1. Who we are

Personal data means information that identifies you or could reasonably identify you. Depending on your relationship with us, we may collect:

Supported living and referrals

• Identity and contact details (name, address, telephone, email)
• Date of birth and age-related information where relevant to eligibility
• Information about support needs, daily living, and wellbeing
• Health and care-related information where necessary to assess suitability, plan support, or meet safeguarding duties
• Referrer details (name, organisation, role, contact information)
• Records of conversations, enquiries, and correspondence

Healthcare staffing and recruitment

• Identity and contact details, employment history, and qualifications
• Professional registration details (where applicable)
• Right-to-work and vetting information (which may include criminal records checks where permitted by law)
• References and application materials

Website and general enquiries

• Information you submit through our contact, referral, or registration forms
• Technical data (IP address, browser type, device information, pages viewed) where optional analytics cookies are accepted
• Cookie preferences

We collect personal data directly from you, from professionals who refer individuals to us, from publicly available professional sources where appropriate, and automatically through our website (subject to your cookie choices).

Some information we process is treated as special category data under UK data protection law, including data concerning health, which is common in supported living, care, and healthcare staffing contexts.

We only process special category data where there is a lawful basis under the UK GDPR and, where required, a separate condition under Article 9, such as:

• Provision of health or social care
• Substantial public interest (including safeguarding of children and adults at risk)
• Employment, social security, and social protection law (for workforce vetting where applicable)
• Explicit consent, where we have asked for and you have given it

We apply additional care when handling this information and limit access to those who need it for legitimate purposes.

We use personal data to:

• Respond to enquiries about supported living, referrals, and healthcare staffing
• Assess and progress referrals and expressions of interest in our services
• Deliver, administer, and improve supported living and staffing services
• Recruit, vet, and manage healthcare and support workers (where applicable)
• Meet safeguarding duties and protect individuals from harm
• Comply with legal and regulatory obligations (including duties relevant to regulated health and social care activity)
• Maintain records, quality assurance, and complaints handling
• Operate, secure, and improve our website (including optional analytics where you have consented)

We do not sell your personal data. We do not use your data for automated decision-making that produces legal or similarly significant effects without appropriate safeguards.

Under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, we rely on one or more of the following lawful bases, depending on the activity:

• Consent — for example, optional analytics cookies or where you have clearly agreed to a specific use
• Contract — to take steps at your request before entering a contract, or to perform a contract with you
• Legal obligation — where we must process data to comply with UK law (including care, employment, and safeguarding-related requirements)
• Vital interests — in rare circumstances where necessary to protect someone’s life
• Legitimate interests — to run and protect our organisation, provided your rights are not overridden (for example, improving services, fraud prevention, and proportionate administration)
• Public task / official authority — where applicable to our regulated or commissioning-related activities

Where we process special category data, we also identify an Article 9 condition as described in section 3.

We may share personal data with trusted third parties where necessary and proportionate, including:

• Local authorities, NHS bodies, and commissioners involved in care or placement pathways
• Regulators and inspectors (such as the Care Quality Commission) where we are subject to regulation or inspection
• Professional advisers (for example solicitors, auditors, and insurers)
• IT, hosting, and administrative service providers who process data on our instructions
• Safeguarding partners, police, or emergency services where there is a serious risk of harm or a legal duty to report
• Disclosure and Barring Service (DBS) and similar vetting bodies for workforce checks

We require processors to protect personal data through appropriate contracts and security measures. We do not allow third parties to use your data for their own marketing purposes.

We implement appropriate technical and organisational measures to protect personal data against unauthorised access, loss, misuse, or alteration. Access is limited to staff, workers, and partners who need the information for legitimate purposes.

We primarily store and process personal data within the United Kingdom. If data is transferred outside the UK, we ensure appropriate safeguards are in place as required by UK data protection law (for example, adequacy regulations or approved contractual clauses).

We keep personal data only for as long as necessary for the purposes set out in this notice, including legal, regulatory, safeguarding, and care-record requirements.

Retention periods vary depending on the type of record. For example:

• General enquiries may be kept for a limited period after the matter is closed
• Referral and care-related records may be kept for longer where required for continuity of care, safeguarding, or regulatory purposes
• Recruitment and workforce records are kept in line with employment law and vetting requirements

When data is no longer needed, we securely delete or anonymise it where possible.

Under UK data protection law, you may have the following rights (subject to conditions and exemptions):

• Right of access — to obtain a copy of your personal data
• Right to rectification — to correct inaccurate or incomplete data
• Right to erasure — in certain circumstances
• Right to restrict processing — in certain circumstances
• Right to data portability — where processing is based on consent or contract and carried out by automated means
• Right to object — including to processing based on legitimate interests
• Rights related to automated decision-making
• Right to withdraw consent — where processing is based on consent (without affecting prior lawful processing)

To exercise your rights, contact us using the details in section 12. We may need to verify your identity. We aim to respond within one month, as required by law.

You have the right to lodge a complaint with the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection: ico.org.uk.

Strictly necessary cookies are required for the website to function (including security, session management, and remembering your cookie choice). These do not require consent.

Optional analytics cookies help us understand how visitors use the website (for example, pages viewed and approximate location). We only enable these if you click Accept optional cookies on our banner. If you click Reject optional cookies, we do not record optional analytics about your visit.

You can change your choice by clearing cookies in your browser and revisiting the site, or by contacting us.

Because we work in supported living and healthcare-related services, we take safeguarding seriously. If we receive information that suggests a child or adult may be at risk of harm, we may need to share relevant information with local authority safeguarding teams, clinical partners, or the police, even without your consent, where permitted by law and necessary to protect individuals.

For privacy questions, data subject requests, or concerns about how we handle personal data, contact Hillcrest Living Ltd via our contact page or the email address in the website footer. Please mark your message “Data protection”.

We may update this privacy notice from time to time. The version on this page is the current version. We encourage you to review it periodically.

This notice is written to reflect UK data protection standards and our supported living and healthcare-related activities. It is provided for general information and does not constitute legal advice. You may wish to have it reviewed by a qualified legal adviser for your specific circumstances.