Privacy Policy - Macro Healthcare

Privacy Policy (UK)

Who we are

Macro Healthcare Ltd (“we”, “us”, “our”) provides domiciliary care services and nursing agency staffing services. We are a data controller for personal information we collect and use.

Contact (Data Protection):
Email: info@macrohealthcare.co.uk

This Privacy Policy explains how we collect, use, store, share and protect personal information, and the rights available to individuals under the UK GDPR and the Data Protection Act 2018.

What this policy covers

This policy applies to personal information relating to:

People who use our services (service users) and their representatives (family, advocates, attorneys).
Job applicants, workers, employees, contractors, nurses, carers and other staff.
Clients (e.g., care recipients, commissioning bodies, care providers, healthcare organisations) and their contacts.
Website users and people contacting us (by email, phone, forms, or social media).
Suppliers and professional advisers.

Personal information we collect

We may collect the following categories (depending on your relationship with us):

3.1 Standard personal information

Name, date of birth, address, email, phone number.
Identification and “right to work” information (for recruitment and onboarding).
Emergency contacts and next of kin details.
Role, qualifications, training records, employment history (for staff).
Timesheets, rota details, payroll-related information.
Communications with us (emails, calls, complaint correspondence).
Website usage information (see Cookies Policy).

3.2 Special category and sensitive information (where relevant)

Because we operate in health and care, we may process:

Health information and care needs (service users; occupational health where relevant).
Information about safeguarding concerns, incidents, accidents.
DBS status and suitability information (staff/agency workers).
Equality and diversity information (where collected lawfully for monitoring).

Special category data requires additional legal conditions under the UK GDPR. ICO

How we collect personal information

We collect information:

Directly from you (forms, phone, email, applications).
From representatives (family, advocates, attorneys) where appropriate.
From third parties (e.g., referees, training providers, recruitment portals, commissioning bodies).
From publicly available sources (limited checks where relevant).
From operational records created while delivering care or providing staffing services.

Why we use personal information (purposes)

We use personal information to:

Provide domiciliary care services safely and effectively.
Deliver nursing agency services (recruitment, placement, scheduling, compliance).
Manage safeguarding, incidents, complaints, clinical governance and quality improvement.
Recruit, onboard and manage staff and agency workers.
Meet legal and regulatory obligations (employment, tax, safeguarding, health and safety).
Communicate with you and respond to enquiries.
Administer our business (contracts, invoicing, audits, insurance, legal advice).
Maintain website functionality and security.

Lawful bases for processing

We process personal information under one or more lawful bases under the UK GDPR, including:

Contract: to deliver services to clients/service users or manage employment/engagement.
Legal obligation: to comply with UK law (e.g., employment, safeguarding, taxation).
Vital interests: where necessary to protect someone’s life (e.g., emergencies).
Public task: where applicable in health and social care contexts.
Legitimate interests: to run our business responsibly (balanced against your rights).
Consent: where required (e.g., certain marketing; some optional data collection).

For special category data, we rely on additional UK GDPR conditions (e.g., health/social care management, safeguarding, employment law obligations, substantial public interest) where applicable. ICO

Consent and safeguarding (service users)

Where appropriate and safe, we seek informed consent for sharing information. Where consent is not appropriate or cannot be obtained, we may share information without consent if required to protect a person from harm, prevent crime, comply with a legal obligation, or where the person lacks capacity and sharing is in their best interests, with appropriate safeguards and documentation. (This aligns with UK GDPR principles and safeguarding practice.)

Who we share personal information with

We may share information with:

Health and social care professionals involved in care.
Local authorities/safeguarding teams and the police where required.
Clients/commissioners (where relevant to the service provided).
Payroll providers, accountants and HMRC (for payments and compliance).
IT service providers (email, secure storage, HR systems).
Training providers (where necessary for compliance/training records).
Insurers, legal advisers, auditors.
Regulators and official bodies where legally required.

We only share what is necessary, and we apply confidentiality and data protection safeguards.

International transfers

If any of our service providers store data outside the UK, we will ensure appropriate safeguards are in place (e.g., adequacy regulations or approved contractual clauses) as required under UK GDPR. ICO

Data security

We use appropriate technical and organisational measures to protect personal information, including access controls, authentication, staff confidentiality obligations, secure storage, and procedures for reporting and managing data incidents.

How long we keep personal information (retention)

We retain personal information only as long as necessary for the purposes described above, including legal, regulatory, safeguarding and insurance requirements. Retention periods vary by record type (e.g., care records, recruitment records, payroll, incident logs). You can request our retention schedule by emailing info@macrohealthcare.co.uk.

Your rights

Under the UK GDPR, you may have rights including:

Right to be informed (privacy information).
Right of access (subject access request).
Right to rectification.
Right to erasure (in certain circumstances).
Right to restrict processing.
Right to data portability (in certain circumstances).
Right to object (including to direct marketing).
Rights related to automated decision-making (if used).

The ICO sets expectations for the privacy information organisations should provide and individuals’ rights.

How to make a request or complaint

To exercise rights or raise a concern:
Email info@macrohealthcare.co.uk with “Data Protection Request” in the subject.

You also have the right to complain to the Information Commissioner’s Office (ICO) (UK regulator for data protection).

Changes to this policy

We may update this policy from time to time. The latest version will be published on our website with an updated effective date.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

13 Commerce Square

0333 0907068

info@macrohealthcare.co.uk

Privacy Policy (UK)

Contact us

Head Office

Opening Times

Follow us on Social Media