Privacy policy

We care about you and we care about your data. We keep records of our work with you to positively serve you as an individual, and to improve our services to our communities as a whole. We do not sell, rent or lease your information in any form and we are committed to ensuring the security of your personal data.

We’re committed to keeping your data safe. We’re also committed to being up front and honest about what information we’re collecting, why we do this, and how we use it. We will not share any of the information with any third parties for marketing purposes and your information will generally only be stored within the European Economic Area. Where this is not the case, they are stored in a recognised country, as defined by the Information Commissioner’s Office (ICO) or are processed under the Standard Contractual Clauses adopted by the European Commission, and we will be upfront about this. The information you provide will be held securely by us and/or our data processors whether the information is in electronic or physical format.

What we collect and how we use your information

When engaging with our services there will be some personal information which we need to collect in order to offer you the best possible support. As each service requires different information you will receive a printed privacy notice which will explain:

  • What information we need to collect.

  • The legal reason we collect this and why we need it.

  • How long we will hold onto your data after you’ve left the service.

  • How you can exercise your data protection rights.

Our legal basis for collecting your information

Depending on the service we will collect your information under one or more of the following legal bases:

  • Consent – we will use this where we can offer you a choice as to whether or not we collect, store, share or otherwise process your information. This will be made clear to you, and will not be done unless we have your consent.

  • (Substantial) public interest – where we are working to assist with public law we will collect your information under public interest. We will be clear about why we have to collect this information, how it will be used, who you can expect it to be shared with and why.

  • Contract – in some cases we need to collect information in order to fulfil a healthcare contract.

  • Legitimate interest – we may collect other information about you which we believe will assist you when you are with us. This will be used to ensure you are receiving tailored and specific support around your needs.

  • Legal obligation - Sometimes we may need to store and share information where Caafi Health has a legal obligation to do so; for example, we may need to store information to comply with health and safety legislation.

If you have any objections to these types of processing, you can email our Data Protection Officer.

Sharing your personal information

We may need to share some of your information, and we will always take appropriate precautions before doing so. If there are parties we share with regularly, their details will also be provided in your privacy notice, along with a reason for doing so. Where we do not need to share information, we will always ask for your consent. We do this to respect your right to have a control over your data, and where it is going.

Questions about your data

If you have any questions please speak to your service manager or you can contact our Data Protection Officer using the details here.

If you currently or have previously used one of our services and would like to understand or exercise your data protection rights, you can also email our Data Protection Officer.

How long do we keep your information for?

We will keep your data for a period of 3 years after you have left the service. Your data will then be minimised and only the following information will be kept:

  • Your name and date of birth to identify you should you re-engage with a Caafi Health service in the future.

  • A list of the services you engaged with including dates of entry and exit, again this would be able to help us better support you should you re-engage.

In some exceptional cases we may have to keep additional information. This will only be done if there were any significant risks to other clients, staff or property which we’d need a record of should you re-engage.

This information will only be kept for a maximum of seven years after you have left the service.

Caafi Health is a Community Interest Company (13432762) supporting people to access good health. For the purpose of the Data Protection Act 1998 and under the General Data Protection Regulations the Data Controller is Caafi Health CIC, unit 18, The Coach House, 2 Upper York Street, Bristol BS2 8QN.

If you have any questions about this privacy statement you can contact us at info@caafihealth.com.

Caafi Health will review and may update this statement from time to time. You should check this page periodically to ensure that you are aware of any changes.