Adult care privacy notice

This Privacy Notice is designed to help you understand how and why Adult Care processes your personal data in relation to social care.  This notice should be read in conjunction with the Council’s Corporate Privacy Notice.

Who are we?

Redcar and Cleveland Borough Council is a ‘Data Controller’ as defined by Article 4(7) of the UK General Data Protection Regulation (UK GDPR).  Adult Care works with you to promote your health and wellbeing, designing services together that both suit and meet your needs, in accordance with our statutory responsibilities to social care.

What personal information do we collect?

We collect and record information about individuals who may be in need of services or in need of protection.  These records may include:

  • Basic details, such as name, address, date of birth;
  • Unique identifiers, such as National Insurance Number, NHS number;
  • Contact details for members of your family (including power of attorney, advocate, deputy etc.) and support network;
  • Records of contact we have had with you, for example; notes from visits or telephone conversations, appointments, letters and emails;
  • Details about your physical or mental health, including medication and allergies;
  • Clinical or social care history;
  • Records of assessments, plans and reviews;
  • Criminal conviction history, where necessary;
  • Details about the support or services that have been arranged;
  • Health and safety risks or concerns associated with you and/or others around you;
  • Information about your finances such as bank details, income, and any benefits you receive;
  • Visual images, where required for identification purposes.

Why do we collect your personal information?

We use personal data to help us to understand your needs, provide you with appropriate care and support, make sure you are safe, and work out whether you are eligible for financial support towards the cost of your care.  Your information is used to:

  • create a core social care record of all contact we have had with you, for example: notes from visits, telephone conversations, appointments, letters and emails;
  • assess and review the need and level of care and support required;
  • carry out a financial assessment to indicate what you can afford to pay towards your care and support;
  • enable integrated working with other teams and organisations to ensure you receive the right support at the right time;
  • safeguard vulnerable adults;
  • support you to access relevant support and advice, services and groups;
  • prepare information for the courts as required;
  • evaluate and quality assure the services we provide, and improve our policies on adult’s social care;
  • inform future service provision and the commissioning of services.

Who do we obtain your information from?

Personal information is provided directly by yourself, however if you are not able to provide the necessary information, for example because you are unwell, we may ask your family members, or will talk to other professionals who have been helping you.  This may include:

  • Carer/Advocate
  • Health services such as GPs, hospitals, mental health trusts, community health services
  • Other Local Authorities
  • Partner organisations, including commissioned care providers
  • Police

Who do we share this information with?

We share your personal data internally within the Council for the provision of direct care and support.  When other organisations are involved in your care and support, we may need to share relevant information about you so that we can work together to meet your needs.  We must also share information if we think that adults may be at risk of neglect or abuse.  We may therefore share personal data with the following organisations:

  • Private, community and voluntary sector organisations that are providing you with care and support.  This could be a residential care home, a care at home agency, a day service, a support organisation or an organisation that is providing you with equipment or adaptation;
  • NHS organisations - when we are working with them to meet your health and social care needs (including mental health trusts), or to work out whether you are entitled to NHS funding (such as the NHS Clinical Commissioning Group);
  • Housing providers - if you would like to be considered for supported housing;
  • Police - if we think that you are at risk of neglect or abuse;
  • Fire Service -  if we think that your home is at risk of fire;
  • Other Local Authorities - if you are moving, or have moved between areas and we need to make sure that your care continues after you have moved;
  • Our legal services provider or the Court of Protection – if there is a legal challenge in relation to your care and support, or if we need to make an application to the Court of Protection;
  • Department for Work and Pensions (DWP) - if we are supporting you with benefits claims;
  • Teeswide Adults Safeguarding Board (TSAB) - when undertaking audits of social care cases.

Information will only be shared with third parties if they have a genuine and lawful need for it.  Anyone who receives information from us has a legal duty to keep it confidential.

Social Care and NHS Data

Whenever you use a health or care service important information about you is collected in a patient record for that service.  The information collected about you when you use these services can also be used and provided to other organisations for purposes beyond your individual care, for instance to help with:

  • improving the quality and standards of care provided
  • research into the development of new treatments
  • preventing illness and diseases
  • monitoring safety
  • planning services

This may only take place when there is a clear legal basis to use this information.  All these uses help to provide better health and care for you, your family and future generations.  Confidential patient information about your health and care is only used where allowed by law.

Most of the time, anonymised data is used for research and planning so that you cannot be identified, in which case your confidential patient information isn’t needed.

You have a choice about whether you want your confidential patient information to be used in this way.  If you are happy with this use of information you do not need to do anything.  If you do choose to opt out your confidential patient information will still be used to support your individual care.  To find out more or to register your choice to opt out, please visit

How long do we keep your information for?

We will only hold your personal information for as long as necessary, in line with our Adult Care retention schedule.  The key retention periods are included below:

table showing the data we hold and how long it is retained

Data held

Retention period

Adult service user care management files

6 years from date of last client contact, or 3 years from date of death

Records relating to adult safeguarding

10 years from date record created

Records relating to clients with mental illness

20 years from date of last contact, or 8 years from date of death

Records relating to financial assessments and contribution to care costs

6 years following date of last payment

Records in relation to the provision of counselling services to individuals

20 years from date of last contact

What is our lawful basis for processing your information?

Redcar and Cleveland Borough Council relies on the following lawful basis to process your personal data:

UK GDPR Article 6(c) - Legal obligation: processing is necessary to comply with the law, or;

UK GDPR Article 6(e) - Public task: processing is necessary to perform a task in the public interest or for official functions.

For the processing of personal data relating to criminal convictions and offences, processing meets Schedule 1 of the Data Protection Act 2018 as below:

    • (10) Preventing or detecting unlawful acts
    • (30) Protecting individual’s vital interests

When processing special category data, the Council will rely on the following lawful bases:

UK GDPR Article 9(2)(h) – processing is necessary for the provision of health and social care services meeting Schedule 1, Part 1 of the Data Protection Act 2018 as below:

  • (2) Health or social care purposes, or;

UK GDPR Article 9(2)(g) - processing is necessary for reasons of substantial public interest meeting Schedule 1, Part 2 of the Data Protection Act 2018 as below:

  • (6) Statutory etc and government purposes

The legislations, policies and guidance that relate to this service includes, but is not limited to:

  • Care Act 2014
  • Health and Social Care Act
  • The Health and Social Care (Quality and Safety) Act 2015
  • Mental Health Act 1983 (amended 2007)
  • Mental Capacity Act 2005
  • Health and Safety at Work etc. Act 1974
  • Human Rights Act 1998
  • Equalities Act 2010


For more information about how the Council uses your data, including your privacy rights and the complaints process, please see our Corporate Privacy Notice.