WMHC
0121 794 2424

Privacy Policy

Last updated: June 1, 2025

1. Introduction

WMHC Ltd (“we”, “our”, or “us”) is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, and protect your personal information when you visit our website or use our services.

We are a data controller for the purposes of the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. As a registered care provider, we are also subject to Care Quality Commission (CQC) regulations and requirements.

Our contact details:

  • Company Name: WMHC Ltd
  • Address: Weston Works, WMHC, Weston Ln, Tyseley, Birmingham B11 3RS
  • Email: info@wmhc.org.uk
  • Phone: 0121 794 2424
  • CQC Registration Number: 1-4085376154

2. Information We Collect

2.1 Contact Form Information

When you use our contact form, we collect:

  • Your name
  • Email address
  • Phone number (if provided)
  • Your message or enquiry details

2.2 Recruitment Application Information

When you apply for positions through our recruitment form, we collect:

  • Your name
  • Contact details (email, phone, address)
  • Employment history and qualifications
  • CV and supporting documents
  • References (when provided)
  • DBS (Disclosure and Barring Service) check information
  • Professional registrations and certifications
  • Right to work documentation
  • Health declarations (where relevant to role requirements)
  • Any other information you choose to provide in your application

2.3 Care Service Information (When Applicable)

As a care provider, we may collect additional information related to care services:

  • Service user care plans and assessments
  • Health and medical information (special category data)
  • Family and emergency contact details
  • Safeguarding-related information
  • Care coordination data shared with healthcare professionals
  • Risk assessments and incident reports

Note: This information is processed under Article 9 of UK GDPR (special category data) with appropriate additional safeguards.

2.4 Website Analytics Information

We use Google Analytics to understand how visitors use our website. This may include:

  • Your IP address (anonymised)
  • Browser type and version
  • Pages visited and time spent on pages
  • Referring website information
  • General location information (country/city level)
  • Device and screen information

2.5 Technical Information

Through Google Search Console and normal website operation, we may collect:

  • Browser information
  • Operating system
  • IP address
  • Cookies and similar technologies

3. How We Use Your Information

3.1 Contact Form Submissions

Purpose: To respond to your enquiries about our care services Legal Basis: Legitimate interests (providing information about our services) Retention: 2 years from last contact

3.2 Recruitment Applications

Purpose: To assess your suitability for employment, conduct background checks, and manage the recruitment process Legal Basis:

  • Legitimate interests (recruitment and employment)
  • Legal obligation (DBS checks, right to work verification)
  • Consent (where health information is provided) Retention:
  • Successful candidates: As required by employment law and CQC requirements
  • Unsuccessful candidates: 6 months from application date
  • DBS information: As per DBS code of practice

3.3 Care Service Data (When Applicable)

Purpose: To provide safe, effective care services and comply with care regulations Legal Basis:

  • Article 9(2)(h) – Health and social care provision
  • Legal obligation (CQC requirements, safeguarding duties)
  • Vital interests (emergency situations) Retention: As required by care regulations (typically 3-8 years depending on data type)

3.4 Website Analytics

Purpose: To improve our website performance and user experience Legal Basis: Legitimate interests (improving our services) Retention: 26 months (Google Analytics default)

3.5 Technical Data

Purpose: Website security, functionality, and performance monitoring Legal Basis: Legitimate interests (website operation and security) Retention: Varies by data type, typically 12-24 months

4. Cookies and Tracking Technologies

Our website uses cookies for:

  • Essential cookies: Required for website functionality
  • Analytics cookies: Google Analytics to understand website usage
  • Performance cookies: To monitor and improve website performance

You can control cookies through your browser settings. However, disabling certain cookies may affect website functionality.

For detailed information about cookies we use, please see our Cookie Policy.

5. Third Party Services

5.1 Google Services

We use the following Google services:

  • Google Analytics: For website traffic analysis
  • Google Search Console: For website performance monitoring

These services may collect and process data according to their own privacy policies. Please refer to Google’s Privacy Policy for more information.

5.2 Care and Regulatory Data Sharing

As a registered care provider, we may share information with:

Regulatory Bodies:

  • Care Quality Commission (CQC) for regulatory compliance and inspections
  • Local Authority safeguarding teams
  • Professional regulatory bodies (e.g., Nursing and Midwifery Council)

Care Coordination:

  • Local authorities and care commissioners
  • NHS services and healthcare professionals
  • Other care providers involved in service user care
  • Emergency services when required

Legal and Safeguarding:

  • Police and legal authorities when required by law
  • Safeguarding authorities to protect vulnerable individuals
  • Coroners and other statutory bodies as required

All sharing is conducted in accordance with data protection laws and care regulations.

5.3 General Data Sharing

We do not sell, rent, or trade your personal information to third parties. We may share information only:

  • With service providers who assist in our operations (under strict confidentiality agreements)
  • When required by law or legal proceedings
  • To protect our rights, property, or safety, or that of others

6. Data Security

We implement appropriate technical and organisational measures to protect your personal information against:

  • Unauthorised access
  • Accidental loss or destruction
  • Malicious attacks

However, no internet transmission is completely secure, and we cannot guarantee absolute security.

7. International Transfers

Some of our service providers (such as Google) may process data outside the UK/EEA. When this occurs, we ensure appropriate safeguards are in place, such as:

  • Adequacy decisions
  • Standard contractual clauses
  • Certification schemes

7. Special Category Data

As a care provider, we may process special category personal data (sensitive data) including:

  • Health and medical information
  • Information about disabilities
  • Racial or ethnic origin (for care planning purposes)

Legal basis for processing special category data:

  • Article 9(2)(h) UK GDPR – health and social care provision
  • Article 9(2)(c) UK GDPR – vital interests of the data subject
  • Explicit consent where appropriate
  • Legal obligations under care legislation

Additional safeguards:

  • Staff training on data protection and confidentiality
  • Secure storage and transmission systems
  • Access controls and audit trails
  • Regular review of data processing activities

9. Safeguarding and Duty of Care

As a registered care provider, we have legal obligations regarding safeguarding. We may process and share personal information without consent where:

  • There is risk of harm to a vulnerable person
  • We are required to report safeguarding concerns to local authorities
  • Emergency situations require immediate action
  • Legal obligations under the Care Act 2014 apply

This processing is based on vital interests and legal obligations under care legislation.

10. Your Rights

Under UK GDPR, you have the following rights:

10.1 Right of Access

You can request a copy of the personal information we hold about you.

10.2 Right to Rectification

You can ask us to correct inaccurate or incomplete information.

10.3 Right to Erasure

You can request deletion of your personal information in certain circumstances.

10.4 Right to Restrict Processing

You can ask us to limit how we use your information in certain situations.

10.5 Right to Data Portability

You can request your data in a machine-readable format.

10.6 Right to Object

You can object to processing based on legitimate interests.

10.7 Rights Related to Automated Decision Making

We do not use automated decision-making processes.

To exercise any of these rights, please contact us using the details provided above.

Important note for care records: Some rights may be limited where exercising them would compromise the safety or care of service users, or conflict with professional duties and care regulations. We will explain any limitations when responding to your request.

11. Retention Periods

We retain personal information only for as long as necessary:

  • Contact enquiries: 2 years from last contact
  • Recruitment applications: 6 months (unsuccessful) / as per employment law (successful)
  • DBS information: As per DBS code of practice (typically destroyed after recruitment decision)
  • Staff records: As required by employment law and CQC regulations
  • Care records: 3-8 years as required by care regulations and CQC guidance
  • Safeguarding records: As required by local safeguarding procedures
  • Website analytics: 26 months
  • Technical logs: 12-24 months

12. Children’s Privacy

Our services are not directed at children under 16. We do not knowingly collect personal information from children under 16. If you believe we have collected information from a child under 16, please contact us immediately.

13. Changes to This Policy

We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated revision date. For significant changes, we may provide additional notice.

14. Complaints

If you have concerns about how we handle your personal information, you can:

  1. Contact us directly using the details above
  2. File a complaint with the Information Commissioner’s Office (ICO):
    • Website: ico.org.uk
    • Phone: 0303 123 1113
    • Address: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF

15. Contact Us

For any questions about this Privacy Policy or our data practices, please contact:

Data Protection Contact:

  • Email: info@wmhc.org.uk
  • Phone: 0121 794 2424
  • Address:Weston Works, WMHC, Weston Ln, Tyseley, Birmingham B11 3RS

This Privacy Policy is effective from Last updated: June 1, 2025 and applies to all personal information collected through our website and services

Who we work with?
CQC
NHS
brum-city-council
WMHC - Care provider