Privacy Notice

At Purple DPSS, we respect all personal data. Therefore, the provisions, measures and rights contained within this privacy notice are applied to all forms of data collected on our site and through our company, Purple Zest.

Who We Are

Purple Zest Limited ('we' or 'us' or 'our'), trading as Purple DPSS from BIC109, Arise Innovation Hub, Alan Cherry Drive, Chelmsford, Essex, CM1 1QT is a company registered in England under company no: 11421082 with our registered office at: 5th Floor, Metropolitan House, 3 Darkes Lane, Potters Bar, Hertfordshire, EN6 1AG.

Information That We Collect

Purple Zest Limited processes your personal information to meet our legal, statutory and contractual obligations and to provide you with our services. We will never collect any unnecessary personal data from you and do not process your information in any other way than already specified in this notice.

The personal data that we collect from and process you is as follows:

Direct Payment Holders:

  • Name
  • Date of Birth
  • Gender
  • Ethnicity
  • Home address
  • Email address
  • Telephone and/or Mobile Number
  • Referral information
  • Disability information
  • Call recording (to help improve efficiency and effectiveness of our services provided to you by phone we may keep a record of the call).

Appointed Representative/Nominated Person

  • Name
  • Relationship to DP Holder
  • Home address
  • Telephone and/or Mobile Number
  • Email address

Social Workers:

  • Name
  • Email Address
  • Telephone and/or Mobile Number
  • Connected Funding Authority

Personal Assistants:

  • Name
  • Address
  • Email Address
  • Telephone and/or Mobile Number
  • Date of Birth
  • Gender
  • Ethnicity
  • National Insurance Number
  • Driving Status
  • COVID Vaccination Status
  • Employment Status
  • Languages Spoken
  • Smoker Status
  • Work History
  • Relevant Training
  • Qualifications
  • References
  • DBS Status

We will collect information from you if you:

  • Contact us via post, email, telephone or fax and provide any personal data
  • Complete online registration form
  • Visit or browse our website in accordance with our cookie policy at the end of this notice

How We Use Your Personal Data (Legal Basis for Processing)

Purple Zest Limited takes your privacy very seriously and will never disclose or share your data without your consent, unless required to do so by law or as part of a data sharing agreement with the relevant funding authority. We only retain your data for as long as necessary or for a minimum of 7 years - whichever is longer.

We do not ask you to sign up to any marketing or mailing lists and will only contact you at or after the point of referral. Processing for any purpose other than those specified in this policy are only done with your consent, which you are free to withdraw at any time.

The purposes and reasons for processing your personal data are detailed below:

  1. We collect personal data in the performance of a Direct Payment referral and to provide the subsequent related support.
  2. We use personal information to answer queries and provide specific advice/guidance
  3. We collect and store personal data as part of our legal obligation for business accounting and tax purposes

We may also contact you for feedback on your use of our services or our website and may need to use your information to send important notices, such as updated document content where there have been regulation/law revisions or changes to our terms, conditions and policies.

Your Rights

You have the right to access personal information that Purple Zest Limited hold or process about you and to request information about:

  1. What personal data we hold
  2. The purposes of the processing
  3. The categories of personal data concerned
  4. The recipients to whom the personal data has/will be disclosed
  5. How long we intend to store your personal data for
  6. If we did not collect the data directly from you, information about the source (such as a funding authority, or social worker). In such instances and where no legal basis or data sharing agreement exists, prior consent from you would always be obtained.

If you believe that we hold any incomplete or inaccurate data about you, you have the right to ask us to correct and/or complete the information and we will strive to update/correct it as quickly as possible, unless there is a valid reason for not doing so, at which point you will be notified.

You also have the right to request erasure of your personal data or to restrict processing in accordance with the data protection law, and to be informed about any automated decision-making that we use.

If we receive a request for any of the above rights, we may ask you to verify your identity before acting on the relevant request; this is to ensure that your data is protected and kept secure. If you create an online account with us, you are able to modify and update your own personal information by logging into your account.

Sharing and Disclosing Your Personal Information

We do not share or disclosure any of your personal information without your consent, other than for the purposes specified in this notice, where there is a legal requirement or as part of a data sharing agreement. Purple Zest Limited do not transfer your data outside of the EEA and will always ask for consent if this becomes a requirement.

We utilise the below processors/controllers who act on our behalf to provide the below business functions and services. They act in accordance with instructions from us and comply fully with this and their own privacy notice, the data protection laws and any other appropriate confidentiality and security measures.

The third-party processors/controllers that we work with are:

  1. Code Poets Limited (6334365) act as a processor for us, manage our hosting, website security, and backups. Ensuring our server and your personal information is secure, protected and monitored. The information that you provide to us is stored on our server, which is accessible to Code Poets, where they do not process your information for any other purpose, and will never share or disclose your data.
  2. Thesaurus Software Ltd, trading as Bright Software Group, is our provider of BrightPay, the platform we use to process Personal Assistant payroll. They do not process DP Holder or PA information for any other purpose, and will never share or disclose this data. Their Privacy Notice can be viewed on the Bright Software Group website.
  3. Intelliprint, part of RNB Print & Mail Limited (11404792), provide hybrid mail services for us. All external post is processed through Intelliprint, who print, pack and post any documentation being sent through the mail service. They do not process your information for any other purpose, and will never share or disclose your data. They hold ISO accreditation 9001, are fully GDPR compliant with an in house data protection officer.
  4. SMS Broadcast UK provides the platform we use to send and receive SMS messages. They do not process DP Holder or PA information for any other purpose, and will never share or disclose this data. Their Privacy Notice can be viewed on the SMS Broadcast website.
  5. MailerLite, is the platform we use to to send out newsletters and other large audience communications by email. Only Direct Payment Holder and/or Personal Assistant names and email addresses will be shared with MailerLite and they do not process this information for any other purpose, and will never share or disclose this data. Their Privacy Policy can be viewed on the MailerLite website.

Security

Purple Zest Limited takes your privacy seriously and take every reasonable measure and precaution to protect and secure your personal data.

We work hard to protect you and your information from unauthorised access, alteration, disclosure or destruction and have several layers of security measures in place, including secure hosting of our website, anti-virus, firewall and malware protections on all device and networks, use of HTTPS, and strong passwords for members of staff.

See more details about our security setup.

Consequences of Not Providing Your Data

You are not obligated to provide your personal information to Purple Zest Limited, however, as it is required so that we can undertake and process the matters concerning individual direct payments (and related support) and meet our business obligations, we will be unable to provide you with our services without it.

How Long We Keep Your Data

Purple Zest Limited only ever retains personal information for as long as is necessary and we have strict review and retention policies in place to meet these obligations. We only retain your data for as long as necessary or for a minimum of 7 years - whichever is longer.

Cookie Policy

We only use cookies for the functioning of this website, we do not use them for tracking purposes.

The full list of cookies we use include:

Website cookies
Type Name Description
Necessary s The session cookie; used when you login, to remember who you are.
Necessary sf For the self-referral process (for a longer life session).
Necessary sb For the support-brokerage process (for a longer life session).
Necessary f A random value used to protect against CSRF attacks.
Necessary b A random value for your browser, used when registering or resetting your password.
Necessary c Always set to the value '1', to check if the browser accepts cookies.
Preference js If set to 'false', the page will disable JavaScript.

Your IP Address

Like most websites, we store your IP address in our servers logs; where we only use this information to block attackers from making multiple password guessing attempts, and to identify which resources have been accessed (e.g. in the event of a system error).