Otter Homecare Privacy Policy
Last updated: March 2026
1. Who we are
Otter Homecare Limited provides regulated home care services. We are committed to protecting your privacy and handling your personal data lawfully, fairly, and transparently.
Organisation: Otter Homecare Limited
Address: First Floor Office Suite 1, Arlington House, 72 Fore Street, Trowbridge, Wiltshire BA14 8HQ
Telephone: 01225 690022
Email: hello@otterhomecare.co.uk
Otter Homecare Limited is registered with the Information Commissioner’s Office (ICO).
ICO registration number: ZB544661
2. Who to contact about data protection
Overall responsibility for data protection sits with our senior management.
Data Security and Protection Lead:
James Rowland-Jones, Director
Telephone: 01225 690022
3. What personal data we collect
We may collect and process the following types of personal data, depending on your relationship with us:
a) People who use our services and their representatives
• Name, address, contact details
• Date of birth
• Health and care information (including medical conditions, allergies, and medications)
• Care plans, risk assessments, and visit records
• Information shared with us by healthcare professionals or local authorities
• GP surgery details (name, address, and named GP where known)
b) Staff and applicants
• Contact details
• Employment records
• Training records
• DBS and safeguarding information
• Payroll and contractual information
c) Website users and enquirers
• Name and contact details provided via forms
• Technical data such as IP address, browser type, and website usage
4. How we collect personal data
We collect personal data:
• Directly from you
• From family members or representatives (where appropriate)
• From healthcare professionals, local authorities, or commissioners
• Through NHS digital services such as GP Connect, to access medical records held by your GP surgery (with your consent)
• Through our website and digital systems
• From staff recruitment and employment processes
5. How we use personal data (our lawful bases)
We process personal data under the UK GDPR using the following lawful bases:
• Contract: to provide care services or fulfil employment contracts
• Legal obligation: to meet regulatory, safeguarding, employment, and health and safety requirements
• Vital interests: to protect someone’s life in an emergency
• Public task: where applicable in health and social care contexts
• Legitimate interests: for service improvement, quality assurance, and business management
• Consent: where required, such as for marketing communications or accessing your GP medical records via GP Connect
Special category data (such as health information) is processed under Article 9(2)(a) of the UK GDPR where we have your explicit consent, and under the health and social care conditions in Schedule 1 of the Data Protection Act 2018 where processing is necessary for the provision of health or social care.
6. Who we share personal data with
We only share personal data where necessary and lawful. This may include:
• Healthcare professionals (e.g. GPs, nurses, therapists)
• Local authorities and commissioners
• Regulatory bodies (e.g. CQC, safeguarding authorities)
• Software and IT system providers used to manage care and records
• Payroll, HR, and professional advisors
We may also write to your GP surgery to inform them of your care arrangements and share relevant information about your care needs to support joined-up care. We may also access your GP-held medical record through the NHS GP Connect service, with your consent, to help plan and deliver your care safely.
All third parties are required to keep personal data secure and use it appropriately.
7. How long we keep personal data
We retain personal data only for as long as necessary and in line with legal and sector guidance, including health and social care records management requirements.
When data is no longer required, it is securely deleted or anonymised.
8. How we keep personal data secure
We use appropriate technical and organisational measures to protect personal data, including:
• Secure digital systems and password protection
• Role-based access controls
• Staff training in data protection and confidentiality
• Secure storage of paper records
• Use of reputable, compliant IT systems
• Secure access to NHS systems including GP Connect, restricted to authorised staff only
9. Your rights
Under data protection law, you have the right to:
• Access your personal data
• Request correction of inaccurate data
• Request deletion of data (in certain circumstances)
• Restrict or object to processing
• Request data portability
• Withdraw consent (where processing is based on consent)
To exercise your rights, please contact us using the details above.
10. Complaints
If you are unhappy with how we handle your personal data, please contact us first so we can try to resolve the issue.
You also have the right to complain to the Information Commissioner’s Office:
ICO website: https://www.ico.org.uk
ICO helpline: 0303 123 1113
11. Changes to this Privacy Policy
We review this Privacy Policy regularly and may update it from time to time. The latest version will always be available on our website.
12. Accessibility
This Privacy Policy is available in alternative formats on request to support accessibility.