Privacy Notices - Adult Social Care Fessey House Privacy Notice


Fessey House Care Home is operated by Swindon Borough Council, registered and regulated by The Care Quality Commission (CQC). This privacy notice should be read in conjunction with the main privacy notice.

If you have any questions about this privacy notice, or about how we look after your data generally, please contact us via or by calling 01793 725 844.

Further information regarding data protection may also be viewed here.

What is a Privacy Notice?

A Privacy Notice is a statement issued by an organisation, which explains how personal and confidential data about individuals is collected, used and shared.

Who is collecting and using your personal data?

Swindon Borough Council is a ‘data controller’. This means that, under the General Data Protection Regulation (GDPR), we may collect, control and process your data and in certain circumstances.

We take privacy very seriously. We are committed to keeping your data secure and processing it fairly and lawfully. We ask that you read this privacy statement very carefully, because it contains important information about how we process your personal data.

This notice is aimed at our service users and relatives/carers.

Your personal data – what is it?

Personal information can be anything that identifies and relates to a living person.Your care file, care plan, and any associated documentation will contain personal data, is likely to also contain information that is considered to be a special category of data such as physical and mental health and religious beliefs and ethnicity.

Identification can be by the information alone or in conjunction with any other information in the data controller’s possession or likely to come into such possession. The processing of data is governed by the General Data Protection Regulation 2016/679 (the “GDPR”).

What personal data do we collect?
  • Your name, date of birth, home address and telephone numbers. We will also collect names, relationship and contact details for any appointed deputy or holder of power of attorney, as well as next of kin and anyone else who you may wish to use as an emergency contact.
  • Your health and social care information, including allergies and any medical, physical or mental health conditions, medications and information pertaining to your care needs.
  • Your likes, dislikes and lifestyle preferences, current as well as historical information (so far as they relate to providing you with suitable care)
  • Photographs of you, as part of providing you with suitable care, with specific consent.

We may also act as a data ‘processor’ where we obtain personal information collected from other sources such as:

  • Your allergies and any medical, physical or mental health conditions and in particular your care and support needs, from any appropriate external social or health care professionals (including your GP)
  • Your name, home address, date of birth, contact details, needs assessments from any appropriate social or healthcare professionals.
  • Your likes, dislikes, lifestyle preferences and historical information from your friends, family or any other person you have nominated as your representative, your court appointed deputy or power of attorney.
How do we process your personal data?

In order to provide care and support services to persons residing temporarily or permanently at Fessey House, we collect and use certain personal information. We need to do this in order to ensure we meet all regulatory standards and requirements and to comply with regulations and legislation.

Personal information means any information about you from which you can be identified but it does not include information where your identity has been removed (anonymous data).

As the ‘controller’ of personal information, we are responsible for how that data is managed. The General Data Protection Regulation (GDPR), which applies in the United Kingdom and across the European Union, sets out our obligations to you and your rights in respect of how we manage your personal information.
As the ‘controller’ of your personal information, we will ensure that the personal information we hold about you is:

  • Collected for a legal, lawful, legitimate purpose and/or has a statutory basis for collection and processing. Where this is not established, explicit consent will be sought.
  • Used lawfully, fairly and in a transparent way, Data maps are created for all forms of data and may be viewed on request.
  • Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes.
  • Relevant to the purposes we have told you about and limited only to those purposes.
  • Accurate and kept up to date.
  • Kept only for as long as necessary for the purposes we have told you about.
  • Kept securely.
Who do we share your information with?

In order to provide a suitable safe and personalised care package personal data collected or processed by us may need to be shared with internal or external individuals or bodies. These include:

  • All care home staff
  • All medical and social care professionals
  • Any individual or body with a legitimate reason to view care records (CQC, safeguarding, IMCA, OPG, DoLS, social worker, care coordinators, best interest assessors, emergency services, volunteer support)

This may be shared by a physical viewing of the record or a photocopy/fax provided, verbally via telephone, electronically via secure email. Internal parties with whom data is shared with are subject to the same data protection guidelines and retention and disposal policies as ourselves.

External bodies are limited to only being able to process the information shared in line with the purpose for which it has been provided. Bodies who do not have a legal, lawful and legitimate basis for requiring personal data sharing are regulated by contract with SBC.

There may be circumstances where we are required by law to share your information for example in order to find and stop crime and fraud. Or if there are serious risks to the public, our staff or other professionals or to protect adults who are thought to be at risk, for example if they are frail, confused or cannot understand what is happening to them.

Third Party Service Providers Working On Our Behalf

We may pass your information to our third-party service providers, agents, subcontractors and other associated organisations for the purposes of completing tasks and providing services to you on our behalf. 

When we use third party service providers, we disclose only the personal information that is necessary to deliver the service and we have a contract in place that requires them to keep your information secure and not use it for their own direct marketing purposes.

We never sell your information

How do we protect your information?

We will use technical and organisational measures to safeguard your personal data, for example:

  • Access to our systems is controlled by password and username which are unique to the user.
  • We store electronic information on secure servers.
  • We store your paper records in locked rooms and have secure off site archives to store information that is no longer required on site until it is securely disposed of in line with our retention and disposal policy.
  • We have regular collections of paper records containing personal data which are securely held and disposed of by a confidential waste management provider.
  • We provide staff with data protection and information security training.
  • We have an onsite data protection lead to liaise with our corporate Information Governance Team.
  • We have established procedures to manage data protection breaches.
How long do we keep your personal information?

As a general rule your information is only held on site whilst you are actively receiving care services. Following discharge from our service information is transferred to a secure off site archive and retained and disposed of in accordance with our retention and disposal policy which may be viewed on request.

What you can do with your information?

You have various rights under the General Data Protection Regulations, these include:

  • The right to object – If we are using your data because we deem it necessary for our legitimate interests to do so, and you do not agree you have the right to object. You can also ask us to change information you think is inaccurate.
  • The right to delete or limit information, where your personal information is no longer needed for the reason it was collected for it may be possible limit the use of or delete the data unless we are required to have it by law.
  • The right to withdraw consent – Where we have obtained your specific consent to collect or process data for certain activities you may withdraw your consent at any time by contacting
  • Data Subject Access Requests – You have the right to ask to view or be provided with a copy of the information we hold for you. This request must be made in writing (if you are unable to request in writing whereupon another method will be made available to you). You may be required to verify your identity and we cannot let you see any parts of your records which contain confidential information about other people, data a professional thinks will cause serious harm to you or someone else’s physical or mental wellbeing or if we think giving you that information may stop us preventing or detecting a crime.
Your right to complain

If you have any worries or questions about how your personal information is handled please contact via email or call 01793 725 844.

In the event you wish to complain about how your personal data has been handled, you should write to and clearly outline your case. Your complaint will then be investigated in accordance with our customer complaint procedure.

If you remain dissatisfied or need independent advice about data protection, privacy and data sharing issues you may contact:
Information Commissioner’s Office
Wycliffe House
Water Lane

Tel: 0303 123 1113 (local rate) or 01625 545 745 (national rate)



What if you do not provide personal data?

If you do not provide your data, it will limit the effectiveness of the services and support that we are able to offer you.

How will we ensure compliance?

An annual audit will take place on personal data to ensure we remain legally compliant in accordance with current data protection legislation.

Main privacy notice

You are viewing the Privacy Notice for Adult Social Care Fessey House.

Read the main Privacy Notice