Legal
Privacy & Cookie Policy
Last updated: 12 July 2026 · Applies under the UK GDPR, the EU GDPR and the Data Protection Act 2018
1. Who we are
Phoebe Grove Care Ltd ("we", "us") is the data controller for personal information collected through this website and our care and recruitment services. We are based in Dereham, Norfolk, United Kingdom.
- Registered company: Phoebe Grove Care Ltd [TODO: company number]
- Registered office: [TODO: registered address]
- ICO registration: [TODO: ICO registration number]
- Data protection contact: hello@phoebegrovecare.co.uk, 01362 000 000
2. What we collect, and why
Website enquiries
Name, email, phone and your message, so we can respond to you. Lawful basis: legitimate interests (responding to your enquiry), or steps prior to entering a contract.
Job applications
Contact details, National Insurance number, right-to-work information, employment history, references, uploaded documents (ID, DBS certificate, qualifications, CV), health information relevant to the role, and criminal-record declarations. Care roles are exempt from the Rehabilitation of Offenders Act 1974, so we are legally permitted to ask about spent convictions. Lawful bases: steps prior to entering an employment contract and compliance with legal obligations (right-to-work and safer-recruitment law). Health data and criminal-record data are processed under Article 9(2)(b) UK/EU GDPR and Schedule 1 of the Data Protection Act 2018 (employment and safeguarding purposes).
Staff portal
Account details, compliance records (DBS, right to work, training), timesheets and uploaded documents for people who work with us. Lawful bases: performance of the employment/engagement contract and legal obligations that apply to regulated care providers.
Website analytics (only with your consent)
A random visitor id, the pages you view and the site you arrived from. No IP addresses, no names, no advertising, no third-party trackers. Lawful basis: your consent, which you can withdraw at any time via Cookie preferences.
3. How long we keep information
- Enquiries: up to 12 months after our last contact.
- Unsuccessful applications: 6 months after the outcome, then deleted — unless you agree we may keep your details for future roles.
- Staff records: for the duration of the engagement plus the periods required by employment, tax and care-sector law.
- Timesheet audit records: retained permanently as a tamper-evident business record (they contain serial, name and timestamp only).
- Analytics: raw page-view records are deleted after 26 months.
4. Who we share information with
We never sell personal data. We share it only with: our IT hosting provider (as processor, under contract); referees you name in an application; the Disclosure and Barring Service and Home Office services when verifying checks; regulators and authorities where the law requires it (for example the CQC, HMRC or safeguarding bodies); and client care providers, limited to what they need to confirm a placement.
International transfers: our systems are hosted in the UK/EEA. If any processor stores data outside the UK or EEA we rely on UK adequacy regulations or Standard Contractual Clauses with the UK addendum.
5. Your rights
Under the UK and EU GDPR you can ask us to:
- give you a copy of your data (access) and correct anything inaccurate (rectification);
- delete data we no longer need (erasure), or restrict how we use it;
- provide your data in a portable format;
- stop processing based on legitimate interests (objection);
- withdraw consent at any time, where consent is the basis (for example analytics cookies).
Email hello@phoebegrovecare.co.uk — we respond within one month. You can also complain to the UK Information Commissioner's Office (ico.org.uk, 0303 123 1113) or, if you are in the EU, to your local supervisory authority.
6. Cookies
We ask for your cookie choices on every visit. Essential cookies are always on because the site cannot function without them (this is permitted under the Privacy and Electronic Communications Regulations); everything else is off unless you opt in.
| Cookie | Type | Purpose | Lifetime |
|---|---|---|---|
| connect.sid | Essential | Keeps staff and admins signed in to the secure portal. | 8 hours |
| pgc_aid | Analytics · opt-in | A random id so we can count visits and see which pages help. Set only if you consent; deleted if you decline. | 180 days |
Change your mind at any time via Cookie preferences, or delete cookies in your browser settings.
7. Security & changes
Passwords are stored using strong one-way hashing, access to records is role-restricted and enforced on our servers, uploaded documents are never publicly accessible, and our timesheet audit log cannot be edited or deleted. If we change this policy we will update the date at the top; significant changes will be highlighted on this page.