Koinonia Healthcare Limited

Legal · Privacy

Privacy policy

How we handle your personal information, including health data, under the UK GDPR and the Data Protection Act 2018.

Last updated: [LAST_UPDATED_DATE]

Who we are

Koinonia Healthcare Limited (registered in England & Wales, Company No. 15868076) is the data controller for the personal data we process. Our registered office is Unit A05A The Annexe, 110 Windmill Road, Croydon CR0 2XQ. We are registered with the Information Commissioner's Office (ICO) under reference [ICO_NUMBER].

Data Protection Officer

REPLACE: Name and contact details of the DPO. Required if your core activities involve large-scale processing of special category health data.

What we collect

  • Name, address, contact details (your own or your loved one's).
  • Health information needed to plan and deliver care (special category data).
  • Funding status and relevant financial information.
  • Records of conversations, assessments and care delivered.
  • Website analytics (only with your cookie consent).

Our legal basis

We process most personal data under Article 6(1)(b) (necessary for a contract) or Article 6(1)(c) (legal obligation). For health data we rely on Article 9(2)(h) UK GDPR (provision of health and social care under a contract with a health professional), and where appropriate Article 9(2)(a) (explicit consent).

How long we keep it

Care records are retained for the period required by law and CQC guidance, typically a minimum of 8 years from the end of the care relationship. Marketing data is held until you unsubscribe.

Your rights

  • The right to be informed
  • The right of access (a Subject Access Request)
  • The right to rectification
  • The right to erasure (where it does not conflict with our legal obligations)
  • The right to restrict or object to processing
  • The right to data portability
  • The right to lodge a complaint with the ICO

Sharing your data

We share your data with the people delivering and overseeing your care, and where required by law (e.g. safeguarding referrals, statutory inspectors). We never sell your data and never share it for marketing purposes.

Contact us about your data

Email [DPO_EMAIL] or write to the address above. You can complain to the ICO at ico.org.uk.