01795 427 709, 07956 555 212

Privacy Policy

Simplex Healthcare Limited Updated April 2026

1. Introduction

Simplex Healthcare Limited is committed to protecting your privacy and ensuring your personal information is handled safely, lawfully, and transparently. We comply with:

  • UK GDPR
  • Data Protection Act 2018
  • CQC Single Assessment Framework (2025)
  • NHS England Information Governance Guidance (2025)
  • DSPT 2025
  • National Data Opt-Out (2022 legal requirement)
  • Employment Rights Act 2025

This Privacy Notice explains how we collect, use, store, and share your information.

2. Who We Are

Simplex Healthcare Limited Registered office: [Insert address] Data Protection Lead: Registered Manager Contact: [Insert email/phone]

3. What Information We Collect

We collect and process:

  • Name, address, contact details
  • Date of birth
  • Next of kin details
  • Health and social care information
  • Medication information
  • Risk assessments and care plans
  • Visit notes and communication logs
  • Financial and invoicing information
  • CCTV images (if applicable)
  • Employment information (for staff)

4. Why We Collect Your Information

We use your information to:

  • Provide safe, effective care
  • Create and maintain care plans
  • Manage medication
  • Communicate with you and your representatives
  • Meet legal and regulatory requirements
  • Respond to safeguarding concerns
  • Improve our services
  • Maintain accurate records
  • Manage staff and workforce operations

5. Lawful Bases for Processing

We process your information under:

  • Provision of health or social care
  • Legal obligation (CQC, safeguarding, ERA 2025)
  • Contract
  • Vital interests
  • Public task
  • Legitimate interests
  • Consent (where required)

Special category data (e.g., health information) is processed under:

  • Health or social care provision
  • Employment law
  • Substantial public interest (safeguarding, fraud prevention)

6. National Data Opt-Out

Simplex Healthcare Limited complies with the National Data Opt-Out, which allows individuals to stop their confidential information being used for research and planning.

Your rights under the National Data Opt-Out

You can choose whether your confidential information is used for:

  • Research
  • Planning health and social care services

When the opt-out does NOT apply

The opt-out does not apply to:

  • Direct care
  • Safeguarding
  • Legal obligations
  • Public interest exceptions

How we comply

We ensure that:

  • You are informed of your right to opt out
  • We check opt-out status before sharing data for research or planning
  • Your choice is respected unless an exemption applies
  • Our systems and processes meet NHS England’s compliance requirements

You can set your preference at: https://www.nhs.uk/your-nhs-data-matters/ (nhs.uk in Bing)

7. How We Store Your Information

Your information is stored securely on:

  • Approved digital care systems
  • Encrypted devices
  • Secure cloud platforms
  • Locked paper files (where applicable)

We follow DSPT 2025 and NHS England cyber security standards.

8. How Long We Keep Your Information

We follow the retention periods in our:

  • Data Retention & Record Keeping Policy
  • NHS & Social Care retention standards
  • ERA 2025 six‑year requirement

Examples:

  • Care records: 8 years
  • Safeguarding: 25 years
  • Personnel files: 6 years after employment ends
  • Rosters & holiday pay: 6 years
  • CCTV: 30 days (unless needed for investigation)

9. Who We Share Information With

We share information only when lawful, necessary, and proportionate.

We may share information with:

  • NHS professionals
  • Local authority safeguarding teams
  • CQC
  • Police
  • Pharmacies
  • Other agencies involved in your care
  • Your GP
  • Your authorised representatives

We do not sell your data.

10. Your Rights

You have the right to:

  • Be informed
  • Access your information
  • Request correction
  • Request deletion (where applicable)
  • Restrict processing
  • Object to processing
  • Data portability
  • Not be subject to automated decision‑making

11. Accessing Your Information (SARs)

You may request a copy of your information. We will:

  • Verify your identity
  • Respond within one month
  • Provide information securely
  • Redact third‑party information

12. Data Security

We use:

  • Encryption
  • Multi‑factor authentication
  • Access controls
  • Secure email
  • System audit trails
  • Regular cyber security audits
  • Approved devices only

Cross‑reference: Digital Systems & Information Governance Policy

13. Data Breaches

A data breach includes:

  • Loss of information
  • Unauthorised access
  • Cyber incidents
  • Sending information to the wrong person

We will:

  • Investigate all breaches
  • Notify the ICO within 72 hours if required
  • Inform affected individuals where necessary

14. Contact Us

If you have questions or concerns about how your information is used:

Data Protection Lead Simplex Healthcare Limited Email: [Insert] Phone: [Insert]

You may also contact the Information Commissioner’s Office (ICO).

15. Review

This Privacy Notice will be reviewed:

  • Annually
  • After legislative changes
  • After CQC or DSPT updates

Next review: April 2027