Privacy Policy

Please see our privacy policy below or click to download.

Download Policy

Privacy Notice – Rochcare (UK) Ltd

Last updated: 06/2025]

 

Contents

1. Introduction
2. About Rochcare (UK) Ltd
3. What data do we collect?
4. Why do we process your data?
5. Lawful bases for processing
6. Special category and criminal data
7. Where we collect data from
8. Who we share your data with
9. National Data Opt-Out
10. How we store and dispose of your data
11. Your rights
12. CCTV use
13. Our website
14. Contact and complaints

1. Introduction

Rochcare (UK) Ltd is committed to protecting your personal data and being transparent about what we do with it. This Privacy Notice explains how we process the personal data of:

  • Service users
  • Staff
  • Family members or friends of service users and staff
  • Website users

We aim to provide clear information about your rights and how you can exercise them. For anu questions, contact our Data Protection Officer.

 

2. About Rochcare (UK) Ltd

We are a family-run care provider operating residential care homes and home care services across the UK. Our mission is to provide first-class, person-centred care, especially for those living with dementia.

3. What Data Do We Collect?

Service Users
We may collect:

  • Name, date of birth, address, contact details, next of kin
  • Financial details relating to payment or funding
  • Health and care information (physical and mental health)
  • Special category data (ethnicity, religion, sexuality) – only if required or with consent
    Staff

We may collect:

  • Name, address, contact details, DOB, NI number
  • Bank and payroll information
  • Qualifications and training records
  • Occupational health data (e.g., fit notes)
  • DBS certificate status (not the certificate itself)
  • Special category data (only where necessary or with consent)

Friends and Relatives
We may collect:

  • Contact details and relationship to the service user
  • Lasting Power of Attorney information
  • Emergency contact details

 

4. Why Do We Process Your Data?

We process your personal data to:

  • Deliver safe and effective care
  • Fulfil our legal and contractual duties as an employer or care provider
  • Respond to emergencies
  • Support regulatory inspections (e.g., CQC)
  • Maintain accurate records
  • Carry out safeguarding activities
  • Keep in touch with families and friends (with appropriate permissions)

5. Lawful Bases for Processing

We process your data under one or more of the following legal bases:
For Service Users:

  • Legal obligation: Health and Social Care Act 2012, Mental Capacity Act 2005
  • Public task: Providing social care services
  • Vital interests: In emergencies
  • Consent: For sharing certain data (e.g., photos, surveys)

For Staff:

  • Legal obligation: Employment law
  • Contract: To employ and manage you
  • Legitimate interests: Training records (e.g., Skills for Care)
  • Consent: For optional data processing

For Relatives:

  • Legitimate interests: Maintaining emergency contacts
  • Consent: Where required for communications

6. Special Category and Criminal Data

We process special category data where:

  • It is necessary for social protection law
  • It is required for the provision of health or social care
  • You have given explicit consent

If DBS data is processed, this is done in line with the Data Protection Act 2018 and the Rehabilitation of Offenders Act 1974 (Exceptions Order). We retain only a record of the check, not the certificate.

7. Where We Collect Data From

We may collect data:

  • Directly from you or your legal representative
  • From healthcare professionals or the Local Authority
  • From third-party referrals (with appropriate permissions)
  • From our website or online forms
  • Via CCTV in communal areas

8. Who We Share Your Data With

We share data where lawful and necessary with:

  • GP, hospitals, pharmacies, social workers, and other health and care professionals
  • Local Authority and CQC
  • Police or safeguarding authorities (in line with legal obligations)
  • Payroll, pension, and training providers (staff only)
  • DBS umbrella organisations (staff only)

We ensure that third parties comply with data protection standards and only process data for agreed purposes.

9. National Data Opt-Out

We review our data processing annually to assess whether the National Data Opt-Out applies. At present, we do not share confidential patient information for research or planning purposes that fall under the scope of the National Data Opt-Out.
To learn more, visit https://www.nhs.uk/your-nhs-data-matters/

10. How We Store and Dispose of Your Data

All personal data is stored securely, whether electronically (on encrypted systems) or in paper format (locked and access-controlled). We retain data in accordance with the NHS Records Management Code of Practice. After the retention period:

  • Paper records are shredded to legal standards
  • Electronic data is securely deleted or anonymised
  • Archived data is stored securely as per our records management policy

11. Your Rights

You have the following rights:
1. Access – Ask for a copy of the data we hold about you
2. Rectification – Correct inaccurate or incomplete data
3. Erasure – Ask us to delete data no longer needed
4. Restriction – Limit how we use your data while we review concerns
5. Objection – Object to processing where we rely on legitimate interests or public task
6. Withdraw consent – At any time for data processed on that basis
7. Data portability – Request transfer of your data in a structured format
To exercise your rights, please contact the data protection officer. We may ask for proof of identity to protect your data. We will respond within one month.

12. CCTV Use

We use CCTV in some of our care homes for:

  • Safety and security of residents and staff
  • Supporting safeguarding investigations
  • Preventing and detecting crime

Cameras are located only in communal areas unless explicitly stated and justified. Signage is in place. All data is stored securely and retained only as long as necessary.

13. Our Website

When you use our website, we may collect:

  • IP address
  • Contact form submissions
  • Cookies (see our Cookie Policy for more details)

We use this data to improve your experience and respond to your queries.

14. Contact and Complaints

If you have concerns about how we use your data, please contact our Data Protection Officer:
Email: Rizwan Mahmood
Address: 75-77 Drake Street, Rochdale, OL16 1SB
You can also contact the Information Commissioner’s Office (ICO):
Website: www.ico.org.uk/concerns
Phone: 0303 123 1113

Contact Us