02080 755966 info@komecare.co.uk 24 hours a day, 7 days a week
CQC Registered Provider
Staff
Book a Nurse-Led Care
408 Tower Bridge Business Centre, East Smithfield, London, E1W 1AW
Staff Portal Login
Legal & Compliance

Privacy Policy

This policy explains how Kome Care Ltd collects, uses, stores, and protects your personal data, in full compliance with the UK GDPR and the Data Protection Act 2018.

Last updated: 14 June 2026 UK GDPR Compliant

1. Who We Are (Data Controller)

The organisation responsible for your personal data

Kome Care Ltd is the data controller for personal data collected via this website and in connection with our care services. We are registered in England and Wales.

Registered Details Kome Care Ltd
408 Tower Bridge Business Centre, East Smithfield, London, E1W 1AW
Company Number: 12427516
Email: info@komecare.co.uk
Phone: 02080 755966

ICO Registration Number: ZA769020

2. Data Protection Contact

Your first point of contact for all data queries

For all data protection queries, subject access requests, rights exercises, or complaints, please contact our designated data protection lead:

Data Protection Lead Data Protection Lead, Kome Care Ltd
Email: info@komecare.co.uk
Post: Kome Care Ltd, 408 Tower Bridge Business Centre, East Smithfield, London, E1W 1AW

As an organisation that processes special category health data, Kome Care has assessed and keeps under review its obligation to appoint a formal Data Protection Officer (DPO) under UK GDPR Article 37.

3. Information We Collect

The categories of personal data we process

We collect personal data in the following categories, depending on how you interact with us:

Identity & Contact Data

Name, email address, phone number, and postal address, collected via contact and enquiry forms.

Care Enquiry Data

Information about the person requiring care, including age, care needs, and funding status.

Health Data (Special Category)

Medical and health information provided in the course of arranging care. Processed under UK GDPR Article 9(2)(h).

Job Application Data

CV, work history, qualifications, and right-to-work documents submitted via our jobs portal.

Feedback Data

Name, contact details, and feedback submitted via our feedback form.

Technical Data

IP address, browser type, device, pages visited, and session identifiers, collected automatically when you visit.

Marketing Data

Email address and marketing preferences, where you have opted in to receive newsletters.

4. How We Use Your Information and Our Lawful Basis

Our legal grounds for processing your personal data

Purpose Lawful Basis (UK GDPR Art. 6)
Responding to care enquiries and arranging care services Article 6(1)(b) — performance of a contract / pre-contractual steps
Processing job applications Article 6(1)(b) — steps prior to entering a contract of employment
Sending newsletters and marketing emails Article 6(1)(a) — consent (you may withdraw at any time)
Responding to contact and feedback forms Article 6(1)(f) — legitimate interests (responding to enquiries)
Website analytics (Google Analytics / GTM) Article 6(1)(a) — consent via cookie preferences
Processing health / special category data for care delivery Article 6(1)(b) + Article 9(2)(h) — health and social care purposes
Complying with legal obligations (CQC, HMRC, employment law) Article 6(1)(c) — legal obligation

5. How Long We Keep Your Data

Our data retention schedule and the legal basis for each period

Data Type Retention Period Reason
Care client records (including health data) 8 years after last contact (or until age 25 for children) NHS Records Management Code of Practice 2021
Job application data (unsuccessful) 6 months from decision Equality Act 2010 limitation period
Employee records (successful applicants) Duration of employment + 6 years Legal employment obligations
Contact form / general enquiry data 2 years from last contact Legitimate interests in managing ongoing enquiries
Newsletter subscriber data Until unsubscribed, then deleted within 30 days Consent-based processing
Website analytics data (Google Analytics) 26 months (Google's default retention) Analytics and service improvement
Feedback form data 3 years from submission Service improvement and CQC inspection requirements

After these periods, data is securely deleted or anonymised. We review our retention schedule annually.

6. Who We Share Your Information With

Third parties who may receive your personal data, and why

We do not sell your personal data. We share it only where necessary, with the following categories of recipients:

  • Care delivery partners — only where necessary to arrange your care, subject to data sharing agreements.
  • IT and website service providers — including our web hosting provider, for operation of our website and systems.
  • Google LLC — analytics data processed by Google Analytics and Google Tag Manager (with your cookie consent). Google LLC is certified under the EU-US Data Privacy Framework; data may be transferred to the US under standard contractual clauses.
  • Regulatory authorities — the Care Quality Commission (CQC), HMRC, or law enforcement where required by law.

7. International Data Transfers

How we safeguard data transferred outside the UK

Some third-party service providers (including Google and Meta/Facebook) operate from or transfer data to countries outside the UK. Where such transfers occur, we ensure appropriate safeguards are in place, including:

  • Adequacy decisions made by the UK Secretary of State under UK GDPR Article 45; or
  • Standard Contractual Clauses (SCCs) approved by the ICO under UK GDPR Article 46; or
  • Certification under the UK-US Data Bridge (where applicable).

No personal data is transferred to countries outside the UK or EEA without one of these safeguards in place.

8. Your Rights Under UK GDPR

You have eight rights — here's what each one means

To exercise any of these rights, please contact us using the details in Section 2. We will respond within one calendar month of receiving your request.

Right to be Informed

To know how we use your data. This policy fulfils that obligation.

Right of Access

Request a copy of the personal data we hold about you (Subject Access Request). Response within 1 calendar month.

Right to Rectification

Ask us to correct inaccurate or incomplete personal data we hold about you.

Right to Erasure

Ask us to delete your data where there is no compelling reason to continue processing, subject to legal obligations.

Right to Restrict Processing

Ask us to pause processing of your personal data in certain circumstances defined by UK GDPR.

Right to Data Portability

Where we process data on the basis of consent or contract, request a machine-readable copy for transfer.

Right to Object

Object to processing based on legitimate interests, including direct marketing. We will stop immediately on receipt.

Rights re: Automated Decisions

Not to be subject to solely automated decision-making that produces legal or similarly significant effects. We do not carry out such processing.

9. Cookies

How we use cookies and how to manage your preferences

Our website uses cookies and similar tracking technologies. For full details of which cookies we set, their purpose, and how to manage your preferences, please see our Cookie Policy.

You can manage your cookie preferences at any time using the panel.

10. Data Security

The measures we take to protect your data

We employ appropriate technical and organisational security measures to protect your personal data from unauthorised access, disclosure, alteration, or destruction. These include encrypted database connections, role-based access controls, and regular security reviews.

No method of transmission over the internet is completely secure. If you suspect a data breach, please contact us immediately at info@komecare.co.uk.

In the event of a personal data breach that is likely to result in risk to your rights and freedoms, we will notify the ICO within 72 hours and you without undue delay, in accordance with UK GDPR Articles 33 and 34.

11. Children's Privacy

How we handle data relating to children

Our website services are directed at adults. We do not knowingly collect personal data from children under 18 without parental or guardian consent. Where care services are provided to children, data is handled under the NHS Records Management Code of Practice 2021 and retained accordingly (until the child's 25th birthday, or for 8 years after last contact, whichever is longer).

12. How to Complain

How to raise a data protection complaint with us or the ICO

If you are unhappy with how we have handled your personal data, please contact us first (using the details in Section 2) so we can try to resolve the matter. We aim to respond within 30 days.

If you remain unsatisfied, you have the right to lodge a complaint with the UK's supervisory authority:

UK Information Commissioner's Office (ICO) Website: ico.org.uk
Helpline: 0303 123 1113
Post: ICO, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

13. Changes to This Policy

How and when we update this privacy policy

We may update this privacy policy from time to time. We will communicate material changes through a prominent notice on our website. The "Last updated" date at the top of this page always reflects when the policy was last revised, and it is worth reviewing the policy from time to time.

Call 02080 755966 Free assessment