Legal & Compliance

GDPR Compliance Statement

Aster Homecare UK LTD Data Protection Commitment

Aster Homecare UK LTD is fully committed to conducting its business in accordance with all applicable data protection laws and regulations, in line with the highest standards of ethical conduct. This statement outlines our commitment to compliance with the General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Commitment to GDPR

We process all personal data strictly in accordance with GDPR principles. Personal data will be:

  • Processed lawfully, fairly, and in a transparent manner.
  • Collected for specified, explicit, and legitimate purposes.
  • Adequate, relevant, and limited to what is necessary.
  • Accurate and, where necessary, kept up to date.
  • Kept in a form which permits identification of data subjects for no longer than is necessary.
  • Processed securely against unauthorised or unlawful processing.

Data Protection Officer (DPO)

We have appointed a Data Protection Officer who is responsible for overseeing questions in relation to this compliance statement. If you have any questions, including any requests to exercise your legal rights, please contact the DPO at info@asterhomecare.co.uk.

Staff Training

All Aster Homecare staff handle highly sensitive health and social care data. Due to the sensitive nature of this data, all employees undergo robust, mandatory GDPR and Data Protection training during their induction and annually thereafter. Staff understand the legal duty of confidentiality and are bound by stringent non-disclosure agreements.

Your Data Rights

Under the UK GDPR, you have the right to be informed, the right of access, the right to rectification, the right to erasure ("the right to be forgotten"), the right to restrict processing, the right to data portability, the right to object, and rights in relation to automated decision making and profiling.

Data Breaches

In the highly unlikely event of a data breach, Aster Homecare has a robust Data Breach Response Plan in place. Our policy ensures that the Information Commissioner's Office (ICO) and any affected data subjects are notified rapidly, in full compliance with the strict 72-hour regulatory timeframe mandated by the GDPR.

For a detailed breakdown of how we process specific data categories, please refer to our full Privacy Policy.