LifeCome Care Gibraltar – We Care

Contact us
Contact us

Privacy Policy

LIFECOME CARE (GIBRALTAR) LIMITED PRIVACY POLICY
Last updated: 10 January 2025

At LifeCome Care (Gibraltar) Limited, we are committed to protecting your privacy and ensuring the security of your personal data.

This Privacy Policy explains how we collect, use, and safeguard your personal information, along with your rights as a data subject. The terms “LifeCome Care,” “we,” “us,” and “our” refer to LifeCome Care (Gibraltar) Limited and its affiliates. Together with our Cookie Policy, this Privacy Policy applies to all users of our website: https://lifecomecare.gi/, as well as our clients and business partners. The terms “you” and “your” apply to all users, regardless of whether you are a client of LifeCome Care. If you are a client, this Privacy Policy applies alongside any relevant terms of business, agreements, or engagement letters we may have with you.

If you are simply browsing our website, you can navigate and use it without providing personal data, except for certain information collected through cookies or data you voluntarily provide for marketing purposes or to access specific resources. If you do not accept these policies, please discontinue your use of our website immediately.

By using our website, providing personal information, and/or using any of our services, you agree to the following:

  • You consent to this Privacy Policy, as updated periodically.
  • If you provide personal information about another person, you confirm that:
  • You have the legal right to provide that information.
  • You have shared this Privacy Policy, as updated, with that person.
  • That person has agreed to the terms of this Privacy Policy.

In such cases, references to “you” and “your” in this Privacy Policy include such individuals.

This Privacy Policy does not cover our privacy obligations towards employees or prospective employees, which are addressed in our Employee Privacy Policy and Recruitment Privacy Policy. These will be provided during the application process or at the commencement of employment, as applicable. We reserve the right to issue separate privacy policies for other stakeholders or business partners as needed.

EXPLANATION OF KEY CONCEPTS

In this Privacy Policy:

  • Personal Data: Refers to information relating to an identified or identifiable individual (“data subject”). This may include your name, phone number, email address, place, and date of birth, among other identifiers. Personal data does not include data that cannot identify you, such as anonymous or de-identified data.
  • Processing: Refers to any operation performed on personal data, whether automated or manual, such as collection, storage, use, disclosure, or deletion.
  • Controller: If we determine the purposes and means of processing your personal data, we act as a “controller.”
  • Processor: If someone processes data under our instructions, they are a “processor.”

LifeCome Care operates in Gibraltar, which has its own data protection laws influenced by the European Union (EU) regulations. These include:

  • The Data Protection Act 2004 (as amended) and its associated regulations.
  • The Gibraltar GDPR, a version of the EU’s General Data Protection Regulation (Regulation (EU) 2016/679), adapted for Gibraltar law.

For more information, visit: https://lifecomecare.gi/privacy-policy/. If you live or work outside Gibraltar, additional data protection laws (such as the EU GDPR) may also apply to your circumstances.
To navigate this Privacy Policy more easily, click on the relevant section headings. To access the policy online, please visit: https://lifecomecare.gi/privacy-policy/.

INFORMATION COLLECTED AND PROCESSED

When you browse our website, your personal data is not directly revealed to us. However, certain statistical information may be collected via our internet service provider and tracking technologies. This information includes data about the pages you view and the type of hardware you use, but not your name, age, address, or anything that can personally identify you. Further details can be found in our Cookie Policy.

If you choose to use specific services offered on our website, access certain information we provide, or contact us directly through our Contact page or by engaging with our team, we may collect personal data such as:
Name, email address, telephone number, and residential address.
Basic contact information for marketing purposes, provided you opt-in to receive such communications.

If you enter into a professional relationship with us as a client, business partner, vendor, or supplier, the personal data we may collect and hold includes:

  • Basic identifiers: Name, occupation, age, and photographs included in identity verification documents.
  • Contact details: Email address, mailing address, or phone number.
  • Communication records: Logs of our interactions with you.
  • Family and social information: (In certain cases, such as adult social care matters) details about your family, carers, and social circumstances, including employment status.
  • Know Your Customer (KYC) data: Information obtained to verify your identity and comply with legal obligations, such as copies of passports, national identity cards, payslips, or proof of address.

    Providing such data may be a contractual requirement to enable us to meet our legal obligations and deliver services to you. Without this information, we may be unable to provide our services or respond to your requests.
    Additionally, we may process certain special categories of data where permitted by law or with your explicit consent. This could include data for purposes such as fraud prevention, money laundering, or legal representation. Such data may include:
  • Racial or ethnic origin.
  • Political opinions.
  • Religious or philosophical beliefs.
  • Trade union membership.
  • Genetic or biometric data (e.g., for identity verification).
  • Health conditions, both physical and mental.
  • Criminal convictions or alleged offences.

How Information is collected

We collect your personal data in the following ways:

  • Information you provide directly when contacting us or visiting our offices.
  • Information received from third parties, such as service providers, government agencies, or regulatory authorities.
  • Information acquired during our professional relationship with you.
  • Data collected through your use of our website or digital platforms.
  • CCTV footage captured to ensure the security of our premises.
  • Publicly available information from trusted sources.

This privacy policy ensures that any data collected is handled securely and in compliance with applicable laws to support the high standard of adult social care services provided by LifeCome Care (Gibraltar) Limited.

WHY INFORMATION IS COLLECTED

At Lifecome Care (Gibraltar) Limited, we are committed to respecting your privacy rights and ensuring compliance with data protection regulations. We only collect and process personal data when we have a lawful basis to do so. For sensitive personal data, additional justification may be required. The lawful bases we rely on include:

1. Compliance with Contractual Obligations
We may process your personal data when it is necessary to fulfil a contractual obligation with you, such as when you are a client. This also applies before entering into a contract (e.g., with prospective clients or job applicants), enabling us to consider you for employment in line with our Recruitment Privacy Policy. It may also be relevant in managing enquiries or complaints.

2. Compliance with Legal Obligations
We may process your personal data to comply with legal obligations, such as verifying your identity to meet anti-money laundering regulations.

3. Legitimate Interests
In certain situations, we may process your personal data to pursue a legitimate interest, provided it does not override your rights and freedoms. Examples include:
Establishing, exercising, or defending legal claims;
Ensuring the security of our IT infrastructure and systems;
Monitoring the usage and effectiveness of our website;
Preventing fraud, protecting staff and premises, or disclosing criminal acts (e.g., through the use of CCTV);

4. Consent
Where you have expressly given your consent, we may process your personal data for specific purposes, such as accessing marketing materials, newsletters, or responding to your enquiries or feedback.

5. Key Interests
Processing may be necessary to protect your key interests or those of another person, such as in life-threatening situations. For example, we may collect allergy information or process data in the event of an incident on our premises.

6. Public Interest or Official Authority
While this basis is primarily applicable to public authorities, we will inform you if we need to rely on it.

In most cases, we collect the personal data you voluntarily provide to deliver the services you have requested, such as health and social care services. The information is used to communicate with you about the provision of services as outlined in our engagement terms. If you choose not to provide certain information, we may be unable to deliver specific services.
Additionally, we process personal data related to our employees and prospective applicants for general employment and recruitment purposes. Further details are provided at the point of data collection for such purposes.

INFORMATION USAGE

At LifeCome Care (Gibraltar) Limited, we are committed to handling your personal information lawfully and transparently. We use your information solely for the purposes for which it was provided or lawfully obtained. If the purpose for processing your data changes or ceases, we will inform you, request additional consent where required, or securely erase your data in accordance with the retention policies outlined in this Privacy Policy.

Use of Personal Information

Your personal information may be used for the following purposes:
Identity Verification: To verify your identity when interacting with us, enabling us to meet our legal and regulatory obligations related to crime prevention, anti-money laundering, tax compliance, due diligence, and other applicable requirements.
Service Provision: To provide the information or services you have requested, or to process transactions on your behalf, such as settling invoices or payments.
Notifications: To inform you of changes to our services or updates to this Privacy Policy.
Compliance and Legal Obligations: To fulfil legal or regulatory requirements, respond to requests from government or regulatory authorities, protect individuals or property, or exercise or defend legal claims.
Website Optimisation: To present content on our website in the most effective way for your device(s).
Internal Operations: For troubleshooting, data analysis, testing, research, and statistical purposes, or to ensure the safety and security of our website.

We may also use anonymised and aggregated data for monitoring website usage, improving our services, or sharing insights with third parties. Such data cannot be used to identify you. For further details, please refer to our Cookie Policy.

Direct Marketing

We may use your information to provide you with updates about our services and events, subject to lawful grounds for processing:

  • Interactive Services: To allow participation in features of our services when you choose to engage with them.
  • Event Management: To inform and manage your involvement in our events, including educational sessions or corporate hospitality.
  • Advertising and Recommendations: To deliver relevant advertisements, measure their effectiveness, and suggest services or products that may interest you.
  • Communications: To send newsletters, brochures, and information about services or events similar to those you have previously enquired about or utilised, unless you have opted out of receiving such information.

For existing clients or those with an established relationship with us, we rely on legitimate interests as the lawful basis for processing your data for direct marketing purposes. We ensure that such communications are reasonable, align with your expectations, and do not disproportionately impact your privacy.

For individuals who are not existing clients or do not have a relationship with us, direct marketing communications will be subject to your consent. This will be requested at the earliest opportunity, providing you with an option to opt in via forms or links in our communications.

You may opt out of receiving marketing communications at any time by clicking the ‘unsubscribe’ link in our emails or contacting us directly.

Administrative and Service-Related Communications

Please note that administrative communications, such as updates regarding legal advice or changes to our terms of business, are necessary for service delivery and do not typically offer an unsubscribe option. These communications are directed exclusively to clients and business partners.

If you request to be removed from our marketing database, we will retain your details solely for suppression purposes, ensuring you are not included in future marketing campaigns. This will not affect other information we hold about you for service provision or lawful purposes.

INFORMATION SHARING

At Lifecome Care (Gibraltar) Limited, we may access, preserve, and disclose information about you to third parties in specific circumstances. This includes instances where disclosure is required under our contractual obligations, applicable laws, regulations, or legal processes, unless such information is protected by legal professional privilege.

Personal data may be processed by us and/or our affiliates, agents, vendors, consultants, or suppliers, as well as other third-party service providers acting on our behalf for the purposes outlined above. This includes, for example, external legal counsel, financial institutions, or professional experts, or as directed by you. These third parties are provided access to personal data strictly for the purposes of fulfilling their designated role or ensuring compliance with relevant laws and regulations, and not for any other purpose. We require such third parties to implement robust security measures consistent with the standards outlined in this Privacy Policy. These entities may be located within or outside Gibraltar.

In addition, we may be legally obligated or directed by a court to disclose certain information about you or our engagement with you to relevant regulatory, law enforcement, or other competent authorities, except where such information is protected by legal professional privilege. Furthermore, we may need to share your information to enforce or uphold our legal rights under agreed terms of business.

If our business undergoes a joint venture, sale, reorganisation, transfer, asset disposal, or merger with another entity, your information may also be disclosed to the relevant new business partners.

Overseas Transfers

In connection with our services, personal data may be transferred outside Gibraltar, including to countries or territories outside the United Kingdom or the European Economic Area (EEA). This may occur when international legal proceedings, cross-jurisdictional services, or service providers outside the EEA are involved. The EEA encompasses EU member states, Iceland, Liechtenstein, and Norway. Under data protection legislation, personal data may flow freely from Gibraltar to the United Kingdom or the EEA. However, transferring data to a ‘third country’ outside these areas, referred to as “restricted transfers,” is subject to specific conditions.

We will only carry out restricted transfers where adequate protection measures are in place, such as:

  • Transfers to territories deemed ‘adequate’ under data protection legislation through applicable adequacy regulations;
  • The implementation of ‘appropriate safeguards,’ including:
  • Binding corporate rules;
  • Standard data protection clauses as specified in regulations;
  • Approved codes of conduct; or
  • Approved certification mechanisms.

In cases where adequacy regulations or appropriate safeguards are unavailable, we may rely on specific derogations under Article 49 of the Gibraltar GDPR. These include transfers made:
With your explicit consent;

  • To perform a contract with you (or pre-contractual steps);
  • To fulfil a contract with a third party concluded in your interest (e.g., instructing foreign counsel);
  • For significant public interest;
  • For the establishment, exercise, or defence of legal claims; or
  • To protect vital interests where consent cannot be given.

Restricted transfers may also occur in one-off cases when the transfer is non-repetitive, concerns a limited number of individuals, and is necessary to pursue compelling legitimate interests that are not overridden by your rights or freedoms. In such cases, a thorough assessment of all relevant circumstances will be conducted.

We Do Not Sell Your Information

Communicating over the Internet or sharing information by other means may involve your personal information passing through or being handled by third parties. However, we do not sell or share your personal information with third parties for marketing purposes without your permission.

Information shared with marketing companies, data analytics providers, website developers, or similar service providers is solely for the purpose of developing, managing, and improving our website and marketing activities. All such information is anonymised and de-identified to ensure that it cannot be used to identify you personally.

HOW INFORMATION IS RETAINED

Retention periods are determined by the nature and type of information, as well as any applicable legal or regulatory requirements. We retain records of our engagement with clients, along with all relevant files and documentation, for a minimum period of six (6) years following the conclusion of the business relationship outlined in the applicable engagement documentation. This retention period may be extended under the following circumstances:
Where we are legally obligated to retain records for a longer duration.
If continued retention is necessary for the establishment, exercise, or defence of legal claims.
To safeguard your vital interests or those of another natural person.

We strive to minimise the personal data retained, keeping only what is essential to identify the client and the services provided by Lifecome Care (Gibraltar) Limited. Upon the expiry of the applicable retention period, we will securely destroy personal data and associated records. However, we may, at our discretion, retain personal information for shorter or longer durations if deemed necessary to comply with legal or regulatory obligations or upon your specific request. For instance, you may request us to retain certain documents such as final orders, marriage or birth certificates, policy documents, or land title deeds.

For further information on the location and retention periods for your personal data, or details regarding your rights to data erasure and portability, please contact us using the details provided below.

Where information is no longer necessary or relevant to the services we provide, it may be anonymised and aggregated with other non-personal data. This anonymised data, which is dissociated from your identity, may be retained for longer periods to generate insights that are commercially valuable, such as service usage statistics. Anonymised website data, as outlined in our Cookie Policy, may also be retained indefinitely in accordance with applicable laws and regulations.

SECURING YOUR INFORMATION

At Lifecome Care (Gibraltar) Limited, we are committed to implementing robust measures to ensure the security of your personal data. Our technical, administrative, and physical safeguards are designed to protect your information from loss, theft, misuse, unauthorised access, disclosure, alteration, and destruction.

We store personal data on secured and encrypted servers located in Gibraltar. Physical copies of information, where necessary, are kept in secure storage facilities with access limited to authorised personnel. We also actively monitor and control access to your data by contractors, advisers, consultants, and staff, ensuring they are adequately trained in privacy and data protection obligations.

Our security systems are regularly updated and tested, and access to personal data is restricted to employees who require the information to provide services or benefits. Staff are trained in maintaining confidentiality and safeguarding client information, with disciplinary measures in place for any breaches of privacy. If you have further questions regarding data security, please contact us using the details provided below.

Risks of Internet Usage

While we use reasonable safeguards to protect your personal information, please be aware that no method of transmission over the Internet or electronic storage is entirely secure. We cannot guarantee the security of any information transmitted to us via the Internet, nor are we responsible for data stored or shared on third-party websites, which are governed by their respective privacy policies. The transfer of data via the Internet is at your own risk.

Breach of Data

In the event of a data breach—defined as the accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access to personal data—we will promptly assess and address the situation. Under the Gibraltar GDPR, businesses are required to report data breaches to the relevant authorities within 72 hours. Should a breach pose a high risk to your rights and freedoms, we will notify you without undue delay.

Your Rights Gibraltar GDPR and EU GDPR Rights

As a natural person (an individual, not a company), you have rights under Gibraltar’s data protection laws, which align with certain provisions of the EU GDPR. These rights include:
Access to information about the processing of your personal data, including its source if not directly provided by you.

  • The ability to access, correct, or update inaccurate or incomplete personal data.
  • The right to request the deletion of personal data in specific circumstances, such as when it is no longer necessary for processing or when processing is unlawful (commonly referred to as the “right to be forgotten”).
  • The right to object to processing for marketing purposes or based on your specific situation.
  • The right to restrict data processing under certain conditions.
  • The right to receive your personal data in a structured, commonly used, and machine-readable format, or to request its transfer to another entity (“data portability”).
  • The right to request that automated decisions significantly affecting you are made by natural persons, not solely by automated means, and to challenge such decisions.
  • The ability to withdraw your consent for data processing at any time.
  • The right to opt out of direct marketing communications.

If you believe your rights have been violated, you may lodge a complaint with the Gibraltar Regulatory Authority, the designated Information Commissioner under the Data Protection Act 2004. Residents of the EEA may also file complaints with their local supervisory authority under the EU GDPR.

Limitations to Your Rights

These rights may only apply in certain circumstances. For instance, some rights are applicable only when our lawful basis for processing your personal data is your consent or when we have entered into a contract with you. Further information regarding your rights is available upon request using the contact details provided in this Privacy Policy.

Additionally, please note that your right to information under Articles 13 and 14 of the Gibraltar GDPR is subject to certain limitations. Specifically, our obligation to provide information does not apply where:

  • Providing the information proves impossible or would involve disproportionate effort on our part. In such cases, we will take appropriate measures as the data controller to safeguard your rights, freedoms, and
  • legitimate interests, including making information publicly available (as this Privacy Policy aims to do).
  • The obtaining or disclosure of information is explicitly required by Gibraltar law to which we are subject, and such laws include appropriate measures to protect your legitimate interests.
  • The personal data must remain confidential due to obligations of professional secrecy governed by Gibraltar law, such as statutory confidentiality requirements.
  • You already possess the relevant information.

Accessing Your Information and Enforcing Your Rights

  • If you wish to exercise any of your rights under applicable data protection laws, please contact us using the details provided in this Privacy Policy. To safeguard the integrity and security of the personal data we hold, we may require you to follow a defined rights request procedure. This may include steps to verify your identity and the completion of a request form to help us better understand the nature of your request and the specific information you seek. These measures ensure that personal data is not disclosed to unauthorised individuals.
  • We aim to process all requests promptly and without undue delay, typically within one month of receipt of your request or the necessary identification information, where applicable. In cases involving complex requests, multiple concurrent requests, or difficulty verifying your identity, this timeframe may be extended by up to two additional months. While we generally do not charge a fee for processing such requests, a reasonable fee may be applied for requests that are manifestly unfounded, excessive, or repetitive. In such circumstances, we may also decline to comply with the request.
  • There may be instances where we cannot provide the information you request. Examples include situations where disclosure would infringe on the privacy of others, breach confidentiality, or contravene legal obligations. If we are unable to fulfil your request, we will provide a clear explanation.
  • Additionally, you have the right to object to direct marketing. You may enforce this right by contacting us or using the ‘unsubscribe’ or opt-out mechanisms included in our marketing communications.
  • We are committed to ensuring the accuracy and currency of your personal information. If your details change, such as your email address or name, please notify us using the contact details provided. You may also request corrections to inaccurate or incomplete information or ask us to remove inaccurate information. In some cases, even without a formal request, we may update or correct your information if we determine that it is inaccurate, incomplete, outdated, irrelevant, or misleading, taking into account the purposes for which we process it.

CONTACT INFORMATION OF THE DATA CONTROLLER

The data controller for any personal data you provide to us is LifeCome Care (Gibraltar) Limited, a company dedicated to providing high-quality health and social care services.

If you have any questions, concerns, or comments, or if you would like further information about this Privacy Policy, how we handle your personal data, or wish to enforce your data protection rights, please contact us via the details below:

LifeCome Care (Gibraltar) Limited
Suite 6, 2nd Floor, No. 33 Main Street,
Gibraltar, GX11 1AA

  • Email: [email protected]
  • Phone: +350 2004 1660
  • WhatsApp: +350 5602 0251
  • Out of Hours Contact: +350 5602 0251

Our Data Protection Officer, Otega Owumi, can be contacted directly via the above details. If your query is unrelated to privacy, you may also use the general email address [email protected] to reach out to our team.

Your Right to Complain

At LifeCome Care (Gibraltar) Limited, we are committed to maintaining the highest standards in protecting your privacy. If you are concerned about the manner in which we manage your personal information and believe we may have breached applicable privacy laws or other obligations, we encourage you to raise your concerns directly with us using the contact information above.

We will record your complaint and escalate it to our internal complaints resolution team for a thorough investigation. We aim to address your concerns promptly and will keep you informed about the progress of our investigation.

If we do not respond to your complaint within a reasonable timeframe, or if you feel it has not been resolved to your satisfaction, you have the right to escalate the matter to the Information Commissioner under the Data Protection Act. In Gibraltar, this role is fulfilled by the Gibraltar Regulatory Authority (GRA).

You may contact the GRA at:
Gibraltar Regulatory Authority
2nd Floor, Eurotowers 4,
1 Europort Road,
Gibraltar

The GRA is responsible for ensuring your rights and obligations are upheld and is competent to address complaints, including prohibiting or restricting the processing of personal data in specific circumstances.

We are here to assist and ensure that your data protection concerns are addressed efficiently and transparently.