Last updated: April 2025
At Merryfields Care Home, we take your privacy seriously. This privacy policy explains how we collect, use, and protect your personal data. We process personal data of enquirers, residents, staff, and others to meet legal obligations and provide our services effectively, all in compliance with the UK & EU General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, the Data Protection Security Toolkit, and other relevant privacy laws.
What We Process
- Providing services to our residents and enquirers, such as care plans and health management.
- Monitoring and improving services through feedback, surveys, and market research.
- Compliance with legal and contractual obligations.
- Marketing research to improve services and reach the right audiences.
- Partnerships with other providers like recruitment services to improve our quality of care.
Personal Data We Collect
- Enquiries: Name, contact details, and communication preferences.
- Residents: Personal details, contact info, financial information, health and care needs, next of kin, and legal representatives.
- Complaints: Personal details and complaint-related information.
- Health & Welfare: Medical, dietary, mobility, safeguarding, and mental capacity information.
- Job Applications: Contact details, CVs, references, right-to-work checks, DBS checks, and application responses.
Legal Basis for Processing
We process your personal data under the following lawful bases:
- Contractual necessity – to provide agreed care services.
- Legal obligation – to meet regulatory requirements, including the CQC and safeguarding authorities.
- Vital interests – for the protection of life in medical or emergency situations.
- Consent – where applicable, such as for marketing or optional services. You can withdraw consent at any time.
- Public interest in public health – for infection control and outbreak response.
- Employment obligations – to manage staff contracts and duties responsibly.
How We Use Your Information
- To deliver personalised care and support services.
- To manage resident records, assessments, medication, and care plans.
- To improve service quality and ensure safety and compliance.
- To respond to enquiries, concerns, and complaints.
- To process job applications and manage staff employment records.
Who We Share Your Information With
- Healthcare providers (e.g. GPs, hospitals, pharmacies) in emergencies or for ongoing care needs.
- Regulatory bodies such as the Care Quality Commission (CQC), Local Authorities, and the NHS.
- Service providers (e.g. IT, payroll, HR, website hosting) under contract and data processing agreements.
- Law enforcement, safeguarding boards, or legal representatives when legally required or justified.
Data Storage & Security
Your data is stored securely on encrypted systems hosted within the UK or EU. We comply with the NHS Data Security & Protection Toolkit, and all staff are trained in data protection. Access to data is restricted and monitored.
Transfers Outside the UK or EU
We do not transfer personal data outside the UK or EU. If this ever becomes necessary, we will ensure it is protected using appropriate safeguards such as Standard Contractual Clauses (SCCs).
Retention of Your Data
- Residents: We keep records for as long as required to provide care, and for 7 years after the contract ends.
- Job Applicants: Data for unsuccessful candidates is deleted after 30 days, unless permission is given to retain it longer.
Your Rights
Under the UK & EU GDPR, you have the right to:
- Be informed about how your data is processed.
- Access your personal data.
- Request correction of inaccurate or incomplete data.
- Request erasure of data that is no longer required.
- Restrict or object to certain types of processing.
- Request your data be provided in a portable format.
- Not be subject to automated decision-making or profiling without human involvement.
To exercise any of these rights, please contact us at This email address is being protected from spambots. You need JavaScript enabled to view it. or call 01394 285528. We will respond within one month.
Consent
Where we rely on your consent to process your data (for example, for marketing or optional care services), you have the right to withdraw this consent at any time. Withdrawal will not affect processing carried out before that point.
Children’s Data
We do not knowingly collect data from children under 16 unless required for safeguarding or visiting records. Any such data is handled with extra care and protection.
CCTV
We operate CCTV in communal areas of the home for safety, security, and quality assurance purposes. Footage is retained for a limited period and only accessed where necessary.
Data Protection Officer
For any concerns about how we handle your data, contact our Data Protection Officer, Samantha Shapwanale, at This email address is being protected from spambots. You need JavaScript enabled to view it..
Complaints
If you are not satisfied with how we have handled your data, you can lodge a complaint with the Information Commissioner’s Office (ICO): https://ico.org.uk.
Contact Information
Merryfields Care Home
7 Mill Lane, Felixstowe, Suffolk, IP11 7RL
Phone: 01394 285528
Email: This email address is being protected from spambots. You need JavaScript enabled to view it.