top of page
For employers

Privacy Policy

Privacy Notice

Our privacy promise to you

We ask that you read this privacy promise carefully as it contains important information on who we are and how we collect, use, store and share personal information. It outlines your rights and how to contact us and other relevant organisations in the event you have a complaint.

Who we are

We are Interbright Limited, registered with Companies House in 2017. Company number 10468040

As a ‘data controller’, we are responsible for how we process your information in the UK. The UK General Data Protection Regulation (UK GDPR) sits alongside an amended version of the Data Protection Act (DPA) 2018 and applies to most UK businesses and organisations. We must comply with this data protection regime with regards to the data protection principles, our obligations and your rights as a UK citizen.

All our data processing activities are monitored by our appointed Data Protection Officer to ensure that the information we collect is:

  • Used lawfully, fairly and in a transparent way

  • Relevant and for reasons that we have told you about

  • Accurate and up to date

  • Kept only for as long as it is needed

  • Kept securely

Customer Privacy Promise

Information collected by us

We define personal information as information about you or that make you identifiable to others. This falls into two categories:

  • Personal Data such as your name, address, email address, contact information, financial information, health and lifestyle details (including opinions and intentions) relevant to the services we are providing.

We collect this information:

  • When you make enquires about our care and support services through our website, telephone, email, post, face to face or social media.

  • Through audio recordings of telephone calls to and from our office and branch teams.

  • By written correspondence by email or post.

  • Through service providers (data processors) who are contracted by us to deliver:

– IT and Telecoms support

– Payment and financial systems

– Software support

– Marketing & Analytics systems

– Email client platforms

– Record archiving

Information collected from our website

We collect device identifiers such as internet protocol (IP) addresses and information about the web pages visited, the type of device and software. This is used for statistical and analytical purposes to improve your customer journey and experience.

We also collect personal information when you submit a web -based form.

Our website may also provide links to other websites which have their own privacy policies. We do not accept any responsibility or liability should you access or use these links.

Information collected from other sources

We may also collect and use personal data and other information about other people that contribute to or affect your care and support needs such as next of kin, power of attorney or emergency contact.

Purpose for collecting and using your personal information

We process your information in different ways under the following legal bases:

  1. Where processing is conducted with your consent for specified purposes

  2. Where processing is necessary for the performance of our contracts

  3. Where processing is necessary for us to demonstrate compliance with the law and regulatory frameworks

  4. When processing in pursuit of legitimate interests for:

Direct marketing communications to customers and potential prospects

Responding to enquiries and other communications with customers and 3rd parties

Corporate due diligence, engagement, service development and innovation

Call recording to evidence business transactions, resolve disputes and monitor service quality and staff Training

When processing special category (sensitive) data concerning health and biometrics, as is necessary for the provision of social care or the management of social care systems and services on the basis of Union or Member State law or pursuant to contract with a health professional and subject to the conditions and safeguards:

Who we share information with

Any individuals that you nominated as your representative or who have a legal entitlement.

Law enforcement authorities on request or following a court order

Third party data processors and service providers who are contracted to support us

Relevant internal personnel to provide safe and effective services.

External suppliers/partners that support our business functions and service development.

We will not sell or trade your personal information with other third party without your consent.

National Data Opt-Out

At this time, we do not share any data for planning or research purposes for which the national data opt-out would apply. We review this on an annual basis and for any new processing.

Data Transfers and Storage

Interbright Limited transfers and stores data under contractual agreements with data processors in the UK. Data transfers and storage may also occur in the European Economic Area (EEA) and third countries. These are now known as Restricted Data Transfers.

Restricted Data Transfers

Under the UK GDPR, restricted data transfers from the UK to the EEA and other countries covered by a European Commission ‘adequacy decision’ are currently permitted subject to review by the UK Government.

Restricted data transfers from the EEA and other countries covered by a European Commission ‘adequacy decision’ continues to comply with EU GDPR with the appropriate safeguards we have put in place.

Restricted Data Transfers between the UK to other third countries are permitted in compliance with the UK GDPR ‘adequacy regulations’ or the appropriate safeguards we have put in place.

These appropriate safeguards ensure that your individual rights and freedoms are protected in respect to your personal data in accordance with the UK data protection regime.

Keeping your personal information safe

We have appropriate organisational and technical security measures to protect your personal information and limit who has access. There are also appropriate safeguards in place for data transfers to protect your privacy rights.

Data transfers are subject to appropriate safeguards designed to protect your privacy rights and give you recourse in the unlikely event of misuse of your personal information.

We have procedures in place to detect and respond to suspected data security breaches. We may notify you and any relevant authority as part of our data risk management where we are legally obliged to.

Your rights

You have rights over the way we use your information:

  • You have the right to be informed about what information we collect and how it is used as outlined in this privacy promise.

  • You have the right to ask for access to the information we hold on you. We would usually provide copies free of charge.

  • You have the right to ask us to correct or update any information you think is incorrect or incomplete.

  • You have the right to object to your information being used and/or withdraw consent.

  • You have the right to ask us to stop using your information. This ‘right to be forgotten is only applied where there is no legal reason for us to continue to hold or use it.

  • You have the right to object to any automated decision making. This could affect your ability to fully access our services.

  • You have the right to ask us to stop using your information for marketing purposes by opting out at any point of the registration process or by updating your preferences once registered. The unsubscribe feature on our emails are actioned immediately but may take up to 14 days to complete.

  • You have the right to ask us to transfer certain personal information or a copy of some of your information to you or to another organisation, including service providers, in a format they can use where this is technically possible, known as the ‘right to data portability’.

  • You have the right to withdraw any permission you have previously given us to use your information.

For detailed information on each of those rights, including the circumstances in which they apply, see the Guidance from the UK Information Commissioner’s Office (ICO) on individuals’ rights under the UK General Data Protection Regulation. If you would like to exercise a right, please contact the Compliance team at  or see the ‘how to contact us’ section.

How to contact us

If you have any questions about this privacy promise, your rights or wish to contact the Data Protection Officer, get in touch by:

Other information

How to complain

If you contact us, we hope to resolve any query or concern you raise about our use of your information.

The UK GDPR also gives you right to lodge a complaint with a supervisory authority with the Information Commissioner Office (ICO) who are the supervisory body in the UK and can be contacted at or telephone: 0303 123 1113.

Changes to this privacy promise

This privacy notice  was updated in 2024.

We may change this privacy promise and update our website from time to time.

Do you need extra help?

If you would like this privacy promise in another language or format such as audio, large print or braille, please contact us at

bottom of page