Legal information
Privacy Policy
Last updated: 13 July 2026
1. Who we are
Haverton Care Hub is a trading name of Haverton Care Limited ("we", "us" and "our"). Haverton Care Limited is registered in England and Wales under company number 17025493. Our registered office is 128 City Road, London, EC1V 2NX.
For privacy queries, rights requests or data protection complaints, contact info@havertoncarehub.co.uk or write to us at the registered office address above.
2. What this policy covers
This policy explains how we use personal data through the Haverton Care Hub website, enquiry forms, consultancy and training services, digital products, online purchases and, where used, our member platform.
It applies to website visitors, people who contact us, customers, learners, consultancy clients, member-platform users and people whose information may be included in customer records uploaded to the platform.
3. Our data protection roles
We normally act as a data controller for information we collect for our own business purposes, such as enquiries, sales, training records, account administration, marketing preferences and legal compliance.
Where a care provider uses our member platform to enter records about its staff, service users, audits, incidents, supervision, governance or other operational activity, the care provider will usually remain the controller for that information and we may act as its processor. The provider remains responsible for deciding what information is entered, the lawful basis for that processing, and how long it should be kept.
4. Personal data we collect
- Enquiry and contact data: name, organisation, role, email, phone number and message content.
- Customer and purchase data: billing details, service history, order information, payment confirmation and correspondence. We do not store full payment-card details.
- Training data: attendee details, attendance, course completion, certificates, assessment records and reasonable adjustment requests.
- Consultancy data: provider details, service type, CQC application or compliance context, documents you send us and notes needed to deliver the service.
- Member-platform data: account details, roles, permissions, uploaded documents, audit records, action plans, complaints, incidents, safeguarding records, supervision notes and other records created by platform users.
- Technical data: IP address, device and browser information, security logs, cookie choices and similar information needed to run and secure the website and platform.
5. How and why we use personal data
- To respond to enquiries and prepare quotes or proposals, using legitimate interests or steps before a contract.
- To provide consultancy, training, digital products and member services, using performance of a contract.
- To manage accounts, payments, invoices, certificates and customer support, using contract, legitimate interests and legal obligations.
- To operate, monitor and secure the website and member platform, using legitimate interests and, where relevant, contract.
- To keep accounting, tax and business records, using legal obligation and legitimate interests.
- To send service updates and carefully controlled marketing, using consent where required and legitimate interests where the law allows it.
- To handle complaints, safeguarding distinctions, legal claims, regulatory correspondence and data protection requests, using legal obligation and legitimate interests.
We do not sell personal data and we do not share it for third-party marketing.
6. Special-category and criminal-offence data
Some information handled through consultancy work or the member platform may include health information, safeguarding information, workforce checks, incident details or other sensitive records. We only handle this information where it is necessary for the service, where the customer has a lawful basis for providing it, and where suitable confidentiality and security controls are in place.
Customers must not upload unnecessary sensitive information. Care providers remain responsible for their own care, employment, safeguarding and regulatory records.
7. Marketing
We may send updates about Haverton Care Hub services where you have asked to receive them or where the law allows carefully limited business communication. You can opt out at any time by using the unsubscribe option in a message or by contacting us.
8. Who we share data with
We use trusted suppliers to help us run the website, email, documents, payments, training administration, booking, analytics where enabled, and member-platform services. GoCardless is used for the existing subscription payment link. Stripe may also be used for hosted checkout or billing where configured. We keep supplier details under review and require appropriate confidentiality, security and data-processing terms where suppliers process personal data for us.
We may also share information where required by law, with professional advisers, payment providers, regulators, authorities, insurers or courts where necessary. We do not include unverified supplier names in this policy.
9. International transfers
Some suppliers may process information outside the UK. Where this happens, we will use an appropriate safeguard such as a UK adequacy regulation, the International Data Transfer Agreement, the UK Addendum to EU standard contractual clauses, or another lawful mechanism.
10. How long we keep personal data
We keep personal data only for as long as needed for the purpose it was collected, including legal, accounting, tax, contractual, complaint, insurance and regulatory reasons.
- Enquiry records are normally kept for up to 24 months unless they become part of a customer file.
- Customer, invoice and financial records are normally kept for six years after the relevant transaction or relationship, unless a longer period is required.
- Training attendance and certificate records are normally kept for up to six years so customers can evidence learning.
- Member-platform records are kept for the life of the account and then handled in line with the customer agreement, deletion request, legal requirements and any agreed export or retention process.
- Complaint records are normally kept long enough to evidence how the matter was handled and to identify learning and trends.
11. Your rights
Under UK data protection law you may have the right to access your data, ask for inaccurate data to be corrected, ask for deletion, restrict or object to processing, receive data portability where this applies, and withdraw consent where we rely on consent.
To exercise a right, contact info@havertoncarehub.co.uk. If your request relates to records controlled by a care provider, we may need to refer you to that provider or act on its instructions.
12. Data protection complaints
If you are unhappy about how we use personal data, contact us at info@havertoncarehub.co.uk. We will acknowledge data protection complaints within 30 days and respond without undue delay. We may ask for information needed to identify you, understand the complaint and investigate it fairly.
You also have the right to complain to the Information Commissioner's Office at ico.org.uk. We would welcome the chance to resolve your concern first.
13. Security and breaches
We use technical and organisational measures designed to protect personal data, including access controls, role-based permissions, secure transmission, supplier checks and internal handling rules. No online system is completely risk free.
If a personal-data breach occurs, we will assess it and make any notifications to affected people, customers or the ICO that are required by law.
14. Children
Haverton Care Hub is not aimed at children. If we ever provide an online service likely to be accessed by children, we will review the service against relevant children's privacy requirements before it goes live.
15. Changes to this policy
We may update this policy as our website, platform, suppliers, services or legal duties change. The date at the top shows the current version.