Privcay Notice
Last Updated: 5 June 2026
Published: 5 June 2026
Introduction
This Privacy Notice explains how Saren Limited trading as Everlife (Wiltshire) and Everlife (Swindon) (“Everlife”, “we”, “us” or “our”) collects, uses, stores, shares and protects personal information.
We are committed to protecting the privacy, confidentiality and security of the personal information entrusted to us by the people we support, their families, employees, volunteers, contractors, suppliers and visitors.
This Privacy Notice explains:
-
Who we are;
-
What personal information we collect;
-
How and why we use it;
-
Who we may share it with;
-
How long we keep it;
-
How we protect it; and
-
Your rights under UK data protection law.
We process personal information in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018 and other applicable legislation relating to health and social care services.
1. Who We Are
Saren Limited trading as Everlife (Wiltshire) and Everlife (Swindon) provides domiciliary care services and is registered with the Care Quality Commission (CQC) to provide regulated personal care services.
Registered Office
Everlife
Station Approach
Trowbridge
Wiltshire
BA14 8HW
For the purposes of UK data protection legislation, Saren Limited is the Data Controller responsible for determining how and why personal information is processed.
Privacy Contact
Darren Fowler
Privacy Contact and Person Responsible for Data Protection
Email: darren.fowler@everlife.co.uk
Telephone: 01225 719333
Postal Address:
Privacy Contact
Everlife
Station Approach
Trowbridge
Wiltshire
BA14 8HW
ICO Registration Number: Z9552372
2. Scope of this Privacy Notice
This Privacy Notice applies to:
-
People who use our services;
-
Prospective service users;
-
Family members, representatives and next of kin;
-
Employees;
-
Volunteers;
-
Job applicants;
-
Contractors and suppliers;
-
Visitors to our premises; and
-
Visitors to our website.
3. Information We Collect
Service Users and Prospective Service Users
We may collect:
Personal Information
-
Name;
-
Address;
-
Date of birth;
-
Telephone number;
-
Email address;
-
NHS number (where relevant);
-
Emergency contact details;
-
Next of kin information;
-
Financial and funding information;
-
Records relating to care provision.
Special Category Information
Where necessary to provide care services, we may collect:
-
Health information;
-
Medical history;
-
Medication records;
-
Care assessments;
-
Physical and mental health information;
-
Information relating to disabilities;
-
Ethnic origin;
-
Religious or cultural requirements;
-
Dietary requirements;
-
Safeguarding information;
-
Information necessary to provide person-centred care.
Employees, Volunteers and Applicants
We may collect:
-
Contact details;
-
Employment history;
-
Qualifications;
-
Training records;
-
Payroll and pension information;
-
Bank account details;
-
Right to work documentation;
-
References;
-
Absence records;
-
Occupational health information;
-
DBS information where legally required.
Contractors, Suppliers and Visitors
We may collect:
-
Names;
-
Contact details;
-
Business information;
-
Visitor records;
-
Correspondence records.
4. Information Collected Through Our Website
When you visit our website, we may automatically collect:
-
IP address;
-
Browser type and version;
-
Device information;
-
Website usage information;
-
Security and audit logs;
-
Information submitted through website forms.
We use this information to:
-
Maintain website security;
-
Respond to enquiries;
-
Improve website functionality and performance;
-
Monitor website usage;
-
Prevent fraud and misuse.
Website Contact Forms
When you submit an enquiry through our website, the information you provide will be used to respond to your enquiry, provide information about our services and maintain records of communications. We will only use this information for the purposes for which it was provided unless otherwise required or permitted by law.
Cookies
We use cookies and similar technologies on our website.
Some cookies are necessary for the operation of the website, while others help us improve website performance and understand how visitors use our website.
Where required by law, we obtain your consent before placing non-essential cookies on your device.
You may manage your cookie preferences through our cookie consent mechanism at any time.
Further information about the cookies we use and how to manage your preferences can be found in our Cookie Policy.
5. How We Collect Information
We collect information:
-
Directly from you;
-
Through enquiries and referrals;
-
During care assessments and care planning;
-
From family members or authorised representatives;
-
From healthcare professionals involved in your care;
-
Through recruitment processes;
-
From referees;
-
Through DBS checks where legally required;
-
Through our website and online forms;
-
From public authorities where legally permitted.
6. Lawful Basis for Processing
Under UK GDPR, we must identify a lawful basis for processing personal information.
Depending on the circumstances, we process personal information under one or more of the following lawful bases:
Article 6 UK GDPR
-
Consent;
-
Performance of a contract;
-
Compliance with a legal obligation;
-
Protection of vital interests;
-
Legitimate interests.
Special Category Data
Where we process health information and other special category data, we rely on one or more of the following conditions:
-
Provision and management of health and social care services;
-
Employment law obligations;
-
Safeguarding obligations;
-
Vital interests;
-
Substantial public interest;
-
Explicit consent where required.
7. How We Use Personal Information
We use personal information to:
-
Deliver safe and effective care services;
-
Assess care needs;
-
Develop and maintain care plans;
-
Safeguard service users;
-
Communicate with family members and representatives;
-
Recruit, manage and support employees;
-
Meet legal and regulatory obligations;
-
Manage payroll, pensions and invoicing;
-
Respond to enquiries and complaints;
-
Improve our services;
-
Protect the welfare of service users and staff.
8. Who We Share Information With
We only share personal information where necessary, lawful and proportionate.
Information may be shared with:
-
Local Authorities;
-
NHS organisations;
-
Integrated Care Boards (ICBs);
-
Care Quality Commission (CQC);
-
Healthcare professionals involved in care delivery;
-
Safeguarding authorities;
-
HM Revenue & Customs (HMRC);
-
Department for Work and Pensions (DWP);
-
Professional advisers;
-
Insurers;
-
Auditors;
-
Law enforcement agencies;
-
Courts and tribunals.
Information is shared on a strict need-to-know basis and subject to appropriate confidentiality and security safeguards.
Where information is used for statistical purposes, it will normally be anonymised.
9. International Transfers and Cloud Service Providers
We use carefully selected third-party cloud service providers and software systems to support the delivery of our care services, business operations and information management.
Where possible, personal information is stored on servers located within the United Kingdom. We seek to work with providers that maintain UK-based hosting environments and appropriate security standards.
However, some cloud service providers may access, support, back up or process information from locations outside the United Kingdom, or may be part of international organisations.
Where personal information is transferred outside the UK, we will ensure that appropriate safeguards are in place in accordance with UK GDPR requirements. These safeguards may include:
-
UK International Data Transfer Agreements (IDTAs);
-
UK Addendum to the European Commission’s Standard Contractual Clauses;
-
Transfers to countries recognised by the UK Government as providing an adequate level of protection; or
-
Other lawful transfer mechanisms permitted by UK GDPR.
We regularly review our suppliers and contractual arrangements to ensure personal information remains appropriately protected.
10. How We Keep Information Secure
We take appropriate technical and organisational measures to protect personal information against unauthorised access, loss, misuse, alteration or disclosure.
These measures include:
-
Access controls;
-
Password protection and multi-factor authentication where appropriate;
-
Staff confidentiality obligations;
-
Secure electronic systems;
-
Secure storage of paper records;
-
Cyber security protections;
-
Staff training;
-
Data breach management procedures.
In addition, we require third-party technology providers and cloud service providers to maintain appropriate technical and organisational security measures designed to protect personal information from unauthorised access, disclosure, alteration or destruction.
Where personal information is processed on our behalf, we ensure appropriate contractual protections are in place.
Relevant policies include:
-
Data Protection Policy;
-
Confidentiality Policy;
-
Data Breach Policy;
-
Computer Security Policy;
-
Computer Access and Responsibilities Policy;
-
Subject Access Request Procedure;
-
Recruitment and Selection Policy;
-
Complaints and Compliments Policy;
-
Social Media Policy.
11. How Long We Keep Information
We retain personal information only for as long as necessary to fulfil the purposes for which it was collected and to comply with legal, regulatory and contractual obligations.
Typical retention periods include:
-
Care records: in accordance with applicable health and social care record retention requirements;
-
Employee records: generally up to 6 years after employment ends;
-
Payroll and taxation records: generally 6 years;
-
Recruitment records for unsuccessful applicants: typically up to 12 months;
-
Website enquiries: normally up to 2 years.
Detailed retention schedules are maintained internally and are available upon request where appropriate.
12. Data Breaches
We maintain procedures for identifying, investigating and responding to personal data breaches.
Where required by law, we will notify the Information Commissioner’s Office and affected individuals.
13. Automated Decision-Making
Everlife does not currently use solely automated decision-making or profiling that produces legal or similarly significant effects on individuals.
Should this change in the future, this Privacy Notice will be updated accordingly.
14. Your Rights
Under UK GDPR, you have the right to:
-
Be informed about how your personal information is used;
-
Access your personal information;
-
Request correction of inaccurate information;
-
Request erasure of personal information in certain circumstances;
-
Restrict processing in certain circumstances;
-
Object to processing in certain circumstances;
-
Request data portability where applicable;
-
Withdraw consent where consent is the lawful basis for processing;
-
Object to direct marketing;
-
Not be subject to solely automated decision-making where applicable;
-
Seek compensation where permitted by law.
Some rights are subject to exemptions and limitations under data protection legislation.
15. Exercising Your Rights
If you wish to exercise any of your rights, please contact our Privacy Contact using the details provided in Section 1.
To protect personal information, we may request reasonable evidence of identity before responding to your request.
We will respond within the timescales required by applicable data protection legislation.
16. Complaints
We hope to resolve any concerns you may have regarding our use of personal information.
If you remain dissatisfied, you have the right to complain to the Information Commissioner’s Office (ICO).
Information Commissioner’s Office
Website: https://ico.org.uk/make-a-complaint/
Telephone: 0303 123 1113
Address:
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
17. Changes to This Privacy Notice
We may update this Privacy Notice from time to time to reflect changes in legal requirements, regulatory guidance, operational practices, technology, cloud service providers, website functionality or the way we process personal information.
Any significant changes will be communicated through our website or by other appropriate means where required.
The latest version of this Privacy Notice will always be available on our website and will show the date of the most recent update.