Date Implemented:

1ST May 2018

Date of review:

31st March 2019

Data Protection- Customer Privacy Notice

Why should you read this document?

During the course of dealing with us, we will ask you to provide us with detailed personal information relating to your existing circumstances, your health and information about other services who support you. (Your personal data). This document is important as it allows us to explain to you what we need to do with your personal data, and the various rights you have to your personal data.

What do we mean by your personal data?

Your personal data means any information that describes or relates to your personal circumstances. Your personal data may identify you directly, for example your name, address, date of birth, National Insurance number. Your personal data may also identify you indirectly, for example your employment situation, your physical and mental health history, or any other information that could be associated with your cultural or social identity.

In the context of providing you with care and support in one of our care homes, day care or hydrotherapy services, your personal data may include:

  • Title, names, date of birth, gender, nationality, contact details of relatives.
  • Health status and history, details of treatment and prognosis, medical reports, assessments from healthcare professionals. (Further details are provided below specifically with regard to the processing we may undertake in relation to this type of information.



The basis upon which Vestacare will deal with your personal data

When we speak with you about your care and support needs, we do so on the basis that we are entering into an agreement for the provision of our services.

In order to deliver services to you in a safe way, we have the right to use your personal data for the purposes detailed below.

The basis upon which we will process certain parts of your personal data

Where you ask us to provide us the support and assistance in one of our residential, day care or hydrotherapy services, we will ask you for information about your ethnic origin, your health and medical history (Your Special Data) We will record and use your special data in order to assess your needs. The information we collect from you will be used to generate a comprehensive care and support plan. This will ensure your care and support needs are met in a safe way.

How do we collect your data?

We will collect and record your personal data from a variety of sources, but mainly directly from you. You will usually provide information during the course of our initial meetings or conversations with you to establish your circumstances and needs and preferences in regard to your care and support arrangements. You can provide information to us verbally and in writing, including email.

We may also obtain some information from third parties, for example, healthcare professionals and social services.




What happens to Your Personal Data when it is disclosed to us?

  • Record and store your personal data in our paper files, mobile care planning devices and on our computer systems, email and our cloud facilities. This information can only be accessed by employees and managers within Vestacare and only when it is necessary to provide our service to you and to perform any administrative tasks associated with your care and support and the services we provide to you.

Sharing your personal data

From time to time your personal data will be shared with:

  • Third parties, who we believe will be able to assist you with your care planning support, for example, healthcare professionals, social workers and General Practitioners. (In each case, we will ensure that sharing will be done on a need to know basis).
  • In each case, your personal data will only be shared for the purposes set out in this privacy notice, i.e. to progress your care and support plan and to ensure the support you receive is safe. The information is only shared to ensure we can adequately fulfil our responsibilities to you.
  • We do not envisage that by using our services will involve your personal data being transferred outside the European Economic Area.

Security and retention of your personal data

Your privacy is important to us and we will keep your personal data secure in accordance with our legal responsibilities. We will take reasonable steps to safeguard your personal data against it being accessed unlawfully or maliciously by a third party.

We also expect you to take reasonable steps to safeguard your own privacy when transferring information to us, such as not sending confidential information over unprotected email, ensuring that all email attachments are password protected or encrypted and only using secure methods of postage when original documentation is being sent to us.

Your personal data will be retained by us either electronically or in paper format for a minimum of six years after ceasing to use our services, or in instances whereby we have legal right to such information we will retain records indefinitely.

Your rights in relation to your personal data

You can:

  • Request copies of your personal data that is under our control
  • Ask us to further explain how we use your personal data
  • Ask us to correct, delete or require us to restrict or stop using your personal data (details as to the extent to which we can do this will be provided at the time of any such request)
  • Ask us to send an electronic copy of your personal data to another organisation should you wish

How to make contact with Vestacare in relation to the use of your personal data

If you have any questions or comments about this document, or wish to make contact in order to exercise any of your rights set out within it please contact Head of Operations Ann Connolly or Head of Business Development Neela Mody.

If we feel we have a legal right not to deal with your request, or to action it in a different way to have you have requested, we will inform you of this at the time.

You should also make contact with us as soon as possible on you becoming aware of any unauthorised disclosure of your personal data, so that we may investigate and fulfil our own regulatory obligations.



If you have any concerns or complaints as to how we have handled your personal data you may lodge a complaint with the UK’s data protection regulator, the ICO, who can be contacted through their website at or by writing to Information Commissioner’s office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF


















Data Subject Consent Form

I hereby grant Vestacare UK Limited to process my data for the purposes in the Privacy statement above.



Print Name:



Request actioned:

Individual Responsible:



Marketing consent

I hereby grant Vestacare UK Limited to process my data for the purpose of sending you information about our services. By providing your consent you have given us your express permission for us to contact you regarding our services that may be of interest to you, and by any means of communication that is suitable at the time.