Personal information is any information relating to you which can be used to identify you. This includes, but is not limited to, information directly about you (for example your name, address, and date of birth), information about your devices and information about your interactions with our digital services such as our website.
Our website may contain links to third party websites/apps. We have no control over the privacy policies of these 3rd parties. This privacy policy does not extend to cover your use of those services. We advise you to read the privacy policy information of third party websites/apps when you interact with these websites/apps.
Policy version: 2.1
Last updated: 22nd December 2022
Data controller / Data processor
The UK GDPR & EU GDPR distinguishes between organisations that process personal information for their own purposes (“data controllers”) and organisations that process personal information on behalf of other organisations (“data processors”). We are a Data Controller with respect to the personal information you provide to us.
Data we collect
We currently collect and process the following types of information. Please note that the examples provided are not exhaustive.
Personally identifiable data
Data that can directly identify you.
Examples:
- Your name
- Your email address
- Your home address
- Your phone number
- Your date of birth
Recruitment & HR data
Data about your application to join our organisation if you are applying to become an employee or contractor of Expedius Care.
Examples:
- Your CV
- Details about your work history including any gaps in employment
- Details about your qualifications and education experience
- Your answers to our application questions
- Notes on the outcome of your application or interview with us
- Permission to work status
- Career preferences
- Work availability
- National insurance number
- Email communications metadata and content
- History of criminal convictions/prosecutions
- Equality act information: gender, race/ethnic origin and age group
- Enhanced Disclosure and Barring Service check (DBS) outcome
- Details about or copies/scans of identification documents
Device data
Data sent to us by the devices and browsers that you use to interact with: our website and the services and websites of our third party processors.
Examples:
- Device type
- Operating system
- Unique device identifiers
- Device settings
- Geo-location data
Preference data
Data about your preferences in relation to our services and our digital platforms.
Examples:
- Your cookie consent preferences
- Your email marketing preferences
Communications data
Data about communications we have sent to you or received from you. Including the metadata from these communications and the communications content.
Examples:
- Your interactions with our communications, for example information about whether you clicked a link within, or opened an email from us.
- The content of communications between you and Expedius Care.
- The time, date and location of which you accessed communications from Expedius Care.
How we get the personal information and why we have it
There is no statutory or contractual requirement for you to provide personal information to us via this website.
Most of the personal information we process is provided to us directly by you when you:
- Contact us
- Use our website
- Apply for or enquire about one of our job opportunities
- Access email communications from us
We use the information we collect for the following purposes:
- for recruitment of employees and management of employee’s contracts, performance and HR records
- to provide our care services
- to enable website visitors to customise or personalise their experience of our website
- to contact and communicate with employees, partners, suppliers, companies and talent
- for analytics and market research
- for advertising and marketing
- for business development
- to operate and improve our website, applications and digital services
- to enable people to access and use our website, associated applications, and associated social media platforms
- for internal record keeping and administrative purposes
- to comply with our legal obligations and resolve any disputes
- for security and fraud prevention
We may share this information with:
our sub-processors that help us provide our website, products and services to you.
a parent, subsidiary or affiliate of our company
our employees, contractors and agencies who help us manage parts of our business
courts, tribunals, regulatory authorities, and law enforcement agencies, as required by law, in connection with any actual or prospective legal proceedings, or in order to establish, exercise, or defend our legal rights
third parties, including agents or subcontractors who assist us in providing information, products, services, or direct marketing to you
an entity that acquires our business, or to which we transfer all or a substantial amount of our assets and business
Under the UK GDPR and EU GDPR, the lawful bases we rely on for processing this information are:
(a) Your consent
When you give us consent to collect and use your personal information for a specific purpose. You are able to remove your consent at any time. You can do this by contacting admin@expediuscare.com
(b) When we have a contractual obligation
When you have entered or are about to enter into a contract or transaction with us. This allows us to deliver our products and services to you, or work with you to help us deliver our products and services.
(c) When we have a legal obligation
When we may have a legal obligation to disclose or store your personal information. For example this may be the result of a court order, criminal investigation, government request or regulatory obligation.
(d) When there is a vital interest
When in extremely rare circumstances we may be compelled to disclose some of your information for the preservation of life.
(e) When we have a legitimate interest.
A legitimate interest is when we have a legitimate business or commercial reason to use your information. But even then, it must not unfairly go against what is right for you.
Our legitimate interests are:
- Improving the quality of our products and services
- Providing good service and support to our customers
- Developing the range of products and services that our business offers
- Measuring and evaluating the effectiveness of our programmes and campaigns
- Keeping our customers, prospective employees, our employees, our partners and other stakeholders up to date about our employment opportunities, products and services
- Complying with regulations that apply to us
- Being efficient about how we fulfil our legal and contractual duties
- Keeping our services available online
- Protecting our data and the personal data we process from unauthorised access
- Ensuring that our employees or people that apply to work with us are appropriately skilled, qualified and authorised to work in our employment roles
Keeping your information secure
We have put policies and procedures in place to protect the personal data that we process.
Although we try our best to protect the personal information we collect, we cannot guarantee that any transmission method, storage solutions or protocol is 100% secure. No approach can guarantee absolute data security.
How long we keep your personal data for
Our general policy is to keep your personal data only for as long as we need it to fulfil our processing tasks. When we no longer require your information we will schedule it for deletion. We may require a period of administrative time up to 6 months in order to process the deletion of your data.
Our policy for job application data:
It is securely destroyed six months after the completion of any application.
Our policy for general enquiry data:
It is securely destroyed six months after the completion of any enquiry.
If you apply for a job role with us and agree that you want us to retain your details in order to contact you about future employment opportunities with us or our affiliated companies then we may hold your data for longer than the standard six months period.
If necessary, we may keep your personal information even after the need to fulfil our main processing tasks has expired, in order to comply with our legal, accounting or reporting requirements.
We may also retain anonymised information relating to your interactions with Expedius Care for research or statistical purposes.
Children’s privacy
We do not provide services directly to children via this website or proactively collect their personal information via this website.
Changes to this policy
We keep our privacy notice under regular review to make sure it is up to date and accurate. We advise you to check this policy regularly.
If we update our policy and determine that consent is required for a new or updated processing activity we will seek your permission and give you the opportunity to opt in or opt out of the processing.
International transfers of personal information
The personal information we collect is stored and/or processed in:
Covered by adequacy:
- United Kingdom
- European Union
Requires additional safeguards:
- United States
The countries to which we transfer your personal information may not have the same standard of data protection laws as the country in which you initially provided the information.
If we transfer your personal information to countries that do not have a valid adequacy agreement under the UK GDPR then we will put in place additional safeguards with the organisations that are processing personal data for us in those locations. Typically these safeguards will include SCCs (Standard Contractual Clauses) or IDTAs (International Data Transfer Agreements). These are a set of clauses, added to data processing agreements or the policies of our sub-processors that outline how data will be protected.
You may request a copy of the safeguards we use to protect your data when transferring it outside of the UK by contacting info@expediuscare.com
These safeguards will aim to protect your data to an equivalent level as would be applied within the UK.
Our subprocessors
This list covers our main subprocessors. It is not exhaustive.
Service | Service purpose | Data location |
Microsoft Corporation | Email account management, document creation and storage. | US, EU & UK |
Mailchimp | Email marketing tool. Used to send our newsletter(s). | US |
Your data protection rights
Under data protection law, you have rights including:
Your right of access
You have the right to ask us for copies of your personal information.
Your right to rectification
You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
Your right to erasure
You have the right to ask us to erase your personal information in certain circumstances.
Your right to restriction of processing
You have the right to ask us to restrict the processing of your personal information in certain circumstances.
Your right to object to processing
You have the right to object to the processing of your personal information in certain circumstances.
Your right to data portability
You have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances.
You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you.
Please contact us at info@expediuscare.com if you wish to exercise any of your rights.
Further disclosures
Social media
Expedius Care uses social media to tell people about our organisation. Personal information handled by social media platforms is subject to the terms and conditions of the site owners, who may act as data controllers. If you interact with our social media accounts, you may want to review the following privacy policies:
Meta’s Privacy Policy (Includes Facebook and Instagram)
Google’s Privacy Policy (Includes YouTube)
to learn how your data may be used. Expedius Care and its affiliated companies’ employees and contractors manage our social media profiles. Third-party comments, links, and content are not the responsibility of Expedius.
Log Data
When you visit our website or other digital properties, our servers may log the data provided by your browser. This may include your device’s Internet Protocol (IP) address, browser type and version, the webpage you have visited, the visit metadata which includes the time and date of your visit, how long you interacted with the page and how long your device took to download all the required content on the page.
Additionally, any technical errors you may experience when browsing our website or other digital properties may trigger additional data collection from our servers. This data may include details about your device and browser, metadata including the time and date of the error, what you were trying to do when the error happened, and other technical information relating to the error.
This information may not be personally identified on its own, however it is possible that if the information was combined with other information gathered by Expedius Care, or information gathered by third parties that you could be personally identified.
Our servers collect this information to help us deliver a performant and secure online service.
Managing your newsletter permissions
You may be included in one of our general newsletter lists. We hope you enjoy receiving communications from us but if you would like to update your settings you can:
- Click on either the unsubscribe or manage preferences links included in the footer of our email messages.
- Contact our team via email at info@expediuscare.com
We may need to request information from you to help us confirm your identity. If you opt-out from communications, we may retain some parts of your personal information to maintain our do not contact (suppression) lists.
Our use of cookies and similar technologies
We use some ‘cookies’ on this website. You can find our detailed information about the types of cookies we use and how you can manage them in our cookie policy.
Making a complaint
You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to answer your concerns before you approach the ICO so please contact us in the first instance.
Contact us about your data
For any questions or concerns regarding your data privacy, you may contact us using the following details: