Who We Are
[CARE HOME NAME] is a registered provider of adult social care, located at [ADDRESS]. We are the data controller for personal data relating to our residents.
We are registered with the Information Commissioner’s Office (ICO) under registration number [YOUR ICO REGISTRATION NUMBER], verify at ico.org.uk.
For any questions about how we use your information, contact: [MANAGER NAME], [JOB TITLE], [EMAIL ADDRESS], [PHONE NUMBER].
Who This Notice Covers
- Residents of [CARE HOME NAME]
- Family members or representatives acting on a resident’s behalf
- Prospective residents whose care needs are being assessed
What Personal Data We Collect
| Category | Examples |
|---|---|
| Identity data | Full name, date of birth, next of kin, key worker |
| Care records | Daily care notes, observations, care plans |
| Medication records | Prescriptions, medication administration records |
| Incident records | Accidents, incidents, safeguarding concerns |
| Wellbeing records | Mood, behaviour, nutrition, hydration observations |
| Clinical information | GP notes, assessments, clinical correspondence |
| Voice recordings | Where care staff use voice note features: raw audio deleted within 30 days |
Why We Collect This Information
| Purpose | Legal basis |
|---|---|
| Providing and managing your daily care | Legal obligation: CQC Regulation 17 (Health and Social Care Act 2008 Regulated Activities Regulations 2014) |
| Keeping care records accurate and contemporaneous | Legal obligation (Reg 17); provision of health and social care (DPA 2018 Sch. 1 Pt. 1 para. 2) |
| Recording and investigating incidents or safeguarding concerns | Legal obligation (CQC Regulations 18 and 20); protection of vital interests |
| Preparing for CQC inspections and Provider Information Returns | Legal obligation (Regulation 17) |
| Sharing information with your GP or clinical professionals | Provision of health and social care; your consent where required |
How We Use Artificial Intelligence (AI)
[CARE HOME NAME] uses Care-Meter, a digital records system, to support the registered manager and care staff. Care-Meter uses computer technology to read handwritten notes, group records, and highlight items that may need attention. The system does not make decisions about your care. A member of staff always reviews and decides what action to take.
Care-Meter also uses automated language processing to identify care-related topics in your records (for example, falls, mobility changes, or skin integrity). This lets staff and the registered manager quickly find and review the relevant entries when checking on your care or preparing governance reports — for example, when a manager asks “what do the records show about mobility?”. The result always points back to your actual records for a person to read and judge: it is a way of finding information, not a conclusion about you, and it never produces a score.
| What the AI does | What the AI does NOT do |
|---|---|
| Sorts and categorises care notes (for example, medication, wellbeing, incident) | Make decisions about your care |
| Identifies care-related topics so staff can find and review the relevant records (record retrieval) | Draw conclusions, score you, or replace reading the actual record |
| Flags notes that a manager may need to review promptly | Take any action without human oversight |
| Helps managers check care records are complete | Replace the professional judgement of our care staff |
| Assists managers in preparing governance reports | Access data from other care providers |
Who We Share Your Information With
- Care staff at [CARE HOME NAME] involved in your care
- Managers responsible for overseeing care quality
- Health professionals involved in your care (GP, district nurse, pharmacist), only what is relevant
- The Care Quality Commission (CQC) during inspection or if required by law
- [LOCAL AUTHORITY NAME] if they are funding your placement, to the extent required by your care contract
- WillMachi Limited (Care-Meter), our technology supplier; they store and process records securely on our behalf and cannot use your information for any other purpose
- Emergency services where your safety or the safety of others requires it
We do not sell your information or share it with advertisers.
How Long We Keep Your Information
| Data type | Retention period | Basis |
|---|---|---|
| Care notes, care plans, incident records | 7 years from the end of your care with us | NHS Records Management Code of Practice 2021 |
| Voice audio recordings (where used) | 30 days from recording | Proportionality: transcribed text is the durable record |
| Safeguarding records | 7 years minimum; may be longer if required by law | NHS RMCOP; relevant regulations |
When retention periods expire, data is securely deleted or irreversibly anonymised. You may request earlier deletion (see Section 8), except where retention is required by law.
Your Rights
You have the following rights under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. We will respond within one calendar month.
| Right | UK GDPR Art. | How to exercise |
|---|---|---|
| Right of Access: obtain a copy of your personal data | Art. 15 | Contact [MANAGER NAME] at [CONTACT DETAILS] |
| Right to Rectification: correct inaccurate or incomplete data | Art. 16 | Contact [MANAGER NAME] at [CONTACT DETAILS] |
| Right to Erasure (‘right to be forgotten’) | Art. 17 | Contact [MANAGER NAME] at [CONTACT DETAILS]. Note: some data must be retained by law. |
| Right to Restrict Processing | Art. 18 | Email privacy@care-meter.co.uk |
| Right to Data Portability: structured, machine-readable format | Art. 20 | Contact [MANAGER NAME] at [CONTACT DETAILS] |
| Right to Object to processing based on legitimate interests | Art. 21 | Email privacy@care-meter.co.uk |
| Right to withdraw consent (where consent is the lawful basis) | Art. 7(3) | Email privacy@care-meter.co.uk. Does not affect prior processing. |
| Right to safeguards in automated decisions (information, representation, human review, contest) | Arts. 22A-22D (DUA Act 2025) | Contact [MANAGER NAME] at [CONTACT DETAILS]. We will explain how any decision was reached and arrange human review. |
If you believe we have not handled your information correctly, please tell us first. Contact [MANAGER NAME] at [CONTACT DETAILS]. We will acknowledge your complaint within 30 days and respond without undue delay, as required by section 164A of the Data Protection Act 2018 (as inserted by the Data (Use and Access) Act 2025).
You may also raise a complaint at any time with the Information Commissioner’s Office at ico.org.uk/make-a-complaint or by calling 0303 123 1113.
How We Protect Your Information
- Care records stored using encrypted cloud storage in the United Kingdom (AWS eu-west-2, London)
- Access restricted to authorised staff only; all access is logged
- Sessions expire after 30 minutes of inactivity
- In the event of a data breach, the ICO will be notified within 72 hours and you will be informed if you are at risk
International Transfers
Your care records are stored and processed within the United Kingdom. They are not transferred to any country outside the UK.
Data We Do NOT Collect
Changes to This Notice
We may update this notice. If we make material changes, we will inform you directly and display a prominent notice at least 14 days before changes take effect. The current version is always available from [MANAGER NAME] on request. Previous versions are available on request.
Contact Us
| Contact | Details |
|---|---|
| Questions or to exercise your rights | [MANAGER NAME], [JOB TITLE] [CARE HOME NAME], [ADDRESS] [EMAIL], [PHONE] |
| Care-Meter (our technology supplier) | WillMachi Limited · privacy@care-meter.co.uk · care-meter.co.uk |
| Information Commissioner's Office (ICO) | ico.org.uk · 0303 123 1113 · Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF |
Care Home Checklist Before Issuing
- Fill in all [bracketed] fields
- Add your logo
- Confirm your own ICO registration number at ico.org.uk
- Remove all coloured guidance boxes
- Save a dated copy for your records
- Issue to residents on admission and when Care-Meter usage materially changes
Version 1.2 TEMPLATE. Issued by WillMachi Limited (Co. No. 14540910), ICO Registration: ZC107807. Care-Meter provided by WillMachi Limited.