Privacy Policy
Nottinghamshire Care
Effective Date: 10th December 2025
1. Introduction
Nottinghamshire Care we are committed to protecting and respecting your privacy.
This Privacy Policy explains how we collect, use, store and protect personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
This policy applies to:
-
Service users and their families
-
Employees and job applicants
-
Contractors and agency staff
-
Website visitors
-
Suppliers and professional contacts
2. Who We Are
-
Nottinghamshire Care
-
Registered Address: 1a Bonington Road, Nottingham, Notts, United Kingdom, NG3 5JR
-
Company Number: 13794618
-
Contact Email: info@nottscare.co.uk
-
Telephone: 0115 740 1143
-
If you have any questions about this policy or how we use your data, please contact us using the details above.
-
3. What Information We Collect
We may collect and process the following types of personal data:
Service Users:
-
Name, address, date of birth
-
Contact details
-
Next of kin information
-
Medical history and health records
-
Care plans and risk assessments
-
Financial and billing information
Employees / Applicants:
-
Contact details
-
Employment history and references
-
DBS information
-
Right to work documentation
-
Payroll and pension details
-
Health information (where required for employment purposes)
Website Users:
-
IP address
-
Browser type
-
Cookies and usage data
4. How We Use Personal Data
We use personal data to:
-
Deliver safe and effective care services
-
Manage care planning and safeguarding
-
Meet regulatory requirements (including compliance with the Care Quality Commission)
-
Process employment and recruitment activities
-
Manage payroll and HR processes
-
Communicate with families and professionals
-
Improve our services
-
Comply with legal obligations
5. Lawful Basis for Processing
Under UK GDPR, we rely on the following lawful bases:
-
Consent
-
Contractual necessity
-
Legal obligation
-
Vital interests
-
Legitimate interests
-
Health and social care provision
Where we process special category data (e.g., health information), we do so in accordance with Article 9 of UK GDPR.
6. Sharing of Information
We may share personal data with:
-
Local authorities
-
NHS services and healthcare professionals
-
Regulatory bodies (including the Care Quality Commission)
-
Payroll providers and HR systems
-
Legal or professional advisers
-
Law enforcement where required
We will never sell personal data to third parties.
7. Data Security
We take appropriate technical and organisational measures to protect personal data, including:
-
Secure digital systems
-
Encrypted devices
-
Password-protected files
-
Staff data protection training
-
Restricted access to sensitive information
8. Data Retention
We retain personal data only for as long as necessary to fulfil the purposes we collected it for, including legal, regulatory, tax, or reporting requirements.
Retention periods are set in line with NHS and care sector guidance.
9. Your Rights
Under UK GDPR, individuals have the right to:
-
Access their personal data
-
Request correction of inaccurate data
-
Request erasure (where applicable)
-
Restrict processing
-
Object to processing
-
Request data portability
-
Withdraw consent at any time
You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO).
10. Contacting the ICO
If you are unhappy with how we handle your data, you can contact:
Information Commissioner’s Office
Website: https://ico.org.uk
Telephone: 0303 123 1113
11. Updates to This Policy
We may update this Privacy Policy from time to time. The latest version will always be available on our website.
If you’d like, I can now:
-
Make a shorter website-friendly version
-
Draft a GDPR staff privacy notice specifically for employees
-
Tailor it for a non-regulated care provider
-
Or brand it with your company name and details ready to use**
Just tell me which direction you want to take.