Privacy Policy

This statement explains how and why Stow Healthcare uses any information you give us; with whom we may need to share information; how long we keep your information for; what your rights are, including how to get a copy of your information, have it corrected or erased; and who to contact at our company in relation to privacy and GDPR matters.

Stow Healthcare is a data controller, which means that we collect, process and store information that helps us manage your care effectively in our homes.

What personal information do we collect?

The personal data that we collect includes, but is not limited to:

  • the data you complete for us on forms when you or someone you have legal responsibility for moves into one of our homes
  • your feedback, survey responses, comments, suggestions and complaints
  • any emails or letters that you send us, or records of discussions we may have with you
  • financial records relating to payment for your care
  • correspondence with other healthcare professionals
  • daily care, care planning and medication records
  • records relating to next of kin contact details, legal agreements such as power of attorney or advanced care planning.

How do we use your personal information?

We use your information in the ways you would expect:

  • processing your information when booking you into our home and arranging for payment for your stay;
  • planning for your care and administering your medication
  • liaising with your GP or other professionals involved in your healthcare
  • to meet our legal and regulatory obligations, including with the local council and the Care Quality Commission as appropriate
  • to send you key information to your next of kin about life at our homes

We do not rent, sell or trade your information to other parties. We don’t allow others to market to you. We do not share your information with other healthcare professionals unless we have your consent to do so.

This notice describes how we collect, store, use and share personal information. It applies to personal information provided to us, both by you or by others on your behalf. It also explains the rights you may have in relation to the personal information that we hold about you.

Where is my personal information stored?

We hold some of your information in hard copy, and some is stored electronically. Where we store your information in hard copy, this is held in locked file cupboards. Staff outside of the management team are not able to access financial information about you. Where third parties are used to store your electronic data (which they do not have access to), this information is held in operational centres in the UK or Europe.

How long is my information kept for?

There is no legal stipulation as to how long your medical and financial data should be held for. In general, we will retain your financial data until any financial matters post your departure are resolved. NHS data retention guidelines indicate information pertaining to health care provision should be kept for 8 years after care is completed, so we will keep your data for the same period in order for example that any incident arising may be further investigated. After this time, hard copy data will be securely destroyed, and electronic data will be wiped and no longer be accessible.

What are my rights?

  • Under the General Data Protection Regulation (GDPR) you have a number of rights with regard to your personal data. You have the right to request from us access to and rectification or erasure of your personal data, the right to restrict processing, object to processing as well as in certain circumstances the right to data portability (this allows you to obtain and reuse your personal data for your own purposes across different services).
  • If you have provided consent for the processing of your data you have the right (in certain circumstances) to withdraw that consent at any time, which will not affect the lawfulness of the processing before your consent was withdrawn.
  • You have the right to lodge a complaint to the Information Commissioner’s Office if you believe that we have not complied with the requirements of the GDPR with regard to your personal data.

Do you have agreements with any third parties who may process my data?

There are a number of third parties with whom we work, who may have access to some of your data for a specific reason, this can include: your GP or associated healthcare professionals; the Care Quality Commission, which regulates us; the local Council or Clinical Commissioning Group, if they help fund your care; and those who help us securely store any electronic data for example. We have reviewed agreements with any third parties to satisfy ourselves that they are compliant with the requirements of the GDPR.

Are you registered with the Information Commissioner’s Office (ICO)?

Yes, each of our homes operates as an individual company and are registered individually with the ICO. You can search for our homes using the following link and by inputting the Registration Number of the home (see below):

  • Brandon Park – Registration Number ZA264664 
  • Cedars Place – Registration Number A8752814 
  • Ford Place – Registration Number – ZA264668 
  • Halstead Hall – Registration Number – ZA366341 
  • Horkesley Manor- Registration Number- ZB422607
  • Manson House- Registration Number- ZB351194
  • Melford Court – Registration Number ZA264670 
  • Stowlangtoft Hall – Registration Number ZA194466

Who do I contact if I have any questions or wish to raise a complaint?

The Designated Data Controller for Stow Healthcare is Alex Ball, Operations Manager whom you can contact directly if you have any questions or concerns. Her e-mail address is and her telephone number is 01359 300470.

If you are dissatisfied with how Stow Healthcare uses, stores or destroys your data, you can make a complaint to the government body in charge (Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF or at

What if changes need to be made to this privacy notice?

Making sure that we keep you up to date with privacy information is a continuous responsibility and we will keep this notice under review. We’ll update our notice as changes are required.