Privacy Policy

Last updated: May 2026

Care4Us Healthcare (“we”, “us”, “our”) is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, store, share and protect your personal information when you visit our website (care4ushealthcare.co.uk), enquire about our services, or engage with us as a service user, family member, employee or applicant.

This policy is issued in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Who We Are (Data Controller)

For the purposes of UK data protection law, the data controller is:

Care4Us Healthcare
Sulaw House, Suite 9
Chapel Street
Prestwich
Manchester M25 1AE

Email: info@care4ushealthcare.co.uk
Telephone: 07830 396555 / 07830 510265

If you have any questions about this policy or how we handle your information, please contact us using the details above.

2. Information We Collect

We may collect and process the following categories of personal data:

  • Identity data – name, title, date of birth, gender.
  • Contact data – postal address, email address, telephone numbers.
  • Health and care data (special category data) – information about your health, care needs, medical history, medication, GP details and other information relevant to your care, where you engage us for care or healthcare services.
  • Next of kin and emergency contact details.
  • Employment data – where you apply to work with us, including CV, references, right-to-work documents and DBS information.
  • Technical data – IP address, browser type and version, device information, operating system and time zone settings.
  • Usage data – information about how you use our website, including pages visited and interactions.
  • Marketing and communications data – your preferences for receiving communications from us.
  • Correspondence – messages you send us via contact forms, email or telephone.

3. How We Collect Your Information

  • Directly from you – when you contact us, enquire about services, register an account, complete a form, apply for a job or engage our services.
  • Automatically – through cookies and similar technologies when you visit our website (see Section 10).
  • From third parties – such as healthcare professionals, local authorities, family members, carers or referrers, where applicable and with appropriate authority.

4. Lawful Basis for Processing

Under UK GDPR we must have a lawful basis for processing your personal data. We rely on the following:

  • Consent – where you have given us clear consent to process your data for a specific purpose (for example, marketing emails).
  • Contract – where processing is necessary to perform a contract with you, such as delivering agreed care services.
  • Legal obligation – where we must process your data to comply with the law (for example, safeguarding duties, Care Quality Commission requirements, employment, tax and health and safety law).
  • Vital interests – where processing is necessary to protect someone’s life.
  • Legitimate interests – where processing is necessary for our legitimate business interests and is not overridden by your rights and freedoms.

For special category data (such as health information), we additionally rely on one or more of the following under Article 9 UK GDPR:

  • Your explicit consent;
  • Processing necessary for the provision of health or social care or treatment (Article 9(2)(h));
  • Processing necessary in the substantial public interest, where applicable;
  • Processing necessary to protect your vital interests where you are physically or legally incapable of giving consent.

5. How We Use Your Information

We use your personal data to:

  • Provide, manage and improve our care and healthcare services;
  • Respond to enquiries and communicate with you;
  • Maintain accurate care records and care plans;
  • Coordinate care with other healthcare professionals where appropriate;
  • Comply with legal, regulatory and contractual obligations (including CQC requirements);
  • Manage recruitment, employment and training of staff;
  • Improve our website, services and customer experience;
  • Send service updates and, where you have consented, marketing communications;
  • Protect the safety of service users, staff and others.

6. Sharing Your Information

We may share your personal data with:

  • Our staff, contractors and authorised personnel who need it to deliver services;
  • Healthcare professionals (such as GPs, hospitals, district nurses) where necessary for your care;
  • Local authorities, social services and safeguarding bodies where required by law or in the interests of your safety;
  • Regulators such as the Care Quality Commission (CQC);
  • Service providers who process data on our behalf (for example IT, hosting, payroll, analytics);
  • Professional advisers including lawyers, accountants and insurers;
  • Law enforcement or government bodies where legally required.

All third parties who process data on our behalf are required to respect the security of your data and treat it in accordance with the law. We do not sell your personal data to anyone.

7. International Transfers

Some of our service providers (for example Google and Microsoft) may process data outside the United Kingdom. Where this happens, we ensure that appropriate safeguards are in place, such as:

  • Transfers to countries covered by UK adequacy regulations;
  • Use of the UK International Data Transfer Agreement (IDTA) or the EU Standard Contractual Clauses with the UK Addendum;
  • Additional technical and organisational safeguards where required.

8. Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, including any legal, accounting or reporting requirements. In particular:

  • Health and care records are retained in line with the NHS Records Management Code of Practice – generally 8 years after the date of last contact for adult records, and until age 25 for children’s records (or 26 if the young person was 17 at the conclusion of treatment).
  • Recruitment records for unsuccessful applicants are kept for up to 12 months.
  • Employee records are kept for the duration of employment and for 6 years after the end of employment.
  • Financial records are kept for at least 6 years to meet HMRC requirements.
  • Website enquiry data is generally kept for up to 2 years unless a longer retention is justified.

When data is no longer needed it is securely deleted or anonymised.

9. Your Rights Under UK GDPR

You have the following rights in relation to your personal data:

  • Right of access – request a copy of the personal data we hold about you;
  • Right to rectification – ask us to correct inaccurate or incomplete data;
  • Right to erasure (“right to be forgotten”) – ask us to delete your data in certain circumstances;
  • Right to restrict processing – ask us to limit how we use your data;
  • Right to data portability – receive your data in a structured, commonly-used, machine-readable format;
  • Right to object – object to processing based on legitimate interests or to direct marketing;
  • Right to withdraw consent – where we rely on consent, you can withdraw it at any time;
  • Rights related to automated decision-making and profiling – we do not currently use automated decision-making that produces legal or similarly significant effects.

To exercise any of these rights, please contact us using the details in Section 1. We will respond within one calendar month. There is normally no fee, although we may charge a reasonable fee or refuse requests that are manifestly unfounded or excessive.

10. Cookies and Tracking Technologies

A cookie is a small text file that is stored on your device when you visit a website. We use cookies to:

  • Ensure the website functions correctly;
  • Analyse how visitors use our website so we can improve it;
  • Understand user behaviour through session replays and heatmaps.

You can control non-essential cookies through our cookie banner when you first visit the site, or at any time through your browser settings.

Google Analytics 4 (GA4)

We use Google Analytics 4 to understand how visitors interact with our website. GA4 sets the following cookies:

CookiePurposeDuration
_gaUsed to distinguish unique users by assigning a randomly generated identifier.2 years
_ga_<container-id>Used by Google Analytics 4 to persist session state.2 years
_gidUsed to distinguish users (legacy / Universal Analytics, may still be present).24 hours
_gatUsed to throttle request rate to Google Analytics.1 minute

Microsoft Clarity

We use Microsoft Clarity to capture how visitors use and interact with our website through behavioural metrics, heatmaps and session replays. This helps us improve our site and services. Clarity does not knowingly collect any information from users that would qualify as “sensitive personal information”. For more information see Microsoft’s privacy statement at https://privacy.microsoft.com.

CookiePurposeDuration
_clckPersists the Clarity User ID and preferences for the same user.1 year
_clskConnects multiple page views by a user into a single Clarity session recording.1 day
CLIDIdentifies the first time Clarity saw this user on any site using Clarity.1 year
ANONCHKIndicates whether MUID is transferred to ANID, a cookie used for advertising. Clarity doesn’t use ANID so this is always set to 0.10 minutes
MRIndicates whether to refresh MUID.7 days
MUIDIdentifies unique web browsers visiting Microsoft sites. Used for advertising, site analytics and other operational purposes.1 year
SMUsed in synchronising the MUID across Microsoft domains.Session

Managing Cookies

Most web browsers allow you to control cookies through the browser settings. To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit www.aboutcookies.org or www.allaboutcookies.org.

You can opt out of Google Analytics across all websites by installing the Google Analytics opt-out browser add-on at https://tools.google.com/dlpage/gaoptout.

To opt out of Microsoft Clarity, you can use your browser’s “Do Not Track” setting, which Clarity respects.

11. Data Security

We have implemented appropriate technical and organisational measures to protect your personal data, including:

  • Secure servers and encrypted connections (SSL/TLS);
  • Access controls so only authorised personnel can access personal data;
  • Confidentiality agreements with staff, volunteers and contractors;
  • Regular staff training on data protection and information governance;
  • Routine review of our security practices and policies.

While we take all reasonable precautions, no method of transmission over the internet or method of electronic storage is 100% secure.

12. Children’s Privacy

Our website is not directed at children under the age of 13 and we do not knowingly collect personal data from children via the website. Where we provide care services to children, we collect and process their data in accordance with this policy and with appropriate parental or guardian consent. If you believe we have inadvertently collected information from a child, please contact us so that we can delete it.

13. Third-Party Links

Our website may contain links to third-party websites, plug-ins and applications. Clicking on those links may allow third parties to collect or share data about you. We do not control these third-party sites and are not responsible for their privacy practices. We encourage you to read the privacy policy of every website you visit.

14. Business Transfers

If Care4Us Healthcare, or substantially all of its assets, were acquired, or in the unlikely event that we cease trading or enter insolvency, user information may be one of the assets transferred or acquired by a third party. Any acquirer would be required to honour the commitments set out in this Privacy Policy.

15. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. The “last updated” date at the top of this page will indicate when changes were made. Significant changes will be brought to your attention where appropriate. We encourage you to review this page periodically.

16. How to Complain

If you have a concern about how we handle your personal data, please contact us first using the details in Section 1 and we will do our best to resolve it.

You also have the right to lodge a complaint with the UK’s supervisory authority for data protection:

Information Commissioner’s Office (ICO)
Wycliffe House, Water Lane
Wilmslow, Cheshire SK9 5AF
Helpline: 0303 123 1113
Website: https://ico.org.uk