Privacy Statement
Ancora Care Limited Privacy Statement
Commitment to Data Protection and GDPR Compliance
Introduction
Ancora Care Limited (“Ancora Care Limited,” “we,” “our,” or “us”) is a company incorporated in England and Wales, with company number 12924902 and registered address at The Whitewall Centre, Whitewall Road, Rochester, Kent, ME2 4DZ. At Ancora Care Limited, we are dedicated to safeguarding your privacy and protecting your personal data. This Privacy Statement explains how we collect, use, store, and share personal information relating to our service users, website visitors, and clients. It covers data collected through our website (www.ancoracare.co.uk) as well as information processed more broadly in the course of providing our services.
Legal Basis and Compliance
We comply with the UK General Data Protection Regulation (“UK GDPR”), the Data Protection Act 2018 (DPA), and all applicable national implementing laws, regulations, and secondary legislation as amended or updated from time to time in the UK (“Data Protection Legislation”). Ancora Care Limited acts as the data controller for the personal information you provide, meaning we determine the purposes and means of processing your data and are responsible for ensuring compliance with data protection laws.
Types of Data Collected
• Website Data: When you visit our website, we may collect technical information such as your IP address, browser type, operating system, device identifiers, and usage data (including pages viewed and navigation patterns).
• Service User Data: We process personal information relating to our service users, which may include names, contact details, health and care information, next of kin details, and other data relevant to the provision of care services.
• Employee and Applicant Data: For our staff and job applicants, we collect information such as names, contact details, employment history, references, DBS checks, and other data necessary for recruitment, employment, and HR management.
• Other Categories: We may also process data provided in correspondence, through enquiry forms, for marketing purposes (where consent is given), or when you engage with us through other channels.
Purposes of Processing
We process your personal data for the following purposes:
• To provide and manage care services to service users
• To communicate with you regarding your enquiries, requests, or the services we provide
• To fulfill our legal and regulatory obligations
• For recruitment, employment, and staff management
• For website functionality, analytics, and security
• For marketing communications, where you have consented to receive them
• To maintain our business records and manage our relationship with you
Data Retention
We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, to comply with legal and regulatory requirements, or as otherwise permitted by law. The retention period varies depending on the type of data and the context in which it was collected. For example, care records and related service user information are retained in accordance with the Records Management Code of Practice for Health and Social Care. If it is not possible to specify a precise retention period, we determine retention based on the nature of the data, legal requirements, and our operational needs. We securely delete or anonymize personal data when it is no longer required.
Data Security
We implement appropriate technical and organizational measures to protect your personal data against unauthorized or unlawful processing, accidental loss, destruction, or damage. These measures include access controls, encryption, secure storage, regular staff training, and robust IT security protocols. In the event of a data breach affecting your personal data, we have procedures in place to notify you and the relevant supervisory authority where required by law.
Sharing and Disclosure
We may share your personal information with trusted third-party service providers who support our operations (such as IT providers, payroll processors, or regulatory authorities) and only where necessary for the purposes outlined above. All third-party processors are required to comply with data protection laws and to process your data only on our instructions. We may also disclose personal data where required to do so by law, by court order, or to protect the rights, property, or safety of Ancora Care Limited, our service users, or others. If personal data is transferred outside the UK or EEA, we ensure that appropriate safeguards are in place to protect your information.
Data Subject Rights
Under the UK GDPR, you have the following rights regarding your personal data:
• Right to Rectification: You can ask us to correct any inaccurate or incomplete information.
• Right to Erasure: In certain circumstances, you can request that we delete your personal data, subject to applicable legal obligations and retention requirements.
• Right to Restriction: You may ask us to restrict the processing of your data in specific situations, such as when you contest the accuracy of your data or object to its processing.
• Right to Object: You have the right to object to processing based on legitimate interests or for direct marketing purposes.
• Right to Data Portability: You can ask to receive your personal data in a structured, commonly used, and machine-readable format, or to have it transferred to another controller.
• Right to Withdraw Consent: Where we rely on your consent to process your personal data, you have the right to withdraw that consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.
National Data Opt Out:
As a provider of community support services for adults with learning disabilities, funded primarily through Direct Payments from Kent County Council, we hold confidential information about the people we support. Most of the information we use is for the purpose of providing direct care and support. The National Data Opt-Out does not apply to information used solely for direct care.
In some circumstances, confidential information may be shared for purposes beyond an individual's direct care, such as service planning, commissioning, safeguarding, oversight, audit, or improving health and social care services. Where the National Data Opt-Out applies to this type of use, individuals have the right to choose whether their confidential patient information is used for these purposes.
You can find out more about the National Data Opt-Out or register your choice by visiting www.nhs.uk/your-nhs-data-matters or by calling 0300 303 5678. Where we are required to apply the National Data Opt-Out, we will do so in line with national policy.
Where the National Data Opt-Out does not apply
The National Data Opt-Out does not apply where information is used for an individual’s direct care and support. It does not apply where we are required to share information by law, for safeguarding purposes, to protect someone from serious harm, for public health reasons, or where information has been annoymised so that individuals cannot be identified. In these circumstances, we will only share the minimum necessary information and will do so in line with UK data protection law.
How to Exercise Your Rights
To exercise any of your rights, or if you have any questions or concerns about how we process your personal data, please contact our Data Protection Officer jade@ancoracare.com. If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner’s Office: ico.org.uk/make-a-complaint/
Changes to this Privacy Statement
We may update this Privacy Statement from time to time to reflect changes in our practices, legal requirements, or for other operational reasons. We will notify you of any significant changes by posting the updated statement on our website and indicating the effective date below.
Reviewed February 2026