PRIVACY NOTICE  (reviewed 29 April 2019)

What is a privacy notice?

A Privacy Notice is a statement by the Company to service users, visitors, carers, the public and staff that describes how we collect, use, retain and disclose the personal information which we hold. It is sometimes also referred to as a Privacy Statement, Fair Processing Statement or Privacy Policy. This privacy notice is part of our commitment to ensure that we process personal information/data fairly and lawfully. It is also one of the ways in which we can demonstrate our commitment to our values of Continuous Improvement, Ethical Practice, Reliability and Effectiveness, Responsibility, Expertise and Excellence.

Why we collect information

We recognise the importance of protecting personal and confidential information in all that we do and take care to meet our legal and regulatory duties.

We may ask, for or, hold personal confidential information to be able to comply with regulations and best practice for employment, or to be able to provide safe and appropriate care to those who reside in our care homes. We need information to be able to correctly identify and distinguish one person from another.

Who are the individuals for whom we collect and use confidential information?

There are two main groups of individuals for whom we collect and manage confidential information:

  • Our employees, and
  • Those for whom we are providing care and treatment in our homes.

There may also be times when we are asked to share basic information about employees or those receiving care such as their name and parts of their address, which does not include sensitive information; this may be at times such as during the national census or data collection for the Office of National Statistics.

What information do we use for those who are receiving care?

We may ask for, or hold, personal confidential information which will be used to support delivery of safe and effective care and treatment.

The records we hold may include:

  • Basic details, such as name, address, date of birth, next of kin.
  • Contact we have had, such as referrals and enquiries.
  • Details and records of treatment and care, including notes and reports about care, treatment, accidents and general health.
  • Results of assessments and investigations.
  • Information from people who either provide or support the package of care through their personal bonds, knowledge or expertise such as health professionals, social workers, relatives and significant others.

The care records may also include personally sensitive information such as sexuality, race, religion or beliefs, disabilities, allergies or other health conditions. It is important for us to have a complete picture, as this information assists staff to develop care plans that keep people safe and well, and administer treatments when needed.

Where possible information is collected from the person who has been referred for care or who is receiving care. Additional information will be provided from sources such as relatives or friends, as well as health and social care professionals such as Social Workers, GPs, District Nurses, or Consultants. It is expected health and social care professionals will have checked to make sure they have permission, or there is a legal basis to share personal information before they provide personal and confidential details.

What information do we use for those who are employees?

We may ask for or hold personal and confidential information to be able to evidence compliance with regulations and best practice for employment.  This is to ensure we can correctly identify each employee. We also need to keep proper records of each employee’s performance during their period of employment.

The records we hold may include:

  • Name, date of birth and contact details.
  • Photographic proof of identity – e.g passport, identity card or driving license.
  • Proof of eligibility to work in the UK.
  • National Insurance number.
  • Bank details.
  • Any criminal record or additions to the barred list for working with vulnerable adults/children.
  • Employment history and reasons for leaving.
  • Qualifications and training relevant to the post being applied for.
  • Medical conditions or disabilities that may affect a person’s ability to work.
  • Records of performance management and any sickness or disciplinary matters.
  • Information from organisations associated with paying wages, pensions or company benefits.

Information we hold may also include personal sensitive information such as sexuality, race, your religion or beliefs, and whether the employee has a disability, allergies or health conditions.

How we use information about those for whom we provide care and who it will be shared with?

We use information about those who reside in our care services to:

  • Help inform decisions we make about their care.
  • Ensure their treatment is safe and effective.
  • Work effectively with other organisations who may be involved in their care, such as social workers, GPs, district nurses or healthcare professionals based in hospital services.
  • Ensure services can meet future needs.
  • Review care provided to ensure it is of the highest standard possible.
  • Train our care teams.
  • For research and audit.
  • Prepare statistics on our performance for commissioners and inspectors.
  • Arrange the collection of payments for care provided.

To provide the best possible care and welfare, we will sometimes need to share information about those receiving care with other organisations such as:

  • Other health and social care professionals involved in the delivery of care.
  • Funders of care packages – local commissioning teams.
  • The local authority safeguarding team.
  • Regulators – this will normally be anonymised.

How we use information about employees and who will it be shared with?

We use information about employees to:

  • Evidence that correct checks have been undertaken during recruitment, and that staff are supported and trained.
  • Ensure staff are paid.
  • Ensure contributions and information to government and company benefits or schemes are made.
  • Help inform decisions about effective management of the staff team.
  • Participate in research and audit.
  • Prepare statistics on our performance for commissioners and inspectors.

We will sometimes need to share information about employees with other organisations. We may share information with a range of government or company agencies such as:

  • HMRC
  • Pension provider
  • Payroll provider
  • Company health benefit provider
  • Government agencies or regulators where there are concerns about the safety of vulnerable adults.

How information is retained and kept safe?

Information is retained in secure electronic and paper records, and access is restricted to only those who need to know.

It is important that information is kept safe and secure, to protect confidentiality. There are a number of ways in which privacy is shielded; by removing identifying information, using an independent review process, adhering to strict contractual conditions and ensuring strict sharing or processing agreements are in place.

The Data Protection Act 2018 and General Data Protection Regulations 2018 regulate the processing of personal information. Strict principles govern our use of information and our duty to ensure it is kept safe and secure.

We are registered with the Information Commissioners Office (ICO), as an organisation that holds and processes information which is sensitive and personal.

The registration number can be found on the ‘Search the Register’ part of the ICO webpage

How do we keep information confidential?

Technology allows us to protect information in a number of ways, in the main by restricting access. Our guiding principle is that we hold information in strict confidence.

Everyone working for us is subject to the Common Law Duty of Confidentiality and the Data Protection Act 2018. Information provided in confidence will only be used for the purposes for which consent has been sought, unless there are other circumstances covered by the law.

As part of their terms of employment, all staff are required to protect information, tell people how their information will be used and allow them to decide if and how their information can be shared, except where there is a legal obligation to share information. In these circumstances this will be noted in the records for the person concerned.

All of our staff are required to undertake regular training in data protection, confidentiality, IT/cyber security, with additional training for specialist staff, such as records, data protection officers and IT staff.

Your right to withdraw consent for us to share your personal information

Individuals have the right to refuse/withdraw consent to information sharing at any time. We will fully explain the possible consequences, and any legal obligations we have to share information where we cannot comply with a request to not share information.

Contacting us about your information

We have a senior person responsible for protecting the confidentiality of information and enabling appropriate sharing. The Data Protection Lead has responsibility for advising the Company about the protection of general personally identifiable information. There is also a Caldicott Guardian who is a senior person with responsibility for protecting the confidentiality of information for those who are in receipt of care and treatment. The contact details can be found in the Contact Us details below.

Contact Us

If you have any questions or concerns regarding the information we hold, the use of personal and confidential information, or would like to discuss further, please contact the Information Governance Team.

Information Governance Team

Drakes Court

302 Alcester Road



B47 6JR


Phone: 01564 820140

Can I access my information?

Under the Data Protection Act 2018 a person may request access to information (with some exemptions) that is held about them by an organisation. For more information on how to access the information we hold about you please speak to your line manager or a member of the Information Governance Team at Head Office.

Contacting us if you have a complaint or concern about the way in which we manage your information.

We try to meet the highest standards when collecting and using personal information. We

encourage people to bring concerns to our attention and we take any complaints we receive

very seriously. You can submit a complaint through the Company’s Complaints Procedure, details of which are on display in the home or you can write to:

The Complaints Department

Information Governance Department

Drakes Court

302 Alcester Road



B47 6JR

If you remain dissatisfied with the Company’s decision regarding your complaint, you may wish to contact:

Information Commissioner’s Office

Wycliffe House

Water Lane




0303 123 1113