top of page

Privacy Policy

Flanelol Limited (Trading as Illum Health)

Effective Date: 18 October 2025

Flanelol Limited, trading as Illum Health (“we”, “us”, or “our”), is a domiciliary care agency

incorporated in England with company number 11842359 and registered office at 11 Rutland

Road, Ilford, Essex, England, IG1 1EN. We are registered with the Care Quality Commission

(CQC) under provider ID 1-15976616155.

We are committed to protecting your privacy and handling your personal data in compliance

with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and

other relevant UK laws, including guidance from the Information Commissioner’s Office (ICO)

and the Care Quality Commission (CQC). This Privacy Policy explains how we collect, use,

share, and protect personal data when you interact with our website www.illumhealth.co.uk (the

“Website”), inquire about or receive our services, or otherwise engage with us.

 

We act as the data controller for the personal data we process. If you have any questions about

this policy or our data practices, please contact our Data Protection Officer (DPO) at

info@illumhealth.co.uk or by post at the address above.

1. Types of Personal Data We Collect

We collect and process the following categories of personal data:

● Client Data: Information about individuals receiving our care services, such as names,

addresses, contact details, date of birth, health and medical information (e.g., care

needs, medication history), and financial details for billing.

● Employee or Carer Data: Information about our staff or contracted carers, including

names, contact details, qualifications, employment history, and background checks (e.g.,

DBS records).

● Website Visitor Data: Data collected via the Website, such as IP addresses, browser

type, pages visited, and information submitted through contact forms (e.g., names,

emails, inquiries).

● Sensitive (Special Category) Data: Health records, ethnicity, religious beliefs, biometric

data (where relevant for care), or other sensitive information necessary for providing

tailored care services.

 

We only collect sensitive data with your explicit consent or where it is necessary for providing

health and social care services (under Article 9 of the UK GDPR).

 

2. How We Collect Your Data

We collect data:

● Directly from you (e.g., via forms, emails, phone calls, or in-person assessments).

● From third parties (e.g., family members, GPs, or local authorities referring clients).

● Automatically via the Website (e.g., through cookies and analytics tools – see Section 8

below).

● During the provision of services (e.g., care notes and records).

 

3. Purposes and Legal Bases for Processing

We process personal data for the following purposes, based on the legal bases under the UK

GDPR:

● Providing Care Services: To assess needs, create care plans, deliver domiciliary care

(e.g., personal care, medication assistance), and ensure safety. Legal Basis: Contractual

necessity (Article 6(1)(b)); explicit consent or necessity for health/social care (Article

9(2)(h) for sensitive data).

● Marketing and Communications: To send updates, newsletters, or promotional

materials about our services (with your consent). Legal Basis: Consent (Article 6(1)(a)).

● Compliance and Regulatory Checks: To meet legal obligations, such as CQC

inspections, safeguarding reports, or audits. Legal Basis: Legal obligation (Article

6(1)(c)); vital interests (Article 6(1)(d) for emergencies).

● Website Operations and Analytics: To improve the Website and user experience.

Legal Basis: Legitimate interests (Article 6(1)(f)) for essential functions; consent for non-

essential tracking.

● Administrative Purposes: Billing, payments, and record-keeping. Legal Basis:

Contractual necessity (Article 6(1)(b)).

 

We will only use your data for the purposes for which it was collected, unless we obtain your

consent for new purposes or it is otherwise permitted by law.

4. Sharing Your Data

We may share your personal data with:

 

● Third-party carers or subcontractors involved in delivering services.

● Healthcare professionals or organisations (e.g., NHS, GPs, hospitals).

● Regulators and authorities (e.g., CQC, local councils, safeguarding teams).

● Data processors (e.g., cloud storage providers, IT support, or payment processors) who

act on our behalf under strict confidentiality agreements.

 

All sharing is limited to what is necessary and compliant with UK data protection laws. We do

not transfer data outside the UK.

5. Data Retention

We retain personal data only as long as necessary to fulfill the purposes outlined above, or as

required by law. In line with statutory requirements (e.g., NHS Records Management Code of

Practice and CQC guidance):

● Client care records: 8 years after the end of services or last contact.

● Employee/carer records: 6 years after employment ends (or longer for pension-related

data).

● Website visitor data: Up to 2 years for analytics, or shorter if not needed.

● Sensitive health data: As per specific regulations, e.g., 3 years for care plans after last

entry, but up to 30 years for certain adult social care records involving safeguarding.

 

After retention periods, data is securely deleted or anonymised.

6. Your Data Protection Rights

Under the UK GDPR, you have rights including:

● Access: Request a copy of your data.

● Rectification: Correct inaccurate data.

● Erasure: Request deletion in certain circumstances.

● Restriction: Limit processing.

● Objection: Object to processing based on legitimate interests or marketing.

● Portability: Receive your data in a transferable format.

● Withdraw Consent: Where processing relies on consent.

 

To exercise these rights, contact our DPO at info@illumhealth.co.uk. We respond within 2

working weeks. You can also complain to the ICO (www.ico.org.uk) if unsatisfied.

7. Data Security

We implement appropriate technical and organisational measures to protect your data, including

encryption, access controls, regular audits, and staff training. In the event of a data breach, we

will notify you and the ICO where required.

8. Cookies and Tracking

Our Website uses cookies to enhance functionality and user experience. Cookies are small files

stored on your device. We use:

● Strictly Necessary Cookies: Essential for Website operation (e.g., session

management, form submissions). No consent required.

● Performance Cookies: To analyse usage (e.g., Google Analytics for page views,

bounce rates). Helps improve the site.

● Functionality Cookies: To remember preferences (e.g., language settings).

● Targeting/Marketing Cookies: To deliver relevant ads or track interactions (e.g., via

third-party tools like Facebook Pixel, if applicable).

 

We comply with the Privacy and Electronic Communications Regulations (PECR). Non-essential

cookies require your consent, which you can manage via our cookie banner. You can block

cookies in your browser settings, but this may affect Website functionality.

9. Children’s Data

Our services are not directed at children under 16 without parental/guardian involvement. We

process children’s data only with appropriate consent and safeguards.

10. Changes to This Policy

We may update this policy to reflect changes in our practices or laws. Updates will be posted on

the Website with the effective date. Continued use of our services constitutes acceptance.

If you have questions, contact us at info@illumhealth.co.uk.

ILLUM HEALTH logos (2)_edited.jpg

We brighten every day by providing trusted, person-centred care and staffing solutions across the UK, supporting and safeguarding zero to elderly ages day and night. We offer expert health and social care staffing across the UK, supporting Children, Young People and Families.

Useful Pages

Contact us

Privacy Policy

Terms of Business

CQC - Illum Health

Contact Details

020 8050 9398

info@illumhealth.co.uk

Monday - Sunday 24 hours

  • LinkedIn

@2035 Powered and secured.

bottom of page