PRIVACY STATEMENT FOR FAMILY MEMBERS

At Edenmore Nursing Home we are more than just a care provider, we are a community committed to providing compassionate care that supports a meaningful continuation of life for individuals living with a Dementia.

Our approach is rooted in the principles established by Thomas Kitwood, placing each individual at the heart of everything we do. We are guided by the five core emotional needs identified by Kitwood “comfort, attachment, inclusion, occupation, identity” ensuring that every person experiences the human qualities essential for both emotional and physical well-being.

We create homely households/environments that feel familiar and comforting, where those we support are known as Family Members. This reflects the respect and warmth at the heart of our commitment to truly seeing the person, not the diagnosis. Every aspect of daily life is tailored to understand each Family Member’s history, identity and individuality.

Our approach doesn’t focus solely on the clinical aspects of Dementia, it embraces the whole person. Through meaningful connection, activity and a nurturing environment, we support well-being in all its forms. Comfort, belonging, inclusion and purpose are central to life Edenmore Nursing Home where every day is an opportunity to live with choice, independence and dignity.

At Edenmore Nursing Home we are committed to protecting your personal data and handling it responsibly. Our Privacy Statement for Relatives, Friends and Stakeholders of Family Members explains how we collect and manage your data.

WHAT IS THE PURPOSE OF THIS PRVIACY STATEMENT

  • Under the UK GDPR and Data Protection Act 2018, we are required to explain to you why we collect your information, how we intend to use that information and whether we will share this information with anyone else. This statement applies to all current, former and prospective Family Members.
  • It is important that you read this Privacy Statement for Family Members so that you know how and why we use your information. We may update this Privacy Statement for Family Members at any time. It is also important that you inform us of any changes to the personal information we hold about you so that the information is accurate and up to date.

WHO ARE WE?

2.1         We are Edenmore Nursing Home (Edenmore Care Limited), a company registered in England and Wales under company number 09807377 and with our registered office at Beech House, Brotherswood Court, Bradley Stoke, Bristol, BS32 4QW.

2.2         Edenmore Nursing Home, is a subsidiary of Evolve Care Group, and as part of our integrated business operations, employees of Evolve Care Group, may access the personal data and information held by Edenmore Nursing Home where necessary for legitimate business purposes. All data processing activities will adhere to applicable data protection laws, including the UK GDPR and the Data Protection Act 2018, ensuring appropriate safeguards and security measures to protect individuals’ rights and privacy.

2.3         Edenmore Nursing Home is the “Data Controller” for the information which we hold about you. This means that we are responsible for deciding how and why we hold your personal information.

OUR DATA PROTECTION OFFICER

3.1         Our Data Protection Officer (DPO) is responsible for overseeing what we do with your information and monitoring our compliance with the Data Protection Laws.

3.2         Our DPO is Mark Reed, Chief Operating Officer. If you have any concerns or questions about our use of your personal data, you can contact raise these by emailing info@edenmorenursinghome.com or writing to Data Protection Officer, Beech House, Brotherswood Court, Bradley Stoke, Bristol, BS32 4QW. Alternatively, if you wish to make contact but are unable to use any of the above methods, please contact the Registered Manager who will be able to put your queries forward to the team.

TYPES OF PERSONAL INFORMATION WE USE AND OUR LAWFUL BASIS FOR DOING SO?

4.1         We process your personal information for a number of reasons. We ask for information about you so that we can make sure we offer you the best care, protection and support. If you refuse to provide certain information when requested, we may not be able to offer you a placement or sustain your placement at our home as we require certain information in order to comply with our legal obligations, perform our contract for the provision of services to you and to ensure your health and safety and the health and safety of those around you.

4.2         In accordance with the Data Protection Laws, we need a lawful basis for collecting and using information about you. These lawful bases are set out in Article 6 of the UK GDPR and, depending on the type of data, may require reliance on additional safeguards set out in Articles 9 and 10 of the UK GDPR and within the Data Protection Act 2018.

Standard personal data:

4.3         We will process standard personal data about you. Please refer to the Appendix to see the types of data we might process about you.

4.4         Our Article 6 GDPR lawful basis for processing this type of data will depend on the circumstances, but will include the following (as appropriate):

4.4.1      You have given us clear consent to process your personal data (in the circumstances where consent is the only available lawful basis) (Article 6(1)(a)) of the UK GDPR); or

4.4.2      It is necessary in order for us to perform our contract for services with you/your loved one/your commissioning body (Article 6(1)(b) of the UK GDPR); or

4.4.3      It is necessary to meet legal / regulatory obligations (Article 6(1)(c) of the UK GDPR); or

4.4.4      It is necessary for our legitimate interests (where they are not overridden by your rights) (Article 6(1)(f) UK GDPR).

Special categories of personal data:

4.5         Some of the information which we may process about you will be “special category personal data” and criminal activity data. Special category personal data and criminal activity data (see further below) require a greater level of protection than standard personal data. Please refer to the Appendix to see the types of special category personal data and criminal activity data we might process about you.

4.6         Our Article 6 GDPR lawful basis for processing this type of data will depend on the circumstances, but will include the following (as appropriate):

4.6.1      You have given us consent to process your personal data (in the circumstances where consent is the only available lawful basis) (Article 6(1)(a)) of the UK GDPR); or

4.6.2      It is necessary in order for us to perform our contract for services with you/your loved one/your commissioning body (Article 6(1)(b) of the UK GDPR); or

4.6.3      It is necessary to meet legal / regulatory obligations (Article 6(1)(c) of the UK GDPR); or

4.6.4      It is necessary to protect your life (Article 6(1)(d) of the UK GDPR); or

4.6.5      It is necessary for our legitimate interests (where they are not overridden by your rights) (Article 6(1)(f) UK GDPR).

4.7         We also require an Article 9 UK GDPR basis and must meet other additional conditions specified within the Data Protection Act 2018 to process this type of data.

Criminal activity data:

4.8         We may process information about you in relation to details of criminal activity in relation to proven and unproven criminal offences (including allegations of criminal activity, investigations into criminal activity, details of proceedings and outcomes of proceedings). Please refer to the Appendix for more details of the data we might process about you.

Our Article 6 GDPR lawful basis for processing this type of data will depend on the circumstances, but will include the following (as appropriate):

4.8.1      You have given us consent to process your personal data (in the circumstances where consent is the only available lawful basis) (Article 6(1)(a)) of the UK GDPR); or

4.8.2      It is necessary in order for us to perform our contract for services with you/your loved one/your commissioning body (Article 6(1)(b) of the UK GDPR); or

4.8.3      It is necessary to meet legal / regulatory obligations (Article 6(1)(c) of the UK GDPR); or

4.8.4      It is necessary for our legitimate interests (where they are not overridden by your rights) (Article 6(1)(f) UK GDPR).

4.9         We also require an additional Article 10 UK GDPR condition for processing this type of data, and must meet other additional conditions specified within Schedule 1 of the Data Protection Act 2018 to process this type of data.

SOURCE OF YOUR PERSONAL INFORMATION

5.1         The information described at section 4 which we collect about you will be obtained through a variety of sources which may include:

5.1.1      From you directly prior to, during or after your stay with us;

5.1.2      From your friends, relatives/authorised representatives or others prior to, during or after your stay with us;

5.1.3      information created about you in the course of your stay with us (for example, data recorded within your care records and care planning, such as observations and interactions);

5.1.4      information which you have otherwise made public;

5.1.5      from social media activity (such as Facebook etc.);

5.1.6     from photographs and/or videos taken by the clinical team as part of clinical assessments and/or reviews

5.1.7     from key announcements of OR photos and/or videos taken by the care team as part of documenting and evidencing the experience and journey of the person during their time in the home

5.1.8      from external healthcare providers such as the NHS, your GP, hospital staff, dentists etc. and multi-disciplinary teams;

5.1.9      from safeguarding authorities / commissioning bodies and Integrated Care Boards / social services / other regulators (such as the Nursing and Midwifery Council and Information Commissioner’s Office) (and in some circumstances, their professional advisors or authorised representatives).

5.1.10   from the Police and other law enforcement agencies (for example, the Home Office), the courts, the Office of the Public Guardian and coroners.

5.1.11   from Attorneys/Deputies or others who are acting in your best interests.

5.1.12   from Auditors / professional advisors (including solicitors and insurers).

5.1.13   from other entities/persons which fall outside of this list which is made known to us in relation to your residency; and

5.1.14   because circumstances are variable and change with time there may in some instances be situations outside the list above and we regularly review our Privacy Statement for Family Members to assess whether any updates are required.

COMPLYING WITH DATA PROTECTION LAW

6.1          We will comply with the Data Protection Laws when using your personal information. At the heart of the Data Protection Laws are the data protection principles (Article 5(1) of the UK GDPR) which say that the personal information we hold about you must be:

6.1.1      processed lawfully, fairly and in a transparent way;

6.1.2      collected only for specified, explicit and legitimate purposes and not used in any way that is incompatible with those purposes;

6.1.3      adequate and relevant to the purposes we have told you about and limited only to those purposes;

6.1.4      accurate and, where necessary, kept up to date;

6.1.5      kept only as long as necessary for the purposes we have told you about; and

6.1.6      processed in a manner that ensures appropriate security.

SHARING YOUR INFORMATION

7.1         We will share your personal information with third parties where we have a lawful basis for doing so.

7.2         The types of organisations/persons with which we may share your personal data are as follows:

7.2.1      External healthcare providers and multi-disciplinary teams healthcare providers such as your GP, hospital staff, dentists, other care providers etc;

7.2.2      Safeguarding authorities / commissioning bodies and Integrated Care Boards / other regulators (such as the Nursing and Midwifery Council and the Information Commissioner’s Office) (and in some circumstances, their professional advisors or authorised representatives);

7.2.3      The Police and other law enforcement agencies (for example, the Home Office), the courts, the Office of the Public Guardian and coroners;

7.2.4      IT service providers: we may use external IT or software providers who may have access to your personal data from time to time as is necessary to perform their services;

7.2.5      Attorneys/Deputies or others who are acting in your best interests (including complainants who have a vested interest in your care, or bodies commissioned for the investigation of complaints, such as the Local Government and Social Care Ombudsman);

7.2.6      Auditors / professional advisors (including solicitors and insurers).

7.2.7     Clinical information may be shared between the home and the central clinical governance team via Microsoft Office applications such as outlook email and teams.

7.2.8     Key announcements and/or photos and videos of Family Members in their experience of the home may be shared between the members of the team via secure messaging apps (under a policy-controlled basis) in order to show good practice, highlight any significant areas of concern, or to celebrate “magic moments” and achievements.

7.2.9     Where additional written consent is obtained from the Family Member or their representative(s) under a “best Interests agreement” images may be shared for marketing and promotion via media releases to celebrate life stories or used within Evolve Care Group academy training materials to help develop the skills and knowledge of the team.

TRANSFERRING INFORMATION OUTSIDE OF THE UK AND THE EUROPEAN ECONOMIC AREA (EEA)

8.1         We strive to ensure that any data necessary to be shared with the companies we work with (i.e. our supply chains) remains within the UK or the EEA in the first instance. However, some companies that provide services to us are located in, or run their services from, countries outside of these areas and resultantly, on occasion, your personal data may be transferred to countries outside of these areas.

CAN WE USE YOUR INFORMATION AND DELETING IT

9.1         We typically will only use your personal information for the purposes for which we collect it. It is possible that we will use your information for other purposes as long as those other purposes are compatible with those set out in this Privacy Statement for Family Members. If we intend to do so, we will provide you with information relating to that other purpose before using it for the new purpose.

STORING YOUR INFORMATION AND DELETING IT

10.1       To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements. We will only retain your personal information in line with periods calculated using such criteria and in consideration of how long it is reasonable to keep records to show we have met the obligations we have to you and by law, any time limits for making a claim, any periods for keeping information which are set by law or recommended by regulators, professional bodies or associations.

10.2       In some circumstances we may anonymise your personal information so that it can no longer be associated with you, in which case we may use such information without further notice to you.

YOUR RIGHTS

11.1       Under certain circumstances, you have the right to:

11.1.1   Request access to your personal information (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.

11.1.2   Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.

11.1.3   Request erasure of your personal information in certain circumstances. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).

11.1.4    Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) or public interest as our lawful basis for processing and there is something about your particular situation which leads you to object to processing on this ground. You also have the right to object if we are processing your personal information for direct marketing purposes.

11.1.5   In the limited circumstances where we are relying on your consent as our lawful basis to process your data for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. If you withdraw your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another lawful basis for doing so.

11.1.6    Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.

11.1.7    Request the transfer of your personal information to another party.

11.2       If you wish to exercise any of the above rights, please contact our Data Protection Officer whose details are set out in Section 3.

AUTOMATED DECISION MAKING

12.1       You will not be subject to decisions that will have a significant impact on you based solely on automated decision-making.

RIGHT TO COMPLAIN TO THE ICO

13.1       You have the right to complain to the Information Commissioner’s Office (the “ICO”) if you are not satisfied with the way we use your information. You can contact the ICO by writing to Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF or ico.org.uk.

CHANGES TO THIS PRIVACY STATEMENT

14.1       We reserve the right to update this Privacy Statement for Family Members at any time where appropriate.

APPENDIX A – STANDARD PERSONAL DATA

The standard personal data we may process about you includes:

  1. Personal details (such as name, date of birth, gender, nationality, marital status, national insurance number), contact details (such as your address, personal telephone number and personal email address), and confirmation of your identity, to allow us to assess that you are suitable to reside within one of our care homes/hospitals and for the purposes of communicating with you before, during and after your residency with us for reasons connected to your residency or in order for us to contact you in the event of an emergency;
  2. Financial information (such as bank account details, details about your financial assets (for example, details of any property you own) for the purpose of making necessary checks to ensure that the care and accommodation is affordable for you, and for the purposes administering payments for your stay with us;
  3. Information about your family and others (such as dependants, next of kin and emergency contact numbers) so we know who to contact if there is an emergency;
  4. Information about: your likes and dislikes (relating to hobbies, food, routines and other categories of likes and dislikes which help us improve your care); your care preferences; your life history (in order to ensure that we help you feel at home with us it is important for us to get to know you as best we can); and information about your long-term wishes (such as your desired arrangements in the event that you pass away while staying with us). See also below in respect of special category personal data);
  5. Security information images/audio of you (such as CCTV footage etc.) and photographs in order to ensure public safety i.e. the safety and security of our residents and employees and those who visit our premises, as well as identify and help to deter criminal activity (such as vandalism/damage to the property and theft) and create an overall secure living environment for you, and working environment for our staff;
  6. Information about your day-to-day activities in order to provide you with safe, appropriate and personalised care and accommodation and ensure that we can meet your individual requirements. Some examples of this include us using your personal information for the following reasons: meeting your dietary requirements; making necessary adaptations to your accommodation; delivering the healthcare and personal care you require (including medications); and determining your capacity for decision making;
  7. Information about your residency with us to allow us to carry out any necessary disciplinary processes with employees/others, make decisions around your residency, or provide evidence for legal proceedings (including instigating or responding to any claims) and for safeguarding and regulation of care purposes, including for the purposes of responding to complaints;
  8. We may also process your data by sending you email or text message communications in relation to your residency and ask for your views on the ways in which we could improve our services and improve the employment environment pursuant to our care contract;
  9. We may also ask for your consent for information about you to be featured in our marketing material, including (but not limited to) brochures and other such printed and electronic publications, the Edenmore Nursing Home, website and social media pages and other promotional pages linked to Edenmore Nursing Home and
  10. Because circumstances are variable and change with time, there may in some instances be situations outside the list above, and we regularly review our privacy statements to assess whether any updates are required.

APPENDIX B – SPECIAL CATEGORY DATA

The special category personal data which we may process about you (in order to provide you with safe, appropriate and personalised care and accommodation) includes:

  1. Information about your racial or ethnic origin;
  2. Information about your religious beliefs;
  3. Information about your sexual orientation, relationship history and political opinions; and
  4. Information about your health, including any disabilities or special requirements which you may have, medical condition or disability, your medical history, vaccination status and history, records required by care home regulations like risk assessments, care plans and records of the care we provide to you, and the monitoring of statistical information which analyses the well-being of our residents and monitoring diversity, trends in healthcare needs and occupancy within our homes);
  5. Biometric data (such as your fingerprint, face or audio recognition or test data (for example, Covid-19 swab test data);

APPEDIX C – CRIMINAL ACTIVITY DATA

We may process criminal activity data about you. This may include

  1. Information in relation to allegations of criminality, investigations and proceedings.
  2. We will only this type of information if it is appropriate and where we are legally able and / or required to do so. Where appropriate, we will collect information about criminal convictions as part of the admission process or we may be notified of such information directly by you/others in the course of your residency with us. We will use information about criminal convictions and offences in the following ways:
  3. To assess whether we can offer you the care and support that you require prior to or during your admission;
  4. To protect our other residents from the risk of assault, abuse, theft or possession or any other detriment;
  5. In order to meet legal / regulatory obligations;
  6. Less commonly, we may use information relating to criminal convictions where it is necessary in relation to legal claims, where it is necessary to protect your interests (or someone else’s interests) and you are not capable of giving your consent, or where you have already made the information public.
  7. We may also process such information in the course of legitimate business activities with the appropriate safeguards.

APPENDIX D – EXCEPTIONS TO THIS PRIVACY NOTICE

Edenmore Nursing Home, is committed to ensuring the lawful, transparent, and secure processing of personal data relating to our Family Members (residents). In accordance with

Article 9(2)(h) of the UK GDPR, we process special category personal data for the provision of health or social care services, ensuring that our Family Members receive safe, effective, and person-centred care.

This appendix outlines our approach to the sharing of personal data in exceptional circumstances outside of this process, ensuring compliance with data protection laws while supporting the health, well-being, and dignity of those in our care.

  1. Legal Basis for Processing and Sharing Personal Data

Under Article 9(2)(h) of the UK GDPR, we are permitted to process special category personal data when necessary for:

  • Preventive or occupational medicine
  • Medical diagnosis
  • Provision of health or social care
  • Treatment or the management of health or social care systems

The Data Protection Act 2018 also requires that appropriate safeguards are in place to protect the rights and freedoms of Family Members.

  1. Scope of Data Sharing

Personal data may be shared lawfully and responsibly with relevant parties where necessary for the continuity of care, safeguarding, regulatory compliance, and risk management. This may include:

Healthcare and Social Care Professionals

  • General Practitioners (GPs)
  • Hospital staff and specialist clinicians
  • Community nurses and district nursing teams
  • Occupational therapists, physiotherapists, and mental health practitioners
  • Safeguarding teams and Adult Social Care services

Emergency and Crisis Support

  • Ambulance services
  • Law enforcement agencies (e.g., police and coroner services in cases of safeguarding or mortality reviews)
  • Crisis intervention teams

Regulatory Bodies and Legal Representatives

  • Care Quality Commission (CQC)
  • Local Government and Social Care Ombudsman
  • Professional regulatory bodies (e.g., Nursing and Midwifery Council)
  • Solicitors acting on behalf of Family Members in legal or safeguarding matters

Family Members and Legal Deputies

  • Next of kin, attorneys, or deputies with relevant permissions under Lasting Power of Attorney (LPA)
  • Appointed advocates or representatives

Internal Staff and Service Providers

  • Nursing home employees involved in direct care delivery
  • IT service providers responsible for secure health record management
  • Data protection and compliance officers
  1. Examples of Personal Data That May Be Shared

We may process and share the following categories of special category personal data when necessary for the provision of care:

  • Health Records: Medical history, current conditions, treatment plans, medication details, MAR charts, TEP forms, care plans, and risk assessments.
  • Clinical Assessments: Occupational therapy reports, falls risk assessments, and nutritional screening.
  • Mental Capacity and Consent Documentation: Information regarding capacity assessments and best-interest decisions.
  • Incident Reports and Safeguarding Concerns: Documentation related to health deterioration, behavioural concerns, and investigations into safeguarding risks.
  • Legal Documentation: Copies of Power of Attorney or deputyship orders when relevant to a Family Member’s care.
  • End-of-Life Care Directives: Advance care plans and decisions regarding resuscitation or palliative care.

This list is not designed to be a comprehensive list, but serves as a guide. Any data shared outside this list will only be shared within the specific remit of paragraph 1 above.

Data Protection Measures and Safeguards

To ensure lawful and ethical data sharing, Edenmore Nursing Home adheres to the following safeguards:

  • Strict access controls: Personal data is shared only with authorized individuals with a clear need to know.
  • Secure storage and transmission: Encrypted databases and secure communication channels are used for transmitting sensitive information.
  • Regular audits and training: All staff handling Family Member data undergo GDPR and confidentiality training.
  • Clear consent procedures: Where applicable, Family Members or their legal representatives are informed about data sharing practices.
  • Retention and disposal policies: Personal data is stored only for as long as necessary under legal and operational guidelines and securely disposed of when no longer required.

Compliance and Review

Edenmore Nursing Home, ensures compliance with the UK GDPR, the Data Protection Act 2018, and relevant health and social care regulations. This policy is subject to regular review to align with legislative updates and best practices in data protection, safeguarding, and ethical care delivery.