Effective date: 25th June, 2025
1. Introduction
At The Sands Care Group, we are committed to protecting your personal data and upholding your rights under the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the Care Quality Commission (CQC) Fundamental Standards. This privacy policy explains how we collect, use, and safeguard your information.
2. Who We Are
Sands Care Morecambe Ltd is a provider of residential and nursing care services. We are registered with the Care Quality Commission (CQC) and operate in accordance with all applicable care regulations.
Data Controller:
Sands Care Morecambe Ltd
390 Marine Road East, Morecambe, Lancashire, LA4 5AU
Email: care@thesands-carehome.co.uk
Telephone: 01524 907020
3. The Information We Collect
We may collect and process personal data from the following groups:
a) Residents
- Name, date of birth, NHS number
- Health and medical history
- Care plans, risk assessments, and daily notes
- Next of kin and emergency contacts
- Legal authority (e.g. Power of Attorney, Deputyship)
- Religious, cultural, and dietary preferences
- Financial arrangements, funding details, and invoicing
b) Relatives and Representatives
- Name and relationship to resident
- Contact information
- Legal documentation (e.g. LPA, Deputy orders)
c) Employees and Applicants
- Name, address, contact details
- Employment history, qualifications, references
- Right to work and DBS checks
- Payroll, tax, and pension details
- Training records and supervision notes
d) Website Visitors
- IP address and browser type (via analytics)
- Pages visited and usage data
- Cookies, if consented
4. Why We Collect Personal Data
- We collect and use personal data for the following lawful purposes:
- To provide safe, person-centred care in line with CQC Fundamental Standards
- To communicate with families, professionals, and emergency services
- To manage care records, medication, and clinical risk
- To comply with legal and regulatory obligations
- To process payments and manage contracts
- To recruit, train, and manage staff
- To ensure the security and functionality of our website
5. Our Legal Basis for Processing
We rely on the following lawful bases under UK GDPR:
- Article 6(1)(b): Contractual obligation (care agreements, employment)
- Article 6(1)(c): Legal obligation (e.g. CQC, safeguarding, tax)
- Article 6(1)(f): Legitimate interest (business management, communication)
- Article 6(1)(a): Consent (for optional services, marketing, cookies)
- Article 9(2)(h): Provision of health or social care (special category data)
6. Who We Share Data With
We only share personal data where necessary, and always with appropriate safeguards. Data may be shared with:
- GPs, NHS Trusts, pharmacists, and ambulance services
- Local authorities, adult social care, and funding bodies
- The Care Quality Commission (CQC)
- Payroll, pension, and accounting providers
- Legal representatives and safeguarding authorities
- DBS and recruitment vetting agencies
- We do not share or sell data to third parties for marketing purposes.
7. How We Store and Protect Your Data
- Digital records are stored securely on encrypted systems
- Paper files are kept in locked cabinets with restricted access
- Access is limited to trained and authorised staff
- Regular audits and access reviews are conducted
- Staff receive ongoing training in data protection and confidentiality
8. How Long We Keep Your Data
We retain personal data only for as long as necessary:
- Resident records: 8 years after discharge or death
- Employee records: 6 years after employment ends
- Financial records: 6 years for HMRC compliance
- Recruitment data (unsuccessful): 6 months
- Website analytics: anonymised and retained per provider policy
9. Your Rights
- Under the UK GDPR, you have the right to:
- Access the personal data we hold about you
- Request correction of inaccurate data
- Request erasure of data where appropriate
- Restrict or object to processing
- Withdraw consent at any time (where applicable)
- Lodge a complaint with the Information Commissioner’s Office (ICO)
To exercise these rights, contact us at care@thesands-carehome.co.uk
ICO website: www.ico.org.uk
10. Cookies and Website Analytics
Our website uses cookies to enhance user experience and monitor traffic via Google Analytics. Cookies are only used with your consent. You can disable cookies at any time via your browser settings. No personally identifiable information is collected through cookies.
11. Policy Updates
We may update this policy from time to time to reflect legal, operational, or regulatory changes. The most current version will always be available at www.thesands-carehome.co.uk/privacy
Sands Care Morecambe Ltd - Registered in England and Wales. Company Number: 03029318