Privacy Policy

Last updated: 9 September 2025

This Privacy Policy explains how Care Leaders Consultancy Ltd (“we”, “us”, “our”) collects and uses your personal information when you visit www.careleadersconsultancy.co.uk (the “Site”), contact us, download resources, book a consultation or otherwise interact with us.

We are committed to lawful, fair and transparent processing under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Who we are (the controller)

Care Leaders Consultancy Ltd
Company number: 16675181
Registered office / postal address: [insert address]
Website: www.careleadersconsultancy.co.uk
Email for privacy matters: [insert: privacy@careleadersconsultancy.co.uk]

Unless otherwise stated in this notice, we act as the data controller for information collected through the Site and our marketing/relationship management activities.

In some consultancy engagements we may also act as a data processor for our provider clients (e.g., when we handle information on their behalf under contract). In those cases, our client is the data controller and our processing is governed by a written data processing agreement.

2. What information we collect

We collect and process the following categories:

  • Identification & contact details: name, job title, organisation, email address, phone number, postal address.

  • Communications: messages you send via contact forms, email, or meeting notes related to an enquiry or project.

  • Booking information: chosen appointment type, date/time, and availability preferences (if you use our scheduling tool).

  • Newsletter & downloads: your email and preferences when you subscribe or request gated resources.

  • Website & technical data: IP address, device/browser type, pages visited, referring URLs, and cookie identifiers (see Cookies section).

  • Billing & contract data (clients only): service agreements, purchase orders, invoices, payment records.

  • Recruitment (if you apply to work with us): CV/resume, cover letter, interview notes and right‑to‑work checks.

  • Special category data: We do not seek to collect special category information (e.g., health data) through the Site. Please do not include identifiable details about people who draw on care in web forms or emails. If such data is required for a consultancy engagement, we will provide a secure channel and appropriate legal basis.

3. How we collect your information

  • Directly from you: when you submit a form, book a consultation, subscribe, email or phone us, or become a client.

  • Automatically: via cookies and similar technologies on the Site (analytics, performance and preference cookies).

  • From third parties: scheduling/meeting tools, email marketing providers, public sources (e.g., Companies House), or your organisation (when we deliver services to you or your employer).

4. Why we use your information (purposes & legal bases)

We process personal information for the purposes below using one or more lawful bases under UK GDPR:

PurposeExamplesLegal basisRespond to enquiries & provide quotationsContact forms, email correspondenceLegitimate interests (running our business, responding to requests) or pre‑contract stepsDeliver consultancy & supportProject delivery, meetings, reportingContract (to perform a contract with you/your organisation)Scheduling & callsBooking confirmation, remindersLegitimate interests; Contract where booked as part of a serviceSend resources & newslettersGated downloads, emails with insightsConsent (you can withdraw at any time)Improve the Site & contentUsage analytics, troubleshootingLegitimate interests (understanding site usage)Keep proper records & comply with the lawInvoicing, tax, regulatory correspondenceLegal obligation (e.g., HMRC record keeping)Protect our rights & prevent misuseSecurity monitoring, fraud preventionLegitimate interests

Where we rely on consent, you can withdraw it at any time (e.g., using the unsubscribe link in emails or by contacting us).

5. Cookies and similar technologies

We use cookies to make the Site work, understand performance and (optionally) improve our marketing. On first visit you’ll see a cookie banner where you can accept all or manage preferences.

Types we use:

  • Strictly necessary (essential): required for core site functions (set by our website platform).

  • Analytics/performance: to understand page views, time on page, traffic sources (e.g., Google Analytics 4).

  • Functionality: to remember your choices (e.g., language, cookie preferences).

  • Advertising/retargeting: not used by default; if we enable them later, they will be off unless you consent.

You can change your settings at any time via the Cookie Settings link in the footer of the Site and through your browser controls. For details, see our separate Cookie Policy.

6. Who we share information with

We share personal information only when necessary, with:

  • Service providers (processors): website hosting and CMS (Squarespace), scheduling (e.g., Squarespace Scheduling/Acuity or Calendly), email and newsletter tools (e.g., Squarespace Email Campaigns or Mailchimp), analytics (e.g., Google), secure file storage, and IT/security support. These providers are bound by contracts and only process data on our instructions.

  • Professional advisers & authorities: insurers, lawyers, accountants, HMRC, regulators, or law enforcement where required.

  • Your organisation: when we deliver services to you on behalf of your employer or commissioning body.

  • Business transfers: if we restructure or sell part of our business, data may transfer under appropriate safeguards.

We do not sell your personal information.

7. International transfers

Some providers may process data outside the UK (for example, in the EEA or the United States). Where this occurs, we use legally recognised safeguards such as:

  • Adequacy regulations (including the UK–US Data Bridge, where applicable), and/or

  • Standard Contractual Clauses plus the UK International Data Transfer Addendum (IDTA).

You can contact us for details of specific safeguards for your data.

8. How we keep your information secure

We use appropriate technical and organisational measures, including encryption in transit (HTTPS), role‑based access, strong authentication, least‑privilege access for staff and contractors, secure configuration of our SaaS tools, and staff confidentiality obligations. While no method is 100% secure, we actively manage risk and choose reputable providers.

9. How long we keep information (retention)

We keep information only as long as necessary for the purposes set out above, then delete or anonymise it.

Typical periods:

  • Enquiry data: up to 24 months after our last interaction.

  • Client/project files & contracts: generally 7 years after the end of the financial year for tax/accounting.

  • Newsletter subscribers: until you unsubscribe or your address bounces.

  • Recruitment: up to 6 months from the decision date (unless you ask us to keep your CV on file longer).

  • Cookies: per their individual lifetimes (see Cookie Policy).

If a legal claim or obligation requires us to keep information longer, we will do so only for that purpose.

10. Your rights

You have the following rights under UK data protection law:

  • Access to your personal data and a copy of it.

  • Rectification of inaccurate or incomplete data.

  • Erasure in certain circumstances (“right to be forgotten”).

  • Restriction of processing in certain circumstances.

  • Data portability for data you provided to us with consent or under contract.

  • Object to processing based on our legitimate interests or for direct marketing.

  • Withdraw consent at any time where we rely on consent.

  • Complain to the Information Commissioner’s Office (ICO).

To exercise any right, contact us using the details in Section 1. We may ask for proof of identity to protect your data.

11. How to complain

We’d appreciate the chance to resolve your concerns first—please contact us at [insert privacy email].

You can also complain to the UK Information Commissioner’s Office (ICO):
www.ico.org.uk • Tel: 0303 123 1113 •
Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

12. Children

Our Site and services are directed to professionals and organisations in adult social care. We do not knowingly collect data from children under 16.

13. Links to other websites

Our Site may link to third‑party websites. Those sites have their own privacy notices and we are not responsible for their content or practices.

14. Changes to this notice

We may update this Privacy Policy from time to time. The latest version will always be posted on this page with the effective date. If changes are material, we will take reasonable steps to inform you.

15. Sector‑specific note for care providers

Please do not include identifiable information about people who draw on care (service users) in website forms or unencrypted emails. If such information is required for a consultancy project, we will agree a secure method and the appropriate controller/processor roles and legal bases with you in writing.

Contact

For any questions about this notice or your data, please contact:
Care Leaders Consultancy Ltd[insert address][insert privacy email]

  • ICO registration number: We are registered with the ICO under number [insert number].

  • Marketing to business contacts: We may send relevant B2B emails to existing or prospective clients under legitimate interests. You can object at any time by clicking unsubscribe or contacting us.