Privacy Policy

Privacy Notice 

Please read this notice carefully as it explains how we, Consensus Support Services, uses the personal information that you provide to us during any method of contact (for example, by email, phone, online forms and by using any of our services). We take the protection of your personal data very seriously and strictly adhere to the rules laid out by data protection laws and the UK General Data Protection Regulation (GDPR).

If you have any questions about this notice, please contact our Data Protection Officer [email protected].

What we process

We process personal data about enquirers, residents, and individuals we support before, during and after their contact with us. This processing is required to support our business interests and fulfil our legal and contractual obligations that are compliant with the UK GDPR, UK Data Protection Act 2018 (DPA2018), Data Use and Access Act 2025 and Caldicott Principles including guidance from the 10 data security standards, which include:

• Providing services to our enquirers, residents, and individuals we support, recording what services we have provided;
• Managing the health, welfare, safety and security of our residents and individuals we support;
• Handling enquiries, complaints, and investigations;
• Monitoring and improving the quality of our services;
• Using Legitimate interests for researching and understanding the needs of our target audience and to improve our marketing effectiveness;
• Working with our partners including recruiting sites and providers to improve the quality of our services;
• For people who have us approached us to request support for the individuals they work with, we may share information about availability within our services.

We also process personal data about job applicants, current and former employees, service providers, and other groups of individuals during our business operations and this data is subject to our internal privacy policies.

Personal data you provide to us and where from

We collect the personal data you provide to us when you enquire, work in or use any of our services, for example:

• Enquiry: Personal details (name, gender, age etc.), contact information (home address, phone number, email address etc.), details of your interests and communications preferences;
• Individuals: Personal details, contact information, financial details, relative, or next of kin, care needs, service location, NHS number, assessment documentation
• Complaints: Personal details, contact information, enquiry, or complaint details;
• Health & Welfare: Medical, dietary and mobility details provided to us before, during or after any stay with us in one of our services;
• Surveys & Market Research: Responses to post-enquirer surveys and market research surveys.

Lawful basis for processing data

We only collect and use personal data about you when the law allows us to. Most commonly, we rely on the following lawful bases to process your data:

• The data subject (you) has given consent to the processing activity taking place.
• If the processing is necessary for the performance of a contract
• If the processing is necessary for compliance with a legal obligation to which the controller is subject
• If the processing in necessary for the purpose of the legitimate interest pursed by us or our partners.

Where legitimate interest is identified as a lawful basis we will undertake a legitimate interest assessment to ensure the individual’s interests, rights and freedoms are balanced against our legitimate interests before proceeding.

Who we may share your information with

When you are an individual we support;

• A sponsor to organise payment of fees.
• Your next of kin or named family member.
• Any person that you have appointed to act on your behalf pursuant to a valid Power of Attorney or allied professionals, support workers and other health care providers in the case of an emergency.

Or with;

• Organisations and consultants providing contracted services to us (for example, information technology service providers who provide and maintain our systems and our website hosting). Where these companies and consultants do provide services to us, we will only use your information in compliance with the aforementioned Data Protection Laws and Caldicott Principles.
• A third-party company, for example if a resident transfers to another service provider. This transfer of data would only take place in accordance with strict compliance criteria which is transparently conducted.
• The courts in the United Kingdom or abroad as necessary to comply with a legal requirement, for the administration of justice, to protect vital interests and to protect the security or integrity of our business operations.

Where we store your information

We may share personal information to third parties outside of the UK. Any personal information transferred will only be processed on our instruction and we ensure that information security at the highest standard is used to protect any personal information as required by the Data Protection laws.

Where personal data is transferred outside of the UK to a country without an adequacy decision, we will ensure appropriate safeguards are in place prior to the transfer. These could include:

EU Standard Contractual Clauses + UK Addendum

Binding Corporate Rules

An exception as defined in Article 49 of the EU GDPR

Retention of your information

Individuals we support:

• If you participate in any pre-admission assessment but do not go on to become an individual we support, your information will only be kept for as long as it is lawfully necessary to enable us to be compliant with our legal and contractual obligations and relevant legislation.
• If you are an individual we support within Consensus Support Services, your information will be kept for the duration of your stay, and then depending on certain circumstances,

All the information we hold is secured, kept confidential and protected with the use of strict technical and organisational measure such as access restrictions and encryption and our robust policies and procedures that are in line with Data Protection Laws and the Caldicott Principles.

Automated Decision Making

Your rights

We have summarised the rights that you have under the UK GDPR subject to some exemptions.  Please note that the way we process your information and the legal basis on which we rely to process it affects the extent to which these rights apply.

These rights are the:

• Right to be informed about the processing of your information (as per this statement);
• Right to have your information corrected if it is inaccurate and to have incomplete information completed;
• Right to object to the processing of your information;
• Right to withdraw your consent at any time where we rely on it to process your information;
• Right to restrict processing of your information;
• Right to have your information erased;
• Right to request access to your information and information about how we process it;
• Right to move, copy or transfer your information; and
• Right to automated decision-making, including profiling.

If you would like to discuss or exercise any of these rights, please contact us using the details provided both at the top and bottom of this Privacy Notice.

Complaints

If you think your information has or is being used in a way that you do not believe complies with data protection law, please raise this with us in the first instance. We will acknowledge your complaint within 30 days and seek to fully resolve any issues or concerns you may have. If you are unsatisfied with the outcome of your complaint, you have the right to complain to the Information Commissioner’s Office. 

By Post: Information Commissioners Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

By Website: Click Here

By Email: Click Here

You can contact our Data Protection Officer with any data protection concerns at [email protected]

Policy Review and Amendments

We keep this notice under regular review. It was last updated in May 2026.

We reserve the right to update this privacy notice at any time, and we will provide you with a new privacy notice when we make any substantial updates. We may also notify you in other ways from time to time about the processing of your personal information.