Amber Family Ltd - UK GDPR and Data Protection Policy
Last Updated: 18/09/2024
Amber Family Ltd ("we," "us," or "our") is committed to protecting and respecting your privacy. This policy outlines how we collect, use, store, and protect personal data in accordance with the United Kingdom General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
1. Data Collection
We may collect and process the following personal data:
- Contact Information: Name and email address provided through our website contact form, direct email, or via telephone.
- Additional Information: Any content that you choose to disclose in the contact form, direct emails, or during telephone calls, such as information regarding a general enquiry or a new referral to accommodate a family for a residential parenting assessment.
2. Use of Personal Data
We use the personal data collected for the following purposes:
- To respond to general enquiries submitted via our website, email, or telephone.
- To process and manage new referrals for residential parenting assessments.
- To communicate with you regarding the services we provide.
- To fulfil our contractual and legal obligations related to the services offered.
3. Legal Basis for Processing
We process your personal data based on one or more of the following legal grounds:
- Consent: By providing your personal information via our website, email, or telephone, you consent to the processing of your data for the purposes outlined in this policy
- Legitimate Interests: To effectively manage and respond to your enquiries and referrals in a professional and timely manner.
- Contractual Necessity: To take steps at your request prior to entering into a contract or to fulfil our obligations under a contract with you.
- Legal Obligation: To comply with legal and regulatory requirements.
4. Data Storage and Security
We take the security of your personal data seriously. We implement appropriate technical and organisational measures to protect against unauthorised or unlawful processing, accidental loss, destruction, or damage of personal data.
- Data Storage: Personal data collected through our website, emails, and telephone is stored securely on servers located within the UK.
- Data Retention: We retain personal data only for as long as necessary to fulfil the purposes for which it was collected unless a longer retention period is required or permitted by law. Specific retention periods are determined by our data retention policy and legal requirements.
- Data Security: We employ encryption, access control, and secure communication protocols to safeguard your data. Only authorised personnel have access to personal data, and they are required to maintain its confidentiality.
5. Data Sharing and Disclosure
We do not sell, trade, or otherwise transfer your personal data to outside parties unless we have obtained your consent or are required to do so by law. We may share data with:
- Service Providers: We may engage third-party service providers to assist us in operating our website and services. These providers are obligated to keep your data secure and use it solely for the purposes we specify.
- Legal Obligations: We may disclose your personal data if required by law, such as to comply with a legal process, or governmental request, or to protect the rights, property, or safety of Amber Family Ltd, our clients, or others.
6. International Data Transfers
We do not transfer personal data outside the United Kingdom. If international data transfers are necessary, we will ensure that appropriate safeguards are in place, such as standard contractual clauses, to protect your personal data in accordance with UK GDPR.
7. Your Rights
Under the UK GDPR, you have the following rights regarding your personal data:
- Access: You have the right to request access to the personal data we hold about you.
- Rectification: You have the right to request corrections to your personal data if it is inaccurate or incomplete.
- Erasure: You have the right to request the deletion of your personal data in certain circumstances, such as when it is no longer necessary for the purposes for which it was collected.
- Restriction: You have the right to request the restriction of processing of your personal data in certain circumstances.
- Objection: You have the right to object to the processing of your personal data in certain circumstances, including processing based on legitimate interests or for direct marketing purposes.
- Data Portability: You have the right to request the transfer of your personal data to another organisation in a structured, commonly used, and machine-readable format.
- Withdrawal of Consent: Where processing is based on your consent, you have the right to withdraw that consent at any time.
To exercise any of these rights, please contact us using the contact details provided below. We will respond to your request within one month unless the request is complex or involves a large amount of data.
8. Data Breach Notification
In the unlikely event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify the Information Commissioner's Office (ICO) and, where required, you as the data subject without undue delay.
9. Cookies and Tracking Technologies
Our website may use cookies and other tracking technologies to enhance user experience and gather information about website usage. For detailed information, please refer to our Cookie Policy [CB to add URL to cookie policy once available].
10. Changes to this Policy
We may update this UK GDPR policy from time to time to reflect changes in our practices or legal requirements. Any changes will be posted on this page, and where appropriate, we will notify you via email. Please review this policy periodically for any updates.
11. Protection of Data with Google reCAPTCHA
To protect our website and ensure the security of our online contact form, we use Google reCAPTCHA. This service is implemented to distinguish between human users and automated access (bots), thereby preventing spam and abuse on our site.
- How Google reCAPTCHA Works: When you interact with our contact form, reCAPTCHA may collect information about your device, IP address, and user behaviour (e.g., mouse movements, keystrokes) to verify that the data is being entered by a human. This data is sent to Google for analysis.
- Data Collected by reCAPTCHA: The information collected by reCAPTCHA is used solely for security purposes and to improve the reCAPTCHA service. It is not used for any other purpose, such as personalised advertising.
- Compliance with Google Policies: The use of Google reCAPTCHA is subject to the Google Privacy Policy and Terms of Service. By using the contact form on our site, you acknowledge and agree that the reCAPTCHA service operates under these Google policies.
o Google Privacy Policy and Terms of Service: Privacy Policy – Privacy & Terms – Google
Please note that while reCAPTCHA helps us maintain the security of our website, it does not give us access to any information collected through the service. The data collected by reCAPTCHA is processed by Google and is not stored or accessed by Amber Family Ltd.
If you have concerns about the use of reCAPTCHA and the data it may collect, please refer to the Google Privacy Policy and Terms of Service using the links provided above.
12. Contact Us
If you have any questions or concerns regarding this UK GDPR policy or our data processing practices, or if you wish to exercise your rights, please contact us at:
Amber Family Ltd
Email: office@amberfamily.co.uk
Telephone: 01704 807 170
Address: Unit 21, A.K Business Park, Southport, PR9 7SA
If you are not satisfied with our response or believe we are not processing your personal data in accordance with the law, you have the right to lodge a complaint with the Information Commissioner's Office (ICO): https://ico.org.uk/
By using our website, or contacting us via email or telephone, you acknowledge that you have read, understood, and agree to the terms of this UK GDPR and Data Protection Policy.