Privacy and Cookies Policy


We ask that you read this privacy notice carefully as it contains important information on who we are, how and why we collect, store, use and share personal information, your rights in relation to your personal information and on how to contact us and other organisations in the event you have a complaint. Please see the section on ‘Your rights’ for more information.


We are Zander Mackenzie Care U.K. Limited. In order that we can provide care and support services to the people we support, we collect and use certain personal information about you.

Personal information means any information about you from which you can be identified, but it does not include information where your identity has been removed (anonymised data).

As the ‘controller’ of personal information, we are responsible for how that data is managed. The General Data Protection Regulation (“GDPR”), which applies in the United Kingdom and across the European Union, sets out our obligations to you and your rights in respect of how we manage your personal information.

As the ‘controller’ of your personal information, we will ensure that the personal information we hold about you is:

Used lawfully, fairly and in a transparent way.

Relevant to the purposes we have told you about and limited only to those purposes.

Accurate and kept up to date.

Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes.

Kept only as long as necessary for the purposes we have told you about.

Kept securely.

The personal information we collect and use in relation to people who enquire about and use our services

Information collected by us

When you enquire about our care and support services and during the course of providing care and support services to you, we collect the following personal information when you provide it to us:

your name, home address, date of birth and contact details (including your telephone number, email address) and emergency contacts (i.e name, relationship and home and mobile numbers)

your allergies and any medical, physical or mental conditions and in particular your care needs

your likes, dislikes and lifestyle preferences (including your religious beliefs or other beliefs of a similar nature, or ethnic origin, politics, genetics

credit or direct debit details (if you pay for some or all of our services using one of these methods)

Photo’s for identification purposes.

Information collected from other sources

We also obtain personal information from other sources such as:

your allergies and any medical, physical or mental conditions and in particular your care and support needs, from any appropriate external social or health care professionals (including your GP)

your name, home address, date of birth, contact details, needs assessments and financial assessments from any appropriate external social or health care professionals (including any relevant public body regardless of whether you are publicly funded)

your likes, dislikes and lifestyle preferences (including your religious beliefs or other beliefs of a similar nature, ethnic origin, politics, genetics from your family, friends and any other person you have nominated as your representative

your Solicitor (if applicable)

Advocate (if applicable)

How we use your personal information

We use your personal information to:

  • • prepare, review and update a suitable care plan, describing the nature and level of care and support services which you have requested we supply to you
  • • to communicate with you, your representatives and any appropriate external social or health care professionals about your individual needs and personalise the service delivered to you
  • • make reasonable adjustments, when required, to meet your individual needs and to ensure we have suitable facilities to ensure your safety
  • • invoice you for the care and support services in accordance with our terms and conditions
  • • carry out quality assurance procedures, review our service and improve our customer experience

Who we share your personal information with

We regularly share your medical information with appropriate external social or health care professionals (including your GP and pharmacist) and any individuals you have nominated as your representative. This data sharing enables us to establish the type of care and support you need. It also allows us to design the right care package to suit your individual circumstances, including if (in future) you decide to receive care from an alternative provider.

We will share personal information with law enforcement or other authorities if required by law. This includes information required by public bodies to evidence our compliance with the applicable regulatory framework. We are also required to share personal information with external social or health care professionals, including public bodies and local safeguarding groups (in some circumstances) to ensure your safety.

We will not share, sell or trade your personal information with any other third party.

Recipients of Data

we will hold the personal information kept within your client file for the duration of the service and 3 years afterwards as required by law.

we will hold the personal information kept within our feedback procedure for 6 years so that we can identify trends and patterns in our service.

The personal information we hold

Reasons we can collect and use your personal information

We rely on the following grounds within the GDPR:

Article 6(1)(b) – processing is necessary for the performance of our contracts to provide individuals with care and support services

Article 6(1)(c) – processing is necessary for us to demonstrate compliance with our regulatory framework and the law

Article 9(2)(h) – processing is necessary for the provision of social care or the management of social care systems and services

as the lawful basis on which we collect and use your personal data and special category data (such as your health).


We take every precaution to protect our users’ information, including:

Only storing your personal data on our secure server and third-party systems that meet our security recommendations;

Anti-virus / malware / spyware and firewall protection is in place and regularly updated to minimise the risk of unauthorised access to our systems;

Email, calendars, contracts & tasks processed through Office 365 software;

All staff accounts are password protected and all mobile devices (company registered laptops and mobile phones) are encrypted;

All our files are securely backed up to the Cloud;

Our staff receive regular data security awareness training

Paper records are kept to a minimum and stored in locked filing cabinets on our secure office premises.

Only employees who need the information to perform a specific job (for example, our Consultants, Compliance and Payroll staff) are granted access to your information.

Your rights in relation to your data

In line with the Data Protection Act 2018 and the General Data Protection Regulation (GDPR), you are able to find out what information we hold about you and correct any information which you believe is incorrect.

The right to be informed

Through the provision of our Privacy and cookies policy, we will be open and transparent about how and why we use your personal information.

The right of access to personal data

You have a right to ask us what personal information we hold about you and to request a copy of your information. This is known as a ‘Data subject access request’ (SAR).

Subject Access Requests need to be made in writing (we have a subject access form you can use for this purpose), and we ask that your written request is accompanied by proof of your address and identify. If you would like a copy of the personal information we hold about you, please email: info@zandermackenziecareuk.org. We will tell you as soon as possible if we require more information from you. If we are unable to meet your request, we will explain why.

Alternatively, you can make a request in writing to: Data Protection Officer, Zander Mackenzie Care U.K. Ltd, 7 High Street, Gravesend, Kent, DA11 0BQ. If you are seeking to obtain specific information (for example about a particular matter or from a particular time period), it helps if you clarify the details of what you would like to receive in your written request.

The right to rectification

You can ask us to rectify your personal data if it is inaccurate or incomplete. Please help us to keep our records accurate by keeping us informed if your details change.

The right to erasure

We take every precaution to protect our users’ information, including:

The right to erasure is also known as ‘the right to be forgotten’. In some circumstances, you can ask us to delete or remove personal data where there is no compelling reason for its continued processing. This is not an absolute right, and we will need to consider the circumstances of any such request and balance this against our need to continue processing the data. Our response will also be guided by the provisions of our retention schedule.

The right to restrict processing

In some circumstances, you can ask us to restrict processing. For example:

If you disagree with the accuracy of personal data

If we’re processing your data on the grounds of legitimate interests (as detailed earlier), and whilst we consider whether our legitimate grounds override those of yours.

The right to data portability

If the situation arises where it would be helpful for you to move, copy or transfer personal data we hold about you across different services, you may be able to ask us to do this. Please contact us to discuss.

The right to object to marketing

You can tell us if you object to our processing of your personal data:

Based on legitimate interests

For the purpose of direct marketing (including profiling).

Rights in relation to automated decision making and profiling

You can ask us to review any decisions that are determined by automated means. You can also object to our use of your personal data for profiling.

If you’d like to talk to us about your rights, you can contact us at info@zandermackenziecareuk.org. Alternatively, if, for any reason, you are not happy with our response, you are able to contact the regulatory body: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, CK9 5AF or telephone: 0303 123 1113.

Cookies – what they are and how we use them

Cookies are data files that are stored on your computer or other device when you use a website. Cookies allow our computer servers to collect information from your computer or device about how you interact with our website.

We will use this information:

  • • to administer our site and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;
  • • to improve our site to ensure that content is presented in the most effective manner for you and for your computer;
  • • to allow you to participate in interactive features of our service, when you choose to do so;as part of our efforts to keep our site safe and secure;
  • • to measure or understand the effectiveness of advertising we serve to you and others, and to deliver relevant advertising to you;
  • • to make suggestions and recommendations to you and other users of our site about goods or services that may interest you or them.

Changes to our Privacy and Cookies Policy

We have the right to update our Privacy Notice if there are changes in the law or to reflect changes or developments made on our website.

If you have any questions about our Privacy Notice please contact: info@zandermackenziecareuk.org

This Privacy and cookies policy was last updated on 9 May 2022.