Simplex Healthcare Limited Updated April 2026
1. Introduction
Simplex Healthcare Limited is committed to protecting your privacy and ensuring your personal information is handled safely, lawfully, and transparently. We comply with:
- UK GDPR
- Data Protection Act 2018
- CQC Single Assessment Framework (2025)
- NHS England Information Governance Guidance (2025)
- DSPT 2025
- National Data Opt-Out (2022 legal requirement)
- Employment Rights Act 2025
This Privacy Notice explains how we collect, use, store, and share your information.
2. Who We Are
Simplex Healthcare Limited Registered office: [Insert address] Data Protection Lead: Registered Manager Contact: [Insert email/phone]
3. What Information We Collect
We collect and process:
- Name, address, contact details
- Date of birth
- Next of kin details
- Health and social care information
- Medication information
- Risk assessments and care plans
- Visit notes and communication logs
- Financial and invoicing information
- CCTV images (if applicable)
- Employment information (for staff)
4. Why We Collect Your Information
We use your information to:
- Provide safe, effective care
- Create and maintain care plans
- Manage medication
- Communicate with you and your representatives
- Meet legal and regulatory requirements
- Respond to safeguarding concerns
- Improve our services
- Maintain accurate records
- Manage staff and workforce operations
5. Lawful Bases for Processing
We process your information under:
- Provision of health or social care
- Legal obligation (CQC, safeguarding, ERA 2025)
- Contract
- Vital interests
- Public task
- Legitimate interests
- Consent (where required)
Special category data (e.g., health information) is processed under:
- Health or social care provision
- Employment law
- Substantial public interest (safeguarding, fraud prevention)
6. National Data Opt-Out
Simplex Healthcare Limited complies with the National Data Opt-Out, which allows individuals to stop their confidential information being used for research and planning.
Your rights under the National Data Opt-Out
You can choose whether your confidential information is used for:
- Research
- Planning health and social care services
When the opt-out does NOT apply
The opt-out does not apply to:
- Direct care
- Safeguarding
- Legal obligations
- Public interest exceptions
How we comply
We ensure that:
- You are informed of your right to opt out
- We check opt-out status before sharing data for research or planning
- Your choice is respected unless an exemption applies
- Our systems and processes meet NHS England’s compliance requirements
You can set your preference at: https://www.nhs.uk/your-nhs-data-matters/ (nhs.uk in Bing)
7. How We Store Your Information
Your information is stored securely on:
- Approved digital care systems
- Encrypted devices
- Secure cloud platforms
- Locked paper files (where applicable)
We follow DSPT 2025 and NHS England cyber security standards.
8. How Long We Keep Your Information
We follow the retention periods in our:
- Data Retention & Record Keeping Policy
- NHS & Social Care retention standards
- ERA 2025 six‑year requirement
Examples:
- Care records: 8 years
- Safeguarding: 25 years
- Personnel files: 6 years after employment ends
- Rosters & holiday pay: 6 years
- CCTV: 30 days (unless needed for investigation)
9. Who We Share Information With
We share information only when lawful, necessary, and proportionate.
We may share information with:
- NHS professionals
- Local authority safeguarding teams
- CQC
- Police
- Pharmacies
- Other agencies involved in your care
- Your GP
- Your authorised representatives
We do not sell your data.
10. Your Rights
You have the right to:
- Be informed
- Access your information
- Request correction
- Request deletion (where applicable)
- Restrict processing
- Object to processing
- Data portability
- Not be subject to automated decision‑making
11. Accessing Your Information (SARs)
You may request a copy of your information. We will:
- Verify your identity
- Respond within one month
- Provide information securely
- Redact third‑party information
12. Data Security
We use:
- Encryption
- Multi‑factor authentication
- Access controls
- Secure email
- System audit trails
- Regular cyber security audits
- Approved devices only
Cross‑reference: Digital Systems & Information Governance Policy
13. Data Breaches
A data breach includes:
- Loss of information
- Unauthorised access
- Cyber incidents
- Sending information to the wrong person
We will:
- Investigate all breaches
- Notify the ICO within 72 hours if required
- Inform affected individuals where necessary
14. Contact Us
If you have questions or concerns about how your information is used:
Data Protection Lead Simplex Healthcare Limited Email: [Insert] Phone: [Insert]
You may also contact the Information Commissioner’s Office (ICO).
15. Review
This Privacy Notice will be reviewed:
- Annually
- After legislative changes
- After CQC or DSPT updates
Next review: April 2027