GDPR Compliance Statement


 

Last updated: 30/11/2025

At Soma Healthcare, we are committed to safeguarding the dignity, privacy, and rights of every person we support. As a provider of homecare and care coordination services, we adhere strictly to the General Data Protection Regulation (EU GDPR), the UK GDPR, the UK Data Protection Act 2018, and relevant health-sector standards.

This statement summarises how we handle personal data with care, integrity, and transparency.

1. Our Role

We act as:

Data Controller

For care enquiries, staff recruitment, service delivery, customer communication, and regulatory compliance.

Data Processor

For specific arrangements where we process data on behalf of partners, care professionals, or families under written agreements.

2. Types of Data We Process

Depending on the service interaction, we may process:

  • Contact and identification details
  • Care needs and preferences
  • Health-related information provided voluntarily
  • Records required for safeguarding and care planning
  • Recruitment information for carers and care staff
  • Communication records (email, phone)

We do not sell or share personal data for marketing.

3. Lawful Grounds for Processing

We rely on:

  • Consent
  • Contractual necessity
  • Vital interests (e.g., safeguarding situations)
  • Legal obligations (e.g., CQC, employment law)
  • Legitimate interests (care coordination and safe service delivery)

For special category data (health-related data), we apply Article 9 safeguards.

4. Data Protection Principles

We comply fully with GDPR principles:

  • Transparency & fairness
  • Purpose limitation
  • Data minimisation
  • Accuracy
  • Confidentiality & security
  • Accountability
  • Respect for human dignity

5. Safeguarding & Confidentiality

All staff receive regular training in:

  • Data protection
  • Confidentiality
  • Safeguarding and safety
  • Information governance

Access to personal data is restricted to authorised personnel.

6. Security Measures

We implement:

  • Secure systems with restricted access
  • Encryption
  • Secure data storage
  • Regular audits
  • Data breach procedures
  • Vetting and training of all care staff

7. Data Sharing

We share data only when necessary for safe care delivery:

  • With care professionals or care staff
  • With family members (with consent)
  • With regulators (CQC)
  • With emergency services (vital interests)
  • With approved service providers (DPAs in place)

8. International Transfers

Where required, we use compliant mechanisms such as SCCs and GDPR adequacy decisions.

9. Data Retention

Retention periods follow:

  • Care sector regulations
  • Employment law
  • Safeguarding requirements
  • Our internal data retention policies

10. Rights of Individuals

Individuals may:

  • Access their data
  • Request corrections
  • Request deletion (where lawful)
  • Object or restrict processing
  • Withdraw consent
  • File a complaint with ICO (UK) or relevant authority

Requests: privacy@somahealth.care

11. Contact

Soma Healthcare Ltd

Email:privacy@somahealth.care

Registered Office: 7 Tarves Way, SE10 9JP, London, UK


>