Privacy notice

What personal data does Care Rights UK collect?

We collect information directly from helpline users, who telephone, email or write to us. This includes names, contact details and information about the issue with which they are seeking advice and support.

We store data given to us by members who have joined Care Rights UK.

We maintain records for members of staff in line with statutory requirements and good practice. We store information about volunteers.

We maintain a mailing list of members, users of the helpline and other contacts, who have given permission to be included as recipients of our news bulletin via our online marketing service Mailchimp. Mailchimp has its own privacy notice which you can read here 

What is this personal data used for?

We use information provided by helpline users to understand and try to resolve the issues they are raising and to contact them to provide updates and support.

Information from members is used for communication, including the e-bulletin, notice of the AGM and other meetings and membership administration. The mailing list is used for the e-bulletin and other news about Care Rights UK and its work. 

Who is data shared with?

We do not share personal information provided by helpline users without their knowledge and consent. There may be rare occasions, when there appears to be a need to safeguard the user or another individual or their family, when it would be necessary for us to contact the relevant statutory authorities.

We do not share information about members of Care Rights UK or other contacts on our mailing list, nor do we sell information for marketing or other purposes.

How is data stored?

Most of our data is stored in digital form and we use various cloud services that comply with the GDPR, such as Mailchimp.

The remaining information is stored as written documents in our office.

Who is responsible for ensuring compliance? 

Under the GDPR there is no statutory requirement for Care Rights UK to have a Data Protection Officer. The person who ensures that Care Rights UK meets its obligations under the GDPR is the Director, who can be contacted regarding data protection at team@carerightsuk.org

Who has access to personal data?

Members of staff have access to helpline users’ data so that they can provide advice and support. A small number of people who assist with helpline enquiries on a voluntary basis also have access to the data when covering for a member of staff.

Staff have access to members’ data to carry out their legitimate tasks, including informing members of the date of the AGM and sending the e-bulletin.

Trustees of Care Rights UK may be given access to the data to undertake their roles as officers of the organisation.

What is the legal basis for collecting this data?

Care Rights UK collects personal data for the purpose of its legitimate interests as a provider of a helpline service and as a membership organisation.

Information about employed staff is held as part of their contractual arrangements and in line with legal obligations.

Information about volunteers is held with their written consent.

Personal data relating to financial matters is retained to comply with legal obligations.

How you can check what data Care Rights UK holds about you

We undertake to provide you with the data we hold about you in response to a written request by letter or email. We may need to take steps to verify the identity of the person making the request to ensure confidentiality.

Please contact team@carerightsuk.org for assistance if you wish to check the personal data we hold about you.

How you can ask for data to be removed, corrected or limited?

Helpline users can withhold personal information when contacting Care Rights UK. Staff are always willing to provide advice to users who do not wish to be identified, though this may limit the help that can be given and require the caller to re-state the matter during future contacts, as the record kept will be anonymous.

Current members can restrict the information given but Care Rights UK does need a means of contacting all members and will not be able to claim gift aid without a valid address. Members can ask to be removed from the membership list at any time.

How long does Care Rights UK keep personal data and why?

Helpline personal data is stored in an anonymised form after 12 months from the last date of contact. This enables Care Rights UK to identify trends and issues to inform campaigns and the work of the organisation but does not allow individual callers or their relatives to be identified.

Members personal data is deleted immediately on request or when membership lapses. Some personal data may be kept relating to Care Rights UK’s claims for gift aid in line with the requirements of HMRC, or for other financial matters to comply with legal obligations.

The personal data of staff is retained for the legally required period, including information relating to payroll and pensions. The personal data of former employees is kept for 6 years after the end of their employment.


Last updated: January 2024