Privacy Statement

Introduction

Ancora Care Limited (“Ancora Care Limited,” “we,” “our,” or “us”) is a company incorporated in England and Wales, with company number 12924902 and registered address at The Whitewall Centre, Whitewall Road, Rochester, Kent, ME2 4DZ.

At Ancora Care Limited, we are dedicated to safeguarding your privacy and protecting your personal data. This Privacy Statement explains how we collect, use, store, and share personal information relating to our service users, website visitors, and clients. It covers data collected through our website (www.ancoracare.co.uk) as well as information processed more broadly in the course of providing our services.

Legal Basis and Compliance

We comply with the UK General Data Protection Regulation (“UK GDPR”), the Data Protection Act 2018 (DPA), and all applicable national implementing laws, regulations, and secondary legislation as amended or updated from time to time in the UK (“Data Protection Legislation”). Ancora Care Limited acts as the data controller for the personal information you provide, meaning we determine the purposes and means of processing your data and are responsible for ensuring compliance with data protection laws.

Types of Data Collected

• Website Data: When you visit our website, we may collect technical information such as your IP address, browser type, operating system, device identifiers, and usage data (including pages viewed and navigation patterns).
• Service User Data: We process personal information relating to our service users, which may include names, contact details, health and care information, next of kin details, and other data relevant to the provision of care services.
• Employee and Applicant Data: For our staff and job applicants, we collect information such as names, contact details, employment history, references, DBS checks, and other data necessary for recruitment, employment, and HR management.
• Other Categories: We may also process data provided in correspondence, through enquiry forms, for marketing purposes (where consent is given), or when you engage with us through other channels.

Purposes of Processing

We process your personal data for the following purposes:
• To provide and manage care services to service users
• To communicate with you regarding your enquiries, requests, or the services we provide
• To fulfill our legal and regulatory obligations
• For recruitment, employment, and staff management
• For website functionality, analytics, and security
• For marketing communications, where you have consented to receive them
• To maintain our business records and manage our relationship with you

Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, to comply with legal and regulatory requirements, or as otherwise permitted by law. The retention period varies depending on the type of data and the context in which it was collected. For example, care records and related service user information are retained in accordance with the Records Management Code of Practice for Health and Social Care. If it is not possible to specify a precise retention period, we determine retention based on the nature of the data, legal requirements, and our operational needs. We securely delete or anonymize personal data when it is no longer required.

Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized or unlawful processing, accidental loss, destruction, or damage. These measures include access controls, encryption, secure storage, regular staff training, and robust IT security protocols. In the event of a data breach affecting your personal data, we have procedures in place to notify you and the relevant supervisory authority where required by law.

Sharing and Disclosure

We may share your personal information with trusted third-party service providers who support our operations (such as IT providers, payroll processors, or regulatory authorities) and only where necessary for the purposes outlined above. All third-party processors are required to comply with data protection laws and to process your data only on our instructions. We may also disclose personal data where required to do so by law, by court order, or to protect the rights, property, or safety of Ancora Care Limited, our service users, or others. If personal data is transferred outside the UK or EEA, we ensure that appropriate safeguards are in place to protect your information.

Data Subject Rights

Under the UK GDPR, you have the following rights regarding your personal data:
• Right of Access: You have the right to request a copy of the personal data we hold about you.
• Right to Rectification: You can ask us to correct any inaccurate or incomplete information.
• Right to Erasure: In certain circumstances, you can request that we delete your personal data.
• Right to Restriction: You may ask us to restrict the processing of your data in specific situations.
• Right to Object: You have the right to object to processing based on legitimate interests or for direct marketing purposes.
• Right to Data Portability: You can ask to receive your personal data in a structured, commonly used, and machine-readable format, or to have it transferred to another controller.

How to Exercise Your Rights

To exercise any of your rights, or if you have any questions or concerns about how we process your personal data, please contact our Data Protection Officer jade@ancoracare.com.If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner’s Office: https://ico.org.uk/make-a-complaint/

Changes to this Privacy Statement

We may update this Privacy Statement from time to time to reflect changes in our practices, legal requirements, or for other operational reasons. We will notify you of any significant changes by posting the updated statement on our website and indicating the effective date below.

Effective date: 10th October 2025