MY LIGHTHOUSE

PRIVACY POLICY

Effective Date: 18 February 2026
Company Name: My Lighthouse Care Ltd
Company Number: 16857381
Registered Office: Arding & Hobbs, 7 St John's Rd, London SW11 1QN
Contact Email: [email protected]

1. Who We Are

My Lighthouse Care (“Lighthouse”, “we”, “us”, “our”) provides software tools and administrative assistance to families who directly employ carers and to self-employed carers.

For the purposes of UK data protection law (UK GDPR and the Data Protection Act 2018), Lighthouse Ltd is the data controller of personal data processed through the platform, except where stated otherwise.

2. The Types of Personal Data We Process

We may collect and process the following categories of personal data:

2.1 Identity and Contact Data

• Full name
• Address
• Email address
• Telephone number
• Date of birth

2.2 Employment and Recruitment Data

• CV information
• Employment history
• References
• Interview notes
• Right-to-work documentation

2.3 Criminal Record Data

• Information required to facilitate DBS applications
• Confirmation of DBS outcomes (where shared)

2.4 Financial Data

• Bank account details
• Payment records

2.5 Health Data (Special Category Data)

• Information relating to the care recipient’s health
• Care needs descriptions
• Accessibility or medical information voluntarily entered by families

2.6 Emergency / Next of Kin Data

• Names and contact details of emergency contacts

3. Special Category and Criminal Record Data

Health data and criminal record data are considered sensitive under UK GDPR.

We process such data only where:

• You have provided explicit consent, and/or
• Processing is necessary for employment or safeguarding obligations, and/or
• Processing is necessary for the provision of services requested by you.

Criminal record data is processed solely for the purpose of facilitating DBS checks via authorised third-party umbrella services.

4. How We Use Personal Data

We use personal data to:

• Provide and manage platform services
• Facilitate recruitment processes
• Coordinate DBS applications
• Provide employment templates
• Communicate with users
• Maintain platform security
• Improve services
• Comply with legal obligations

We do not sell personal data.

5. Lawful Bases for Processing

We rely on the following lawful bases under UK GDPR:

• Contractual necessity – to provide the services you request
• Legitimate interests – platform administration, fraud prevention, service improvement
• Legal obligation – compliance with employment or safeguarding laws
• Explicit consent – where required for health and criminal record data

Where we rely on consent, you may withdraw it at any time.

6. DBS Processing

Lighthouse facilitates DBS applications via authorised third-party umbrella providers.

• Lighthouse does not conduct DBS checks directly.
• DBS umbrella providers act as independent data controllers.
• You may provide information directly to the DBS provider.

We retain only necessary records relating to the coordination of DBS checks.

7. Sharing of Personal Data

We may share personal data with:

• DBS umbrella providers
• IT hosting and infrastructure providers
• Email and communication platforms
• Professional advisers (legal, accounting)
• Regulators or law enforcement where legally required

All third-party processors are subject to contractual data protection obligations.

8. International Transfers

Where data is processed outside the UK, we ensure appropriate safeguards are in place, including:

• UK-approved Standard Contractual Clauses
• Adequacy regulations

9. Data Security

We implement appropriate technical and organisational measures including:

• Encrypted data storage
• Role-based access controls
• Secure hosting environments
• Regular access reviews

No system is entirely secure; however, we take reasonable steps to protect personal data.

10. Data Retention

We retain personal data only as long as necessary for:

• Providing services
• Legal and regulatory compliance
• Resolving disputes

Recruitment and DBS-related data is retained only as long as necessary for lawful purposes.

Detailed retention periods are set out in our internal Data Retention Policy.

11. Your Data Protection Rights

Under UK GDPR, you have the right to:

• Access your personal data
• Request correction of inaccurate data
• Request erasure (where lawful)
• Restrict processing
• Object to processing
• Request data portability
• Withdraw consent

To exercise your rights, contact: [email protected]

You may also complain to the Information Commissioner’s Office (ICO):
https://ico.org.uk

12. Children’s Data

Lighthouse does not knowingly collect data directly from children. Any health or care-related information concerning minors must be provided by a parent or legal guardian.

13. Changes to This Policy

We may update this Privacy Policy from time to time. Updates will be published on the platform.