Skip to content
CQC ratedGoodAfya Care — overall rating, 1 August 2024View our CQC report
Legal

Privacy & Data Protection

We take the privacy of the people we support, our staff and our enquirers seriously. This page summarises how we handle personal data in line with the UK GDPR.

Our commitment

Afya Care is committed to protecting personal data and handling it responsibly. We have carried out an information audit to identify what data we collect, where it is stored and with whom it is shared, and we keep our information-governance policies under review.

Key definitions

A data controller determines the purpose and manner in which personal data is processed, while a data processor processes data on behalf of the controller. Personal data is anything that can identify a living person, and may include names, addresses or even IP addresses.

Sensitive personal data (also referred to as “special categories”) includes information such as trade-union membership, religious or political beliefs, race and sexual orientation, and is given additional protection.

The principles we follow

The UK GDPR sets out principles for handling personal data. We:

  • Process personal information lawfully, fairly and transparently
  • Collect data only for specific, legitimate purposes
  • Ensure the data we hold is adequate, relevant and accurate
  • Retain personal data only for as long as necessary
  • Keep personal data secure

Your rights

The GDPR gives individuals greater rights over their personal data, including the right to make a free subject-access request, the right to have data erased in certain circumstances, and the right to withdraw consent. The Information Commissioner's Office (ICO) enforces data-protection law in the UK, and the UK's adoption of GDPR remains applicable.

Regulatory responsibilities

Both data controllers and processors must inform the Information Commissioner's Office (ICO) of relevant breaches and may face fines and sanctions for non-compliance. GDPR strengthens data-protection obligations and harmonises data-protection law.

Our obligations as a provider

Our employees are asked to familiarise themselves with GDPR principles and our information-governance policies, and to acknowledge that they have read them. We continue to raise awareness through ongoing communication so that data protection is part of everyday practice at Afya Care.

How to contact us about your data

If you have any questions about how we handle your personal data, or you wish to exercise any of your rights, please contact us at info@afyacare.co.uk or call 01454 877529. You can write to us at Afya Care, Aztec West, 2440 The Quadrant, BS32 4AQ.

This summary is provided for transparency and does not replace formal legal advice. For more detail about your rights under data-protection law, visit the ICO website at ico.org.uk.