Privacy Policy

 Your personal data and privacy matters

This policy tells you what happens to any personal data that you give to us or that we collect from or about you.

Like you, we care about how companies look after their customers’ information. We aim to be open and transparent about what we information collect and how we use it and we’re committed to safeguarding your personal data and protecting your privacy.

Use the links below to find out about how we use your personal information.

1. How this privacy policy applies to you
2. Who we are
3. Our Data Protection Officer (DPO)
4. Who is involved in our collection, handling and use of your personal data?
5. What kind of personal data do we collect?
6. How do we collect your personal data ?
7. Do you have to provide the information that we have requested from you?
8. What do we do with your personal data?
9. With whom do we share your personal data?
10. What are the legal grounds for our collection, handling, use and sharing of your personal data?
11. Where we send your personal to for storage or other specific purposes;
12. How we look after your personal data;
13. How long we will keep your personal data for;
14. what your legal rights are in respect of the activities listed above

1. How this privacy policy applies to you

This privacy policy applies to:

• your use of our website, whether as a visitor or as an actual or prospective user or customer;
• your receipt of our services as a user or customer.

Any notices or statements relating to data, data protection, fair processing and/or privacy that we may issue at the time of collecting personal data about you will supplement this privacy policy.  They are not intended to override it.

We may change this privacy policy from time to time to reflect changes in the law and/or our personal data handling and data protection practices.

We encourage you to check this privacy policy for changes whenever you visit our website, as we may not always notify you of the changes.

It is important that the personal data we hold about you is accurate and current.

Please keep us informed if your personal data changes during your relationship with us.

2. Who we are

We are Terry’s Place of Home Care House, Madgwick Ln, Chichester PO18 0FB.

We are the data controller of your personal data.

We will refer to ourselves in this privacy notice in the first person, e.g. “we”, “us” and “our”.

3. Our Data Protection Officer (DPO)?

We have appointed a DPO who is responsible for overseeing questions in relation to this privacy policy.  If you have any questions about this privacy notice, including any requests to exercise your legal rights relating to your personal data, please contact the DPO using the details set out below.

You can contact us and our DPO for any query about how your personal data is being used:

• By email: dpo@terrysplace.org
• By telephone: 01243 682060
• By post: Terry’s Place, Home Care House, Madgwick Ln, Chichester PO18 0FB, (please mark it for the attention of the DPO)
• via the Contact Us section on our website.

4. Who is involved in our collection, handling and use of your personal data

• Third party service providers: we may instruct third parties to assist us to collect, handle and use your personal data on our behalf.  Those third parties will carry out those activities in accordance with this privacy policy.

A list of the current third party service provides that we use, when we use them and what we use them for is set out in Appendix 1.  We will update this list from time to time.

• Third party hyperlinks & connectors: our website and/or services may include links to third party websites, plug-ins and applications. Clicking on those links, or enabling those connections, may allow third parties to collect or share data about you.  We do not control these third parties and are not responsible for their data protection compliance.  When you leave our website or connect to a third party from us, we encourage you to read their privacy policy or notice.

5. What kind of personal data do we collect?

Personal data means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).

We will collect, use, store and transfer the different kinds of personal data and associated information about you which we have grouped together below.

We refer generically to that personal data and associated information in this privacy policy as “personal data”.

Important note: if you wish to open a multi-holder policy through us, we will collect, use, store and transfer the same information in relation to the other policyholders, some of which we will need you to provide.  In this case, please inform them that you will do this and direct to them to this privacy policy.  Any references in this privacy policy to your personal data, personal data about you or personal from you shall include the information of and from the other policyholders as well as your own:

• Identity Data, which includes your title, first name, maiden name, last name, date of birth, gender, nationality (and, if you are not British, your residency and citizenship status and length of residency in the UK), marital status and number of dependents;
• Contact Data, which includes your billing address, delivery address, email address and telephone numbers and contact details history;
• Technical Data, which includes your internet protocol (IP) address, MAC address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, mobile phone location data and other technology on the devices you use to access this website;
• Profile Data, which may include usernames and passwords, interests and preferences and other insights or determinants that we have gained from our analysis and profiling of our customers; rest assured any password you may have with us is fully encrypted and we don’t access to it:
• Usage Data, which includes information about: the products and services you have shown an interest in and those that you have ordered or bought from us or our business partners and suppliers (such as insurance policies from insurers); how you use those, including whether you have made any claims under them; and how you have used and navigated around our website. We will also keep records of your contact with us and any feedback and survey responses that you have submitted; and
• Marketing and Communications Data, which includes your preferences in receiving marketing from us and our third parties and your communication preferences.

We also collect, handle, use and share:

• Aggregated data such as statistical or demographic data for any purpose. Aggregated Data may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific website However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy notice; and
• Anonymised data is data created from your personal data where your identity has been removed.

We do not collect any Special Categories of Personal Data about you, which includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data.

We do not intentionally collect personal data relating to children.

6. How do we collect your personal data?

We use different methods to collect personal data from and about you, including through:

• Direct interactions – you may give us your Identity and Contact by filling in our web forms or by corresponding with us by post, phone, email or otherwise. This includes personal data you provide, or which is generated about you, when you:

• apply for our products or services;
• create an account with us;
• use our products and services;
• subscribe to our publications;
• request marketing to be sent to you;
• enter a competition, promotion or survey; and/or
• give us some feedback.

• Automated technologies or interactions – as you interact with our website, we may automatically collect Technical Data about your equipment, browsing actions and patterns. We collect this personal data by using cookies, server logs and other similar technologies. (We may also receive Technical Data about you if you visit other websites employing our cookies. Please see our Cookies Policy for further details);

• Third parties or publicly available sources – we may receive (as part of the provision of a commercial service) personal data about you from various third parties and public sources as set out below:

• Identity, Contact Data and Profile Data from data brokers or aggregators based inside OR outside the EU
• Identity and Contact Data from publicly availably sources such as Companies House and the Electoral Register based inside the EU;
• Technical Data from the following parties:
  • analytics providers such as Google based outside the EU;
  • advertising networks such as DoubleClick based inside or outside the EU; and
  • search information providers such as Google based inside or outside the EU.

7. Do you have to provide the information that we have requested from you?

If you don’t provide certain information to us, we won’t be able to provide you with our products or services.

We’ll make this clear to you which information is optional to provide.

8. What do we do with your personal data?

We will only use your personal data when the law allows us to.  Most commonly, we will use your personal data in the following circumstances:

• where we need to perform the contract we are about to enter into or have entered into with you;
• where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests; and
• where we need to comply with a legal or regulatory obligation.

We have set out in Section 13 a description of what we will specifically do with your personal data and our legal justification for doing so.

We set out below some general personal data handling activities that we also carry out in respect of our customers’ and prospective customers’ personal data:

• Marketing preferences – where you tell us you are happy to receive information from us we may send you communications from Terry’s Place which may include the following:
  • Newsletters;
  • emails about the services we offer and new product launches;
  • alerts/notifications to help you manage your products with us
  • reminders when your products may be due for renewal; and
  • opportunities to participate in market research.

Depending on the contact preferences you select, we will communicate with you by post, telephone, SMS, email or other electronic means such as via social and digital media.

We will provide you with information, products or services that you request from us, or which we feel may interest you, where you have consented to be contacted for such purposes.

We may use your Usage Data to help ensure that this messaging is personalised and relevant to you.

• Cookies – we may also use your Technical Data to allow us to show you adverts while you are on-line that are relevant to you. Sometimes, we will use cookies to do this and you can find out more about this and how to turn off cookies by reading our Cookies Policy.

You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies.  If you disable or refuse cookies, please note that some parts of this website may become inaccessible or not function properly.

• Promotional offers from us – we may use your Identity, Contact, Technical, Usage and Profile Data to form a view on what we think you may want or need, or what may be of interest to you. This is how we decide which products, services and offers may be relevant for you.

You will receive promotional communications from us if you have:

• requested information from us
• purchased services from us
• or if you provided us with your details when you entered a competition or registered for a promotion

and, in each case, you have not opted out of receiving that promotion.

• Third party marketing – we will obtain your express opt-in consent before we share your personal data with any company outside our organisation or group of companies for marketing purposes.

• Monitoring purposes – this activity refers to listening, recording, viewing, intercepting or taking and keeping records (as the case may be) of calls, email, text messages, social media messages, in person (face to face) meetings and other communications between us.

We’ll do this where the law requires it, to comply with regulation, to prevent or detect crime, in the interests of protecting the security of our communications systems and procedures and for quality control and staff training purposes.  This information will be shared only for the purposes described above.

• Preferences – we strive to provide you with choices regarding certain personal data uses, particularly around marketing and advertising. You can change your preferences at any time by contact us: info@terrysplace.org

• Opting out/withdrawing consent – you can ask us or those third parties to stop sending you promotional or marketing messages at any time by following the opt-out links on any promotional or marketing message sent to you or by contacting us at any time.

Where you opt out of receiving these promotional or marketing messages, this will not apply to personal data provided to us as a result of a purchase or other transaction with us.

• Change of purpose – we will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the handling and processing for the new purpose is compatible with the original purpose, please contact us.

If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

9. With whom do we share your personal data?

We may share your personal data with the following entities for the purposes set out in Section 13 and as set out in Appendix 1:

• our insurers, fraud prevention agencies or organisations, credit reference agencies, publicly available directories and information (for example, social media and the internet), debt recovery and/or tracing agents, other organisations who assist in the prevention and detection of crime, including the police and law enforcement agencies;

• market research organisations who help us to develop and improve our products and services;

• the entities listed in Appendix 1; and

• third parties to whom we may choose to sell, transfer, or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them.  If a change happens to our business, then the new owners may use your personal data in the same way as set out in this privacy policy; and

We require all third parties to respect the security of your personal data and to treat it in accordance with the law.

We do not allow our third party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions, which includes this privacy policy

10. What are the legal grounds for our collection, handling, use and sharing of your personal data?

We rely on the following legal bases to use your personal data:

1. i) Where it is needed to provide you with our products or services, such as:
2. a) Assessing an application for a product or service you hold with us
3. b) Managing products and services you hold with us, or an application for one
   c) Updating your records
   d) Sharing your personal information with business partners and services providers
   e) All stages and activities relevant to managing the product or service including enquiry, application and administration
4. Whereit is in our legitimate interests to do so, such as:
5. a) Managing your services and updating your records
   b) To perform and/or test the performance of, our products, services and internal processes
   c) To follow guidance and recommended best practice of government and regulatory bodies
   d) For management and audit of our business operations including accountingf) To carry out monitoring and to keep records of our communications with you and our staff (see below)h) For market research and analysis and developing statistics
   i) For direct marketing communications and related profiling to help us to offer you relevant products and services, including deciding whether or not to offer you certain products and service. We will send marketing to you by SMS, email, phone, post and social media and digital channels (for example, using Facebook Custom Audiences and Google Custom Match)
   j) Subject to the appropriate controls, to provide insight and analysis of our customers to business partners either as part of providing products or services, helping us improve products or services, or to assess or to improve the operating of our businesses
   k) For some of our profiling and other automated decision making
   l) Where we need to share your personal information with people or organisations in order to run our business or comply with any legal and/or regulatory obligations

1. To comply with our legal obligations
2. With your consent or explicit consent:

1. a) For some direct marketing communications
   b) For some of our profiling and other automated decision making
   c) For some of our processing of special categories of personal data such as about your health, if you are a vulnerable customer or some criminal records information

1. For a public interest, such as:

1. a) Processing of your special categories of personal data such as about your health, criminal records information (including alleged offences), or if you are a vulnerable customer.

11. Where do we send your personal data to for storage or other specific purposes?

We’re based in the UK and will not generaly transfer your personal data outside the EEA.

If we do so we’ll make sure that suitable safeguards are in place, for example by using approved contractual agreements, unless certain exceptions apply.

We will provide you with details of the safeguards that we have implemented, if you would like to know what they are.

12. How will we look after your personal data?

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an authorised way, altered or disclosed.

In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know.  They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable supervisory authority where we are legal required to do so.

13. How long will we keep your personal data for?

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we handle your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

By law we have to keep basic information about our customers (including Contact, Identity, Financial and Transaction Data) for 6 years after they cease being customers for insurer subrogation and legal claims purposes.

In some circumstances, you can ask us to delete your data.  Please see the Right of erasure below for further information.

In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.

14. What are your legal rights in respect of your personal data that we handle?

We set out below a list of the legal rights that all individuals have under data protection laws in relation to our handling of your personal data.  They don’t apply in all circumstances:

• Right to be informed – about your personal data and details of the handling and processing of that personal data and information, including the safeguards used to protect any of your personal data in the event that we transfer it outside the EEA;
• Right of access – to your personal data and to obtain information about how we handle and process it;
• Right to have inaccuracies corrected – this is a right to have your personal data corrected if it is inaccurate and to have incomplete personal data completed;
• Right of erasure – of your personal data, which is also known as the “right to be forgotten”;
• Right to restrict handling and processing – of your personal data, which includes requesting us to suppress your personal data file;
• Right to move, copy or transfer– your personal data to another organisation, also known as “data portability”;
• Right to object – to the handling and processing of your personal data for certain purposes, in particular to personal data processed for direct marketing purposes and to personal data that is handled and processed for certain reasons based on our legitimate interests;
• Right to withdraw consent – you may withdraw any consent or permission that you have previously provided to us in relation to our handling and processing of your personal data, such as for the purposes of marketing by electronic means;
• Rights in relation to automated decision making – where such automated decision making has a legal effect on you or otherwise significantly affects you; and
• Right to complain – in all circumstances, you may complain to:

• • us in relation to the handling of your personal data; or
  • the Information Commissioner’s Office which enforces data protection laws, whose contact details are set out on www.ico.org.uk.

Procedure to exercise your legal rights

• Contact us – if you wish to exercise any of your legal rights please [access our preferences portal]. Where you are not able to exercise the legal right that you want to via that method, please contact us.  In this instance, we’ll explain first whether or not the right you wish to exercise applies.

• Fees – you will not have to pay a fee to access your personal data or to exercise any other rights that apply. We may, however, charge a reasonable fee if your request is clearly unfounded, repetitive or excessive.  Alternatively, we may refuse to comply with your request in these circumstances.

• Our request for further information – we may need to request certain information from you to help us confirm your identity and ensure that your right to access your personal data (or to exercise any of your other rights that apply. This is a security measure to ensure that any personal data is not disclosed to any persona who has not right to receive it.  We may also contact you to ask you for further information in relation to your request to speed up our response.

• Response time – we will respond to all legitimate requests as soon as we can. It should not take longer than a month to do so.  Occasionally, it may take us longer than a month if your request is particularly complex or you have made a number of requests.  In this case, we will notify you and keep you updated.

Appendix 1

List of third party service providers

• Data storage providers –

• Visitors to our websites – when someone visits terrysplace.org, we use a third party service, [Google Analytics], to collect standard internet log information and details of visitor behaviour patterns. We do this to find out things such as the number of visitors to the various parts of the site.  This information is only processed in a way which does not identify anyone. We do not make, and do not allow Google to make, any attempt to find out the identities of those visiting our website. If we do want to collect personally identifiable information through our website, we will be up front about this. We will make it clear when we collect personal information and will explain what we intend to do with it; We may add additional 3rd party services in order to optimise our operations that will not need to capture personal data, but anonymous browsing data will be used. If personal data is required we will make you aware and you will have the option to be excluded, in which case you may not experience the same level of quality from the customer experience.

• Cookies collection – We use cookies and local Storage on our website to help us maintain a consistent experience for you when you return to the application. This is also used to set up and maintain temporary data stores to facilitate the successful completion of a quote on your behalf. 3rd party cookies are also stored and the details of each of these can be found in our cookie policy.

• Search engine within our websites – Our web experience may include both onsite (local) search functions and integrate 3rd party hosted solutions to deliver more robust search capabilities. We may add new search capabilities to help with your experience as a customer and facilitate better anonymous analytics as a business operation. We would use this data to discover where we can offer better experience and more useful information to you and to aid our business team in planning new features/products/services that would be useful to our community. These tools may record locational data which will not be of a personal nature, but rather of a regional aggregated nature. If we decide to include the capture of personal data in these functions in future it will be to help us increase the quality of service offering and deliver better business solutions to our customers and you will be informed of these changes. Additionally, any changes of this nature will be highlighted in the experience so that you are aware of them before you agree to continue using them. Also, we may add functionality in future that will allow you to continue using these services and be able to choose whether you would like to allow personal data to be captured or not. We will make it clear to you how you will benefit from the capture of personal data if this is the case.

• E-newsletter – You may choose to opt-in to subscribe to our newsletter services which we serve to you via a 3rd party system. Your personal data is held securely on their platform and you may receive communications from us from time to time. We may introduce further capabilities to segment the communications you receive from us to give you more fine-grained control over time.
• Logs/Audits – for our business to function we may use your personal interactions to create anonymised, timestamped logs for our own business analytics. These will not contain any personal data once processed. Additionally we will record interactions with you and securely hold these logs as proof of business conducted with you. These are personally identifiable records and will remain protected and not shared with third parties excepting the use of 3rd party business systems to securely and properly manage the data (expressly Google Cloud Platform and Infusionsoft). Additionally we may choose to engage with other 3rd parties to perform the same data protection and management and will require from them a robust capability to secure and protect your data although we will not be responsible for their performance. Each provider can be contacted by you to find out more information on how they manage and secure your data. We recognise also that it will be our responsibility to engineer systems and solutions to ensure the safety of your data and we will make all efforts to do so. You may find from time to time that we may update our policies and send you notification of how we are taking steps to add more functionality as well as protect your data.

• Online reporting tool – Terry’s Place uses online data reporting tools to conduct business and efficiency analysis as well as planning new products and services. None of these systems will contain specific personal data, but will use aggregated anonymised data intended to help our business improve efficiencies and provide better services. We may use our anonymised results to engage with 3rd parties with the purpose of defining and creating better products and services. We may in future choose to analyse personal data for the purposes of creating bespoke products for your individual circumstances. As and when we plan to do this we will tell you about how we will use your data, who will be able to access it and for how long, security measures we are taking to ensure your privacy and the aims and benefits we are creating for you. You will also be asked before we proceed if you wish to be part of any programmes of this nature and we will require your explicit opt in before we continue.

• Security – All data is secured by our third part IT support provide All personal data shared with 3rd parties is sent using encryption and secure authorisations so that only services intended within our operations can send and receive private data. This includes data sent and received by Terry’s Place.

• Contacting us via social media – We monitor our social media channels and will try and reply to queries where relevant and coherent as soon as we can. We may PM you if it is a sensitive topic in order to resolve your matter privately. Any communications through social media are owned by the social media channel provider and we cannot guarantee that a request to remove all your data may be fulfilled and neither are we responsible for doing so. If you wish to clear historical conversation data or other personal data you should contact the social media channel provider directly.