Shardale Specialist Therapuetic Communities - Treatment for Drug and Alcohol Addiction Shardale Ltd
385 Clifton Dr Nth
Lytham Saint Annes

Call 01253 728 898

Supporting Best Recovery Outcomes
Shardale Ltd GDPR Privacy Policy

From 25th May 2018 GDPR will be enforced by data protection regulators across Europe. It will change how businesses and public sector organisations handle the information of clients and staff. Shardale respects and values the privacy of our clients and will only collect and use personal data in the ways described in the attached privacy notice and in a way that is consistent with our obligations and your rights in law.


Shardale St.Annes Ltd collect a lot of data and information about our residents so that we can run effectively as a care provider. This privacy notice explains how and why we collect resident’s data, what we do with it and what rights relatives and residents have.

Why do we collect and use Resident information?

We collect and use Resident information under the following lawful bases:
a. where we have the consent of the data subject (Article 6 (a));

b. where it is necessary for compliance with a legal obligation (Article 6 (c));

c. where processing is necessary to protect the vital interests of the data subject or another person (Article 6(d));

d. Where it is necessary to carry out the task in the best interest of the individual and is balanced against their interests, rights and freedoms

Where the personal data we collect about Residents is sensitive personal data, we will only process it where:
a. we have explicit consent;

b. processing is necessary to protect the vital interests of the data subject or of another natural person where the data subject is physically or legally incapable of giving consent; and / or

c. Processing is necessary for reasons of substantial public interest, on the basis of Union or Member State law which shall be proportionate to the aim pursued, respect the essence of the right to data protection and provide for suitable and specific measures to safeguard the fundamental rights and the interests of the data subject.

Please see our Record Keeping and Data Protection Policy for a definition of sensitive personal data.
We use the resident data to support our statutory functions of delivery of care, in particular:

• To maintain an enquiry file and waiting list
• To decide who we admit to Shardale according to our admission criteria
• To assess levels of care required
• To monitor care delivery and report on it
• To monitor health and wellbeing
• To evaluate and review plans of care
• To communicate health and well-being to staff and other members of the multi-disciplinary team and relatives/Next of Kin
• To comply with the law on data held and shared
• For the welfare and protection of the resident and others in Shardale
• To assess the quality of our service

The categories of resident information that we collect, hold and share include:

a. Personal information (such as name, unique resident number and address);

b. Characteristics (such as ethnicity, language, medical conditions, nationality, country of birth and funding source);

c. Care Plans and Assessment information in all activities of daily living, includes physical and mental abilities, health and hygiene, dietary, religious, cultural and social/occupational

d. Life Histories, which would include personal relationships, family history, how life could be improved, religious preferences, strengths and abilities

e. Medical History and medication history

f. Risk assessments including dependency, mood cognition, family dynamics, behaviours, requested home leave, requested networking

g. Consent forms for daily care

From time to time and in certain circumstances, we might also process personal data about residents, some of which might be sensitive personal data, including information about safeguarding. This information is not routinely collected and is only likely to be processed by the company in specific circumstances relating to particular residents, for example, if a safeguarding issue arises. Where appropriate, such information may be shared with external agencies such as the safeguarding team at the Local Authority or the Police. Such information will only be processed to the extent that it is lawful to do so and appropriate measures will be taken to keep the data secure.

We collect information about resident when they are admitted to the home and update it as required.

Storing resident data

For information on how long we hold resident data please see our Record Keeping and Data Protection available in Shardale.

Some personal data is stored electronically, for example Client reports. Some information may also be stored in hard copy format.

Who do we share resident information with?

We routinely share resident information with:
• Other members of staff to ensure continuity of care
• A client’s local authority
• Care Quality Commission (CQC)

From time to time, we may also share resident information other third parties including the following:
• the Police and law enforcement agencies;
• NHS health professionals including the chiropodist, dentist, GPs District nurses and hospital staff(where appropriate)
• Social workers (where applicable)
• Courts, if ordered to do so;
• Our legal advisors;
• Our insurance providers

Some of the above organisations may also be Data Controllers in their own right in which case we will be jointly controllers of your personal data and may be jointly liable in the event of any data breaches.

In the event that we share personal data about residents with third parties, we will provide the minimum amount of personal data necessary to fulfil the purpose for which we are required to share the data.

Why we share resident information

We do not share information about our residents with anyone without consent unless the law allows us to do so.

We share information:
• in the interests of the residents to provide a holistic approach to health and the care package
• In the event of a safeguarding issue
• For financial information to be set up
• To keep relevant other parties informed

Data collection requirements:

To find out more about the data collection requirements placed on us by the Health and Social Care Act 2008 (Regulated Activities) Regulations 2010 and the Care Quality Commission (Registration) Regulations 2009.

Requesting access to your personal data

Under data protection legislation, you have the right to request access to information about you that we hold (“Subject Access Request”). To make a request for your relative’s personal data, contact The home manager or Data Protection Officer, although any written request for personal data will be treated as a Subject Access Request.
The legal timescales for the company to respond to a Subject Access Request is one calendar month. For further information about how we handle Subject Access Requests, please see our Right to Access Personal Data Policy.
No fee usually required
You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is manifestly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.
What we may need from you
We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.
You also have the right to:
• object to processing of personal data that is likely to cause, or is causing, damage or distress;
• prevent processing for the purpose of direct marketing;
• object to decisions being taken by automated means;
• in certain circumstances, have inaccurate personal data rectified, blocked, erased or destroyed; and
• claim compensation for damages caused by a breach of the our data protection responsibilities.

If you have a concern about the way we are collecting or using your personal data, you should raise your concern with us in the first instance or directly to the Information Commissioner’s Office at

If you would like to discuss anything in this privacy notice, please contact: