Privacy Notice – People Who Use Our Services
Last updated: April 2026
1. Who we are
Dementia Resource Community Ltd is a CQCregistered community nursing service.
We are the data controller for the personal information we collect and process.
• Email: admin@drc.care
• Regulator: Care Quality Commission (CQC)
This privacy notice explains how we use personal information, how we keep it safe, and your rights under data protection law.
2. Why we collect personal information
We collect and use personal information so that we can:
• Provide safe, effective nursing and care services
• Assess needs and plan care
• Safeguard people at risk
• Communicate with professionals involved in your care
• Meet legal, regulatory, and contractual requirements
We only collect information that is necessary and lawful.
3. What information we collect
Personal information
This may include:
• Name, address, date of birth
• Contact details
• Next of kin or legal representatives
• Funding and payment arrangements
Health and care information (special category data)
This may include:
• Physical and mental health information
• Care plans, assessments, and risk information
• Medication and treatment details
• Capacity and consent records
• Information about race, religion, or sexual orientation where relevant to care
Health and care information receives extra protection under the law.
4. Legal basis for using your information
Under UK data protection law (UK GDPR), we are allowed to process personal data because:
• It is necessary to comply with legal obligations
• It is required to carry out tasks in the public interest
• It is necessary to provide health and social care services
• In limited situations, we may ask for your consent (for example, for optional information sharing beyond care)
Legitimate interests, where individuals contact us directly with an enquiry and we need to respond appropriately
We do not rely on consent to deliver essential care.
5. How information is collected and used
Information may be collected:
• Directly from you or your representative
• From GPs, hospitals, pharmacies, or social services
• Through facetoface contact, phone, email, post, or secure systems
Information is stored securely and only accessed by authorised staff.
6. Who we share information with
We may share information on a needtoknow basis with:
• GPs, hospitals, nurses, and other healthcare professionals
• Pharmacies
• Local authorities and social workers
• NHS organisations
• Safeguarding teams
• Care Quality Commission (CQC)
• Police or courts where legally required
• Family members or friends, with your permission
We do not use personal information for marketing or insurance purposes.
7. National Data OptOut
As a CQCregistered health and social care provider, we are legally required to comply with the National Data OptOut (mandatory since 31 July 2022).
The National Data OptOut allows you to stop your confidential patient information being used for purposes beyond your direct care, such as planning or research.
What this means for you
• Your information will always be used for your direct care
• Opting out will not affect your care
• Where the optout applies, we will respect your decision
At present, we do not routinely share confidential patient information for research or planning purposes beyond direct care. If this changes, you will be informed.
How to opt out
You can set or change your choice at any time:
• Website: https://digital.nhs.uk/services/national-data-opt-out
• Phone: 0300 303 5678
If you lack capacity, the decision can be made by someone legally authorised to act on your behalf, such as a Lasting Power of Attorney (LPA).
8. How long we keep information
We keep personal information in line with:
• NHS Records Management Code of Practice
• Information Governance Alliance guidance
• Legal and regulatory requirements
Adult social care records are usually retained for at least 8 years after care ends.
9. Your rights
You have the right to:
• Access your personal information
• Ask for incorrect information to be corrected
• Request deletion where appropriate
• Ask us to restrict how we use your information
• Object to certain types of processing
• Withdraw consent (where consent is used)
Requests are normally responded to within one month.
10. If you have concerns
If you have concerns
If you have any questions or concerns about how we use your personal data, you can contact us at:
Email: admin@drc.care
We will acknowledge your complaint within 30 days and aim to respond without undue delay.
We keep a record of data protection complaints and how they are handled.
If you are not satisfied with our response, you have the right to complain to the Information Commissioner’s Office (ICO).
- Website enquiries
When you contact us via our website, email or phone, we will collect your name, contact details and any information you choose to provide.
We use this information to respond to your enquiry and provide appropriate support.
Please avoid including detailed medical or sensitive information in initial enquiries. If further information is required, we will collect it securely.
The legal basis for this processing is our legitimate interests in responding to enquiries and, where appropriate, taking steps at your request prior to providing care services.