you provide to us with information available from external sources in order to gain a better understanding of our customers to improve our services.

The information we get from other organisations may depend on your privacy settings or the responses you give, so you should regularly check them. The information comes from the following sources:

Third party organisations

This means other organisations that we collect data from, but only when you have given them permission to do this. You may give these organisations permission at various times, for example when buying something from a mail order catalogue or joining certain membership organisations. The data we receive depends on your agreement with the organisation.

We may also collect information from online social media and messaging services you use, such as Facebook, WhatsApp or Twitter, where you have given us permission to do so, or if you post on one of our social media pages.

Information available publicly

When we collect personal information as you use our websites or apps:

Like most websites, we use “cookies” to help us make our site – and the way you use it – better. Cookies mean that a website will remember you. They’re small text files that sites transfer to your computer (or phone or tablet). They make interacting with a website faster and easier – for example by automatically filling your name and address in text fields. There are more details in our Cookie Policy.

In addition, the type of device you’re using to access our website or apps and the settings on that device may provide us with information about your device, including what type of device it is, what specific device you have, what operating system you’re using, what your device settings are, and why a crash has happened. Your device manufacturer or operating system provider will have more details about what information your device makes available to us.

When you visit and look around our website, we record things like your IP (internet protocol) address – the unique number of the device you are using to access our website, which pages you visit (on our website only), when they were visited, and the type of device you were using. This information helps us create a better experience for everyone who uses our website.

Examples of the type of information that can be collected using your IP address include the type and version of your browser, and the location from which you are accessing our site. This helps us improve how our page templates appear and change content to make it relevant to our website visitors.

Personal information means any information that may be used to identify you, such as your name, title, telephone number, email address, or mailing address.

We may process your personal information for our legitimate business needs. Rest assured, our intentions are always good. We collect your personal information because we need it to help us fulfil your requests and to keep in touch with you.

This includes things like:

• where processing enables us to enhance, modify, personalise or otherwise improve our services/communications
• to better understand how people interact with our website
• providing any information or services you have requested
• keeping a record of any communications between us and you, for example emails and phone calls
• managing and improving how we communicate with you – how you prefer to be contacted, and what information you wish to receive.
• responding to complaints or queries and look into any legal claims.

You can find out more about what we mean by legitimate interests, and when we process your data for our legitimate interests in the What we mean by "legitimate interests" section below.

Whenever we process data for these purposes we will ensure that we always keep your personal information rights in high regard and take account of these rights. You have the right to object to this processing if you wish, and if you wish to do so please see the section(s) below on updating your preferences or unsubscribing.

Please bear in mind that if you object this may affect our ability to carry out the tasks above for your benefit.

Sensitive personal information

Sometimes, we may ask you for more sensitive information, such as your personal connection to learning disability. We will only collect this information with your permission and we will always take extra care of it.

Legitimate interests means the interest of WRCL in the way we carry out our work to enable us to give you the best service and the best and most secure experience.

When we process your personal information for our legitimate interests, we make sure to consider and balance any potential impact on you and your rights under data protection laws. We will always ensure that your personal data will not be used where our interests are overridden by the impact on you, unless we have your consent or are required by law.

We ensure that there are appropriate technical controls in place to keep your personal information safe and prevent unauthorised access to it. For example, our online forms are always encrypted (this prevents other people from accessing them) and our network is protected and checked often.

Electronic data and databases are stored on secure computer systems and we control we has access to them. Our staff receive data protection training and we have data protection policies and procedures in place which teams are required to adhere to.

We regularly review who has access to information that we hold to ensure it is only accessible by trained staff, volunteers and contractors.

Where we use external companies to collect or process personal data on our behalf, we undertake comprehensive checks on these companies before we work with them, and put a contract in place that sets out our expectations and requirements, especially regarding how they manage the personal data they have collected or have access to.

We may share your personal information with other companies (e.g. subcontractors, suppliers) who provide services on our behalf. We will only provide those companies with the information they need to deliver the relevant service, and we will make sure that your data is treated with the same level of care as if we were handling it directly. These activities will be carried out under a contract which imposes strict requirements on our suppliers to keep your information confidential and secure.

We undertake comprehensive checks on these companies before we work with them and then work closely with them for the duration of our working relationship.

We may need to disclose your personal information if required to the police, regulatory bodies or legal advisors.

We will only ever share your data in other circumstances if we have your explicit and informed consent.

If any of our suppliers run their operations outside the European Economic Area (EEA). Although they may not be subject to the same data protection laws as companies based in the UK, we will take steps to make sure they provide an adequate level of protection in accordance with UK data protection laws.

By submitting your personal information to us, you agree to this transfer, storing and processing at a location outside the EEA.

We will not sell or rent your personal information to third parties for the purposes of marketing, and we will not share your personal information for others to use in their marketing or fundraising activities.

We will only retain your personal information for as long as it is required in relation to the purposes for which it was originally obtained.

How long personal information will be retained for depends on the type of information it is and what it is being used for.

We will retain personal information in accordance with the time periods stipulated in our data protection policy. We will review our data retention periods for personal information on a regular basis.

We continually review the information that we hold, and delete anything that is no longer required.

We want to ensure that you are always in control of your personal information.

Part of this is making sure that you understand your legal rights. We have outlined these, together with details as to how you can exercise them.

The right to access your personal information

You have a right to obtain confirmation that your personal information is being processed. You also have the right to request a copy of the personal information that we hold about you.

When you are requesting a copy of the personal information that we hold about you, we will endeavour to provide you with the information you have requested without delay and in any event within one month of receiving your request.

We will not charge a fee for complying with a request unless the request is deemed to be manifestly unfounded or excessive.

The right to edit and update your personal information

The accuracy of your personal information is important to us. You have the right to request that your personal information is rectified if it is inaccurate or incomplete.

We will endeavour to comply with your request without delay and in any event, within one month of receiving your request.

The right to request to have your personal information erased (also known as the ‘right to be forgotten’)

You do not have an automatic right to have your personal information deleted. You do, however, have the right to request the deletion or removal of your personal information where there is no compelling reason for its continued processing. We will review each request on a case by case basis.

We will endeavour to comply with your request without delay and in any event, within one month of receiving your request.

The right to restrict the processing of your personal information

You have the right to ‘block’ or suppress processing of your personal information. However, we will continue to store your personal information but not further process it. We do this by retaining just enough of your personal information so we can ensure that the restriction is respected in the future.

We will respond to your request within one month of receiving it, stating what we intend to do and, if we do not intend to comply with the objection, the reasons for our decision.

The right to object to your personal information being used for direct marketing (including profiling) and processing for the purposes of scientific/historical research and statistics

You have the right to object to your personal information being processed for direct marketing purposes (including profiling) and scientific/historical research and statistics. From the very first communication from us and every marketing communication we send after, you will have the right to object to marketing.

We will stop processing your personal information for direct marketing purposes as soon as we receive an objection from you.

The right to complain to a supervisory authority if you believe we have not handled your personal information in accordance with the data protection laws

You can make a complaint or raise a concern about how we process your personal information by contacting our Data Protection Officer using the details set out below.

If you are not happy with how we have handled your complaint, or you believe that your data protection or privacy rights have been infringed, you have the right to complain to the Information Commissioner's Officer (ICO), which oversees the protection of personal data in the UK.

Alternatively, you may choose to contact either the ICO directly about your complaint, regardless of whether you have raised it with us first.

If you wish to exercise any of the rights outlined in this section, please write to WRCL Data Protection Officer at the following address:

Data Protection Officer
Wessex Regional Care Ltd
Rose Cottage
Grange Road
Bursledon
Southampton
SO31 8GD

Or send an email to: wessex.regional.care@wrcl.co.uk

Please keep in mind that there are exceptions to the rights outlined above and although we will always try to respond to your satisfaction, there may be situations where we are unable to do so.

If your personal details change, please help us to keep this information up to date by getting in touch and telling us:

Data Protection Officer
Wessex Regional Care Ltd
Rose Cottage
Grange Road
Bursledon
Southampton
SO31 8GD

Or send an email to: wessex.regional.care@wrcl.co.uk

You are in control of how we contact you, for example by post or email. And you can control this by contacting us.

To make changes to the type of communications you get from us and how often you get it, please contact wessex.regional.care@wrcl.co.uk

If you post or send any content that we believe to be inappropriate or content in breach of any laws, such as defamatory content, we may use your personal information to inform relevant third parties such as your internet provider or law enforcement agencies.

This privacy policy was last updated in May 2018.

We reserve the right to make changes to this Privacy Policy. Each time you visit this site, you should check this policy to check that no changes have been made to any sections that are important to you. The latest version of our Privacy Policy will always be available on our website.

It there are any major changes to our Privacy Policy, we will add a notice on our website or contact you by email (where appropriate).