• Automated Processing: We do not use automated decision-making when providing care. All decisions about support are made by trained staff working directly with the young person and their professional network.
• Third-Party Processing: We may work with trusted partners (such as health services, education providers, or specialist platforms) who help us deliver safe and effective care. These partners only process information under our strict instructions and in line with data protection law.
• Security: Access to personal information is limited to those who need it for care. We maintain confidentiality at all times and use strong safeguards to protect sensitive data.

• Automated Processing: Recruitment software may pre-filter candidates based on set criteria; all hire decisions are made by staff.
• Third-Party Processing: We engage recruitment software and vetting partners that process data strictly under our instructions.
• Security: Access to your data is restricted, confidentiality maintained, backed by security safeguards.

• Third-Party Processing: We use trusted service providers (such as hosting partners) who process website data strictly under our instructions and in line with data protection laws.
• Security: We apply strong safeguards to protect website data, including secure hosting, access controls, and regular monitoring to prevent misuse or unauthorised access.

We rely on trusted third parties for technology, recruitment, IT support, and secure data processing.

If you would like to know which third parties process your data and for what purposes, please contact us.

• We protect your data using industry-standard safeguards (e.g., access controls, encryption, training, confidentiality).
• When data is transferred outside the UK or EU, we ensure appropriate measures such as UK International Data Transfer Agreements or EU Standard Contractual Clauses are in place.
• Data Protection Impact Assessments (DPIAs) are undertaken where necessary; copies are available upon request.

• As controller, we annually review and securely delete data no longer linked to an active relationship. Our Record of Processing Activities defines retention periods for various data types.
• For specific retention queries, contact compliance@protective-care.co.uk.

We do not deploy cookies on this website.

Under UK GDPR and data protection laws, you have rights including:

• Access to your personal data and its processing context
• Correction of inaccurate or incomplete data
• Objection to certain processing (e.g., profiling or marketing)
• Portability of your data to another service provider
• Right to erasure (“right to be forgotten”), where applicable
• Withdrawal of consent where processing is consent-based

We process requests within one month; if others’ privacy is affected, we’ll inform you of any modifications. Contact compliance@protective-care.co.uk to exercise these rights. If unsatisfied, you can escalate to the UK Information Commissioner’s Office (ICO).

In the event of a data breach affecting individual rights or freedoms, we will notify affected parties and the ICO within 72 hours, when required.

• We have appointed an independent Statutory Data Protection Officer (DPO), who reports directly to the Board and holds no other role in the business.
• We maintain a Record of Processing Activities (ROPA), including lawful bases and, where relevant, Legitimate Interests Assessments.
• We do not offer services outside the UK, so we are not required to appoint an EU Representative under Article 27 GDPR.

• This Notice is reviewed at least annually. The next scheduled review is September 2026.
• For data-related queries or to speak with a human about your info, email: compliance@protective-care.co.uk