Aqua Robson Care

Aqua Robson Special Needs Alternative Provision
Menu

Privacy Policy

How Aqua Robson Care Ltd collects, uses, and protects your personal information.

Last updated: May 2026

Aqua Robson Care Ltd (“Aqua Robson Care”, “we”, “us”, “our”) is committed to protecting the privacy and security of the personal information of everyone we work with — the people we care for, their families and representatives, our employees and applicants, our suppliers, and visitors to this website. This privacy notice explains in clear terms what information we collect about you, why we collect it, how long we keep it, who we share it with, and the rights you have. It is written to comply with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, the Privacy and Electronic Communications Regulations (PECR), and our obligations as a provider registered with the Care Quality Commission (CQC).

Please take a few minutes to read this notice. If you have any questions, or you would like more information about how we use your data, please contact us using the details in section 14 below.

1. Who we are

Aqua Robson Care Ltd is the “data controller” for the personal information described in this notice. That means we are the organisation that decides why and how your information is processed.

  • Company name: Aqua Robson Care Ltd
  • Registered head office: 1 Trafalgar House, 712 London Road, West Thurrock, Essex, RM20 3JT
  • Other offices: Greenwich (London), Gloucester, Southampton (Hampshire)
  • CQC-registered location ID: 1-16054132045
  • ICO registration: we are registered with the UK Information Commissioner’s Office and pay the data-protection fee as required
  • Telephone: 07565 426 819
  • Email: office@aquarobsoncare.co.uk

2. Definitions used in this notice

  • Personal data — any information about an identified or identifiable living person.
  • Special category data — sensitive information about your racial or ethnic origin, religious beliefs, health, sex life or sexual orientation, biometric data, or trade union membership. We process health information about the people we care for — this is special category data and we treat it with the highest level of confidentiality.
  • Processing — anything we do with your information: collecting it, storing it, using it, sharing it, or deleting it.
  • Data subject — the person the data is about (you).
  • Data controller — the organisation that decides why and how data is processed (us).
  • Data processor — an external organisation that processes data on our behalf and on our written instructions (for example, our payroll provider).

3. The information we collect about you

The information we collect depends on your relationship with us. Below we explain each group separately.

3.1 If you are someone we provide care to (or their family/representative)

  • Your name, date of birth, gender, address, telephone numbers and email.
  • Names and contact details of your next of kin, emergency contacts, advocate or attorney, and any other family member or friend you have asked us to communicate with.
  • Your GP, social worker, district nurse, hospital consultant and any other healthcare professional involved in your care.
  • Health and care information — your medical history, current diagnoses, medication (MAR charts), allergies, mobility, mental capacity assessments, falls history, end-of-life wishes, and any DNACPR decisions on record. We also record daily care notes about the visits we deliver to you.
  • Information about your preferences — your routine, the food you like, hobbies, religion, culture and language.
  • Financial information needed to invoice you or your local authority (bank account details, direct-debit mandates, local-authority reference numbers).
  • Photographs — only with your written consent (for example, on a memory board in your home or in a care plan to help carers recognise you).

3.2 If you are a job applicant or member of staff

  • Identification details (name, address, date of birth, National Insurance number).
  • Right-to-work documents and immigration status.
  • CV, employment history, qualifications, references, training records.
  • Disclosure and Barring Service (DBS) check results.
  • Bank details for payroll, pension scheme details and tax codes.
  • Sickness records, accident reports, supervision and appraisal notes, disciplinary and grievance records.
  • Equal-opportunities monitoring information (provided voluntarily).
  • CCTV/door-entry images at our offices.

3.3 If you visit our website or contact us online

  • The information you give us through our enquiry forms or by email (name, contact details, the message you send).
  • Technical information automatically collected by our hosting provider: your IP address, device and browser type, the pages you view, and the date and time of your visit.
  • A small number of cookies and similar technologies described in section 11 below.

4. Where we get your information from

We collect most information directly from you, or from someone acting on your behalf. We may also receive information from:

  • Local authorities and clinical commissioning groups when they refer you to us for care.
  • Your GP, district nurses, hospital discharge teams, social workers, occupational therapists and other clinicians.
  • Your family members, advocates or attorneys (where you cannot give the information yourself and they are authorised to act for you).
  • Recruitment agencies, referees, the Disclosure and Barring Service, HMRC, and previous employers (for staff and applicants).
  • Publicly accessible sources such as the electoral roll or LinkedIn (only where this is reasonable and necessary).

5. How and why we use your information

We only use your information for clear purposes, and for each purpose we rely on a specific lawful basis under UK GDPR.

  • To plan and deliver your care safely — assessing your needs, writing your care plan, sending the right carer to you, recording medication and incidents. Lawful bases: contract; legal obligation under the Health and Social Care Act; and for health information, Article 9(2)(h) (provision of health and social care).
  • To communicate with you about your care, appointments, changes to visit times, or to answer a question you have asked us. Lawful basis: contract.
  • To meet our legal and regulatory duties — responding to CQC inspections, reporting safeguarding concerns to the local authority, notifying the Health and Safety Executive of accidents (RIDDOR), submitting tax and pension records to HMRC. Lawful basis: legal obligation.
  • To recruit and manage staff — processing applications, running DBS checks, paying salaries, managing absence, and ensuring we have a competent, trained workforce. Lawful bases: contract; legal obligation; legitimate interest.
  • To handle complaints and improve our service — investigating concerns, reviewing audits and surveys. Lawful basis: legitimate interest, legal obligation.
  • To send you information you have asked for — for example, our brochure or a quotation. Lawful basis: consent or legitimate interest.
  • To run our website — keeping the site secure and working properly. Lawful basis: legitimate interest.

We do not use your information for automated decision-making or profiling that produces legal effects, and we do not sell your information to anyone for marketing.

6. Who we share your information with

We share information only when we need to, and only with organisations who have a clear reason to receive it. Depending on your situation, we may share information with:

  • Your GP, district-nursing team, pharmacy, hospital discharge team, social worker and other clinicians involved in your care.
  • The local authority or NHS body that commissioned and pays for your care.
  • The Care Quality Commission, local safeguarding teams, the police, the Health and Safety Executive and other regulators where we are required to notify them.
  • The Disclosure and Barring Service, HMRC and our pension provider, for our staff.
  • Our trusted processors — our care-management software provider, our payroll bureau, our accountants, our IT-support provider and our website host. All of these have written data-processing agreements with us.
  • Our professional advisers (lawyers, insurers, auditors) when we need their advice.
  • The police or other law-enforcement bodies where the law allows or requires it (for example, to prevent or detect a crime).
  • An organisation that takes over our business, in the event of a future sale or merger.

7. International transfers

We keep your personal information in the UK wherever possible. A small number of our suppliers (for example, email-delivery services) are based in the European Economic Area or use servers in the United States. Where this happens we make sure the transfer is covered by either an “adequacy decision” from the UK government, the UK International Data Transfer Agreement, or the EU Standard Contractual Clauses (with the UK addendum). We never transfer your data outside the UK without one of these safeguards in place.

8. How long we keep your information

We only keep information for as long as we genuinely need it. The table below shows our headline retention periods. After these periods your records are securely deleted, archived in line with NHS retention guidance, or anonymised.

  • Care records (adults) — 8 years from the end of the service, in line with the NHS Records Management Code of Practice.
  • Care records (children and young people) — until the person’s 25th birthday (or 26th if 17 at the end of care).
  • Mental capacity / end-of-life records — 8 years after the date of death.
  • Safeguarding records — up to 10 years.
  • Employee records — 6 years after employment ends.
  • Unsuccessful job applications — 12 months.
  • Payroll and tax records — 7 years (HMRC requirement).
  • Accident / RIDDOR records — minimum 3 years from the date of the report.
  • Website enquiries — 24 months from the last contact, unless you become a customer.
  • CCTV footage at our offices — up to 31 days, unless needed for an active investigation.

9. How we keep your information secure

We take the security of your information seriously. Our key safeguards include:

  • Encrypted laptops, phones and tablets with strong passwords and screen locks.
  • UK-based, GDPR-compliant cloud providers for our care-management and HR systems.
  • Role-based access — staff can only see the information they need to do their job.
  • All staff complete data-protection and confidentiality training during induction and refresher training each year.
  • Signed confidentiality agreements before any staff member begins work.
  • Locked filing cabinets and access-controlled offices for paper records.
  • Documented procedures for responding to data-protection incidents, including notifying the Information Commissioner within 72 hours where required.

10. Your rights

Under UK GDPR you have the following rights. Most can be exercised free of charge, and we will respond within one calendar month.

  • Right of access — ask for a copy of the personal information we hold about you (a “subject access request”).
  • Right to rectification — ask us to correct anything that is wrong or incomplete.
  • Right to erasure — ask us to delete your information (we may not be able to do this where the law requires us to keep records).
  • Right to restrict processing — ask us to pause using your information while we look into a concern.
  • Right to data portability — receive the information you gave us in a structured, machine-readable format, or have it sent to another organisation.
  • Right to object — object to processing that relies on our legitimate interest, or to direct marketing.
  • Rights related to automated decisions — we do not make any solely-automated decisions about you.
  • Right to withdraw consent — where we relied on your consent, you can withdraw it at any time.

To exercise any of these rights please email office@aquarobsoncare.co.uk or write to our head office. We may ask for proof of identity before releasing any personal information.

11. Cookies and our website

Our website uses a small number of cookies. Essential cookies keep the site running and remember your preferences. We do not use advertising or third-party marketing cookies without your consent. The only non-essential service we use is privacy-friendly visit analytics so we can see which pages are useful to visitors.

You can disable cookies through your browser settings at any time. If you do so, some parts of the site may not work as well. For more information about cookies generally, visit aboutcookies.org.

12. Children’s privacy

We provide outreach support and respite care to children and young people with learning disabilities. Where we do, we collect information directly from the parent, carer or local authority placing the child — never from the child themselves without parental involvement. We treat all information about children with extra care and apply the longer retention periods set out in section 8.

13. Marketing and communications

We will only send you marketing material (such as care newsletters) if you have explicitly asked us to. Every marketing message has a one-click unsubscribe link. We do not pass your details to anyone else for marketing purposes.

14. How to contact us

If you have any questions about this notice, want to exercise one of your rights, or would like more detail about a specific use of your information, please contact:

  • Data Protection Lead, Aqua Robson Care Ltd
  • 1 Trafalgar House, 712 London Road, West Thurrock, Essex, RM20 3JT
  • Email: office@aquarobsoncare.co.uk
  • Telephone: 07565 426 819

15. How to complain

If you are unhappy with how we have handled your personal information, please raise it with us first using the details above — we’ll do everything we can to put it right. You also have the right to complain directly to the UK Information Commissioner’s Office:

  • Information Commissioner’s Office
  • Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
  • Telephone: 0303 123 1113
  • Website: ico.org.uk

16. Changes to this notice

We review this privacy notice regularly and will update it whenever our processing changes or the law requires us to. The current version is always published on this page, and the “Last updated” date at the top tells you when it last changed. Where the changes are significant we will draw your attention to them by contacting you directly or by adding a notice on our website.