1. Introduction

Elite At Home Ltd is committed to protecting the privacy and security of personal data in line with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and related legislation. This Privacy Notice explains how we collect, use, store and protect personal data, and the rights of individuals whose data we process.

This Privacy Notice should be read alongside our Data Protection, Data Security, Data Quality, DPIA and related governance policies.

2. Who We Are (Data Controller)

Elite At Home Ltd is the data controller for the personal data we process.

Registered address: 31 Hoppers Way
Ashford
Kent
TN23 4GP

For data protection enquiries, please contact the Registered Manager

Name: Claire Mandimika
Position: Registered Manager
Phone Number: 01233 434012
Email Address: claire@eliteathome.co.uk

3. What Personal Data We Collect

We may collect and process the following categories of personal data, depending on our relationship with you:

Service Users

  • Name, address, date of birth and contact details
  • Health and care information, including special category data
  • Care plans, assessments, risk assessments and reviews
  • Information relating to safeguarding, incidents or complaints
  • Financial information where required for billing or funding purposes

Staff, Workers and Volunteers

  • Name, contact details and employment records
  • Recruitment information including DBS checks and references
  • Training, supervision and performance records
  • Payroll and pension information

Families, Representatives and Professionals

  • Contact details and relationship to the service user
  • Records of communication and involvement in care planning

Other Individuals

  • Visitors’ records
  • Enquiries and correspondence

4. Special Category Data

We process special category data, such as health information, only where necessary to deliver safe and effective care or to meet our legal and regulatory obligations. Additional safeguards are applied in line with our Data Security and Protection Toolkit (DSPT) arrangements.

5. How We Use Personal Data

We use personal data to: – Deliver safe, effective and person-centred care – Meet our contractual and commissioning obligations – Safeguard individuals and manage risks – Recruit, employ and manage staff and volunteers – Maintain accurate records and ensure data quality – Comply with legal, regulatory and CQC requirements – Investigate incidents and concerns – Manage business operations and continuity

We do not use personal data for automated decision-making or profiling that produces legal or significant effects.

6. Lawful Bases for Processing

We process personal data under one or more of the following lawful bases: – Legal obligation – Performance of a contract – Vital interests – Public task – Legitimate interests

For special category data, processing is carried out under the relevant UK GDPR conditions, including health and social care provision and safeguarding.

Where processing relies on consent, this will be clearly explained and recorded.

7. Data Sharing

We may share personal data, where lawful and necessary, with: – Local authorities and commissioners – NHS bodies and healthcare professionals – Regulators such as the Care Quality Commission – Safeguarding partners – IT and professional service providers under contract

All third parties are required to maintain appropriate security and confidentiality arrangements.

8. Data Security

We take data security seriously and have robust physical, technical and organisational measures in place, including: – Secure access controls and locked storage – Role-based access to electronic systems – Staff training and awareness – Cyber security controls aligned to the DSPT – Incident and data breach reporting procedures

These measures are supported by our Security Policy, DSPT Policy and Data Quality Policy.

9. Data Retention

Personal data is retained only for as long as necessary and in line with our Data Retention and Record Keeping policies. When data is no longer required, it is securely destroyed.

10. Your Rights

Under UK GDPR, you have the right to: – Access your personal data – Request rectification of inaccurate data – Request erasure in certain circumstances – Restrict or object to processing – Data portability, where applicable – Withdraw consent, where consent is the lawful basis

Requests can be made verbally or in writing and will be handled in line with our Subject Access Request procedures.

11. Complaints

If you have concerns about how your personal data is handled, please contact us in the first instance. You also have the right to complain to the Information Commissioner’s Office (ICO).

12. Changes to This Privacy Notice

This Privacy Notice is reviewed regularly and updated where required to reflect changes in legislation, guidance or our practices.

Last reviewed: 3rd July 2025