Privacy Policy

1. Purpose of This Policy

AbbeyRose Aftercare, operating under Blacksmith Health Care Ltd and in partnership with Camp David Recovery, is committed to protecting the privacy, dignity, and rights of all individuals whose personal information we collect and process. This Privacy Statement explains how we collect, use, store, share, and protect personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. Who We Are

AbbeyRose Aftercare provides aftercare, recovery support, and community-based services to individuals with health, social care, and recovery needs. We operate under the governance and regulatory framework of Blacksmith Health Care Ltd, with collaborative service delivery through Camp David Recovery.

For the purposes of data protection law:

• Blacksmith Health Care Ltd is the Data Controller.
• AbbeyRose Aftercare and Camp David Recovery act as Data Processors and Joint Data Processors where appropriate.

3. What Personal Data We Collect

We collect only the information necessary to deliver safe, effective, and personalised care. This may include:

3.1 Personal Identification Information

• Name, date of birth, address, contact details
• Next of kin or emergency contacts
• National Insurance number (where required)

3.2 Health and Social Care Information

• Medical history, diagnoses, treatment plans
• Mental health information
• Substance misuse history (where relevant)
• Risk assessments and safeguarding information
• Support plans, progress notes, and outcomes

3.3 Legal and Compliance Information

• Consent forms
• Incident reports
• Safeguarding referrals
• Court orders or statutory requirements (if applicable)

3.4 Operational Information

• Attendance records
• Communication logs
• CCTV footage (where used)
• Financial information for billing or funding purposes

4. How We Collect Personal Data

We collect information through:

• Direct interactions with service users
• Referrals from health and social care professionals
• Multi agency meetings and safeguarding processes
• Family members or advocates (with consent)
• Partner organisations such as Camp David Recovery
• Regulatory or statutory bodies when required

5. Why We Process Personal Data

We process personal data for the following lawful purposes:

5.1 Delivery of Care and Support

To provide safe, effective, and personalised aftercare and recovery services.

5.2 Legal and Regulatory Compliance

To meet obligations under:

• UK GDPR
• Data Protection Act 2018
• Safeguarding legislation
• Health and Social Care Act 2008

5.3 Public Interest and Vital Interests

To protect individuals from harm, prevent abuse, and respond to emergencies.

5.4 Contractual Requirements

To fulfil service agreements with commissioners, funders, or partner organisations.

5.5 Legitimate Interests

To improve service quality, conduct audits, and ensure safe operations.

6. How We Use Personal Data

Personal data is used to:

• Develop and review support plans
• Monitor progress and outcomes
• Coordinate care with partner agencies
• Manage risks and safeguarding concerns
• Communicate with service users and families
• Maintain accurate records for regulatory compliance
• Improve service quality and training

We do not use personal data for marketing or unrelated purposes.

7. Sharing Personal Data

We share information only when necessary, and always in line with legal requirements.

Data may be shared with:

• NHS services and healthcare professionals
• Local authorities and safeguarding teams
• Camp David Recovery (for joint service delivery)
• Blacksmith Health Care governance teams
• Emergency services
• Commissioners or funding bodies
• Advocates or family members (with consent)

We never sell personal data.

8. How We Store and Protect Personal Data

We use secure systems and processes to protect data, including:

• Encrypted digital storage
• Password-protected systems
• Restricted access based on job role
• Secure disposal of paper records
• Regular audits and compliance checks
• Staff training in data protection and confidentiality

9. How Long We Keep Personal Data

We retain records in line with:

• NHS Records Management Code of Practice
• Legal and contractual obligations

Typically, health and social care records are kept for a minimum of 8 years unless otherwise required.

10. Your Rights Under UK GDPR

Individuals have the right to:

• Access their personal data
• Request correction of inaccurate information
• Request deletion (where legally appropriate)
• Restrict or object to processing
• Request data portability
• Withdraw consent (where consent is the lawful basis)
• Raise concerns with the Information Commissioner’s Office (ICO)