PRIVACY POLICY

At Earthhaven Healthcare Solutions (EHS) we prioritise data privacy and are fully committed to safeguarding and respecting the rights of all individuals. Our dedication lies in ensuring the confidentiality and privacy of the information entrusted to us while also maintaining transparency in our collection and utilisation of personal data.

This policy specifically pertains to EHS and aims to provide you with a clear understanding of how we gather and utilise your Personal Information. We have designed it to offer essential insights at a glance with the option to delve deeper via provided links for further details.

Please note that this Privacy Notice should be read alongside the terms of business applicable to the services provided by Earthhaven Healthcare Solutions Ltd. These terms can be found on our website at www.earthhavenhealthcare.com/legal-library. This document covers the following aspects:

We are Earthhaven Healthcare Solutions Ltd, trading as Earthhaven Healthcare Solutions (“EHS”, “we”, “us”), and we function as a processor in compliance with all relevant UK legislation, including (i) the General Data Protection Regulation, Regulation (EU) 2016/679, as it is adopted into domestic law in the United Kingdom through the European Union (Withdrawal) Act 2018; and (ii) the UK Data Protection Act 2018 (the "Data Protection Law"). Our operations are centred around the EHS platform and website located at https://www.earthhavenhealthcare.com/ (the "Platform"), which serves as a nexus connecting clients with our workforce.

Our Platform, accessible through https://www.earthhavenhealthcare.com/ and other designated websites or applications, facilitates seamless engagement between clients and our workforce, offering a spectrum of healthcare services. This privacy policy is relevant to individuals interacting with our Platform, encompassing members, clients, workers, suppliers, referees, visitors and job applicants. For clarity, the following definitions apply:

Members – Individuals who register on the Platform, accessing its functionalities.
Clients – Members of the Platform comprising providers of healthcare services, including regulated healthcare facilities such as care homes, hospitals, and prisons.
Workers – Members of the Platform who constitute Earthhaven Healthcare Solutions' workforce, delivering diverse healthcare services ranging from qualified nursing to caregiving.
Referee – Individuals providing personal or professional references for Workers or Applicants.
Suppliers – Contacts within our network of supplier organisations supporting our operations.
Platform Visitors – Individuals exploring our Platform for various purposes.
Applicants – Individuals expressing interest in employment opportunities within Earthhaven Healthcare Solutions.
Vacancy – Specific, temporary rota vacancies within the healthcare sector, commonly structured on a shift-by-shift basis.
Assignments - Formal agreements between Earthhaven Healthcare Solutions and Clients for the provision of services by Workers, aligned with specific Vacancies.

Through this comprehensive framework, we aim to ensure clarity and transparency regarding the processing of personal data within the realm of Earthhaven Healthcare Solutions' operations.

For the purposes of this Privacy Notice, "Personal Information" consists of any information that relates to you and/or information from which you can be identified, directly or indirectly as defined under Data Protection Law. For example, information which identifies you may consist of your name, address, telephone number, photographs, location data, an online identifier (e.g. cookies identifiers and your IP address) or to one or more factors specific to your physical, economic, cultural or social identity. When we combine other information (i.e. information that does not, on its own, identify you) with Personal Information, we treat the combined information as Personal Information. Given the nature of our website, we do not expect to collect the personal data of anyone under 18 years old. If you are aware that any personal data of anyone under 18 years old has been shared with our website please let us know so that we can delete that data. This privacy policy is primarily written for adults.

We may collect use, store and transfer different kinds of Personal Information about you which we have grouped together as follows:
‍
Identity Data includes first name, maiden name (if applicable), last name, community username, title, date of birth and gender, job title, a copy of a photographic identity document (such as a passport or ID card), a photograph for incorporation into your profile on the Platform, a screenshot from any applicable video-call between a Member (or their representative) and Earthhaven Healthcare Solutions, and, in respect of an Worker, the applicable NMC pin/reference/registration number. Contact Data includes address, former addresses (where applicable), email address and telephone number(s).
Career History and Education Data includes professional skills and experience, employment history, academic and professional qualifications, certificates, training, competencies (clinical and medication), reference information. Employment Status Data includes status/right to work and work permit information. Worker Profile Data includes job role, details of professional indemnity insurance cover, your ratings submitted via our in-built ratings system, feedback relating to you, preferences. Financial Data includes bank account details, direct debit mandates. Technical Data includes internet protocol (IP) addresses, location data, username and password, usage session dates and duration, page views, time zone setting and location, browser plug-in types and versions, operating system and platform, the type of browser used while visiting our Platform, how you use our Platform and the numbers of users who visit our website. Services Data includes information about how you use our services, details of which services you have received from us, choices you have made on the Platform (including, for example, settings and favourite workers), information as to Vacancies posted and applied for, Assignments, cancellations, ratings, reviews, responses to surveys and requests for feedback, information about your use of our services, correspondence and communications with you and information about any complaints or enquiries you make to us. Community Data includes any information you send to other Members via the Platform's community function. Marketing and Communications Data includes your preferences in receiving marketing from us and your communication preferences. Special Categories of Data: we may collect the following special categories of Personal Information about you:
Occupational health information including vaccination/immunisation status and history ("Occupational Health Data"); the identity of your professional indemnity insurer which may indicate trade union membership ("Trade Union Data"); and where a photographic ID is provided (for example by way of a copy of your passport, driving licence or other photographic ID document) an inference may be made as to your race, ethnicity and/or religious beliefs ("ID Data"). Criminal Offences Data: we will process information about a Workers criminal convictions including enquiries made of the Disclosure and Barring Service ("DBS") in respect of criminal convictions as part of a Workers membership application process, creation of a profile and use of the Platform.

You must provide this personal data to use our website and deal with our business. Our Clients require us to carry out a criminal records check in order to satisfy themselves that there is nothing in a Worker’s criminal convictions history which makes a Worker unsuitable for becoming a Member of the Platform, using the Platform and/or applying for and carrying out an Assignment. Therefore, we may collect a copy of your DBS Certificate, your DBS Certificate number and DBS Update Service Number. We may also ask you to provide a statement about the information contained in your DBS Certificate.
We have in place an appropriate policy document and safeguards which we are required by law to maintain when processing such data. We also collect and use aggregated, anonymous or pseudonymised data, such as statistical or demographic data. If we combine any of this data with your Personal Information so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this Privacy Notice. Sometimes you can choose if you want to give us your personal data and let us use it. Where that is the case we will tell you and give you the choice before you give the personal data to us. We will also tell you whether declining to share that personal data will have any effect on our ability to provide services to you.

If you fail to provide personal information
Where we need to collect Personal Information by law, or under the terms of a contract we have with you, and you fail to provide that Personal Information when requested, we may not be able to perform the contract we have, or which we are attempting to enter into, with you (for example, to provide you with services and support). In such circumstances, we may be required to cease providing services and support to you and will notify you accordingly.

At Earthhaven Healthcare Solutions (EHS), we collect personal data from individuals through various direct and indirect methods, crucial for our operations and services. Here's how we gather information from different groups:
‍
Members:  
Direct Provision: You may provide us with your Identity Data, Contact Data, Marketing, and Communications Data by filling in our registration form on the Platform, creating an account, or through communication via email, phone, or other means. We also collect Services Data during our interactions about our services and when you utilise the Platform.
Automated Collection: Interacting with our Platform triggers the automatic gathering of Technical Data about your devices, and browsing behaviour. We employ cookies and similar technologies for this, working alongside our analytics providers. For further details, refer to section 10.

Clients:  
Direct Provision: Direct interactions allow you to provide us with your Identity Data, Contact Data, Financial Data, Marketing, and Communications Data, whether through registration, account and profile creation, profile updates, Platform usage, or communications with us.
Automated Collection: Automated tools collect Technical Data on your interactions with our Platform, utilising cookies and related technologies.
Indirect Sources: We may acquire your Identity and Contact Data from publicly accessible sources such as Companies House and the CQC.

Workers:  
Direct Provision: You provide us with extensive personal information, including Identity, Contact, Career History, Education, Employment Status, Worker Profile, Financial Data, Special Categories of Data, Criminal Offences Data, and Marketing and Communications Data, through various means including our Platform.
Automated Collection: Technical Data collection occurs automatically when you interact with our Platform.
Third-party Sources: We might receive data such as Identity, Career, and Education Data from references or platforms like LinkedIn, and Criminal Offences Data from third-party DBS check services or the government's DBS Update Service.

Suppliers:  
We gather Identity Data, Contact Data, Financial Data, and Services Data during our interactions, and may also source data from public records such as Companies House.

Referees:  
Whether directly from you or through a Worker or Applicant, we collect your Identity and Contact Data, along with your referee credentials and opinions on a Worker or Applicant.

Platform Visitors:  
Visiting our Platform triggers automatic collection of Technical Data regarding your device and browsing patterns through cookies and similar technologies.

Applicants:  
Direct Provision: Applicants provide Identity Data, Contact Data, Career History, Education Data, and Employment Status Data when applying for a position.
Indirect Sources: We may receive similar data from your employer, referees, recruiters, or public sources like LinkedIn.

We commit to transparently processing your personal data, ensuring you are aware of such processing except in cases where notification is disproportionately challenging.

We will only use your Personal Information when Data Protection Law allows us to do so.
‍
You can see a full list of the types of data we process, the purpose for which we process it and the lawful basis on which it is processed below.

Where we refer to a legitimate interest herein, we mean that we have a business or commercial reason to use your personal data, so long as this is not overridden by your own rights and interests. We will carry out an assessment when relying on legitimate interests, to balance our interests against your own. You can obtain details of this assessment by contacting us using the contact details provided herein.

a) Earthhaven Healthcare Solutions’ purposes and lawful bases of personal data processing
We may use the Personal Information that we collect for the following purposes. For each purpose, we describe the legal bases we rely on to justify such use of your Personal Information:

Category: Clients
Purpose/Activity: To register you or your employer as a Client
Type of Data: Identity Data, Contact Data
Legal Basis: Necessary for the performance of a contract with you

Category: ClientsPurpose/Activity: To provide you with our services including operating the platform, allowing you to communicate with other members, allowing you to post vacancies and find workers to fill those vacancies, managing payments, fees and charges including via Payment Processor(s), and collecting and seeking to recover money owed to us.
Type of Data: Identity Data, Contact Data, Financial Data, Transaction Data, Community Data
Legal Basis: Necessary for the performance of a contract with you; necessary for our legitimate interests to operate the platform and manage our business; necessary for our legitimate interests (to recover debts due to us).

Category: Workers
Purpose/Activity: To register you as a Worker including making enquiries of third parties, for example, via a Verification Services Provider.
Type of Data: Identity Data, Contact Data, Career History and Education Data, Employment Status Data, Worker Profile Data
Legal Basis: Necessary for the performance of a contract with you

Category: Workers
Purpose/Activity: To provide you with our services including operating the platform, allowing you to amend your profile, allowing you to communicate and interact with other members, allowing you to apply for vacancies, accept invitations from Clients and enter into Assignments with Clients, managing payments, fees and charges including via the Payment Processor, and collecting and seeking to recover money owed to us.
Type of Data: Identity Data, Contact Data, Financial Data, Services Data, Career History and Education Data, Employment Status Data, Worker Profile Data, Community Data
Legal Basis: Necessary for the performance of a contract with you; necessary for our legitimate interests to operate the platform and manage our business; necessary for our legitimate interests (to recover debts due to us).

Category: Workers
Purpose/Activity: For compliance purposes – Clients (as healthcare institutions) will need to access the personal data of a Worker via the platform in order to assess the Worker against the compliance standards set by the Client organisation ahead of the arrangement of an Assignment, and to maintain records of Workers with whom the Client has entered into Assignments.
Type of Data: Identity Data, Contact Data, Profile Data, Referee Data
Legal Basis: Necessary for the performance of a contract with you; necessary for our legitimate interests to operate the platform and manage and those of other members.

Category: Clients and Workers
Purpose/Activity: To communicate with relevant regulatory bodies including the Nursing and Midwifery Council and/or the Care Quality Commission.
Type of Data: Identity Data, Contact Data, Worker Profile Data, Services Data
Legal Basis: Necessary for the performance of a contract with you; to comply with a legal obligation; for our legitimate interests and those of any applicable regulators.

Category: Members, Clients and Workers
Purpose/Activity: To manage our relationship with you which will include: notifying you about changes to our Terms and Conditions or Privacy Notice; asking you to leave a review or provide feedback.
Type of Data: Identity Data, Contact Data, Marketing and Communications Data, Services Data
Legal Basis: Necessary for the performance of a contract with you; to comply with a legal obligation; our legitimate interests in keeping our records updated and studying how members use our services and the platform.

Category: Applicants
Purpose/Activity: To consider you for a role if you are applying for a job with us.
Type of Data: Identity Data, Contact Data, Career History and Education Data, Employment Status Data, Financial Data
Legal Basis: Necessary to take steps at your request before entering into a contract; necessary for our legitimate interests in finding employees; necessary to comply with our legal obligations.

Category: Referees
Purpose/Activity: To perform our services to Workers and Clients and to enable us to obtain your opinions on an Applicant.
Type of Data: Identity Data, Contact Data
Legal Basis: Necessary for our legitimate interests in providing our services to Clients and Workers, and obtaining information about Applicants necessary for our legitimate business interests.

Category: Suppliers
Purpose/Activity: To carry out our contractual obligations to you, if you are our supplier or subcontractor, including managing our payments to you.
Type of Data: Identity Data, Contact Data, Financial Data, Services Data
Legal Basis: Necessary for our legitimate interests in receiving services from our suppliers to ensure our business runs efficiently.

Category: Members and Platform Visitors
Purpose/Activity: For security purposes and to administer our Platform – to maintain and enhance the Platform, to ensure that content from it is presented in the most effective manner for you and your computer, and to enhance the user experience (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data).
Type of Data: Technical Data
Legal Basis: Necessary for our legitimate interests in the running of our business, the provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or company restructuring exercise; necessary for the performance of a contract with you; necessary to comply with a legal obligation.

Category: Members, Clients and Workers
Purpose/Activity: To provide you with marketing information relating to the services and activities which you request from us or which we feel may be of interest to you, and relevant Platform content, and to measure or understand the effectiveness of the marketing we serve to you.
Type of Data: Identity Data, Contact Data, Marketing and Communications Data, Technical Data
Legal Basis: Necessary for our legitimate interests to develop our services, grow our business interests and inform our marketing strategy.

Category: All categories
Purpose/Activity: Business and analysis purposes - for business monitoring, assessment and analysis of our Clients, Workers and Members, to develop our business strategy, record keeping, maintaining our accounts, complying with good practice and for other administrative, operational and security reasons, and to seek your thoughts and opinions on the services we provide.
Type of Data: Identity Data, Contact Data, Services Data, Marketing and Communications Data, Technical Data
Legal Basis: Necessary for our legitimate interests in running our business efficiently, successfully and in order to keep our records updated; necessary to comply with a legal obligation.

Category: Members, Clients and Platform Visitors
Purpose/Activity: To improve the Platform and the services, services, customer relationships and experiences.
Type of Data: Technical Data, Services Data
Legal Basis: Necessary for our legitimate interests in understanding how Members use our services, keeping the Platform updated, and developing our business and to inform our marketing strategy.

Category: Members, Workers, Clients and Referees
Purpose/Activity: As required in special circumstances such as a police or other legal investigation or serious complaint requiring Earthhaven Healthcare Solutions to release personal data.
Type of Data: Identity Data, Contact Data, Worker Profile Data, Employment Status Data, Career History and Education Data, Services Data, Marketing and Communications Data, Technical Data, Special Categories of Data
Legal Basis: Necessary for the performance of a contract with you; necessary to comply with a legal obligation; necessary for the performance of a task in the public interest; necessary for the establishment, exercise or defence of legal claims or whenever courts are acting in their judicial capacity.

Category: Workers
Purpose/Activity: As required in limited circumstances, when a Client must use personal data to help it discharge its functions relating to providing care to patients and looking after their welfare.
Type of Data: Identity Data, Contact Data, Worker Profile Data, Services Data, Technical Data, Marketing and Communications Data
Legal Basis: Necessary for the performance of a contract with you; necessary to comply with a legal obligation; necessary for reasons of substantial public interest.

Category: All categories
Purpose/Activity: To prevent and detect crime, fraud or corruption and to meet our legal, regulatory and ethical responsibilities.
Type of Data: Identity Data, Contact Data, Technical Data, Services Data
Legal Basis: Necessary to comply with our legal obligations.

Please be aware that we are not responsible for the data processing activities of others such as Clients.

‍b) Marketing communications
Where permitted in our legitimate interest or with your prior consent where required by Data Protection Law, we will use your Personal Information for marketing analysis and to provide you with promotional update communications by email, telephone or post about our products and services. For further information on this, see the 'Your Choices' section of this Privacy Notice.

‍c) Combining personal information
We may combine the Personal Information that we collect from you to the extent permitted by applicable law. For example, we may combine various different databases that contain your Personal Information to carry out internal analysis of our Member base and how the services are used and to provide better services and more personalised content (such as marketing).

‍d) Change of purpose
Where we need to use your Personal Information for another reason other than for the purpose for which we collected it, we will only use your Personal Information where that reason is compatible with the original purpose. If we need to use your Personal Information for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so. Please note that we may process your Personal Information without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

We will only use your Personal Information for our internal business purposes, some of which are mentioned above. We may disclose your information to the following entities:

Clients
We may need to disclose individuals' Personal Information to clients as part of the services and use of the platform. For example, we will share identity data, contact data, profile data, employment status data, and career history and education data with clients when individuals apply for positions or opportunities. We will also share limited identity data with clients to enable them to invite individuals to apply for opportunities.

Service Providers
We use third-party service providers to help us administer certain activities and services on our behalf, such as IT, hosting and cloud services, payment processing services, verification services, marketing services, customer support services, and background check services. We may share Personal Information about you with such third-party service providers solely for the purpose of enabling them to perform services on our behalf and they will operate only in accordance with our instructions. Here are examples of third-party service providers we use:

IT and Administration Services – we use third-party providers to supply IT, hosting, and cloud services.
Marketing and Analytics Services – we use third-party services for marketing and analytics, including tools for understanding the use of our platform.
Payment Processing Services – we use third-party online payment processors to manage payment transactions.
Verification Services – we engage third-party services for identity verification.
Customer Support Services – we partner with providers to offer customer support services.
Background Check Services – we may refer individuals to third-party providers for background checks if required.

Anonymous Statistics
We prepare and develop anonymous, aggregate or generic data and statistics for various reasons. As this data is anonymous (i.e., individuals cannot be identified from it), we do not consider this information to be Personal Information. As such, we may share it with any third party.

Third Parties When Required by Law
We will disclose your Personal Information to comply with applicable law or respond to valid legal process, including from regulators, law enforcement or other government agencies; to protect the users of the platform; to operate and maintain the security of the platform; or to protect our rights or property.

Other Parties in Connection with Corporate Transactions
We may disclose your Personal Information to a third party in the event that our business undertakes corporate transactions such as mergers, acquisitions, or asset sales.

Other Parties at Your Direction
We may share Personal Information about you with third parties when you request such sharing, such as to prospective employers or to your legal or other professional advisers.

We have put in place appropriate physical and technical measures to safeguard your Personal Information. In addition, we limit access to your Personal Information to those employees, agents, contractors, and other third parties who have a business need to know. They will only process your Personal Information on our instructions and are subject to a duty of confidentiality.

When we use service providers to assist us in processing your Personal Information, we have written contracts in place with these providers, ensuring that they cannot do anything with your Personal Information unless we have instructed them to do so.

However, please note that although we take appropriate steps to protect your Personal Information, no website, transmission of data, computer system, or wireless connection is completely secure. Therefore, we cannot guarantee the security of your Personal Information. We have established and implemented procedures to deal with any suspected Personal Information breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

The Personal Information that we collect from you may be stored and processed in your region, or transferred to, stored at, or otherwise processed outside the UK or the European Economic Area (UK/EEA), some of which may provide lower levels of protection of privacy.

By using our platform and/or providing us with your Personal Information, you acknowledge that we will collect, transfer, store, and process your information outside the UK/EEA. We will take all steps reasonably necessary to ensure that your Personal Information is kept secure and treated in accordance with this Privacy Notice.

When we transfer your Personal Information outside the UK/EEA to third parties, we ensure that appropriate transfer agreements and mechanisms, such as the relevant Standard Contractual Clauses, are in place to help ensure that our third-party service providers provide an adequate level of protection to your Personal Information. We will only transfer your Personal Information outside the UK/EEA in accordance with applicable laws or where you have given us your consent to do so, where required by Data Protection Law.

We may transfer your Personal Information outside the UK/EEA for the following reasons:
To store it.
To enable us to provide goods or services to you and fulfil our contract with you. This includes processing of payment details and the provision of support services.
Where we are legally required to do so.

Under Data Protection Law, we can only transfer your Personal Data to a country outside the UK where:
(i) in the case of transfers subject to the UK GDPR, the UK government has decided the particular country ensures an adequate level of protection of personal data (known as an ‘adequacy regulation’) further to Article 45 of the UK GDPR;
(ii) there are appropriate safeguards in place, together with enforceable rights and effective legal remedies for you; or
(iii) a specific exception applies under relevant data protection law.

Where we transfer your personal data outside the UK we do so on the basis of an adequacy regulation or, where this is not available, legally-approved standard data protection clauses recognised or issued further to Article 46(2) of the UK GDPR. In the event we cannot or choose not to continue to rely on either of those mechanisms at any time, we will not transfer your personal data outside the UK unless we can do so on the basis of an alternative mechanism or exception provided by Data Protection Law and reflected in an update to this policy.

We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.

To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.

We retain Workers' Personal Information for seven years after deletion of their account. We retain Clients' Personal Information for seven years following the last contact with such Client.When your Personal Information is no longer required for the purpose it was collected or as required by applicable law, it will be deleted and/or returned to you in accordance with applicable law.In some circumstances you can ask us to delete your Personal Information

We are committed to upholding your rights in accordance with Data Protection Laws. You have several rights in relation to your Personal Information, which you can exercise at any time:

Subject Access - You have the right to request details of the Personal Information we hold about you, including copies of such information.
Right to Withdraw Consent – If you have provided consent for the processing of your Personal Information, you have the right to withdraw that consent at any time. If you wish to withdraw your consent to processing, please contact us using the details provided.
Data Portability – In certain circumstances, you may request that we transmit your Personal Information directly to another organisation or to you.
Rectification – We strive to keep your Personal Information accurate and up to date. If you believe that any information we hold is incorrect or incomplete, please notify us. We will promptly correct any information found to be incorrect.
Erasure ('right to be forgotten') - In specific situations, you have the right to have your Personal Information erased from our records.
Restriction of Processing – You have the right, in certain instances, to request that we stop processing your Personal Information.
Object to Processing – You can object to the processing of your Personal Information, especially where we are processing it for direct marketing purposes.
Prevent Automated Decision-Making – You have the right not to be subject to decisions based solely on automated processing, including profiling, that have legal or similarly significant effects on you.

For more information on each of these rights, including the conditions under which they apply, please contact us using the contact details provided. You may also wish to consult guidance from the UK’s Information Commissioner’s Office on your rights under UK GDPR.

No Fee Typically Required
‍There is no fee required to access your Personal Information or to exercise any of your other rights. However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.

What We May Need from You
‍We may need specific information from you to help confirm your identity and ensure your right to access your Personal Information or to exercise any of your other rights. This is a security measure to ensure that Personal Information is not disclosed to any individual who has no right to receive it.

Time Frame and Handling of Requests
‍We aim to respond to all legitimate requests within one month. Occasionally, it may take us longer if your request is particularly complex or you have made multiple requests. In these cases, we will notify you and keep you updated.

If you wish to exercise any of the rights set out above, please see the contact details provided earlier in this document. We may charge a reasonable fee for handling your request, as permitted under Data Protection Laws.

If you disagree with how we are processing your personal data, please contact our Data Protection Officer (DPO) at safeguarding@earthhavenhealthcare.com, or you can address your concerns in writing to the DPO at the EHS Headquarters, details of which are provided in the ‘Contact Details’ section of this document.

If you are not satisfied with our response or believe we are not processing your personal data in accordance with the law, you have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK's data protection authority.

The ICO can be contacted at:

Address: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, UK
Helpline: 0303 123 1113
Website: www.ico.org.uk

‍If you are based outside the UK, you may have the right to lodge a complaint with your local data protection supervisory authority.

Our Platform may include links to external websites and applications that are not operated or controlled by us. We do not oversee the privacy practices or content of these third-party sites and applications, and we are not responsible for how they manage your Personal Information. When you use a link to go from our Platform to an external website, the privacy notice of the third party will govern the use of your Personal Information, not ours.

We strongly advise that you review the privacy policies of any third-party websites or applications to understand their procedures for collecting, using, and disclosing Personal Information.

We use cookies on our website. Cookies are small text files that are placed on your hard drive by a web server in the domain that issued the cookie. These cookies can be read by the server that delivered them and are used to recognize your computer when you return to a website.

Cookies can be stored on your device temporarily during an online session ("session cookies"), which disappear after you close your browser, or they can remain on your device after the session has ended ("persistent cookies"), which means they can be accessed by the web server in subsequent visits.

Cookies help us collect and store information about your preferences, the products you use, and the content you have viewed. This enables us to offer you a more personalized and improved experience when you interact with our website.

For more detailed information on how we use cookies, including the types of cookies we deploy and how you can manage your cookie preferences, please refer to our Cookies Policy available at Earthhaven Healthcare Solutions Cookies Policy.

When you request information from our website or engage with us in other ways, we may use your Personal Information, such as your name, address, email address, and telephone number, to send you marketing communications related to our products or services by email. We process your Personal Information for marketing purposes based on our legitimate interests or your consent, where required by Data Protection Law.

We aim to ensure that our marketing communications are as relevant as possible to you by using your Personal Information to personalise and better target these communications.

Should there be any changes in the law, regulations, or the structure of our business, or if you request additional services from us, we may ask you to confirm or update your marketing preferences.

You can opt out of receiving further marketing communications at any time. To unsubscribe, simply click the "Unsubscribe" link in any marketing or promotional email you receive from us, or you can directly email us at info@earthhavenhealthcare.com to stop receiving such communications.

It is important to regularly check for updates to this Privacy Notice, as we may update it from time to time. The "Updated" legend at the top of this page indicates when the notice was last revised. Any changes will take effect immediately upon posting the revised Privacy Notice on our website.

If we make material changes to this notice, we will notify you either by email or by posting a notice on our website, as appropriate. Where required by applicable law, we will also seek your consent to the changes.

It is equally important that the Personal Information we hold about you is accurate and up-to-date. Please inform us if there are any changes to your Personal Information during your relationship with us.