Tabitha Care Group
This Privacy Policy explains how Tabitha Care Group collects, uses, stores, and protects personal data provided to us through our website, correspondence, or engagement with our services. We recognise that your privacy is important and are committed to handling your personal data lawfully, fairly, transparently, and securely in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
Your Right Under Data Protection Law
Under the UK GDPR, you have the right to be informed about:
- What personal data we collect and how it is used
- The purposes and legal basis for processing your data
- How long your data will be retained
- Who your data is shared with, including any international transfers and safeguards in place
- Your right to withdraw consent where consent is the legal basis
- Our legitimate interests where this is the legal basis for processing
- Any data obtained from third-party sources
- Your right to lodge a complaint with the Information Commissioner’s Office (ICO)
- The existence of any automated decision-making or profiling, where applicable
All information we provide will be concise, transparent, and written in clear, plain language. You may contact us at any time with questions about this policy or our data protection practices without affecting your right to complain to the ICO.
We will inform you of any significant changes to this Privacy Policy and will always seek consent if we intend to use your data for a new purpose.
Information We Collect
We may collect and process the following personal data:
- Full name
- Preferred title
- Job title
- Date of birth
- Postal address
- Email address
- IP address
This information is usually provided when you contact us, subscribe to updates, request information, or engage with our services. We retain personal data only for as long as necessary and in line with our retention schedules. You may request removal of your data at any time, subject to legal requirements.
Why We Collect Your Information
We use personal data to:
- Provide and manage our services
- Administer invoices and financial records
- Share relevant service updates, events, and communications
- Invite participation in surveys or feedback activities
Legal Basis for Processing
Under UK GDPR, we rely on one or more of the following lawful bases:
- Consent
- Contractual necessity
- Legal obligation
- Legitimate interests
- Vital interests
- Public task
Legitimate Interests
Where processing is based on legitimate interests, Tabitha Care Group has conducted a Legitimate Interests Assessment (LIA). We ensure that processing is necessary, proportionate, and balanced against your rights and freedoms. We will not process data in ways that are intrusive or harmful and apply appropriate safeguards at all times. Where children’s data is involved, additional protections are implemented.
Applying the Data Protection Principles
Tabitha Care Group is committed to ensuring that:
- Personal data is collected for clear, lawful, and specific purposes
- Data is adequate, relevant, and limited to what is necessary
- Information is accurate and kept up to date
- Data is retained only for as long as required
- Appropriate technical and organisational security measures are in place to protect against unauthorised access, loss, or damage
Data Protection by Design and Default
We embed data protection into all aspects of our operations. Safeguards are built into systems, processes, and services from the outset. Staff receive GDPR training, and we ensure that contracts, policies, IT systems, and communications align with data protection requirements.
Access to Your Data
You may request access to your personal data at any time. We will respond without undue delay and no later than one month after receipt. Requests are normally free of charge, although a reasonable fee may be applied for excessive or repetitive requests.
Right to Erasure (“Right to Be Forgotten”)
You may request the deletion of your personal data verbally or in writing. We will respond within one month. Requests relating to children’s data will be prioritised.
The right to erasure does not apply where processing is necessary:
- To comply with a legal obligation
- To exercise freedom of expression and information
- For public interest or official authority tasks
- For legal claims
If a request is refused because it is manifestly unfounded or excessive, we will provide a clear explanation.
Right to Rectification
You may request correction or completion of inaccurate or incomplete personal data. We will respond within one month. Where accuracy is disputed, processing may be restricted while the matter is reviewed.
Children’s Data
Children aged 13 and over may provide consent themselves. For children under 13, consent will be obtained from a person with parental responsibility. We recognise that children have the same data protection rights as adults and take extra care to safeguard their data.
Right to Data Portability
Where applicable, you may request your data in a structured, commonly used, machine-readable format. This right applies only to data:
- Provided directly by you
- Processed on the basis of consent or contract
- Processed by automated means
Right to Object
You may object to processing based on:
- Legitimate interests
- Public task or official authority
- Direct marketing (including profiling)
- Research or statistical purposes
We will cease direct marketing immediately upon receiving an objection.
Automated Decision-Making and Profiling
We do not routinely use automated decision-making or profiling. Where such processing is required, it will only take place with explicit consent and appropriate safeguards. Individuals have the right to request human review of any automated decision.
Data Breaches
We take robust measures to prevent data breaches. In the event of a significant breach that poses a risk to your rights and freedoms, we will notify you and the ICO without undue delay. Encryption, pseudonymisation, and backup systems are used where appropriate.
International Data Transfers
Personal data may be transferred within the UK and the European Economic Area (EEA). Where transfers outside the EEA are necessary, we ensure appropriate safeguards are in place, such as standard contractual clauses or recognised adequacy decisions.
Cookies
Our website uses cookies to enhance user experience, analyse traffic, and remember preferences. Cookies do not normally identify individuals personally. You can manage or disable cookies through your browser settings, although this may affect website functionality.
Third-Party Websites
Our website may contain links to external sites. Tabitha Care Group is not responsible for the privacy practices of third-party websites and encourages users to review their privacy policies before providing personal data.
Last Updated: 13/01/2026
Approved by:
Esther Adeniran
Registered Manager
Tabitha Care Group