Adriel Care Ltd: Fair Processing Notice (Privacy Notice)

  1. Introduction
    At Adriel Care Ltd, we are fully committed to respecting your privacy and safeguarding your personal data. This Fair Processing Notice explains how we collect, use, share, and protect personal information about the people we support (children, young people, and adults), their families and carers, as well as our employees, volunteers, and other stakeholders. This document is issued in line with our responsibilities under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
  2. Who We Are
    Adriel Care Ltd is a registered provider of regulated domiciliary care, complex care, and health and support services. We support children, young people, and adults with diverse needs in their homes and communities. Our registered office is located at 14-16 Green Road, Bournemouth, Dorset, BH9 1DX. For data protection purposes, we act as the ‘Data Controller’, which means we are responsible for deciding how personal data is collected, stored, and used.
  3. What Personal Data We Collect
    Depending on the relationship you have with us, we may collect the following types of personal information:
  • Your name, address, contact number, and email address
  • Date of birth and gender
  • NHS number, GP and healthcare contact details
  • Next of kin, family or carer details
  • Information about your physical and mental health
  • Social care history, care plans, clinical notes, and support needs
  • Incident records, safeguarding reports, and complaints
  • Financial information for invoicing, funding, or payroll
  • Employment details including training, qualifications, DBS status, and professional registration

We always aim to collect the minimum data required to provide effective care and meet our legal obligations.

  1. How We Collect Information
    We collect personal data in several ways:
  • Directly from you or your representative, via forms, assessments, meetings, or during care provision
  • From other professionals involved in your care (GPs, nurses, social workers)
  • From local authorities, NHS trusts, education providers, or commissioned services
  • Via secure digital platforms such as PASS (care records), BrightHR (HR system), BrightSafe (health & safety), and Croner-i (legal compliance)
  1. Why We Collect and Use Your Information
    We process your personal data to:
  • Deliver high-quality, person-centred care and support services
  • Comply with our contractual and regulatory duties (e.g. with the CQC, NHS, and local authorities)
  • Monitor, review, and improve your care and safety
  • Respond to incidents, safeguarding concerns, or complaints
  • Maintain staff records and manage HR functions including training, supervision, and compliance
  • Communicate effectively with you, your family, and relevant professionals

We will not use your information for marketing or unrelated purposes.

  1. Lawful Basis for Processing
    We process personal data lawfully under the following legal bases:
  • Article 6(1)(b): Where processing is necessary for the performance of a contract
  • Article 6(1)(c): Where processing is necessary to comply with a legal obligation
  • Article 6(1)(d): To protect vital interests (e.g. emergency medical care)
  • Article 6(1)(e): Where we perform a task carried out in the public interest
  • Article 9(2)(h): For the provision of health and social care services
  1. Sharing Your Information
    We may share your data when it is necessary to provide your care or comply with the law. This may include sharing with:
  • NHS and healthcare professionals (GPs, hospitals, CCGs)
  • Local authorities and social care teams
  • Safeguarding teams, police, and emergency services
  • Regulatory bodies (CQC, Ofsted)
  • Our third-party contractors (such as payroll providers or IT system vendors), under strict data sharing agreements

We will never sell your personal data or share it for commercial gain.

  1. How Long We Keep Your Data
    We only keep personal data for as long as necessary. Retention periods are based on best practice guidance, such as from the NHS and the Records Management Code of Practice:
  • Children’s care records: 8 years after care ends
  • Adult care records: 6 years after care ends
  • HR and payroll records: 7 years after employment ends

All personal data is securely destroyed when no longer required.

  1. How We Protect Your Data
    We take your data security seriously and implement a range of technical and organisational measures:
  • All digital records are encrypted and securely stored
  • Access to data is restricted to authorised staff only
  • All staff undergo GDPR and confidentiality training annually
  • Devices are password-protected and supported by antivirus and firewall software
  • Physical files (if used) are stored in locked cabinets in secure premises
  1. Your Rights Under Data Protection Law
    You have rights under UK GDPR, which include:
  • Right of Access: To see copies of the personal data we hold about you
  • Right to Rectification: To request correction of inaccurate or incomplete information
  • Right to Erasure: In some cases, you can ask us to delete your data
  • Right to Restrict Processing: To limit how we use your data in specific circumstances
  • Right to Object: To certain uses of your data
  • Right to Data Portability: To receive your data in a structured, commonly used format
  • Right to Lodge a Complaint: With the Information Commissioner’s Office (ICO) if you are unhappy with how we use your data
  1. Contacting Us
    If you have any questions about this notice or wish to exercise any of your rights, please contact our:
    Data Protection Officer (DPO)
    Adriel Care Ltd
    431 Ashley Road, Poole, Dorset, BH14 0AX
    📧 manager@adrielcare.co.uk
    📞 01202 743568

You can also contact the Information Commissioner’s Office at: www.ico.org.uk

This Fair Processing Notice will be reviewed annually and was last updated in May 2025.