Privacy Policy

Privacy Statement: The General Data Protection Regulation (GDPR)

Data Protection Registration Number: ZA194097

The GDPR is a European regulation for the protection of personal data that will come into force on 25 May 2018 and will be put into UK law through the Data Protection Bill which was unveiled by the government in August 2017. Before 25 May 2018, the 1998 and 2003 Data Protection Acts apply.

GDPR Privacy Notice

What personal information does Glenholme hold?

Where provided, we have the names, work addresses and email addresses of post holders working for companies and organisations in the independent health and social care sectors. These include family and friends (where nominated) of working in care homes, care home groups, homecare agencies and agency groups, independent hospitals and clinics, hospital and clinic groups, mental health hospitals and clinics and dental surgery groups. We may need to capture images of you as part of our security and safety processes such as the use of CCTV footage. We also hold this information about post holders in similar parts of the public sector, including local authority care commissioning and contracting units in all UK councils and all Clinical Commissioning Groups. In addition, we hold information relating to post holders in suppliers and advisors (e.g. lawyers, accountants, financial advisors, management consultants) to the health and social care sectors.

What does Glenholme do with the data?

We use the data we collect in the following ways:

  • We are a leading provider of care for the health and social care sectors and provide current information on the homes and services we provide (via newsletters and other relevant information) . We rely on having good, up-to-date data to ensure we reach the right people.
  • We use the data for direct marketing purposes. Any communications that we send clearly include an ‘unsubscribe’ option.
  • We use data for the processing of sales and the delivery of new service users.
  • We may need to capture images of you as part of our security and safety processes such as the use of CCTV footage. This is used for the safety, security and protection of our service users, staff and assets.

How we collect information

  • We collect data in the following ways:
    • From public websites which publish contact information.
    • Through our surveys. Individuals are given the opportunity to opt-out from receiving emailed surveys.
    • Through promotional events
    • Through our sales process during which we require service user details to invoice them and send them related information.
    • By use of surveillance equipment at each of our locations.


Glenholme’s data is held in the following places:

  • Our databases, which can only be accessed by staff working on the company’s networks.
  • Our password-protected care software. which is only accessible to selected staff.
  • Surveillance equipment, which can only be asked by relevant site managers and senior staff

Data removal

If you do not wish us to use your data ourselves or license your personal data to a third party for marketing purposes you can:

  • Request to unsubscribe via any of the direct marketing communications that we send.
  • Write to our Data Protection Officer at data@glenholme.org.uk or at 79 High Street, Eton SL4 6AF

What marketing channels and on what basis can Glenholme data be used after 25 May 2018?

Our communications are ‘business to business’ (B2B) and to family and friends of existing and potential service users and as a result we are processing data on the legal basis of ‘legitimate interest’.

  • Email Communication/Marketing – the rules for e-mailing employees of Public Bodies and Companies are governed by the PECR (Privacy and Electronic Communication Regulations) which will be replaced by the forthcoming e-Privacy Regulations. This will remain an ‘opt-out’ channel.   Private individuals are asked to opt-in to receive electronic communication and marketing from us.

What restrictions are there on the use of Glenholme data for marketing?

  • All communications must be relevant and proportionate.
  • All communications must contain a clear opportunity to opt out from future correspondence.
  • All requests to opt out are honoured.
  • Data used for marketing must be recently downloaded (i.e. within the past month) to ensure it is as up-to-date as possible.

We process data on the basis of ‘legitimate interest’ and can make legitimate interest assessments available for viewing as required. Any party who purchases a data license from us must establish their own legal basis for processing.