Privacy Policy
Quality Healthcare Professionals Ltd (QHP)
Effective Date: 23 May 2025
Introduction
At Quality Healthcare Professionals Ltd (“QHP”, “we”, “us”, or “our”), we are fully committed to protecting the privacy, dignity, and confidentiality of everyone whose personal data we collect. This Privacy Notice outlines how we collect, use, share, and protect personal data in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, the Health and Social Care Act 2008, and best practice principles under NHS Digital and the Care Quality Commission (CQC).
This Privacy Notice is applicable to:
- Individuals who receive care or support from QHP
- Parents, carers, and family members
- Staff and job applicants
- Volunteers and suppliers
Who We Are
QHP is a regulated provider of complex care and supported living services for children, young people, and adults with complex needs. We are registered with the Care Quality Commission (CQC) and work in partnership with NHS Integrated Care Boards (ICBs), local authorities, and safeguarding teams to ensure the delivery of safe, person-centred services.
- Company Name: Quality Healthcare Professionals Ltd
- Registered Office: 98 Rochester Road, Bournemouth, BH11 8AH
- Company Registration Number: 13786409
- CQC Provider ID: 1-12918785056
- Email: [email protected]
- Phone: 02380 013779
Data Protection Officer (DPO):
Macdonald Nehanda
Email: [email protected]
- What Information We Collect
We collect both personal and special category data in our role as a health and care provider. The nature and extent of data collected depends on your relationship with us. This includes:
For service users:
- Full name, date of birth, NHS number, and contact details
- Health and social care assessments, diagnoses, risk assessments
- Care plans, medication information, clinical notes
- Safeguarding reports and mental capacity assessments
- Emergency contact details and next of kin
For staff and contractors:
- Employment and training records
- Enhanced DBS checks, references, and qualifications
- Contact details, emergency contacts
- Occupational health and immunisation data
For families and representatives:
- Contact details, relationship to service user
- Relevant support history or safeguarding information (if applicable)
How We Use Your Information
Your data is collected and processed only where necessary for lawful care and operational purposes. These include:
- Delivering safe, effective, personalised care
- Developing support plans and conducting clinical risk assessments
- Communicating with next of kin and involved professionals
- Fulfilling statutory duties under health and social care regulations
- Handling complaints, incidents, and safeguarding referrals
- Improving service quality and conducting audits or reviews
We do not use your data for marketing purposes. We do not sell personal information.
Legal Basis for Processing
We rely on the following UK GDPR lawful bases:
- Article 6(1)(b): Performance of a contract for provision of care
- Article 6(1)(c): Compliance with a legal obligation (e.g., under CQC regulations, safeguarding laws)
- Article 6(1)(d): Protection of vital interests (in emergencies)
- Article 6(1)(e): Performance of a public task
- Article 9(2)(h): Provision of health or social care or treatment
Sharing Your Information
We only share your information where necessary and with trusted parties, under strict confidentiality and compliance protocols:
- NHS and healthcare professionals (e.g. GPs, hospital discharge teams, CAMHS)
- Local authorities (e.g. for placement funding, safeguarding, or support reviews)
- Regulatory bodies such as the CQC, Ofsted, or ICO
- Software providers (e.g. PASS, RotaCloud, Microsoft 365) who process data under data processing agreements
- Emergency services, when necessary to protect life or safety
How We Store and Secure Your Information
All records are stored securely using a combination of:
- Encrypted cloud systems hosted in the UK and Ireland (PASS, Microsoft 365)
- Role-based access controls and two-factor authentication
- Secure email systems (NHSmail) for data transfer
- Physical security for paper-based records (locked storage, access logs)
We regularly audit our systems, apply data minimisation principles, and deliver mandatory cyber and data protection training to staff. We also comply with NHS Digital’s Data Security and Protection Toolkit.
Retention of Information
We follow the NHS Records Management Code of Practice:
- Adult care records: retained for 8 years after last contact
- Children’s care records: retained until the 25th birthday (or 8 years after death)
- HR and recruitment records: 6 years post-employment
After the retention period, all data is securely disposed of through approved shredding or digital erasure tools.
Your Rights Under UK GDPR
You have the right to:
- Access your data (Subject Access Request)
- Rectify incorrect or outdated information
- Erase data, where legally appropriate
- Restrict or object to certain types of processing
- Data portability, where applicable
- Withdraw consent if processing was based on it
- Complain to the ICO if you are dissatisfied
To exercise these rights, contact our Data Protection Officer:
Email: [email protected] | Phone: 02380 013779
Cookies and Web Use
When visiting our website, we may collect minimal cookies necessary for performance and analytics. Users are informed and can manage preferences through our cookie banner.
Changes to This Notice
This Privacy Notice is reviewed at least annually and updated in line with legislation and organisational changes. The latest version will be accessible at: https://qhpstaffing.co.uk/privacy-policy/
Contact Us
If you have any questions or concerns regarding your data or this notice:
Data Protection Officer – Macdonald Nehanda
Email: [email protected]
Phone: 02380 013779
ICO Website: https://ico.org.uk/
Care Quality Commission: https://www.cqc.org.uk
This notice is designed to meet the requirements of NHS England, the CQC Key Lines of Enquiry (KLOEs), and UK GDPR principles of transparency and accountability.
