GDPR Policy

  1. Rainbow Health Resorces Limited is committed to ensuring that all personal data is handled in compliance with the General Data Protection Regulation (GDPR). This document outlines the policies and procedures we follow to protect the personal data of our clients, staff, and care partners.

2. Data Protection Principles Rainbow Health Resources Limited adheres to the following GDPR principles:

  • Lawfulness, fairness, and transparency

  • Purpose limitation

  • Data minimization

  • Accuracy

  • Storage limitation

  • Integrity and confidentiality

  • Accountability

3. Types of Data Collected We collect and process personal and sensitive data, including but not limited to:

  • Staff details: Name, contact information, employment records, DBS checks, training records.

  • Client details: Name, health information, care plans, emergency contacts.

  • Partner details: Contact persons, business details.

4. Lawful Basis for Processing We process personal data under the following lawful bases:

  • Consent – When individuals explicitly agree to data processing.

  • Contractual necessity – To fulfill service agreements with clients and staff.

  • Legal obligation – Compliance with regulatory requirements.

  • Legitimate interest – Ensuring safe and effective care services.

5. Data Subject Rights All individuals have the right to:

  • Access their personal data.

  • Request correction of inaccurate data.

  • Request deletion of their data (“Right to be Forgotten”).

  • Restrict or object to data processing.

  • Data portability.

  • Lodge a complaint with the Information Commissioner’s Office (ICO).

6. Data Security Measures To ensure the protection of personal data, we implement:

  • Secure digital storage with encryption.

  • Limited access control to authorized personnel.

  • Regular data protection training for staff.

  • Secure disposal of physical and electronic data.

7. Data Breach Policy In case of a data breach:

  • The breach will be assessed and contained immediately.

  • The ICO will be notified within 72 hours, if required.

  • Affected individuals will be informed where necessary.

  • Remedial action will be taken to prevent future breaches.

8. Data Retention & Disposal We retain data only as long as necessary:

  • Staff records: Up to 6 years after termination.

  • Client records: 3 years after service completion.

  • Financial records: 6 years.

  • Data is securely disposed of when no longer required.

9. Third-Party Data Sharing We may share data with:

  • Care homes and healthcare providers for service provision.

  • Regulatory authorities when legally required.

  • Third-party service providers with appropriate safeguards in place.

10. Staff Training & Accountability All employees receive GDPR training and are responsible for:

  • Handling data securely.

  • Reporting data breaches.

  • Complying with this policy.

11. Contact Information For any GDPR-related inquiries, contact our Data Protection Officer (DPO) at: [Insert Contact Information]

12. Review & Updates This policy is reviewed annually or in response to changes in regulations.

Acknowledgment
All staff must acknowledge they have read and understood this policy.

Signature: _______________ Date: _______________

[Company Representative]

Click here to download PDF

Rainbow Health Resources Limited
Anti-Slavery and Human Trafficking Policy

1. Introduction
Rainbow Health Resources Limited is committed to preventing slavery and human trafficking in all aspects of our business and supply chain. This policy outlines our stance against modern slavery and our efforts to ensure compliance with the Modern Slavery Act 2015.

2. Policy Statement
The Company has a zero-tolerance approach to modern slavery, including forced labour, child labour, human trafficking, and any form of exploitation. We are committed to acting ethically and with integrity in all business dealings.

3. Scope
This policy applies to all employees, contractors, suppliers, and business partners associated with Rainbow Health Resources Limited.

4. Responsibilities

  • Management: Ensures compliance with this policy, conducts due diligence, and implements corrective actions where necessary.
  • Employees: Must report any suspicions of slavery or human trafficking and adhere to the Company’s ethical standards.
  • Suppliers and Contractors: Must comply with this policy and provide assurance that their business practices align with our ethical standards.

5. Risk Assessment & Due Diligence
The Company conducts risk assessments to identify and mitigate risks related to modern slavery in our operations and supply chain. Due diligence includes:

  • Verifying supplier compliance with labour laws.
  • Conducting regular audits and assessments.
  • Implementing contractual obligations requiring suppliers to comply with anti-slavery laws.

6. Reporting & Whistleblowing
Employees and external stakeholders can confidentially report concerns regarding modern slavery to [Insert Contact Information]. Reports will be investigated thoroughly, and appropriate action will be taken.

7. Training & Awareness
The Company provides training to employees and key suppliers to raise awareness of modern slavery and human trafficking risks.

8. Monitoring & Review
This policy will be reviewed annually to ensure its effectiveness and compliance with relevant laws. Updates will be made as necessary.

9. Approval & Endorsement
This policy is approved by senior management and applies to all individuals associated with Rainbow Health Resources Limited.

Signed: _______________ Date: _______________

[Company Representative]

 

Click here to download PDF