Contact us
menu

exploreCumbria

exploreCheshire

exploreMerseyside

exploreGreater Manchester

exploreWest Yorkshire

exploreSouth Yorkshire

exploreStaffordshire

exploreSouth Wales

exploreAvon

exploreSomerset

exploreDevon

exploreTyne & Wear

exploreCounty Durham

exploreCleveland

exploreNorth Yorkshire

Privacy Statement for Visitors

Protecting Privacy, Supporting Simply Good Care

At Harbour Healthcare, we are proud to care not only for our residents and colleagues but also for everyone who visits our homes. This Privacy Statement explains how we collect, use, share, and protect personal information about visitors.

Data Controller

Harbour Healthcare Ltd is the data controller responsible for your personal information.

Data Protection Officer (DPO):
Sarah Campbell – DPO
The Lodge House, Dodge Hill, Heaton Norris, Stockport, Cheshire SK4 1RD
Email: DPO-GDPR@harbourhealthcare.co.uk

Regulation and Compliance

Our homes are regulated by the Care Quality Commission (CQC) in England and the Care Inspectorate Wales (CIW). We follow strict data protection standards to ensure your information is secure, and your rights are respected.

1. What is Personal Data?

Personal data is any information that can identify you. This includes:

  • Name, contact details (address, phone, email)
  • Employer or professional affiliation (if visiting in a professional capacity)
  • Dates, times, and purpose of visits
  • Visual images (CCTV, identification documents)
  • Correspondence (emails, letters, calls)

Special Category / Sensitive Data:

  • Health information relevant to your visit
  • Accident or incident reports
  • Sexual orientation or gender identity, where relevant for safeguarding or safety
  • Criminal convictions or offences, where required for legal or safeguarding purposes

We only collect sensitive information where necessary and in line with the law.

2. How Do We Use Your Information?

We may use visitor information to:

  • Record visits for safety and security
  • Communicate regarding your visit, including follow-up if necessary
  • Meet legal obligations (health & safety, safeguarding, accident reporting)
  • Cooperate with police, coroners, or safeguarding teams for investigations
  • Disclose information to your employer if professional standards are not met

Lawful Basis:

  • Legal obligation (health, safety, safeguarding, coroners)
  • Protecting life or health
  • Public interest (safeguarding)
  • Legitimate interests (safe, well-managed homes)
  • Consent (optional marketing, surveys, photography)

3. Sharing Your Personal Information

We may share your information with:

  • Local authorities and safeguarding teams
  • NHS organisations, including Connect GP (PCS), where relevant
  • Devon and Cornwall Care Record (DCCR) where relevant for care or safeguarding
  • Police or emergency services
  • Coroners or their officers
  • Legal representatives or solicitors, if required
  • Regulators: CQC, CIW, Social Care Wales, ICO, DBS, HSE, NMC
  • Approved suppliers and contractors under strict data protection agreements

We never sell your personal data or use it for marketing without consent.

Please note that the organisations listed are examples and this list is not exhaustive. Visitor information may also be shared with other appropriate parties, such as regulators, safeguarding teams, law enforcement, or legal representatives, where required by law, contractual obligations, or in the public interest.

4. CCTV

Some homes use CCTV in communal and external areas (entrances, corridors, lounges, dining areas, gardens, car parks).

  • CCTV is never used in private areas such as bedrooms, bathrooms, or toilets
  • Footage is used for safety, security, safeguarding, and incident investigations
  • Access is restricted to authorised personnel and may be shared with Police, local authorities, regulators, or legal representatives where lawful
  • CCTV is not in all homes
  • Clear signage is displayed in all homes with CCTV

5. Consent

We only seek consent when there is a genuine choice, such as for:

  • Optional marketing or surveys
  • Photographs or social media posts

Refusal does not affect your right to visit.

6. Your Information Rights

Under UK GDPR, you have the right to:

  • Know how your information is used
  • Access your personal data
  • Correct inaccuracies
  • Request deletion where lawful
  • Restrict or object to processing
  • Request data portability (where applicable)

Requests should be submitted to the DPO.

7. Accessing Records

If you request access to personal information (including CCTV footage related to your visit), proof of identity may be required.

Records may include staff involved in your visit or safeguarding incidents. Information unrelated to your visit will not be shared.

8. Data Retention

Visitor records are retained only as long as necessary for legal obligations or safety purposes.
Full details are available in our Records Retention and Destruction Policy on our website alongside the privacy policies.

9. Data Breach Procedure

Any data breaches will be handled according to GDPR and the Data Protection Act 2018. Affected individuals and the ICO will be notified if required. Contact the DPO for concerns.

10. Social Media & Marketing

  • We may share updates about life in our homes but will never publish visitor photos or personal information without consent
  • Marketing communications require explicit opt-in

11. Safeguarding, Coroners, and Legal Access

Information may be shared with:

  • Safeguarding teams, MASH, and local authorities
  • Police or emergency services
  • Coroners and legal representatives
  • Regulatory bodies, as required by law

12. Transfers Outside the UK

Data is generally stored in the UK. Any transfers outside the UK use safeguards such as standard contractual clauses.

13. Complaints

If you are unhappy with how your data is handled, contact our DPO first. You also have the right to complain to the ICO: ICO Complaints

Harbour Healthcare | Version 1.0 | January 2026 – January 2027