Lakeshore Healthcare Limited trading as St. David's Nursing Home is a residential nursing care services provider based in the UK. Lakeshore Healthcare Limited is a company registered in England and Wales under company number 5880791. The registered office is 80 Grove Lane, Holt, Norfolk NR25 6ED.

Where we use the term 'residents' in this Privacy Notice, we refer to residents in St. David's Nursing Home.
We recognise the privacy and security of personal information is of great importance to our residents, their families and friends, our workers and others such as GPs and all those involved in looking after the welfare of our residents.
We have provided this Privacy Notice to set out why we need to collect personal information relating to our residents, families, friends and representatives, how we use it and how we protect it.

We have appointed a Data Protection Officer who is responsible for overseeing questions relating to this Privacy Notice. If you have any questions, please refer to the 'How to Contact Us' section below.

Our privacy policy is governed by the overarching principles of collecting and using personal details when they help us provide a better service to our residents and to meet legitimate interests including to protect our residents and workers, lawfully, fairly and transparently.

Since 31 January 2021 your and our data protection rights and obligations are set out in what is known as the United Kingdom General Data Protection Regulation (UK GDPR), which in all material respects replicates EU data protection laws.
The personal information we refer to in this Privacy Notice includes information that can be used to identify you.

Set out below is the personal information we collect and the reasons why we need it.

How do we collect information from you?

We collect information about you when you enquire about our care services at St. David's, and when you become a resident at. St. David's Nursing Home. We also collect information when you voluntarily complete customer surveys or provide feedback about our services.

What types of information do we collect from you?

Personal data or personal information can be any information about an individual from which that person can be identified. We may collect, use, store and transfer different types of personal data about you which we have grouped together as follows:

When you enquire about St. David's services


  • Personal information including your name, address, telephone numbers and email address.

When you use the St. David's website or interact with our digital marketing communications

  • Any personal details you knowingly provide us with through calls, forms, or email, such as your name, address, telephone numbers and email address. We use the information that you provide so we can respond to your requests and communicate with you.

  • Your preferences and use of email updates, recorded by emails we send you (if you select to receive email updates)

  • We do not use cookies to track you on our website. See our cookie policy.

When you are resident at St. David's Nursing Home

  • Personal details including your title, full name, maiden name, marital status, date of birth, gender, contact details including address (billing address or correspondence address), telephone numbers, email addresses, contact details for next of kin, and your GP and other allied health professionals.

  • Financial information including bank account information to enable payment of services.

  • Transaction data including details of payments from you for the services we have provided

  • Information about your life, including social history, health and wellbeing, treatment, and care. This may also include information about your marital status, ethnicity and sexual orientation and details of medical treatments.

  • Notes and reports about your health and care provision including case assessments and medication provided.

Where you are the relative, next of kin, attorney, or deputy to one of our residents

    Personal details including title, full name, relationship to the resident (including any LPAs), contact details including address, telephone numbers, email addresses.

When you visit St David's

  • Name of the visitor and purpose of their visit

  • Information relating to the prevention and detection of crime and the safety of residents and workers including external CCTV recording.

What information do we get from or supply other sources?

  • We work closely with NHS Integrated Care Boards (ICBs, formerly known as CCGs, which are responsible for your health needs), other health authorities, medical professionals, local authorities (who may have responsibilities for your care needs) and regulators to deliver our care services. We will receive information from them regarding your health and care including admission details, care records and medical records.

  • We also work with other companies who provide professional services (including IT service providers), advertising and marketing services.

Standard Personal Information and Special Category Information

  • Much of the above information is called standard personal information, such as names, addresses, contact details (for you, family, friends, and your GP), identification paperwork, financial details, and information, and how you use other IT technologies.

  • There is also what is called special category information, which tends to be more sensitive and results in additional

  • Healthcare information covers both physical and mental aspects and includes genetic and biometric information, medical history and records including of disabilities or special requirements, our care plans, risk assessments and records of the care and support we provide for you.

Lawful basis for processing

Article 6 of the UK GDPR sets out the bases for our processing standard personal information, and Article 9 likewise for special category information. Different stages and aspects of our relationship with you give different bases. For example, when assessing whether we can meet your needs if you are admitted into our home and how we should contract with you, there will be bases of considering your healthcare requirements, to meet legal and regulatory requirements, and to enable to us contract with you. To quote the UK GDPR, "processing is necessary"

  • For the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.."

  • For the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.."

  • For the purposes of preventive or occupational medicine, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services on the basis of domestic law.."

  • Other bases include the necessity to protect your vital interests and our legitimate interests in managing our relationship with you, and you having provided us with your unambiguous consent, but all bases are prescribed by and confined to the specific purposes for the lawful processing of the particular information.

How do we use the information about you?

  • We process your personal data to manage the services we provide you, to carry out our obligations arising from any contracts entered into between us and you, to provide you with information or services you have requested and to process payments and refunds.

  • Your care record will contain detailed information about your health and well-being including illnesses, medical appointments, and treatments. It will also contain details of your attorney, deputies, your close family and next of kin. We will share these with medical and allied health professionals who have a legal and legitimate need to use the information to support the care provided to you.

  • We share information within Lakeshore Healthcare Limited to provide necessary administrative and managerial support and to suppliers who help deliver products or services on our behalf.

  • We use either personal or anonymised data to review the performance of our care services as part of our continuing work to improve our services and meet the needs of our residents.

  • We may use your details to contact you about any changes to our care services.

  • We share information with ICBs, other health and local authorities, medical professionals and regulators regarding resident's health and care including admission details, care records and medical records.

  • There is a scheme run by the NHS for using shared confidential resident data for the purposes of NHS planning or research. At the moment there is no confidential resident data shared with the NHS for such purposes, but annually we review all confidential resident data, amongst other things, to see if it is being used by the NHS for these purposes. More details of this scheme can be found at https://www.nhs.uk/your-nhs-data-matters/ which includes how at any time you can stop confidential resident data being used for such purposes. Your care will not be adversely affected even if you opt out of the NHS being able to use your information for these purposes.

  • We do not currently use cookies on our website to collect personal information to enable us to better present and improve our services. Our Cookies policy provides further information.

Circumstances which override data protection obligations we might otherwise apply and which compel us to provide specific information include:

  • Reporting health or safety issues including infectious diseases; Where there is a legal or statutory requirement, court order or public authority instructs us to do so.

  • Supporting police investigations, professional conduct hearings and safeguarding investigations in the public interest; where a serious crime or fraud has been committed; if there is a serious risk to the public, resident, or employees.

  • Where there is a need to protect children or vulnerable adults who are not able to decide if their personal data should be shared.

In exceptional circumstances, we may be required to share information without your or your representative's consent. Circumstances may include:

  • Where a serious crime or fraud has been committed.

  • If there is a serious risk to the public, residents, or employees. Where there is a need to protect children or vulnerable adults who are not able to decide if their personal data should be shared

How we store, process, and protect your data

We take the privacy and security of your personal data very seriously. We ensure we handle your data with the highest level of care by having clear internal policies and procedures, physical security to our premises and IT security technologies to prevent the unauthorised access, damage, and loss of your data. The personal data that we collect from you is only stored inside the UK , therefore ensuring we achieve the maximum privacy and security in line with UK GDPR.

How long will we hold your personal data

We will only keep your information for as long as necessary to fulfill the purposes we collected it for, including satisfying any legal, contractual, or reporting requirements. How long we keep the data for is determined by law and is largely determined by necessity. Once your information is no longer required it will be securely destroyed.

You can ask us to delete your data where retaining it is no longer necessary. Whilst at all times compliant with legislation and acting reasonably, we reserve the right to judge what information we must continue to hold to be able to fulfill our legal and contractual obligations to you and others.

We may anonymise your personal data (so that you can no longer be identified) for research and analysis purposes in which case we may use this information indefinitely without further notice to you.

Where we process data based solely on your consent, it will only be processed for the purposes prescribed in your consent, and you have the right to withdraw that consent at any time.

Access to your information and correction

  • You have the right to request a copy of the information that we hold about you. If you would like a copy of some or all of your personal information, please email or write to us at the address set out in the 'How to Contact Us' section below.

  • We try to respond to all legitimate requests within one month. It may take us longer if your request is particularly complex or you have made a number of requests. In which case, we will notify you and keep you updated.

  • You will not have to pay a fee to access your personal data and you are entitled to receive a copy of your personal data within one calendar month of receipt of your request, and once we have verified your identity.

  • We want to make sure that your personal information is accurate and up to date. You may ask us to correct or remove information you think is inaccurate.

  • We may ask for proof of identity before we share your personal data with you or your representative.

Request restriction of processing

You have the right to request us to suspend the processing of your personal data where:

  • You want us to establish the data's accuracy,

  • Where our use might be unlawful but you do not want us to erase it,

  • You need us to hold the data even if we no longer require it as you need it returned to establish and exercise any legal claims or

  • You have objected to our use of your data but you need to verify whether we can lawfully use it.

If possible, we will inform any third parties to whom your data has been disclosed of your requirement.

Changes to our privacy policy

We regularly review our privacy policy and will place any updates on this webpage. This policy was last updated in April 2024

How to contact us

Please contact us if you have any questions about our privacy policy or information, we hold about you.
Data Protection Officer
Lakeshore Healthcare Limited t/a St. David'ss Nursing Home
52 Common Lane, Sheringham, Norfolk NR26 8PW
email: dpo@st-davids.com

You have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, like to have the opportunity to deal with your concerns before you approach the ICO so please contact us in the first instance. You can contact the ICO by writing to Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Chesire, SK9 5AF or ico.org.uk.