Gracious GraceLIMITED
Your Privacy Matters

Privacy Policy

We are committed to protecting your personal information and respecting your privacy.

At Gracious Grace Limited Ltd, we are committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, protect, and share your personal information in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

This policy was last updated on 3 December 2025.

1. Information We Collect

We may collect and process the following categories of personal data about you:

Personal Identification Information

  • Full name, date of birth, and gender
  • Contact details (address, email, phone number)
  • National Insurance number (if applicable)
  • Emergency contact information and next of kin details

Health and Care Information

  • Medical history and current health conditions
  • Medication requirements and allergies
  • Mobility and dietary needs
  • Mental capacity assessments
  • Care plans and risk assessments
  • Notes from care visits and observations

Financial Information

  • Information about funding sources (local authority, NHS, private)
  • Bank details for direct debit payments (if applicable)
  • Billing and invoicing information

Website Usage Data

  • IP address and browser type
  • Pages visited and time spent on site
  • Referral source and search terms used
  • Device information and operating system

2. How We Use Your Information

We process your personal data for the following purposes:

Service Provision

  • To assess your care needs and develop personalized care plans
  • To provide and manage care services
  • To coordinate with healthcare professionals and family members
  • To monitor and review the quality of care provided

Legal and Regulatory Compliance

  • To comply with Care Quality Commission (CQC) requirements
  • To meet safeguarding obligations
  • To respond to legal requests and prevent fraud
  • To maintain accurate records as required by law

Communication and Administration

  • To respond to enquiries and provide information about our services
  • To send appointment reminders and care updates
  • To process payments and manage accounts
  • To handle complaints and resolve issues

Service Improvement

  • To analyze and improve our care services
  • To conduct satisfaction surveys and quality audits
  • To train and develop our staff
  • To enhance our website and user experience

3. Legal Basis for Processing

We process your personal data under the following legal grounds:

  • Consent: You have given clear consent for us to process your personal data for specific purposes
  • Contract: Processing is necessary for the performance of our care service agreement with you
  • Legal Obligation: Processing is necessary to comply with legal and regulatory requirements (e.g., CQC, safeguarding)
  • Vital Interests: Processing is necessary to protect someone's life or prevent serious harm
  • Legitimate Interests: Processing is necessary for our legitimate business interests (e.g., service improvement, fraud prevention)

4. Information Sharing and Disclosure

We may share your personal data with the following categories of recipients:

Healthcare Professionals

  • GPs, hospitals, and medical specialists
  • Community nurses and therapists
  • Mental health services and social workers
  • Pharmacies and medical equipment suppliers

Regulatory and Statutory Bodies

  • Care Quality Commission (CQC)
  • Local authorities and safeguarding teams
  • NHS and clinical commissioning groups
  • Police and emergency services (when necessary)

Service Providers

  • IT and software providers (for secure data storage)
  • Payment processors and banking services
  • Professional advisors (legal, insurance, accounting)
  • Training and quality assurance providers

We do not sell or rent your personal data to third parties. All data sharing is conducted securely and in accordance with data protection law.

5. Data Security

We implement robust technical and organizational measures to protect your personal data:

  • Encryption of data in transit and at rest
  • Secure access controls with unique user credentials
  • Regular security audits and penetration testing
  • Staff training on data protection and confidentiality
  • Secure disposal of paper records and electronic data
  • Business continuity and disaster recovery procedures
  • Confidentiality agreements with all staff and contractors

While we take all reasonable precautions, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security but will notify you of any data breaches as required by law.

6. Data Retention

We retain your personal data for the following periods:

  • Care Records: Retained for a minimum of 7 years after the last episode of care (or until the age of 25 for children)
  • Financial Records: Retained for 6 years after the end of the financial year
  • Staff Records: Retained for 6 years after employment ends
  • Website Analytics: Retained for up to 26 months
  • CCTV Footage: Retained for up to 30 days (if applicable)

After the retention period, we securely delete or anonymize your personal data. We may retain data longer if required by law or for legal proceedings.

7. Your Rights Under UK GDPR

You have the following rights regarding your personal data:

Right of Access

  • Request a copy of the personal data we hold about you
  • Receive information about how we use your data
  • We will respond within one month of your request

Right to Rectification

  • Request correction of inaccurate or incomplete data
  • We will update your records promptly

Right to Erasure ('Right to be Forgotten')

  • Request deletion of your personal data in certain circumstances
  • This right is limited by legal and regulatory retention requirements

Right to Restrict Processing

  • Request that we limit how we use your data
  • Applicable in specific circumstances (e.g., while we verify accuracy)

Right to Data Portability

  • Receive your data in a structured, commonly used format
  • Transfer your data to another organization

Right to Object

  • Object to processing based on legitimate interests
  • Object to direct marketing communications

Rights Related to Automated Decision-Making

  • We do not use automated decision-making or profiling
  • All care decisions involve human oversight and judgment

To exercise any of these rights, please contact our Data Protection Officer using the details at the end of this policy.

8. Cookies and Website Tracking

Our website uses cookies to enhance your browsing experience:

Essential Cookies

  • Required for the website to function properly
  • Enable core features like security and accessibility
  • Cannot be disabled

Analytics Cookies

  • Help us understand how visitors use our website
  • Collect anonymous information about page visits and user behavior
  • Used to improve our website and services

Functional Cookies

  • Remember your preferences and settings
  • Enhance your user experience
  • Can be disabled in your browser settings

You can control and delete cookies through your browser settings. Blocking cookies may impact your experience of our website.

9. International Data Transfers

Your personal data is primarily stored and processed within the United Kingdom. If we transfer data outside the UK/EEA, we ensure appropriate safeguards are in place:

  • Using approved data transfer mechanisms (e.g., Standard Contractual Clauses)
  • Transferring only to countries with adequate data protection
  • Implementing additional security measures as necessary
  • Obtaining your explicit consent where required

10. Children's Privacy

We are committed to protecting the privacy of children and young people:

  • Consent for processing children's data is obtained from a parent or guardian
  • Additional safeguarding measures are applied to children's records
  • Children's data is retained until they reach the age of 25 (or longer if care continues)
  • We comply with all child protection and safeguarding legislation

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will:

  • Notify you of significant changes via email or website notice
  • Update the 'Last Updated' date at the bottom of this policy
  • Seek your consent if required by law for material changes
  • Maintain previous versions for your reference

12. Complaints and Concerns

If you have concerns about how we handle your personal data:

  • Contact our Data Protection Officer using the details below
  • We will investigate and respond to your complaint within 30 days
  • You have the right to lodge a complaint with the Information Commissioner's Office (ICO)
  • ICO Website: www.ico.org.uk
  • ICO Helpline: 0303 123 1113

Data Protection Officer

For any questions about this Privacy Policy or to exercise your data protection rights, please contact our Data Protection Officer:

Gracious Grace Limited Ltd

Data Protection Officer

Email: info@graciousgracelimited.com

Phone: +44 7930525605

Address: 30 Olde Bell Lane, Loughton, Milton-Keynes, MK5 8EN

Information Commissioner's Office (ICO)
If you are not satisfied with our response, you can contact the ICO:
Website: www.ico.org.uk
Helpline: 0303 123 1113

Last updated: 3 December 2025

Gracious Grace Limited Ltd • Registered in England and Wales • Committed to UK GDPR Compliance

Trust & Quality Assurance

Fully Regulated & Quality Assured

Your safety and peace of mind are our top priorities. We maintain the highest standards of care through rigorous regulation and quality assurance.

CQC Regulated

CQC Regulated

The Care Quality Commission (CQC) is the independent regulator of health and social care services in England. Being CQC regulated means we meet rigorous standards of quality, safety, and compassionate care.

Quality AssuredRegularly Inspected
DBS Checked

DBS Checked Staff

All our care professionals undergo enhanced DBS (Disclosure and Barring Service) checks. This ensures that every team member is thoroughly vetted and safe to work with vulnerable individuals.

Enhanced DBSFully Vetted

Safe

Protected from abuse and avoidable harm

Caring

Treated with compassion and respect

Effective

Care that meets individual needs

Well-Led

Strong leadership and governance

Commitment to Excellence

We are committed to maintaining the highest standards of care. Our CQC registration number and latest inspection reports are available upon request. We continuously monitor and improve our services to ensure we exceed regulatory requirements.