What information we collect and how we use it

We collect information to enable us to carry out our care advice services for you. We only collect information that you provide. This information may include identity data, contact data, health data and financial data. We only use this information to enable us to carry out our work.

​

Our name and contact details

Grace Consulting is a trading name of Cain and Paton Limited, registered company number 1961181.

 

Our Data Protection Officer

Grace Consulting has a Data Protection Officer, who can be contacted in the following ways should you have any questions, complaints or feedback about your privacy.

​

Email:

david.nugent@graceconsulting.co.uk

​

Mail:
Data Protection Officer
Grace Consulting
23 Kings Road
The Street
Shalford
Surrey
GU4 8JU

​

Our lawful base for processing your personal data

​

We have a number of lawful reasons for using (or 'processing') your personal data.

One of our lawful reasons, in accordance with Article 6 of the UK GDPR, is that you have given us consent to process your personal data for the purpose of delivering our service to you.

Another of our lawful reasons is called 'legitimate interests'.

Broadly speaking, legitimate interests means that we can process your personal information if we have a genuine and legitimate reason to do so and we are not harming any of your rights and interests.

The following are some examples of when and why we would use this approach during our normal course of business:

• To improve and enhance our services: When we do process your data, we will use it to benefit you and to make your experience better and to improve our services.

• Your best interest: Processing your information to protect you when using our website and to ensure our websites and systems are secure.

• Personalisation: Where the processing enables us to enhance, modify, personalise or otherwise improve our services/communications for the benefit of our customers.

• Analytics: To process your personal data for the purposes of customer analysis, assessment, profiling and direct marketing, on a personalised or aggregated basis, to help us with our services and to provide you with the most relevant information as long as this does not harm any of your rights and interests.

• Research: To determine the effectiveness of promotional campaigns and advertising and to develop our services, systems and relationships with you.

• Due Diligence: We may need to conduct investigations on existing customers, potential customers and business partners to determine if those companies and individuals have been involved or convicted of offences such as fraud, bribery and corruption.
   

When we process your personal information for our legitimate interests, we will consider and balance any potential impact on you and your rights under data protection and any other relevant law. Our legitimate business interests do not automatically override your interests – we will not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).

​

Sharing your personal data

Other than as noted below, we never pass on any of your personal information to third parties without your permission.

In order to provide you with our services, we only share your data with 3rd parties in the following circumstances:

​

• With appropriate care providers, in order to carry out our service for you (but we do not disclose your name or other personal details).

• With appropriate financial, legal and other professional advisers, with your permission, in order to enable them to contact you to offer their services

• With corporates and other organisations who already have your information, eg your health insurer via whom you are accessing our services

• As required to prevent and detect fraud, and

• To handle complaints and improve customer services

• ​

Our computer system is maintained by an external IT company who will have access to your personal information and who are bound by the same privacy regulations. They will never pass on any of your personal information to third parties without your permission.

​

We may also disclose information to third parties or individuals when obliged to by law, for purposes of national security, taxation and criminal investigations.

​

How long we keep your personal data

We retain our customers' personal data in electronic format for varying periods depending upon the possibility of customers returning to us for further services. We review personal data, archive it and destroy it securely at such times as we judge appropriate.

​

Your Data Outside Europe

The EEA is the European Economic Area, which consists of the EU Member States, Iceland, Liechtenstein and Norway. We will not share your data with anyone outside the EEA. If we transfer your personal data outside the EEA we have to tell you.

​

Your rights in respect of the processing of your personal data

You have the right to access, rectify, request erasure of and restrict use of your personal data and the right to data portability, any or all of which you can exercise by contacting us as detailed above. You can also object to our processing of your personal data in the same way.

​

Right to withdraw consent

You can withdraw your consent to the processing of your personal data by us by contacting us using any of the methods detailed above.

​

Your right to lodge a complaint with a supervisory body

You can lodge a complaint regarding our processing of your personal data at the Information Commissioner's Office. Please visit the ICO's website for their latest contact details at https://ico.org.uk/make-a-complaint/