Privacy Notice

Last updated: 27 April 2026

This Privacy Notice applies to service users, employees, contractors, suppliers, and website users.

1. Who We Are

Precedo Healthcare Services provides domiciliary care and supported living services.

We are the data controller for the personal data we process.

Contact details:
Precedo Healthcare Services
Office 5, Stubley Works, Wreakes Lane, Dronfield, Derbyshire, S18 1PN
T: 01246 299700
E: enquiries@precedohealthcare.co.uk

2. Data Protection Lead

We have appointed a Data Protection Lead to oversee compliance with data protection laws.

Contact:
Amanda Cattell
E: ac@precedohealthcare.co.uk
T: 01246 299700

3. What Personal Data We Collect

We collect and process the following categories of personal data:

Service Users

• Name, date of birth, contact details
• Care plans and support records
• Medical, health, and medication information
• Risk assessments and safeguarding information
• Next of kin and emergency contacts
• Funding and financial information

Employees and Contractors

• Personal and contact details
• Identification and right to work documentation
• Employment history and references
• Payroll, tax, and pension information
• Training, supervision, and competency records
• DBS and compliance information

Suppliers and Partners

• Business contact details
• Contractual and financial information

Website Users

• IP address
• Browser type and usage data
• Cookie data (where applicable)

4. Special Category Data

We process special category data where necessary, including:

• Health and care information
• Racial or ethnic origin
• Religious or philosophical beliefs
• Sexual orientation (where relevant to care)

5. How We Use Personal Data

We use personal data to:

• Deliver safe, effective care and support
• Meet safeguarding responsibilities
• Manage employment and workforce requirements
• Comply with legal and regulatory obligations
• Communicate with individuals and stakeholders
• Improve our services and systems
• Meet contractual obligations with commissioners
• Manage recruitment processes and retain candidate details for future opportunities (where appropriate)
• Provide information about our services where consent has been given

6. Lawful Basis for Processing

We process personal data under the following lawful bases under UK GDPR:

Article 6 (general data)

• Legal obligation – compliance with health and social care law
• Contract – delivering services and employment arrangements
• Legitimate interests – managing and improving services and recruitment
• Public task – where services are commissioned by public bodies
• Consent – where required (e.g. marketing communications)

Article 9 (special category data)

• 9(2)(h) – provision of health and social care
• 9(2)(b) – employment and social protection law
• 9(2)(g) – safeguarding and substantial public interest

7. Sharing Personal Data

We may share personal data with:

• Health and social care professionals
• Local Authorities and NHS organisations
• Regulators including the Care Quality Commission
• Law enforcement agencies where required
• Payroll, IT, and other service providers acting as data processors
• The Disclosure and Barring Service for employment checks
• HMRC and pension providers

We may share information without consent where necessary to protect individuals from harm or meet safeguarding obligations.

We do not sell personal data.

8. International Transfers

We do not transfer personal data outside the UK.

9. Data Security

We use appropriate technical and organisational measures to protect data, including:

• Secure digital systems
• Access controls and role-based permissions
• Encryption and secure storage
• Staff training and confidentiality requirements

10. Data Retention

We retain personal data in line with legal and regulatory requirements, including guidance from NHS England.

Typical retention periods include:

• Care records: 8 years after last contact
• Staff records: 6 years after employment ends
• Recruitment records:
  • Unsuccessful applicants: 6 months
  • Candidates retained for future roles: up to 12 months (with consent)
• Safeguarding records: retained in line with legal requirements and risk considerations

11. Your Rights

Under UK GDPR, individuals have the right to:

• Access their personal data
• Request correction of inaccurate data
• Request deletion (in limited circumstances)
• Restrict or object to processing
• Data portability (where applicable)
• Withdraw consent at any time (where consent is used)

To exercise your rights, please contact us using the details provided in this notice.

To protect personal data, we may request identification before responding.

12. Complaints

If you are unhappy with how your data is handled, you can contact us or raise a complaint with the Information Commissioner’s Office:

Website: www.ico.org.uk
Telephone: 0303 123 1113

13. Cookies

Our website may use cookies to support functionality and improve user experience.

Where non-essential cookies are used, these will only be set with user consent.

Users can manage cookie preferences through their browser settings.

14. National Data Opt-Out

We submit non-identifiable data to commissioners for service monitoring and reporting purposes.

Where confidential patient information is used for planning or research purposes, we will comply with the National Data Opt-Out.

15. CCTV

Some premises we operate from or deliver services within may have CCTV in place.

Where we do not control these systems, the relevant organisation is responsible for the operation and management of that data.

16. Automated Decision-Making

We do not use automated decision-making or profiling that produces legal or significant effects.

17. Accessibility

An Easy Read version of this Privacy Notice is available on request. Please contact our HR team.

18. Changes to This Notice

We may update this Privacy Notice from time to time. The latest version will always be available upon request or on our website.