Privacy Policy

Last updated: February 2026

Cecilia Comfort Care Ltd ("we", "us", "our") is committed to protecting and respecting the privacy of everyone who uses our services, visits our website, or contacts us. This policy explains how we collect, use, store, and share your personal information in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Who We Are

Cecilia Comfort Care Ltd is a registered home care service providing care and support in West Lothian and Edinburgh.

• Care Inspectorate Registration: CS2025000501
• Registered Address: Bathgate, West Lothian, Scotland
• Data Controller: Ego Cecilia Olori, Clinical Managing Director
• Contact: info@ceciliacomfortcare.co.uk | +44 7741 030129

2. What Information We Collect

When you use our website

• Your name, email address, and phone number (if you complete a contact or booking form)
• The reason for your enquiry
• Technical information such as your IP address, browser type, and pages visited (see our Cookie Policy)

When you or a family member receives our care services

• Full name, date of birth, address, and contact details
• Emergency contact details and next of kin information
• Medical history, diagnoses, medications, and GP details
• Care needs assessments and care plans
• Capacity assessments under the Adults with Incapacity (Scotland) Act 2000
• Details of any welfare guardianship, power of attorney, or intervention orders
• Risk assessments
• Daily care records and notes
• Information provided by referrers (social workers, NHS professionals, family members)

When you make a professional referral

• Your name, role, organisation, and contact details
• The referred person's personal, medical, and care information as detailed in the referral form
• Consent and data-sharing authorisations

3. How We Use Your Information

We use personal information for the following purposes:

• Providing care: To assess care needs, create and update care plans, deliver daily care, and coordinate with healthcare professionals
• Legal obligations: To comply with Care Inspectorate requirements, Scottish Social Services Council (SSSC) registration, safeguarding duties under the Adult Support and Protection (Scotland) Act 2007, and health and safety legislation
• Communication: To respond to enquiries, confirm bookings, send appointment reminders, and provide updates about care
• Service improvement: To review and improve the quality of our care services
• Regulatory compliance: To maintain records required by the Care Inspectorate and to cooperate with inspections

4. Our Legal Basis for Processing

Under UK GDPR, we process personal data on the following legal bases:

• Consent (Article 6(1)(a)) — for website contact forms and marketing communications. You can withdraw consent at any time.
• Contract (Article 6(1)(b)) — to fulfil our care service agreement with you
• Legal obligation (Article 6(1)(c)) — to comply with Scottish care service regulations, safeguarding duties, and health and safety requirements
• Vital interests (Article 6(1)(d)) — in emergency situations where processing is necessary to protect someone's life
• Legitimate interests (Article 6(1)(f)) — for service administration, quality assurance, and fraud prevention

5. Who We Share Your Information With

We may share personal information with:

• Healthcare professionals — GPs, district nurses, hospital teams, and other health and social care providers involved in your care
• Care Inspectorate — as required for regulatory compliance and inspections
• Scottish Social Services Council (SSSC) — for workforce registration requirements
• Local authority social work departments — where involved in care arrangements or safeguarding
• Emergency services — where necessary for your safety
• Our service providers — email hosting (Microsoft 365), transactional emails (Brevo), and website hosting providers, all of whom are bound by data processing agreements

We will never sell your personal information to third parties. We will not share your information outside the above categories without your explicit consent, unless required to do so by law.

6. How We Store and Protect Your Information

We take the security of your data seriously:

• Electronic records are stored on password-protected, encrypted systems
• Paper records (where used) are kept in locked storage with restricted access
• Access to personal data is limited to staff members who need it to perform their duties
• All staff complete data protection training as part of their induction
• Our website uses HTTPS encryption for all data transmission

7. How Long We Keep Your Information

• Care records: Retained for a minimum of 3 years after the end of a care service, or longer if required by Care Inspectorate guidance or ongoing legal proceedings
• Referral records: Retained for the duration of the care service plus 3 years
• Website enquiries and booking records: Retained for 12 months unless you become a service user
• Staff records: Retained in accordance with employment law requirements

After the retention period, records are securely destroyed.

8. Your Rights

Under UK GDPR, you have the following rights:

• Right of access — to request a copy of the personal data we hold about you (Subject Access Request)
• Right to rectification — to ask us to correct inaccurate or incomplete data
• Right to erasure — to ask us to delete your data (where there is no legal obligation to retain it)
• Right to restrict processing — to ask us to temporarily stop processing your data
• Right to data portability — to receive your data in a structured, machine-readable format
• Right to object — to object to processing based on legitimate interests
• Right to withdraw consent — where processing is based on consent, you can withdraw it at any time

To exercise any of these rights, please contact us using the details below. We will respond within one month.

9. Children's Data

Cecilia Comfort Care provides services to adults. We do not knowingly collect personal data from children under 16. If a young carer or family member under 16 contacts us, we will handle their data with additional care and seek parental consent where appropriate.

10. Changes to This Policy

We may update this policy from time to time. Any changes will be posted on this page with the "last updated" date revised. For significant changes, we will make reasonable efforts to notify affected individuals.

11. Complaints

If you are unhappy with how we have handled your personal data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):

• Website: ico.org.uk
• Telephone: 0303 123 1113

We would appreciate the opportunity to address your concerns before you contact the ICO. Please reach out to us first.

12. Contact Us