Privacy Notices - Adult Social Care Whitbourne House Privacy Notice


Whitbourne House Care Home is operated by Swindon Borough Council registered and regulated by The Care Quality Commission (CQC). This privacy notice should be read in conjunction with main privacy notice. This notice is aimed at our service users and relatives/carers.

If you have any questions about this privacy notice, or about how we look after your data generally, please contact us via or by calling 01793 464640.

What is a Privacy Notice?

A Privacy Notice is a statement issued by an organisation which explains how personal and confidential data about individuals is collected, used and shared.

Who is collecting and using your personal data?

Swindon Borough Council is a data controller. This means that, under the General Data Protection Regulation (GDPR), we may collect, control and process your data and, in certain circumstances, special categories of data (previously known as sensitive data).

Personal information can be anything that identifies and relates to a living person. Your care file, care plan, and any associated documentation will contain personal data, is likely to also contain information that is considered to be a special category of data such as physical and mental health and religious beliefs and ethnicity.

We take privacy very seriously. We are committed to keeping your data secure and processing it fairly and lawfully. We ask that you read this privacy statement very carefully because it contains important information about how we process your personal data.

Your personal data – what is it?

Personal data relates to a living individual who can be identified from that data. Identification can be by the information alone or in conjunction with any other information in the data controller’s possession or likely to come into such possession.

The processing of data is governed by the General Data Protection Regulation 2016/679 (GDPR).

What personal data do we collect?
  • Your name, date of birth, home address and telephone numbers. We will also collect names, relationship and contact details for any appointed deputy or holder of power of attorney, as well as next of kin and anyone else who you may wish to use as an emergency contact.
  • Your health and social care information, including allergies and any medical, physical or mental health conditions, medications and information pertaining to your care needs.
  • Your likes, dislikes and lifestyle preferences, current as well as historical information (so far as they relate to providing you with suitable care)
  • Photographs of you, as part of providing you with suitable care, with specific consent.

We may also act as a data processor where we obtain personal information collected from other sources such as:

  • Your allergies and any medical, physical or mental health conditions and in particular your care and support needs, from any appropriate external social or health care professionals (including your GP)
  • Your name, home address, date of birth, contact details, needs assessments from any appropriate social or healthcare professionals.
  • Your likes, dislikes, lifestyle preferences and historical information from your friends, family or any other person you have nominated as your representative, your court appointed deputy or power of attorney.
How do we process your personal data?

In order to provide care and support services to persons residing temporarily or permanently at Whitbourne House, we collect and use certain personal information. We need to do this in order to ensure we meet all regulatory standards and requirements and to comply with regulations and legislation.

Personal information means any information about you from which you can be identified but it does not include information where your identity has been removed (anonymous data).

As the ‘controller’ of personal information, we are responsible for how that data is managed. The General Data Protection Regulation (GDPR), which applies in the United Kingdom and across the European Union, sets out our obligations to you and your rights in respect of how we manage your personal information.

As the ‘controller’ of your personal information, we will ensure that the personal information we hold about you is:

  • Collected for a legal, lawful, legitimate purpose and/or has a statutory basis for collection and processing. Where this is not established explicit consent will be sought.
  • Used lawfully, fairly and in a transparent way, Data maps are created for all forms of data and may be viewed on request.
  • Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes.
  • Relevant to the purposes we have told you about and limited only to those purposes.
  • Accurate and kept up to date.
  • Kept only for as long as necessary for the purposes we have told you about.
  • Kept securely.
Why do we need your personal information?

We need your personal information to:

  • Assess your needs and suitability for our service prior to admission.
  • To prepare, review and update a suitable care file, describing the nature and level of care and support services provided to you.
  • To communicate with you, your representatives and any appropriate social or healthcare professionals about your individual needs and personalise the service provided to you.
  • To make reasonable adjustments, when required, to meet your individual needs and to ensure we have suitable facilities and equipment to ensure your safety.
  • To meet our legal and statutory duties, to apply for Deprivation of Liberty Safeguards or as part of our safeguarding obligations.
  • To complete administration or health and safety documents.
  • To carry out quality assurance procedure, review our service and improve our customer experience (please note feedback may also be provided anonymously).

If we change the way we intend to process personal data, we will complete a Privacy Impact Assessment to evaluate that we are still only processing your data. This is to ensure its within the scope of the purposes it was collected for, and that we are not collecting or processing unnecessary data.


How the law allows us to use your information?

When we collect your personal data, we rely on the following legal bases:

  • Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
  • Processing is necessary for compliance with a legal obligation to which the controller is subject.
  • Processing is necessary for the provision of health or social care or treatment or the management of health or social care systems and services.

When we collect special categories of personal data, (such as health, race, ethnicity, sexual orientation) we rely on the following legal bases.

  • The Care Act 2014
  • Health and Social Care Act 2015
  • Data Protection Act 2018
  • Human Rights Act 1998
  • Mental Health Act 1983 (Amended 2007)
  • Mental Capacity Act 2005

These legal bases are underpinned by acts of legislation that dictate what actions can and should be taken;

As we have a statutory basis for collecting your personal data, we do not need to ask your permission to collect and share it, however we will only ever share your data on a basis of need, in line with legislation and will work transparently with you.

How do we protect your information?

We will use technical and organisational measures to safeguard your personal data, for example:

  • Access to our systems is controlled by password and username which are unique to the user.
  • We store electronic information on secure servers.
  • We store your paper records in locked rooms and have secure off site archives to store information that is no longer required on site until it is securely disposed of in line with our retention and disposal policy.
  • We have regular collections of paper records containing personal data which are securely held and disposed of by a confidential waste management provider.
  • We provide staff with data protection and information security training.
  • We have an onsite data protection lead to liaise with our corporate Information Governance Team.
  • We have established procedures to manage data protection breaches.
How long do we keep your personal information?

As a general rule your information is only held on site whilst you are actively receiving care services. Following discharge from our service information is transferred to a secure off site archive and retained and disposed of in accordance with our retention and disposal policy which may be viewed on request.

What you can do with your information?

You have various rights under the General Data Protection Regulations, these include:

  • The right to object - if we are using your data because we deem it necessary for our legitimate interests to do so, and you do not agree you have the right to object. You can also ask us to change information you think is inaccurate.
  • The right to delete or limit information- where your personal information is no longer needed for the reason it was collected for it may be possible limit the use of or delete the data unless we are required to have it by law.
  • The right to withdraw consent - where we have obtained your specific consent to collect or process data for certain activities, you may withdraw your consent at any time by contacting
  • Data Subject Access Requests -you have the right to ask to view or be provided with a copy of the information we hold for you.

This request must be made in writing (if you are unable to request in writing whereupon another method will be made available to you). You may be required to verify your identity.

We cannot let you see any parts of your records which contain confidential information about other people. Or any data if a professional thinks will cause serious harm to you, or someone else’s physical or mental wellbeing, or if we think giving you that information may stop us preventing or detecting a crime.

Your right to complain

If you have any worries or questions about how your personal information is handled please contact:
Whitbourne House
01793 464640
Swindon Borough Council

If you wish to complain about how your personal data has been handled you should write to the Data Protection Officer and clearly outline your case. Your complaint will then be investigated in accordance with our c7ustomer complaint procedure.

Data Protection Officer

If you remain dissatisfied or need independent advice about data protection, privacy and data sharing issues you may contact:

Information Commissioner’s Office
Wycliffe House
Water Lane
Tel: 0303 123 1113 (local rate) or 01625 545 745 (national rate)



What if you do not provide personal data?

If you do not provide your data, it will limit the effectiveness of the services and support that we are able to offer you.

How will we ensure compliance?

An annual audit will take place on personal data to ensure we remain legally compliant in accordance with current data protection legislation.

Main privacy notice

You are viewing the Privacy Notice for Adult Social Care Whitbourne House.

Read the main Privacy Notice