top of page

Privacy Policy

Empowered 2 Support Ltd (“we”, “us”, “our”) is committed to protecting the privacy and security of the personal information we process. This Privacy Policy explains what data we collect, why we collect it, how we use it, and the rights of individuals under UK GDPR and the Data Protection Act 2018.

 

Purpose of Processing

We process personal data for the following purposes:

  • To provide Individual Service Fund (ISF) and support brokerage services.

  • To manage referrals, assessments, and support planning.

  • To liaise with local authorities, NHS bodies, providers, and authorised representatives.

  • To manage payments, financial monitoring, and service contracts.

  • To comply with legal, safeguarding, and regulatory duties.
     

3. Types of Data We Collect

3.1 Personal Information

  • Name, address, date of birth, NHS number.

  • Contact details for individuals, families, and representatives.
     

3.2 Health and Care Information

  • Needs assessments, support plans, reviews, outcomes, risks.
     

3.3 Financial Information

  • Budget allocations, ISF amounts, expenditure monitoring.
     

3.4 Professional Information

  • Provider contact details and commissioning information.
     

3.5 Website / IT Information

  • Email communications, meeting scheduling data, and service records.
     

4. Lawful Bases for Processing

We process data under:

  • Public Task – when acting on behalf of a local authority/NHS.

  • Contract – when delivering agreed services to clients.

  • Consent – for specific optional processing (included within our support plan).

  • Legitimate Interests – internal administration and service improvement.

  • Legal Obligation – safeguarding, fraud prevention, financial compliance.
     

5. How We Use Personal Data

We may use data to:

  • Develop and review support plans.

  • Arrange care and support services.

  • Manage ISF budgets and payments.

  • Communicate with commissioners and providers.

  • Maintain accurate records and audit trails.

  • Deliver outcome reporting.
     

6. Sharing of Personal Data

We only share information where necessary and lawful. Sharing partners may include:

  • Local authorities and NHS commissioning bodies.

  • Care and support providers.

  • Regulatory or safeguarding bodies.

  • Technology partners (email hosting, storage).

    We do not sell or use data for marketing.

 

7. Data Retention

All personal data is retained according to the Data Retention Schedule referenced in this policy.

8. Data Security

We use:

  • Encrypted laptops, password protection, and two-factor authentication.

  • Limited access controls based on role.

  • Secure email and cloud storage systems.

  • Regular security reviews and compliance checks.
     

9. Your Rights

Under UK GDPR, individuals have rights including:

  • Access

  • Rectification

  • Erasure

  • Restriction

  • Objection

  • Data portability

  • Rights related to automated decision-making
     

10. Complaints

If you have concerns about how we process your personal data, you can contact:

Information Commissioner’s Office (ICO)

www.ico.org.uk

bottom of page