top of page

Last updated: 10/09/2025

 

Chamarel Healthcare Limited (“Chamarel Healthcare”, “we”, “our”, “us”) is a healthcare and residential care services provider in the UK. We are registered as a Data Controller with the Information Commissioner’s Office (ICO) under registration number: ZA591643.

 

We recognise that the privacy and security of personal information is of great importance to our residents, their families and representatives, our colleagues, applicants, and all those involved in supporting the welfare of the people we care for.

 

This Privacy Notice sets out:

 

•⁠  ⁠What personal information we collect.

•⁠  ⁠Why we collect it.

•⁠  ⁠How we use and protect it.

•⁠  ⁠Your rights under the United Kingdom General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

 

We have appointed a Data Protection Officer responsible for overseeing compliance and handling questions relating to this Privacy Notice. For details, please see How to Contact Us below.

 

---

 

1. How We Collect Information

We may collect information about you in a variety of ways, including:

•⁠  ⁠When you apply for care, employment, or contact us.

•⁠  ⁠When you visit our website or use our online services.

•⁠  ⁠From health and social care professionals, local authorities, or regulators.

•⁠  ⁠From third-party services (e.g. DBS checks, professional validation bodies, occupational health consultants).

•⁠  ⁠Through CCTV and security systems on our premises for the prevention and detection of crime and 

 

2. The Types of Information We Collect

 

We collect different types of personal information depending on our relationship with you.

 

(a) For Residents and Service Users:

 

•⁠  ⁠Identity and contact details (name, address, date of birth, phone, email, next of kin).

•⁠  ⁠Health information (medical history, care plans, treatment notes, medication details, allergies, disabilities, mental health records).

•⁠  ⁠Financial information (funding details, payment arrangements).

•⁠  ⁠Safeguarding and incident reports.

 

(b) For Job Applicants and Employees:

•⁠  ⁠Contact details (name, address, phone, email).

•⁠  ⁠Identification documents (passport, driving licence, right-to-work evidence).

•⁠  ⁠CV, qualifications, references, work history.

•⁠  ⁠DBS disclosure details, professional registrations (e.g. NMC PIN).

•⁠  ⁠Equality and diversity monitoring data (e.g. gender, ethnicity, sexual orientation).

•⁠  ⁠Occupational health 

 

(c) Visitors to Our Care Homes or Website:

 

•⁠  ⁠Visitor name, purpose of visit, car registration details.

•⁠  ⁠CCTV footage (where installed).

•⁠  ⁠Website usage data (IP address, browser type, device details, cookies).

 

---

 

3. Special Category Data

 

Some of the data we collect is considered “special category data”, including:

 

•⁠  ⁠Health and social care information.

•⁠  ⁠Ethnicity, religion, or beliefs.

•⁠  ⁠Sexual orientation.

  This type of data is processed only where strictly necessary and lawful under Articles 6 and 9 UK GDPR (e.g. provision of healthcare, safeguarding, or where consent is given).

 

---

 

4. How We Use Your Information

 

We use your data to:

 

•⁠  ⁠Deliver safe and effective healthcare and social care services.

•⁠  ⁠Assess and progress job applications.

•⁠  ⁠Meet legal, contractual, and regulatory obligations.

•⁠  ⁠Communicate with you, your representatives, and other professionals.

•⁠  ⁠Safeguard residents and protect public safety.

•⁠  ⁠Improve our services through auditing and quality monitoring.

•⁠  ⁠Prevent and detect crime.

 

We may also anonymise data for research and service-improvement purposes.

 

---

 

5. Lawful Basis for Processing

 

We rely on several lawful bases for processing personal data, including:

 

•⁠  ⁠Contract – to deliver services or employment contracts.

•⁠  Legal Obligation – compliance with care, employment, and regulatory laws.

•⁠  ⁠Vital Interests – protecting life and safety.

•⁠  ⁠Legitimate Interests – day-to-day business management, recruitment, and safeguarding.

•⁠  ⁠Consent – where explicitly required (e.g. marketing communications).

 

For special category data, we process under:

 

•⁠  ⁠Article 9(2)(h) UK GDPR – provision of health or social care.

•⁠  ⁠Article 9(2)(c) – vital interests.

•⁠  ⁠Article 9(2)(g) – substantial public interest.

 

---

 

6. Sharing Your Information

 

We may share data with:

 

•⁠  ⁠Health and social care professionals, NHS bodies, and local authorities.

•⁠  ⁠Regulators such as the Care Quality Commission (CQC) and the ICO.

•⁠  ⁠Disclosure and Barring Service (DBS), professional bodies, and reference providers.

•⁠  ⁠Technology and system providers under strict data protection agreements.

•⁠  ⁠Police, safeguarding authorities, or courts where legally required.

 

We will never sell your personal data.

 

---

 

7. International Transfers

 

Personal data is normally stored and processed in the UK. Where data is transferred internationally (e.g. for IT hosting or secure cloud services), we ensure appropriate safeguards such as the UK-US Data Bridge or Standard Contractual Clauses are in place.

 

---

 

8. Data Retention

 

We only keep your data for as long as necessary to fulfil the purpose for which it was collected, including compliance with legal, clinical, or employment requirements.

 

•⁠  ⁠Care records: typically retained for at least 8 years (longer for children or safeguarding cases).

•⁠  ⁠Recruitment records: typically retained for 6–12 months if unsuccessful; longer if employed.

•⁠  ⁠CCTV: normally retained for up to 30 days unless required for investigations.

 

---

 

9. Your Rights

 

Under UK GDPR, you have the right to:

 

•⁠  ⁠Access your data.

•⁠  ⁠Correct inaccurate data.

•⁠  ⁠Request erasure (“right to be forgotten”) in certain circumstances.

•⁠  ⁠Restrict processing of your data.

•⁠  ⁠Object to processing based on legitimate interests.

•⁠  ⁠Request portability of your data.

•⁠  ⁠Withdraw consent (where processing is based on consent).

•⁠  ⁠Not be subject to decisions based solely on automated processing.

 

We may need to verify your identity before fulfilling requests.

 

---

 

10. Security of Your Data

 

We take appropriate technical and organisational measures to protect data, including:

 

•⁠  ⁠Secure IT systems and encryption.

•⁠  ⁠Physical access controls.

•⁠  ⁠Staff training on confidentiality and data protection.

•⁠  ⁠Regular audits and monitoring.

 

---

 

11. Cookies and Website Data

 

Our website uses cookies to improve functionality and track usage. For more details, please see our separate Cookie Policy.

 

---

 

12. Changes to This Notice

 

We regularly review and update this Privacy Notice. Updates will be published on our website and available on request.

 

---

 

13. How to Contact Us

 

 

If you have questions about this Privacy Notice or wish to exercise your rights, please contact below:

 

Data Protection Officer

enquiry@chamarelhealthcare.com

You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO)

bottom of page