Contact us
menu

exploreCumbria

exploreCheshire

exploreMerseyside

exploreGreater Manchester

exploreWest Yorkshire

exploreSouth Yorkshire

exploreStaffordshire

exploreSouth Wales

exploreAvon

exploreSomerset

exploreDevon

exploreTyne & Wear

exploreCounty Durham

exploreCleveland

exploreNorth Yorkshire

Residents Privacy Policy

Protecting Privacy, Supporting Simply Good Care

At Harbour Healthcare, protecting your privacy is at the heart of everything we do. We operate homes across England and Wales and handle your personal information in line with UK GDPR and the Data Protection Act 2018.

We collect and use your information for clear, lawful purposes and take all measures to keep it secure. Transparency and accountability are central to our approach.

Data Controller

Harbour Healthcare Ltd is the data controller responsible for your personal information. Each home may hold individual registrations with the Information Commissioner’s Office (ICO).

Data Protection Officer (DPO):

Sarah Campbell – DPO
The Lodge House, Dodge Hill, Heaton Norris, Stockport, Cheshire SK4 1RD
Email: DPO-GDPR@harbourhealthcare.co.uk

Regulation and Compliance

Our services are regulated by the Care Quality Commission (CQC) in England and the Care Inspectorate Wales (CIW). We adhere to strict data protection standards to ensure your information is secure and your rights are respected.

1. What is Personal Data?

Personal data is any information that can identify you. This includes basic details (name, address, contact) and more sensitive information (health records, care history, photographs, family details).

2. What Information Do We Collect?

We collect information directly from you, your relatives, GPs, healthcare professionals, local authorities, emergency services, and where necessary, other third parties. This includes:

  • Personal identifiers: name, date of birth, address, telephone, email
  • Care history, treatments, preferences, and routines
  • Family and next-of-kin details
  • Photographs and identification documents
  • Financial information relevant to care funding
  • Correspondence (letters, emails, calls)

Special Category / Sensitive Data:

  • Health and medical information
  • Cultural, religious, or spiritual beliefs
  • Sexual orientation and gender identity, where relevant to care, safeguarding, or equality monitoring
  • Criminal convictions and offences, where required for safeguarding or legal compliance
  • Safeguarding concerns, accident or incident reports

Data from other sources:

NHS systems (including Connect GP (PCS)), DCCR, local authorities, emergency services.

3. How We Use Your Information

We may use your information to:

  • Deliver and manage your care plan
  • Communicate with you and your relatives
  • Maintain financial and administrative records
  • Comply with legal obligations (regulators, safeguarding, coroners)
  • Protect life and safety in emergencies
  • Share information with healthcare professionals, legal representatives, or safeguarding authorities

Lawful basis for processing:

  • Contractual obligations (residential care)
  • Legal compliance (e.g., regulatory, safeguarding, coroners)
  • Protecting life or health
  • Public interest (safeguarding, care standards)
  • Legitimate interests (safe, well-run services)
  • Consent (optional activities like photography or marketing)

4. Sharing Your Personal Information

We may share your information with:

  • NHS organisations, including Connect GP (PCS)
  • Devon and Cornwall Care Record (DCCR)
  • Local authorities and safeguarding teams
  • Coroners, police, and legal representatives where necessary
  • Care Quality Commission (CQC), Care Inspectorate Wales (CIW), Social Care Wales, ICO, HSE
  • Approved suppliers and contractors under strict data protection agreements

We never sell your data or share it for marketing without explicit consent.

Please note that the organisations listed are examples and this list is not exhaustive. Resident information may also be shared with other appropriate parties, such as regulators, safeguarding teams, law enforcement, or legal representatives, where required by law, contractual obligations, or in the public interest

5. CCTV

Some homes operate CCTV in communal and external areas (entrances, corridors, lounges, dining areas, gardens, car parks). CCTV is never used in private areas

such as bedrooms, bathrooms, or toilets.

  • CCTV is used to maintain safety, support investigations, and safeguard residents, visitors, and staff
  • Footage is only accessed by authorised personnel and may be shared with Police, local authorities, or legal representatives where lawful
  • Clear signage is displayed
  • CCTV is not in all homes

6. Consent

Consent is sought only when you have a genuine choice (photographs, optional marketing, surveys). Refusal does not affect core care.

Where consent is not required, processing relies on

lawful basis

(legal obligation, safeguarding, legitimate interest).

7. Your Rights

Under UK GDPR, you can:

  • Know how your data is used
  • Access your personal data
  • Correct inaccuracies
  • Request deletion where lawful
  • Restrict or object to processing
  • Request data portability (where applicable)

Requests are handled by the DPO in line with legal timeframes.

8. Accessing Your Care Records

Care records may include staff names and roles involved in your care. Staff information unrelated to your care is not shared.

Records can be requested in paper or electronic form. Proof of identity may be required.

9. Data Retention

Information is retained only as long as necessary for legal or care purposes.

Full details are available in our Records Retention and Destruction Policy on our website alongside the privacy policies.

10. Data Breaches

If a breach occurs, it will be managed according to GDPR and Data Protection Act 2018. Affected individuals and the ICO will be notified if required. Contact the DPO for any concerns.

11. Social Media & Marketing

  • We may share updates about life in our homes, but never publish resident, visitor, or staff photos without consent.
  • Optional marketing communications require explicit opt-in.

12. Safeguarding & Legal Access

Information may be shared with:

  • Safeguarding teams, MASH, and local authorities
  • Coroners or legal representatives
  • Police or emergency services for safeguarding, investigations, or legal compliance

13. Will We Send Information Outside the UK?

Data is generally stored in the UK. Transfers outside the UK (e.g., cloud services) use appropriate safeguards such as standard contractual clauses.

14. Complaints

If you are unhappy with how we use your information, contact our

DPO

first. You also have the right to complain to the ICO: ICO Complaints

Harbour Healthcare | Version 1.0 | January 2026 – January 2027