Service User Privacy Notice

Last updated: 15 March 2026

Compassionate Healthcare Jersey is committed to protecting the privacy, dignity, and personal information of the people we support. This Service User Privacy Notice explains how we collect, use, store, share, and protect personal data relating to service users, prospective service users, and, where relevant, their families, representatives, attorneys, or other people involved in their care.

We understand that care information is personal and sensitive. We aim to handle it fairly, lawfully, transparently, and with respect at all times.

1. Who we are

Compassionate Healthcare Jersey is the organisation responsible for the personal data covered by this notice. For the purposes of Jersey data protection law, we act as the data controller for the personal information we collect and use in connection with the care and support we provide, unless we tell you otherwise in a particular situation.

Contact details
Compassionate Healthcare Jersey
Office 143, Floor One
Liberation Station
Esplanade
St Helier
Jersey
JE2 3AS

Email
info@compassionatehealthcare.co.je

Telephone
01534 710912
07700 777211

If you have any questions about this notice or how your personal information is handled, please contact us using the details above.

2. The law that applies

Personal data in Jersey is regulated by the Data Protection (Jersey) Law 2018. This law sets out how organisations must use personal information and what rights individuals have in relation to their data.

The independent regulator is the Jersey Office of the Information Commissioner.

3. Who this notice applies to

This notice applies to people who use our services, people being assessed for our services, and, where relevant, family members, attorneys, representatives, next of kin, advocates, or other people involved in arranging, supporting, or reviewing care.

Where we collect personal information about someone other than the service user, we will handle that information only where it is relevant, appropriate, and lawful to do so.

4. The personal information we may collect

Depending on the circumstances, we may collect and use personal information such as:

  • name, title, date of birth, address, and contact details
  • details of family members, representatives, attorneys, or next of kin
  • assessment information and referral information
  • health, care, support, mobility, communication, and wellbeing information
  • information about daily living needs, preferences, routines, risks, and goals
  • medication support information, where relevant to the service provided
  • consent, mental capacity, and best interest-related information where relevant
  • safeguarding concerns, incidents, accidents, complaints, compliments, and feedback
  • care plans, review notes, visit records, and communication logs
  • information about professionals involved in a person’s care, such as GPs, nurses, social workers, therapists, or other support services
  • financial and billing information where privately funded services or payment arrangements apply

Some of this information will be special category personal data, including health and care-related information. We recognise that this type of information requires a higher level of care and protection.

5. How we collect personal information

We may collect personal information directly from the service user, from a family member or representative, from a referrer, or from another professional involved in the person’s support. We may also create records ourselves as part of assessment, care planning, service delivery, communication, review, safeguarding, incident management, complaints handling, and quality monitoring.

Where information is provided by someone else, we will handle it in line with our legal and professional responsibilities. We may also ask for further clarification where needed so that our records are accurate and complete.

6. Why we use personal information

We may use personal information for purposes including:

  • assessing whether our service is suitable and safe for the individual
  • planning, delivering, and reviewing care and support
  • maintaining accurate care records and communication records
  • supporting dignity, safety, continuity, and quality of care
  • communicating with service users, families, representatives, and professionals where appropriate
  • protecting service users and others from harm, abuse, neglect, or serious risk
  • managing incidents, accidents, complaints, compliments, and feedback
  • meeting legal, regulatory, safeguarding, governance, insurance, and record-keeping requirements
  • improving the quality, safety, and consistency of our service
  • managing invoicing, payments, or funding arrangements where applicable

We will only use personal information in ways that are relevant to providing safe, lawful, and well-managed care, or to meeting our associated responsibilities.

7. Lawful bases for processing

We only process personal data where there is a lawful basis to do so under Jersey data protection law. Depending on the circumstances, this may include processing that is necessary for taking steps before entering into a care arrangement, performing a care arrangement, complying with a legal obligation, protecting vital interests, or pursuing legitimate interests in running and improving the service, provided those interests are not overridden by the individual’s rights and freedoms.

Where health or care-related information is involved, we will only process that information where Jersey law allows it and where an appropriate additional condition applies. We do not use sensitive personal information casually or for purposes unrelated to care, safety, legal obligations, or proper service management.

8. Who we may share personal information with

We may share personal information, where appropriate and lawful, with:

  • members of our workforce who need the information to provide or manage care
  • family members, attorneys, or representatives where the service user has agreed, where it is appropriate, or where the law allows it
  • GPs, nurses, hospitals, therapists, social workers, pharmacists, safeguarding teams, or other professionals involved in the person’s care or protection
  • public authorities, regulators, inspectors, or law enforcement where required or permitted by law
  • our professional advisers, insurers, auditors, or software and IT providers where access is necessary and properly protected

We only share information on a need-to-know basis and in a way that is relevant, proportionate, and lawful. We do not sell service user information to third parties.

9. Confidentiality and consent

We respect confidentiality and aim to involve service users in decisions about how their information is shared wherever possible. Where consent is the right basis for sharing information, we will seek it appropriately. In other situations, we may share information without consent where the law allows or requires it, for example to protect someone from serious harm, to meet a safeguarding duty, or to comply with a legal obligation.

Where a service user may have difficulty making certain decisions, we will handle information sensitively and in line with the relevant legal and professional framework that applies to the situation.

10. International transfers

Some of the systems or service providers we use may store or process personal information outside Jersey. Where this happens, we will take appropriate steps to ensure that personal information continues to receive a proper level of protection and that any transfer is handled in line with applicable legal requirements.

This may include the use of recognised safeguards, contractual protections, or providers that offer appropriate security and compliance commitments.

11. How long we keep personal information

We keep service user information only for as long as it is reasonably necessary for the purposes for which it was collected, including providing care, maintaining accurate records, meeting legal and regulatory obligations, dealing with complaints or incidents, safeguarding people, and managing insurance or legal matters.

Retention periods may vary depending on the type of record involved. Where exact periods are not set out in this notice, we apply internal retention schedules and criteria to decide how long records should be kept and when they should be securely deleted or destroyed.

12. Security

We take the security of personal information seriously. We use appropriate technical and organisational measures designed to protect information against unauthorised access, misuse, disclosure, loss, destruction, or alteration.

These measures may include secure systems, role-based access, password controls, staff training, confidentiality requirements, secure record handling, and review of how information is stored and used. For security reasons, we do not publish detailed technical security arrangements in this notice.

13. Your rights

Under the Data Protection (Jersey) Law 2018, service users and other individuals may have rights including the right to be informed, the right of access, the right to rectification, the right to erasure, the right to restriction of processing, the right to object, the right to data portability where applicable, and rights relating to automated decision-making where applicable.

These rights are not absolute. There may be situations where the law allows or requires us to limit what we can do in response to a request. If that happens, we will explain the position as clearly as we can.

14. How to exercise your rights

If you would like to access your personal information, correct inaccurate details, ask a question about how your data is used, or exercise another data protection right, please contact us in writing using the contact details in this notice. We may need to verify identity before acting on a request, and we may ask for further information so that we can locate the relevant records.

We will respond in line with the requirements and timescales set by Jersey data protection law.

15. Automated decision-making

We do not currently intend this Service User Privacy Notice to cover any significant automated decision-making that produces legal or similarly significant effects on service users. If that changes in future, we will update this notice and provide the information required by law.

16. Complaints and concerns

If you have a concern about how we handle personal information, we would welcome the opportunity to review it first and try to put things right. Please contact us using the details in this notice.

You also have the right to raise a concern or complaint with the Jersey Office of the Information Commissioner.

Jersey Office of the Information Commissioner
2nd Floor, 5 Castle Street
St Helier
Jersey
JE2 3BT

Telephone: +44 1534 716530
Email: enquiries@jerseyoic.org

17. Changes to this notice

We may update this Service User Privacy Notice from time to time to reflect changes in the law, regulation, guidance, our services, or our information handling practices. Any updated version will be published and the last updated date will be changed accordingly.

18. Contact us

If you have any questions about this notice or how your personal information is handled, please contact us:

Compassionate Healthcare Jersey
Office 143, Floor One
Liberation Station
Esplanade
St Helier
Jersey
JE2 3AS

Email: info@compassionatehealthcare.co.je
Telephone: 01534 710912 / 07700 777211