Contact us
menu

exploreCumbria

exploreCheshire

exploreMerseyside

exploreGreater Manchester

exploreWest Yorkshire

exploreSouth Yorkshire

exploreStaffordshire

exploreSouth Wales

exploreAvon

exploreSomerset

exploreDevon

exploreTyne & Wear

exploreCounty Durham

exploreCleveland

exploreNorth Yorkshire

Organisations We Work With Privacy Statement

Protecting Privacy, Supporting Simply Good Care

At Harbour Healthcare, we cannot deliver high-quality, person-centred care on our own. We work closely with a wide range of organisations to ensure our residents, staff, and visitors are always safe and well supported.

This Privacy Statement explains how personal data may be shared with partner organisations, why it is shared, and how it is protected.

Data Controller

Harbour Healthcare Ltd is the data controller responsible for any personal information we share.

Data Protection Officer (DPO):
Sarah Campbell – DPO
The Lodge House, Dodge Hill, Heaton Norris, Stockport, Cheshire SK4 1RD
Email: DPO-GDPR@harbourhealthcare.co.uk

Regulation and Compliance

We comply with UK GDPR and the Data Protection Act 2018. We follow strict standards to ensure any personal information shared with partner organisations is protected.

1. Why We Share Information with Organisations

We share personal data with partner organisations to:

  • Deliver safe, high-quality care
  • Meet regulatory and legal obligations
  • Support safeguarding and investigations
  • Comply with coroners or other legal processes
  • Protect the safety and wellbeing of residents, visitors, and staff

2. Types of Data Shared

Depending on the purpose, we may share:

  • Resident care information (including health, special category/sensitive data such as sexual orientation, gender identity, or criminal offences where relevant)
  • Staff names and roles when involved in care or legal investigations
  • Visitor data when required for safeguarding, safety, or legal reasons
  • CCTV footage from communal areas for safety or investigation purposes

3. Organisations We Work With

Please note that the organisations listed are examples and this list is not exhaustive. Personal information may also be shared with other appropriate parties, such as regulators, safeguarding teams, law enforcement, or legal representatives, where required by law, contractual obligations, or in the public interest

Local Government & Safeguarding:

  • Local authorities (adult social care teams, safeguarding teams)
  • Multi-Agency Safeguarding Hubs (MASH)
  • Local Government & Social Care Ombudsman

Law Enforcement & Legal Authorities:

  • Police services across England and Wales
  • Coroners and legal representatives
  • Solicitors, where required for investigations or legal compliance

Regulators:

  • Care Quality Commission (CQC) – England
  • Care Inspectorate Wales (CIW)
  • Disclosure & Barring Service (DBS)
  • Social Care Wales
  • Health & Safety Executive (HSE)
  • Information Commissioner’s Office (ICO)
  • Nursing and Midwifery Council (NMC)

NHS Organisations:

  • NHS England
  • Integrated Care Boards (ICBs)
  • NHS Wales / Local Health Boards
  • NHS Digital
  • GP surgeries (including Connect GP / PCS)

Other Third-Party Suppliers:

  • Approved contractors who process or store personal data under strict data protection agreements

Care Record Sharing Platforms:

  • Devon and Cornwall Care Record (DCCR) – see DCCR public website for more details

4. Legal Basis for Sharing Data

We share information with organisations under the following lawful bases:

  • Legal obligation – complying with regulators, coroners, safeguarding authorities, or law enforcement
  • Contractual necessity – sharing data with NHS partners, ICBs, or approved suppliers
  • Public interest – safeguarding, safety, or protection of residents, staff, and visitors
  • Consent – only where a genuine choice is provided (optional surveys, marketing, research)

5. Safeguarding, Coroners, and Legal Access

Information may be shared with partner organisations to:

  • Support safeguarding investigations
  • Assist police, coroners, or other legal authorities
  • Protect life, health, or public safety
  • Comply with legal or regulatory requirements

6. Special Category / Sensitive Data

Where necessary, sensitive information may be shared, including:

  • Health data and medical records
  • Gender identity or sexual orientation (relevant for care or safeguarding)
  • Criminal convictions and offences (where legally required)
  • Safeguarding, accident, or incident reports

7. Data Retention & Security

  • Personal data is retained only as long as necessary for care, safeguarding, or legal obligations
  • Full details are available in our Records Retention and Destruction Policy on our website alongside the privacy policies
  • Data is stored securely, and access is restricted to authorised personnel
  • Transfers outside the UK are protected via standard contractual clauses or equivalent safeguards

8. CCTV

Where relevant, shared information may include CCTV footage from communal areas. CCTV is never used in private areas and is only accessed by authorised staff or partner organisations for lawful reasons.

9. Data Breach Procedure

Any breaches will be managed in line with GDPR and Data Protection Act 2018. Affected individuals and the ICO will be notified if required.

10. Complaints

If you are unhappy with how we share information with organisations, contact our DPO first. You also have the right to complain to the ICO: ICO Complaints

Harbour Healthcare | Version 1.0 | January 2026 – January 2027