Privacy Policy

Support Horizons Privacy Notice



What this Notice covers

 

This is Support Horizons Privacy Notice. Support Horizons is committed to protecting the privacy and security of your personal information.


As part of the services we offer, we are required to process personal data about our staff, our service users and, in some instances, the relatives or friends of our service users and staff. “Processing” can mean collecting, recording, organising, storing, sharing, or destroying data.

 

We are committed to being transparent about why we need your personal data and what we do with it. This information is set out in this privacy notice. It also explains your rights when it comes to your data.

 

If you have any concerns or questions, please contact us on 0118 9893959 or finance@support-horizons.co.uk.


Identity of the data controller

 

Support Horizons is a “data controller”. This means that we are responsible for deciding how we hold and use personal information about you. We are required under data protection legislation to notify you of the information contained in this privacy notice.

 

It is important that you read this notice, together with any other privacy notice we may provide on specific occasions when we are collecting or processing personal information about you, so that you are aware of how and why we are using such information.

 

Categories of personal data we process

 

So that we can provide a safe and professional service, we need to keep certain records about you. We may process the following types of data:

  • Personal contact details such as name, title, addresses, telephone numbers, personal email addresses; date of birth; gender; marital status and dependants
  • Next of kin and emergency contact information
  • Financial Details e.g. details of how you pay us for your care or your funding arrangements
  • Photographs
  • Information about your use of our information and communications systems
  • Information about criminal convictions and offences

 

We may also record and process the following data which is classified as “special category”:

  • NHS Number, Information about your health and social care, including any medical conditions, and details of any disability for which we may need to make reasonable adjustments
  • Details of any accident and or incident reports
  • Information about your race or ethnicity, religious beliefs, sexual orientation, and political opinions.

 

Our lawful bases for processing your data 

 

We need this data so that we can provide high-quality care and support. By law, we need to have a lawful basis for processing your personal data.

 

We process your personal data in the following circumstances:

·      We have a legal obligation to do so – generally under the Health and Social Care Act 2012 or Mental Capacity Act 2005

·      Where we need to perform the contract we have entered into with you.

·      Where it is necessary for our legitimate interests or those of a third party and your interests and fundamental rights do not override those interests.

 

We process your special category data because:

·      It is necessary due to social security and social protection law (generally this would be in safeguarding instances).

·      It is necessary for us to provide and manage social care services.

·      We are required to provide data to our regulator, the Care Quality Commission (CQC), as part of our public interest obligations.

 

We may also process your data with your consent. If we need to ask for your permission, we will offer you a clear choice and ask that you confirm to us that you consent. We will also explain clearly to you what we need the data for and how you can withdraw your consent at any time.

 

Common law duty of confidentiality

 

In our use of health and care information, we satisfy the common law duty of confidentiality because:

·      You have provided us with your consent (either implicitly to provide you with care, or explicitly for other uses).

·      We have a legal requirement to collect, share, and use the data.

·      The public interest to collect, share and use the data overrides the public interest served by protecting the duty of confidentiality (for example sharing information with the police to support the detection or prevention of serious crime).

 

Sources of personal data / Who has access to your data

 

So that we can provide you with high quality care and support we need specific data. This is collected from and shared with you or your legal representatives or third parties.

 

We collect personal information about you through the support planning and assessment process, either directly from you, a relative or advocate or social services. We may sometimes collect additional information from third parties including former providers and social services. We also collect additional personal information in the course of performing our contract with you. We do this face to face, via phone, via email, via post, via application forms or via apps.

 

Third parties are organisations we might lawfully share your data with. These include:

  • Other parts of the health and care system such as local hospitals, the GP, the pharmacy, social workers, clinical commissioning groups, and other health and care professionals.
  • The Local Authority.
  • Your family or friends – with your permission.
  • Organisations we have a legal obligation to share information with i.e. for safeguarding, the CQC.
  • The police or other law enforcement agencies if we have to by law or court order.

 

Where we do so, we will require third parties to respect the security of your data and to treat it in accordance with the law.

 

National Data Opt-Out

 

We review our data processing on an annual basis to assess if the national data opt-out applies. This is recorded in our Record of Processing Activities. All new processing is accessed to see if the National Data Opt-Out applies. If any data processing falls within scope of the National Data Opt-Out we use MESH to check if any of our service users have opted out of their data being used for this purpose.

 

At this time, we do not share any data for planning or research purposes for which the national data opt-out would apply. We review all of the confidential patient information we process on an annual basis to see if this is used for research and planning purposes. If it is, then individuals can decide to stop their information being shared for this purpose. You can find out more information at https://www.nhs.uk/your-nhs-data-matters/.

 

Security of your data

 

We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used, or accessed in an unauthorised way, altered, or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to know.

 

We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.

 

How we decide how long to retain your data

 

We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

 

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

 

Your information is securely stored for the time periods specified in the Records Management Code of Practice (most heath and care records are typically retained for eight years). We will then dispose of the information as recommended by the Records Management Code for example we will:

  • Securely dispose of your information by shredding paper records or wiping hard drives to legal standards of destruction.
  • Delete your information within our systems and digital files.

 

Your rights

 

The data that we keep about you is your data and we will ensure that we keep it confidential and that it is used appropriately. You will have the following rights when it comes to your data:

·      Request access to, and a copy of, all your personal data we keep about you. Generally, we will not charge for this service.

·      Request correction of any personal data that we hold about you which you believe to be inaccurate or incomplete. You can also request that we restrict all processing of your data while we consider your rectification request.

·      Request erasure of any of your personal data which is no longer necessary for the purpose we originally collected it for. We retain our data in line with our Data Protection Policy. You can also ask for your data to be erased if we have asked for your consent to process your data – you can withdraw consent at any time – please contact us to do so.

·      Restrict Processing if we no longer require your personal data for the purpose we originally collected it for, but you do not wish for it to be erased.  

·      Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) in order to complete a task in the public interest. We will restrict all processing of this data while we look into your objection.

 

You may need to provide adequate information for our staff to be able to identify you, for example, a passport or driver’s licence. This is to make sure that data is not shared with the wrong person inappropriately. We will always respond to your request as soon as possible and at the latest within one month.

 

If you believe we have not complied with your rights, you can complain to the Information Commissioner.

 

Information Commissioner’s Office

Wycliffe House

Water Lane

Wilmslow

Cheshire

SK9 5AF

 

https://ico.org.uk/global/contact-us/

 

What if you do not provide personal data?

 

If you do not provide personal data, it is likely to be impossible for Support Horizons to enter into, or to continue with, a working relationship with you.

 

Relatives / Friends

 

Relatives and friends, as part of our work providing high-quality care and support, it might be necessary that we hold the following information on you:

  • Your basic details and contact information e.g. your name and address.

 

By law, we need to have a lawful basis for processing your personal data. We process your data because we have a legitimate business interest in holding next of kin and lasting power of attorney information about the individuals who use our service.

 

We may also process your data with your consent. If we need to ask for your permission, we will offer you a clear choice and ask that you confirm to us that you consent. We will also explain clearly to you what we need the data for and how you can withdraw your consent.

 

So that we can provide you with high quality care and support we need specific data. This is collected from and shared with your or your legal representatives or third parties.

 

We do this face to face, via phone, via email, via post, via application forms or via apps.

 

Third parties are organisation we have a legal reason to share your data with. These may include:

  • Other parts of the health and care system such as local hospitals, the GP, the pharmacy, social workers and other health and care professionals.
  • The Local Authority.
  • The police or other law enforcement agencies if we have to by law or court order.

 

Where we do so, we will require third parties to respect the security of your data and to treat it in accordance with the law.

 

Changes to this Privacy Notice

 

Support Horizons reserves the right to update this privacy notice at any time, and we will provide you with a new privacy notice when we make any substantial updates. We may also notify you in other ways from time to time about the processing of your personal information.

 

 Updated: May 2026
Next review date: Early 2027