Skip to main content

Resident Privacy Notice

When Marbrook processes your personal data we are required to comply with the General Data Protection Regulation 2016 (“GDPR” and is referred to as the “Data Protection Legislation”).

Marbrook is the data controller of the personal data you provide. We have appointed a Data Protection Officer and they will have day to day responsibility for ensuring that we comply with the Data Protection Legislation and for dealing with any requests we receive from individuals exercising their rights under the Data Protection Legislation.

Data Protection Officer

14 Parkway

Welwyn Garden City



01707 248248

The organisation collects and processes personal data relating to its residents and their families or representatives in the provision of health and care. The organisation is committed to being transparent about how it collects and uses that data and to meeting its data protection obligations.

 What information does the organisation collect?

The organisation collects a range of information about you. This includes:

  • Your name, address and contact details, including email address and telephone number; (including details of family, friends and/or representatives)
  • Location Data
  • Medical and health records, including opinions that we document about you
  • Care plans
  • Picture ID
  • Financial information
  • NHS number
  • National Insurance number
  • Passport details, residency status and nationality
  • Marital status
  • Racial or ethnic origin
  • Political opinions
  • Religion

The organisation collects this information in a variety of ways. For example, data might be contained in Care plans, Daily Records, Medical and Health records, Medication records or collected through assessments as part of the referrals process.

The organisation will also collect personal data about you from third parties, such as your GP, local authorities, clinical commissioning groups, private medical insurers or other healthcare professionals.

 Why does the organisation process personal data?

The personal information we collect and store about you allows us to provide services to you and in some cases, the organisation needs to process data to ensure that it is complying with its legal obligations. We also use it to help us develop, operate, deliver, and improve the quality of the care we provide or, more generally, the type of services that we offer.

From time to time, we may use your personal information to send important notices to you or to those acting on your behalf, such as updates to your care and/or treatment plans or changes to our terms, conditions and policies. Because this information is important to your interaction with Marbrook, you may not opt out of receiving these communications.

We may also use personal information for internal purposes such as auditing, data analysis, and research to improve our services and our communication with you.

We process most of your information on the grounds of performance of a contract we have entered into, protection of the vital interests of a Data Subject or, in the case of special categories of data, processing for the provision of health or social care or treatment or the management of health or social care systems or services.

Special Categories of Data include but are not limited to medical and health records (including information collected as a result of providing health care services) and information about a person’s religious beliefs, ethnic origin and race, sexual orientation and political views

Who has access to data?

Your information may be shared internally, any staff member who are responsible for carrying out care and treatment of residents, managers of the organisation in line with their responsibilities and IT staff if access to the data is necessary for performance of their roles

We will only share your personal information with third parties in the following circumstances:

  • Where you have given your consent to the information being shared;
  • Where there are issues or concerns like the health and safety of yourself or others; or
  • Where there is a legal requirement or responsibility to share the information.

Personal information of service users may also need to be shared with third parties to make arrangements for the funding and/or payment of services received.

 How does the organisation protect data?

The organisation takes the security of your data seriously. The organisation has internal policies and controls in place to try to ensure that your data is not lost, accidentally destroyed, misused or disclosed, and is not accessed except by its employees in the performance of their duties.

Where the organisation engages third parties to process personal data on its behalf, they do so on the basis of written instructions, are under a duty of confidentiality and are obliged to implement appropriate technical and organisational measures to ensure the security of data

 For how long does the organisation keep data?

We are legally required to hold certain information about you for a set period of time. All personal information will be deleted or securely destroyed at the appropriate time and we will not keep your personal information for longer than is required or permitted by law in line with our data retention policy

 Your rights

As a data subject, you have a number of rights. You can:

  • Access and obtain a copy of your data on request;
  • Require the organisation to change incorrect or incomplete data;
  • Require the organisation to delete or stop processing your data;
  • Object to the processing of your data where the organisation is relying on its legitimate interests as the legal ground for processing; and
  • Ask the organisation to stop processing data for a period if data is inaccurate or there is a dispute about whether or not your interests override the organisation’s legitimate grounds for processing data.

There are certain scenarios in which we are entitled to refuse to comply with a request. If any of those apply, we will let you know.

If you would like to exercise any of these rights, please contact the Data Protection Officer.  You can make a subject access request by completing the organisation’s form for making a subject access request, the form is available on request. We will respond to your request as soon as possible and in any event within one month from the date we receive it. If we need more time, we will let you know.

If you believe that the organisation has not complied with your data protection rights, you can complain to the Information Commissioner.


CCTV is installed in the communal areas of Marbrook’s care homes. It’s use is strictly for the purpose of protecting and maintaining the safeguarding of our residents and for the detection and prevention of crime.

Recommended Stamp

Our latest news

Read more News