Privacy statements

Why are we collecting your information?

Information you provide to us is voluntary and will be used to support our communication and marketing activities. This may include promotional materials, press releases, social media posts, case studies and corporate documents.

Our materials may be published internally within Sanctuary as well as externally to our residents, on our social media channels and our websites.

What information are we collecting?

We currently collect and process the following information:

• Name
• Age/Date of birth
• Contact details including your email, phone number and your address; and
• Photos, videos or audio recordings (if applicable)
• Personal experiences (if applicable)

If you choose to provide it, some of the information which we collect may be special categories of personal data (also called sensitive personal data), which includes the following information:

• Health-related information, including disability
• Sexual orientation
• Racial or ethnic origin; and
• Religious beliefs

What is our lawful basis for using your information?

Under Article 6 of the UK GDPR, the lawful basis we rely on for processing this information is:

(a) You have given your consent. You can remove your consent at any time by contacting communications@sanctuary-housing.co.uk.

In accordance with Article 9 (UK GDPR) the condition we rely on for processing special categories of personal data is:

(a) Explicit consent

Sharing your information

Members of Sanctuary Group

Sanctuary Group is made up of several related companies. We will share your information with other members of Sanctuary Group where necessary to facilitate our marketing and communication activities.

For more information on which companies make up Sanctuary Group, please visit the Sanctuary website.

Contractors and sub-contractors

It may be necessary to share information about you with our contractors and sub-contractors, for example with an external design, website or digital agency, when creating our marketing materials. Our contractors and sub-contractors are contractually required to ensure that they adhere to the security requirements imposed by the Data Protection Act 2018 and the UK GDPR.

Our contractors and sub-contractors will not share your information with any other parties and will only be able to use the information when completing work on behalf of us.

Regulators and other legal obligations

We may also be required to share your information with our regulators who are permitted access to this information by law and with other organisations where we have a legal obligation to share the information with them.

Other organisations

With your consent we may from time to time share your images and information provided with our partners to support our communication and marketing activities.

Data processors and Transfers

To facilitate our communication and marketing activities, information is shared with the following categories of data processors who process information on Sanctuary’s behalf:

• Photographers and videographers;
• Website and digital agencies;
• Marketing and PR agencies;
• Media organisations;
• Printing companies;
• System providers (in circumstances of technical IT support)

Storing your information and deleting it

We will not keep your personal data for longer than we need it or are required to by law.

We will retain the information you provide for 5 years, unless you contact us to withdraw consent earlier than this date.

We may from time to time seek to ‘refresh’ your consent, at which point we would retain your information for a further 5 years from the date consent was refreshed.

Why are we collecting your information?

Data protection laws aim to empower individuals and give them greater control over their personal data through several rights including:

• Right of access – referred to by Sanctuary as a DSAR (Data Subject Access Request), gives individuals the right to obtain a copy of their personal data from us, as well as other supplementary information.
• Right to rectification – to have inaccurate personal data rectified, or completed if it is incomplete. This right is not absolute and in certain circumstances we can refuse a rectification request.
• Right to erasure – the right to have their personal data erased. This right is not absolute and in certain circumstances we can refuse an erasure request.
• Right to restrict processing – to restrict the processing of their personal data. For example, Sanctuary could continue to store personal data but not use it. This right is not absolute and in certain circumstances we can refuse a request.
• Right to data portability – to obtain and reuse their personal data for their own purposes across different services. The right only applies to information an individual has provided to Sanctuary and where the lawful basis for processing is consent or performance of a contract. Paper records are excluded from this right.
• Right to object – the right to object to the processing of their personal data in certain circumstances. Individuals have an absolute right to stop their data being used for direct marketing. The right effectively allows individuals to stop or prevent organisations from processing their personal data, though is not absolute and in certain circumstances we do not have to comply.
• Rights related to automated decision making and profiling – restricts organisations from making solely automated decisions, by enabling individuals to request human intervention or challenge a decision that has been made.

Sanctuary is committed to protecting the rights of data subjects and ensuring compliance with all applicable data protection laws in the UK. The information we collect, and process will be used to administer your data subject rights request.

What information are we collecting?

To facilitate your request, we will collect and process the following information:

• Name
• Contact details, such as address, email address and telephone number
• Identification documentation
• Details of the scope of request
• Third party authority data (where applicable)

What is our lawful basis for using your information?

Under Article 6 of the UK GDPR, the lawful basis we rely on for processing this information is:

(c) Compliance with a legal obligation – using your information is necessary for us to comply with a legal obligation to which we are subject in accordance with UK data protection law.

Sharing your information

Members of Sanctuary Group

Sanctuary Group is made up of several related companies. We will share your information with other members of Sanctuary Group where necessary to facilitate your request.

For more information on which companies make up Sanctuary Group, please visit the Sanctuary website.

Regulators and other legal obligations

We may also be required to share your information with our regulators who are permitted access to this information by law and with other organisations where we have a legal obligation to share the information with them, for example if you raise a complaint with the Information Commissioners Office about the handling of your request.

Other organisations

We may share your information with other organisations where relevant in order to comply with your request of erasure, restriction, objection or rectification where we had previously shared that information with our partner organisations.

Storing your information and deleting it

We will not keep your personal data for longer than we need it or are required to by law.

Following completion of your request or any subsequent complaint to the Information Commissioners Office, the case file will be retained for one year before deletion.

Why are we collecting your information?

Sanctuary uses Video Surveillance Management Systems (commonly known as CCTV) to help reduce the fear or threat of crime, to protect customers, staff, our premises, fixtures, fittings, and property.

Video surveillance images will be used to: 

• assist in the prevention and detection of crime
• facilitate the identification, apprehension and prosecution of offenders in relation to crime; 
• ensure the security of the Group’s customers, employees, visitors and property; 
• facilitate appropriate door and site access;
• reduce incidences of vandalism and criminal damage; and
• enhance the feeling of security provided to customers, staff, and visitors.

What information are we collecting?

We collect and process video surveillance images. These images may reveal or enable the inference of special categories of data (also called sensitive personal data), such as any disability or health conditions, racial or ethnic origin as well as religious beliefs.

What is our lawful basis for using your information?

Under Article 6 of the UK GDPR, the lawful basis we rely on for processing this information is: 

(f) Our legitimate interests or that of a third party – for the purposes of prevention and detection of crime.

In accordance with Article 9 (UK GDPR) the condition we rely on for processing special categories of personal data is: 

(g) Reasons of substantial public interest.

Our basis in Law is Section 10 of Schedule 1, of the Data Protection Act 2018 as the processing is necessary for the purposes of the prevention or detection of an unlawful act.

Sharing your information

Members of Sanctuary Group 

Sanctuary Group is made up of several related companies. We will share your information with other members of Sanctuary Group where necessary to meet the purposes outlined in this statement.

For more information on which companies make up Sanctuary Group, please visit the Sanctuary website.

Regulators and other legal obligations 

We may also be required to share your information with our regulators who are permitted access to this information by law and with other organisations where we have a legal obligation to share the information with them.

Other organisations

We may from time to time share your information with other organisations, such as:

• insurance companies or solicitors, in connection with any claims where evidence of video surveillance footage is required.

Data processors and transfers

To facilitate this process, information is shared with the following categories of data processors who process information on Sanctuary’s behalf:

• security companies that are responsible for on-site security (where applicable).

Storing your information and deleting it

We will not keep your personal data for longer than we need it or are required to by law.

We retain video surveillance footage for 28 days at which point the information is automatically deleted.

Why are we collecting your information?

To enable residents and the public to raise enquiries and/or seek information about our services.

If your enquiry relates to a service failure, the information that you provide will also be used for the purpose of improving our products and services.

What information are we collecting?

The information that we collect about you will include your name and contact details, and any other information which you provide to us via email, social media message, telephone, live chat or by completing an enquiry form from our website. 

What is our lawful basis for using your information?

Under Article 6 of the UK GDPR, the lawful basis we rely on for processing this information is:

(f) Our legitimate interests or that of a third party in enabling residents and the public to engage with Sanctuary on the services available, seek information and or support.

Sharing your information

Members of Sanctuary Group

Sanctuary Group is made up of several related companies. We will share your information with other members of Sanctuary Group where necessary to answer or resolve your query.

For more information on which companies make up Sanctuary Group, please visit the Sanctuary website.

Contractors and sub-contractors

It may be necessary to share information about you, with our contractors and sub-contractors to resolve your enquiry. Our contractors and sub-contractors are contractually required to ensure that they adhere to the security requirements imposed by the Data Protection Act 2018 and the UK GDPR.

Our contractors and sub-contractors will not share your information with any other parties and will only be able to use the information when completing work on behalf of us.

Regulators and other legal obligations

We may also be required to share your information with our regulators who are permitted access to this information by law and with other organisations where we have a legal obligation to share the information with them.

Data processors and Transfers

To facilitate enquires through our website and social media channels the following categories of data processors process information on Sanctuary’s behalf:

• Website hosting partner
• Social media management providers

One of our social media management providers, Hootsuite, uses sub-processors who may process and store information in the United States of America or other countries. Where this happens, Hootsuite has standard contractual clauses in place to ensure any information transferred has adequate protections in place and is compliant with data protection laws.

For further information about what international data transfers occur at Hootsuite please view Hootsuite's Privacy Policy.

Storing your information and deleting it

Following resolution of your enquiry, your information will be retained as outlined below:

• Web forms submitted via our websites are retained for 30 days.
• Social media private messages are retained for two weeks.
• Emails are retained for a minimum of one year and are automatically deleted after three years.
• Telephone recordings are retained for 30 days. Please note not all telephone calls are recorded.
• Live chat logs are retained for 6 months.

Why are we collecting your information?

The information that you provide to us when entering a contract and during your residency is required by Sanctuary to provide you with appropriate support and care as well as our basic services under your contractual agreement. 

We ask for information about you so that we can make sure we offer you the best care, protection and support. If you refuse to provide certain information when requested, we may not be able to offer you a placement or sustain your placement at one of our homes as we require certain information in order to comply with our legal obligations, perform our contract for the provision of services to you and to ensure your health and safety and that of those around you. 

Your care record will contain detailed information about your health and well-being including illnesses, medical appointments and treatments. This information is critical to ensure that on your admission your needs are assessed and set out in your care record, and so that we can:

• Adjust your care plan as and when your needs change.
• Provide and manage your account with us.
• Provide you with kind care that is person-centred and appropriately tailored to your needs as well as to improve the services we provide.

Our care homes offer optional social media groups and chats through WhatsApp and Facebook to provide added value to the service we provide. Relatives of residents can join these groups on a voluntary basis to receive updates about resident activity. 

To support independent living, we facilitate personal allowances and process individual payments on your behalf for small purchases (for example if you use a hairdresser).

In select care homes we offer voluntary location-tracking devices that can be used for the following purposes:

• To enhance the level of care and support for vulnerable residents.
• Or to support independent living. In certain circumstances, residents can independently leave our care home premises by wearing the devices with predetermined “safe zones.” 

What information are we collecting?

We collect and process the following information: 

• Name
• Contact details
• Photos
• NHS number
• Identification documentation
• Financial data
• Next of kin and family information including contact details
• Location data through tracking device (if applicable)
• Information created about you in the course of your stay with us (for example, data recorded within your care records and care planning, such as observations and interactions)

To provide our services, we will routinely collect and process information about your health, this is special category data (often referred to as 'sensitive personal data'). 

We may collect further special category data as part of your care plan and life history. This information is provided by you on a discretionary basis and could include for example:

• Political opinions; 
• Religious or philosophical beliefs; 
• Trade union membership; 
• Sexual preferences; 
• Racial or ethnic origin; 

If you don’t provide the information listed above, we may not be able to enter into a contract with you or provide you with the full range of services on offer which will limit the support we can give.

Some of the information we collect is provided by a third party where they are legally entitled to share this data with us, including:

• Friends/relatives/authorised representatives or others prior to, during or after your stay with us.
• External healthcare providers such as the NHS, your GP, hospital staff, dentists etc. and multi-disciplinary teams.
• Safeguarding authorities / commissioning bodies and Integrated Care Boards / social services / other regulators (and in some circumstances, their professional advisors or authorised representatives).
• The Police and other law enforcement agencies (for example, the Home Office), the courts, the Office of the Public Guardian and coroners.
• Attorneys, deputies or others who are acting in your best interests.
• Auditors or professional advisors (including solicitors and insurers). 
• Other entities/persons which fall outside of this list which is made known to us in relation to your residency

Because circumstances are variable and change with time there may in some instances be situations outside the list above and we regularly review our privacy statements to assess whether any updates are required.

What is our lawful basis for using your information?

Under Article 6 of the UK GDPR, the lawful bases we rely on for processing this information are: 

(a) Consent (for location tracking devices, if applicable).

(b )Performance of a contract.

(c) Our processing is necessary for compliance with a legal obligation to which we are subject to.

(f) Our legitimate interests or that of a third party – enabling us to tailor the care and support provided to residents to meet their needs.

In accordance with Article 9 (UK GDPR) the conditions we rely on for processing special categories of personal data are:

(a) Explicit Consent 

(h) Health or social care. 

Our basis in Law is Section 2 of Schedule 1, of the Data Protection Act 2018 as the processing is necessary for health or social care purposes.

Sharing your information

Members of Sanctuary Group

Sanctuary Group is made up of several related companies. We will share your information with other members of Sanctuary Group where necessary to best provide the services to you.

For more information on which companies make up Sanctuary Group, please visit the Sanctuary website.

Contractors and sub-contractors

It may be necessary to share information about you with our contractors and sub-contractors to fulfil our contractual obligations. This may include sharing information via third party technology or systems for example sharing data with your GP/Pharmacy via a third-party system. Our contractors and sub-contractors are contractually required to ensure that they adhere to the security requirements imposed by the UK GDPR and DPA 2018.

Our contractors and sub-contractors will not share your information with any other parties and will only be able to use the information when completing work on behalf of us.

Regulators and other legal obligations 

We may also be required to share your information with our regulators who are permitted access to this information by law and with other organisations where we have a legal obligation to share the information with them.

Other organisations

We may from time to time share your information with other organisations, such as:

• External auditors;
• Pharmacies to obtain required medication;
• Local authorities, the NHS and health care professionals and other agencies and organisations for the purpose of providing appropriate care and support services;
• Coroner, the police or local safeguarding teams and the Office of the Public Guardian for the purpose of investigations;
• TV Licencing so they can provide services to you and contact you in respect of related charges;
• Electoral Register so they can provide services to you and contact you in respect of voting rights;
• Digital and/or media providers (e.g. satellite television) so they can provide services to you and contact you in respect of related charges; 
• Organisations with a function of auditing and/or administering public funds for the purpose of detection and prevention of fraud; and
• Wellbeing and activities digital provider to facilitate tailored immersive and rewarding wellbeing activities to be undertaken within a home setting.

Data processors and Transfers

To facilitate the delivery of services to you, we may share information with our system and software providers for the purpose of technical IT support and trouble shooting. 

One of our digital care management platforms, uses a sub-processor who may process and store information in the United States of America. Where this happens, standard contractual clauses are in place to ensure any information transferred has adequate protections in place and is compliant with data protection laws.

For further information on the safeguards implemented, please email dataprotection@sanctuary.co.uk.

Storing your information and deleting it

We will not keep your personal data for longer than we need it or are required to by law.

Following the end of your residency with us, we will keep financial information for seven years and information relating to your care plan for 10 years.

Why are we collecting your information?

The information that you provide to us is required for us to send you marketing communications about Sanctuary and the services we provide. For example, this could be printed newsletters, leaflets, brochures and/or emails, ebulletins, remarketing through social media platforms or by contacting you by telephone.

We will also use your information to improve the marketing materials you receive from us.

You can unsubscribe from our marketing communications at any time, and we will delete your details from our database.

What information are we collecting?

To enable us to provide you with marketing communications, we need the following information:

• Name
• Contact details, including address, and telephone number
• Email address
• Cookie data – where applicable, for further information please see our Cookie Policy

What is our lawful basis for using your information?

Under Article 6 of the UK GDPR, the lawful basis we rely on for processing this information is:

(a) You have given your consent. You can remove your consent at any time. You can do this by contacting Careprandsupport@sanctuary.co.uk

Sharing your information

Members of Sanctuary Group 

Sanctuary Group is made up of several related companies. We will share your information with other members of Sanctuary Group where necessary to best provide the services to you.

For more information on which companies make up Sanctuary Group, please visit the Sanctuary website.

Regulators and other legal obligations 

We may also be required to share your information with our regulators who are permitted access to this information by law and with other organisations where we have a legal obligation to share the information with them.

Other organisations

With your consent, we may also share your email address with review sites to enable you to leave a review of our care homes and services.

Data processors and Transfers

To facilitate our marketing activities, information is shared with the following categories of data processors who process information on Sanctuary’s behalf:

• to create and deliver tailored online advertising

We use a third-party processor, Campaign Monitor, for some of our email campaigns and we transfer your information to Campaign Monitor for the purpose of sending e-marketing and communication emails to you. Campaign Monitor is a global business that is headquartered in Australia and uses data centres located in the United States of America, so this processing of your personal data may involve a transfer of data outside the UK.

Whenever we transfer your personal data outside of the European Economic Area in this way, we ensure a similar degree of protection is afforded to it by ensuring that we use specific contractual clauses which give personal data the same protection it has in UK.

For further information on the safeguards implemented, please email dataprotection@sanctuary.co.uk.

Storing your information and deleting it                      

We will not keep your personal data for longer than we need it or are required to by law. 

We will store the personal data which you provide to us for as long as you continue to provide consent. We will send you marketing information for up to 6 months from your initial enquiry or until you advise us that you wish to withdraw your consent. 

We keep records of our email campaigns for three years from the date conducted.

Why are we collecting your information?

Completing a work experience placement with Sanctuary Care is very rewarding and will help boost your confidence whilst you gain important life skills. It is an unpaid opportunity which will give you the chance to get an overview of working in a care home.

A work experience placement is usually completed during the holidays or as part of an educational course. For example, Health and Social Care students are required to attend a placement in a real work environment to support their learning (usually between 100 and 200 hours in total). Importantly, work experience gives people who are undecided about a career choice an opportunity to experience what that job could be like, helping them to make an informed decision.

The information that you provide to us will be used to process your application and to provide you with a work experience placement.

We may also receive personal information indirectly, from the Disclosure and Barring Service (DBS), Disclosure Scotland as well as charities and other organisations that help people into work, if applicable. 

What information are we collecting?

To process your application and provide you with a work experience placement we collect and process the following information:

• Name
• Address
• Contact details, such as telephone number and email address
• Date of birth
• Gender
• Course, level of study and academic institute (if applicable)
• The work experience opportunities you are interested in
• The times you are able to attend your placement, how far you are willing to travel as well as the specific dates and times
• You are also able to provide any other information that you feel may be useful in relation to your placement (this is not mandatory, and any information provided is discretional)
• Feedback of your placement experience

Where applicable we collect work eligibility data to ensure compliance with legal and regulatory requirements. This information allows us to verify individuals’ suitability for specific roles, maintain a safe working environment, and meet industry standards. This includes the following information: 

• Supporting documentation and information for DBS checks
• Role-specific qualifications and registrations

We also collect information relating to your health which is a special category of personal data (also called sensitive personal data). You need to be aware that we will use this information to ensure we deliver services in an appropriate manner. By providing us with this information, you consent to our use of this information for this purpose.

What is our lawful basis for using your information?

Under Article 6 of the UK GDPR, the lawful bases we rely on for processing this information are:

(a) You have given your consent. You can remove your consent at any time. You can do this by contacting care.workexperience@sanctuary.co.uk.

(c) Compliance with a legal obligation

(f) Our legitimate interests or that of a third party – to enable Sanctuary to offer and individuals to undertake appropriate work experience placements.

In accordance with Article 9 (UK GDPR) the condition we rely on for processing special categories of personal data is:

(g) Explicit consent. You can remove your consent at any time. You can do this by contacting care.workexperience@sanctuary.co.uk

Sharing your information

Members of Sanctuary Group

Sanctuary Group is made up of several related companies. We will share your information with other members of Sanctuary Group where necessary to best provide the services to you.

For more information on which companies make up Sanctuary Group, please visit the Sanctuary website.

Regulators and other legal obligations

We may also be required to share your information with our regulators who are permitted access to this information by law and with other organisations where we have a legal obligation to share the information with them.

Other organisations

Where applicable we will share information with the Disclosure and Barring Service and/or Disclosure Scotland to facilitate appropriate checks and suitability for placements.

Data processors and Transfers

To facilitate the delivery of services to you, information is shared with the following categories of data processors who process information on Sanctuary’s behalf:

• DBS check facilitation service

Storing your information and deleting it

We will not keep your personal data for longer than we need it or are required to by law.

We keep the information relating to your application and work experience placement for six years following completion of your placement.

For unsuccessful applications, we retain this information for up to 12 months.

Why are we collecting your information?

Completing a volunteer placement with Sanctuary Care is very rewarding and will help boost your confidence whilst you gain important life skills. It is an unpaid opportunity which will give you the chance to get an overview of working in a care home.

Volunteering is usually undertaken over a longer period and gives you the opportunity to share your skills and hobbies with our care home residents. For example, you may be a keen crafter and be able to lend your skills to a regular workshop or activity session for our residents. Giving your time freely in this way is very special and our volunteers tell us how empowered they feel making a real difference to our residents' lives.

The information that you provide to us will be used to process your application and provide you with opportunities to volunteer aligned to your interests, skills and availability.

We may also receive personal information indirectly, from the Disclosure and Barring Service (DBS), Disclosure Scotland, reference providers, as well as charities and other organisations that help people into work, if applicable.

What information are we collecting?

To process your application and provide you volunteering opportunities we collect and process the following information:

• Name
• Address
• Contact details, such as telephone number and email address
• Date of birth
• Gender
• Nationality
• The volunteering opportunities you are interested in
• The times you are able to volunteer, how far you are willing to travel as well as the specific dates and times you do volunteer
• You are also able to provide any other information that you feel may be useful in relation to you volunteering (this is not mandatory, and any information provided is discretional). 

Where applicable we collect work eligibility data to ensure compliance with legal and regulatory requirements. This information allows us to verify individuals' suitability for specific roles, maintain a safe working environment, and meet industry standards. This includes the following information: 

• Supporting documentation and information for DBS checks 
• Role-specific qualifications and registrations

We also collect information relating to your health which is a special category of personal data (also called sensitive personal data). You need to be aware that we will use this information to ensure we deliver services in an appropriate manner. By providing us with this information, you consent to our use of this information for this purpose.

What is our lawful basis for using your information?

Under Article 6 of the UK GDPR, the lawful basie we rely on for processing this information are: 

(a) You have given your consent. You can remove your consent at any time. You can do this by contacting mailto:care.volunteer@sanctuary.co.uk.

(c) Compliance with a legal obligation

(f) Our legitimate interests or that of a third party – to enable Sanctuary to offer and individuals to undertake appropriate volunteering opportunities.

In accordance with Article 9 (UK GDPR) the condition we rely on for processing special categories of personal data is: 

(a) Explicit consent. You can remove your consent at any time. You can do this by contacting care.volunteer@sanctuary.co.uk

Sharing your information

Members of Sanctuary Group

Sanctuary Group is made up of several related companies. We will share your information with other members of Sanctuary Group where necessary to best provide the services to you.

For more information on which companies make up Sanctuary Group, please visit the Sanctuary website.

Regulators and other legal obligations

We may also be required to share your information with our regulators who are permitted access to this information by law and with other organisations where we have a legal obligation to share the information with them.

Other organisations

Where applicable we will share information with the Disclosure and Barring Service and/or Disclosure Scotland to facilitate appropriate checks and suitability for placements.

Data processors and Transfers

To facilitate the delivery of services to you, information is shared with the following categories of data processors who process information on Sanctuary’s behalf:

• DBS check facilitation service
• Online referencing service

Storing your information and deleting it

We will not keep your personal data for longer than we need it or are required to by law.

We keep the information relating to your application and volunteering placement for six years following completion of your placement.

For unsuccessful applications, we retain this information for up to 12 months.

Why are we collecting your information?

When visiting our premises we collect and process your information for site security, safety and fire evacuation purposes, as well as to ensure you are identifiable.

What information are we collecting?

Most of the personal information we process is provided to us directly by you when completing our signing-in and signing-out sheet.

We collect and process the following information: 

• Name
• Contact details (if applicable)
• Vehicle registration number (if applicable)
• Site location

In relation to visitors to our Worcester head office site, we also take a photograph of you which is printed as part of your visitor pass which is required to be worn while on site for security purposes to ensure you are identifiable.

What is our lawful basis for using your information?

Under Article 6 of the UK GDPR, the lawful bases we rely on for processing this information are:

(c) Compliance with a legal obligation - using your information is necessary for us to comply with a legal obligation to which we are subject in accordance with the Health and Safety Act 1974.

(f) Our legitimate interests or that of a third party – for the purposes of security.

Sharing your information

Members of Sanctuary Group 

Sanctuary Group is made up of several related companies. We will share your information with other members of Sanctuary Group where necessary to best facilitate this process.

For more information on which companies make up Sanctuary Group, please visit the Sanctuary website.

Regulators and other legal obligations 

We may also be required to share your information with our regulators who are permitted access to this information by law and with other organisations where we have a legal obligation to share the information with them.

Data processors and Transfers

To facilitate this process, information is shared with the following categories of data processors who process information on Sanctuary’s behalf:

• System providers for technical IT support (to enable the creation of ID badges and provide fob access – if applicable).
• security companies that are responsible for on-site security (where applicable).

Storing your information and deleting it

We will not keep your personal data for longer than we need it or are required to by law.

Information captured via our Visitor Management System at our Worcester Head Office, is retained for one week from the date of visiting the premises.

We will keep the information that is provided to us in our signing in and out sheets for 6 years from the date of visiting the premises