Privacy Policy
Your trust matters as much as your care. This policy explains how we collect, use, and protect the personal information you share with Kosh Care.
At Kosh Care, we provide care in your home, and we know that means trust. The information you give us, whether about your health, your family, or your daily routine, is private. This policy sets out exactly what we collect, why we collect it, and the control you have over it, in line with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
1. WHO WE ARE
Kosh Care Ltd (“we”, “us”, “our”) is a UK-registered domiciliary care provider regulated by the Care Quality Commission (CQC). We provide Home Care, live-in care, overnight care, complex care, children’s care, and related support services across the United Kingdom.
For the purposes of UK data protection law, Kosh Care Ltd is the data controller of the personal information you provide.
Our registered details:
Address: Suite 20A, Abji Bapashree House, 211–213 Kingsbury Road, London, NW9 8AQ
Email: info@koshcare.co.uk
Telephone: 020 8205 3301
2. INFORMATION WE COLLECT
The information we collect depends on how you interact with us. We only collect what we genuinely need to provide safe, person-centred care or to respond to your enquiry.
Information you give us directly:
- Identity and contact details: name, date of birth, address, telephone number, email address
- Next of kin and family contacts: names and contact details of people you wish us to liaise with
- Health and care information: medical conditions, medication, mobility, dietary needs, care preferences, GP details, and hospital records you choose to share
- Financial information: billing details, bank account information for direct debits, funding arrangements with local authorities or the NHS
- Employment information (if you apply to work with us): CV, references, right-to-work documents, DBS check details, qualifications
Information we collect automatically:
- Website usage data: IP address, browser type, pages visited, time spent on site, referring URL
- Cookies and similar technologies (see Section 9 below)
Information from third parties:
- Local authorities, the NHS, GPs, hospital discharge teams, and other healthcare professionals, where they refer you for care or share information with your consent
- Family members or representatives acting on your behalf with appropriate authority
- Recruitment platforms and previous employers (for job applicants)
Special category data: Health information is classed as “special category” data under UK GDPR and is given additional legal protection. We process this information with extra care, only where necessary to provide your care, and always under a lawful basis (see Section 4).
3. HOW WE USE YOUR INFORMATION
We use your personal information for the following purposes:
- To assess your care needs and create a personalised care plan
- To deliver care services safely and consistently in your home
- To match you with carers who suit your needs and preferences
- To communicate with you, your family, your GP, and other professionals involved in your care
- To process payments, invoices, and funding arrangements
- To meet our legal and regulatory obligations to the CQC, HMRC, and other authorities
- To handle complaints, safeguarding concerns, and incidents
- To recruit, train, and manage our care staff
- To improve our services through feedback and quality monitoring
- To respond to enquiries made through our website or by phone
- To send you updates about our services, for which you have asked to receive them
4. LAWFUL BASIS FOR PROCESSING
UK GDPR requires us to have a clear lawful basis for processing your personal data. Depending on the purpose, we rely on one or more of the following:
- Delivering care services to you: Performance of a contract; provision of health and social care (Article 9(2)(h))
- Complying with CQC, safeguarding, and tax obligations: Legal obligation
- Protecting your vital interests in an emergency: Vital interests
- Managing our business operations: Legitimate interests
- Sending marketing emails (where you have opted in): Consent
- Recruitment and employment: Performance of a contract; legal obligation; legitimate interests
Where we rely on consent, you have the right to withdraw it at any time without affecting the lawfulness of processing carried out before withdrawal.
5. SHARING YOUR INFORMATION
We never sell your personal information. We share it only where necessary to provide your care or where the law requires us to. The categories of recipients include:
- Our care staff: only those directly involved in your care, on a need-to-know basis
- Healthcare professionals: GPs, district nurses, hospital teams, pharmacists, occupational therapists
- Local authorities and the NHS: where they fund or coordinate your care
- The Care Quality Commission: for regulatory inspection and reporting
- Safeguarding authorities: where there is a concern about your safety or the safety of others
- Service providers: IT systems, secure storage, payroll, accountants, legal advisers, all bound by confidentiality and data processing agreements
- HMRC, courts, regulators, and law enforcement: where legally required
- Family members or advocates: only with your consent or appropriate legal authority
6. DATA RETENTION
We keep personal information only as long as necessary for the purposes set out in this policy and to meet our legal obligations. Typical retention periods are:
- Care records: at least 8 years after the end of care, in line with NHS and CQC guidance
- Children’s care records: until the individual’s 25th birthday (or 26th if aged 17 at conclusion)
- Financial records: 6 years (HMRC requirement)
- Employment records: 6 years after the end of employment
- Website enquiries: up to 24 months unless you become a client
- Marketing preferences: until you withdraw consent or unsubscribe
When information is no longer needed, we securely delete or anonymise it.
7. HOW WE PROTECT YOUR DATA
We take the security of your personal information seriously. The measures we have in place include:
- Encrypted storage and transmission of digital records
- Access controls so that only authorised staff can view your information
- Regular staff training in data protection and confidentiality
- Confidentiality clauses in all employment and contractor agreements
- Secure paper records stored in locked premises
- Routine audits and reviews of our systems and procedures
- A documented breach response process, including notification to the ICO where required within 72 hours
8. YOUR RIGHTS
Under UK GDPR, you have the following rights regarding your personal information:
- Right to be informed: to know how your personal data is being used, which is what this policy is for.
- Right of access: to request a copy of the personal information we hold about you.
- Right to rectification: to ask us to correct information that is inaccurate or incomplete.
- Right to erasure: to ask us to delete your data, where we have no overriding legal duty to keep it.
- Right to restrict processing: to ask us to limit how we use your data in certain circumstances.
- Right to data portability: to receive your data in a portable format or have it transferred to another provider.
- Right to object: to object to processing based on our legitimate interests or for direct marketing.
- Rights around automated decisions: we do not use automated decision-making or profiling that produces legal effects on you.
To exercise any of these rights, please email info@koshcare.co.uk or write to us at the address in Section 1. We will respond within one calendar month and will not charge a fee unless your request is excessive or repetitive.
9. COOKIES AND WEBSITE TRACKING
Our website uses cookies and similar technologies to improve your experience and understand how the site is used. The categories we use are:
- Strictly necessary cookies: required for the website to function. These cannot be switched off.
- Preference cookies: remember your choices, such as language or region.
- Statistics cookies: help us understand how visitors use the site, on an anonymous basis.
- Marketing cookies: used to show relevant content across other websites, only with your consent.
You can manage your cookie preferences at any time using the consent banner on our site or through your browser settings.
10. CHILDREN'S PRIVACY
Where we provide care to children, we collect and process information about them with the consent and involvement of a parent, guardian, or appropriate authority. Our website is not directed at children under 13, and we do not knowingly collect data from children online without parental involvement. If you believe a child has given us information without proper consent, please contact us so we can remove it.
11. INTERNATIONAL TRANSFERS
We aim to keep your data within the United Kingdom. Where any of our service providers process data outside the UK, we put appropriate safeguards in place, such as the UK International Data Transfer Agreement or Standard Contractual Clauses, to protect your information in line with UK GDPR.
12. CHANGES TO THIS POLICY
We review this policy regularly and may update it to reflect changes in the law, our services, or how we handle your information. The “Last updated” date at the top of this page tells you when the policy was last revised. Where changes are significant, we will let you know directly.
13. CONTACT AND COMPLAINTS
If you have a question about this policy, want to exercise one of your rights, or need to raise a concern, please get in touch. We will always try to put things right.
- Email: info@koshcare.co.uk
- Phone: 020 8205 3301
- Post: Suite 20A, Abji Bapashree House, 211 to 213 Kingsbury Road, London, NW9 8AQ
If you remain unhappy with our response, you have the right to complain to the Information Commissioner’s Office (ICO):
- Website: ico.org.uk
- Helpline: 0303 123 1113
