Privacy Policy | Tinywell Healthcare

1. Introduction
Tinywell Healthcare Services ("Tinywell", "we", "our", or "us") is committed to protecting and respecting your privacy. We recognise the importance of safeguarding personal information and are committed to processing personal data fairly, lawfully, transparently, and securely.
This Privacy Policy explains how we collect, use, store, disclose, and protect personal information when you:

Visit our website;
Access our members' area;
Make enquiries regarding our health and social care services;
Apply for employment opportunities;
Subscribe to marketing communications;
Engage with us through any online forms, emails, or other communications.

This Privacy Policy is designed to comply with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the Privacy and Electronic Communications Regulations (PECR).

2. Who We Are
Tinywell Healthcare Services is the Data Controller responsible for determining how and why your personal information is processed.
Contact Details
Tinywell Healthcare Services
Address: Regus, 268 Bath Road, Slough, SL1 4DX, UK
Telephone: +44 1628 559905
Email: info@tinywell.co.uk
If you have any questions regarding this Privacy Policy or your personal data, please contact us using the details above.

3. Personal Information We Collect
The information we collect depends on how you interact with our website and services.
Information You Provide
We may collect:

Full name
Postal address
Email address
Telephone number
Date of birth (where relevant)
Username and password
Professional qualifications
Employment history
Education details
References
Correspondence and communications
Any information submitted through website forms

Members' Area Information
When you register for or access our members' area, we may collect:

Account registration details
Login credentials
Access records and usage history
Preferences and settings
Communications made through member services

Recruitment Information
When applying for employment opportunities through our website, we may collect:

Personal details
CVs and resumes
Employment history
Educational qualifications
Professional registrations
Right-to-work documentation
References
Interview notes
Recruitment assessment results
Disclosure and Barring Service (DBS) information where legally required
Any additional information voluntarily provided during recruitment

Technical Information
We may automatically collect:

IP address
Browser type and version
Device information
Operating system
Website usage data
Date and time of access
Pages viewed
Referral source information
Cookies and tracking information

4. Special Category Data
As a provider operating within the health and social care sector, we may occasionally process special category personal data where necessary.
This may include information concerning:

Health conditions
Disabilities
Occupational health assessments
Equality and diversity monitoring information

We will only process special category data where a lawful basis exists under Article 9 of the UK GDPR and appropriate safeguards are in place.
5. How We Use Your Information
We use personal information for the following purposes:
Service Delivery

Providing information about health and social care services
Responding to enquiries
Managing customer relationships
Providing access to member services

Website Administration

Managing website functionality
Monitoring performance
Maintaining security
Preventing fraud and misuse

Recruitment

Processing job applications
Assessing candidate suitability
Conducting recruitment checks
Communicating with applicants
Managing employment opportunities

Marketing and Communications

Sending newsletters
Informing individuals about services and developments
Promoting events, training, and opportunities
Conducting surveys and feedback exercises

Legal and Regulatory Compliance

Meeting legal obligations
Responding to regulatory requirements
Protecting legal rights and interests

6. Lawful Basis for Processing
Under UK GDPR, we rely on one or more of the following lawful bases:
Consent
Where you have given clear consent for specific processing activities, including certain marketing communications.
Contract
Where processing is necessary to fulfil a contract or take steps before entering into a contract.
Legal Obligation
Where processing is necessary to comply with legal and regulatory obligations.
Legitimate Interests
Where processing is necessary for our legitimate interests, provided these interests do not override your rights and freedoms.
Examples include:

Improving our services
Website administration
Business management
Recruitment administration
Marketing existing services

Employment and Social Protection Law
Where processing is necessary for recruitment, employment, safeguarding, or related obligations.

7. Marketing Communications
We may send information regarding:

Health and social care services
Recruitment opportunities
Training and development programmes
Company updates
Events and promotional information

Where required by law, we will obtain your consent before sending electronic marketing communications.
You may withdraw consent or unsubscribe at any time by:

Clicking the unsubscribe link in communications;
Updating your preferences;
Contacting us directly.

Opting out of marketing will not affect service-related communications.

8. Cookies and Similar Technologies
Our website uses cookies and similar technologies to improve functionality and user experience.
Cookies may be used to:

Enable website operation;
Remember preferences;
Analyse website traffic;
Improve performance;
Personalise content;
Support marketing activities.

Types of Cookies Used
Strictly Necessary Cookies
Required for the operation and security of the website.
Performance and Analytics Cookies
Help us understand how visitors use the website.
Functional Cookies
Remember user preferences and settings.
Marketing Cookies
Track browsing activity and help deliver relevant advertising and marketing content.
You may manage cookie preferences through our cookie consent banner and your browser settings.

9. Sharing Your Information
We may share personal information with trusted third parties where necessary and lawful.
These may include:

Healthcare organisations
Social care providers
Recruitment agencies
Professional advisers
Information technology providers
Website hosting providers
Marketing service providers
Training providers
Regulatory bodies
Government agencies
Law enforcement authorities

Collaboration with Partner Organisations
Tinywell Healthcare Services works with a number of partner organisations and service providers.
Where necessary for service provision, recruitment, operational management, marketing activities, training, research, business development, or collaborative projects, personal information may be shared with these organisations.
All partner organisations are required to:

Protect personal information appropriately;
Process data lawfully;
Maintain confidentiality;
Comply with UK data protection legislation.

We do not sell personal information to third parties.

10. International Transfers
Where personal information is transferred outside the United Kingdom, we will ensure appropriate safeguards are in place to protect your information.
These safeguards may include:

UK-approved international data transfer agreements;
Adequacy regulations;
Standard contractual clauses;
Other legally recognised transfer mechanisms.

11. Data Security
We implement appropriate technical and organisational measures to protect personal information against:

Unauthorised access;
Accidental loss;
Destruction;
Damage;
Alteration;
Disclosure.

Security measures may include:

Encryption;
Secure servers;
Access controls;
Password protection;
Staff training;
Cybersecurity monitoring;
Regular security reviews.

12. Data Retention
We retain personal information only for as long as necessary to fulfil the purposes for which it was collected.
Retention periods may vary depending on:

Legal requirements;
Regulatory obligations;
Contractual requirements;
Operational needs.

Recruitment records may be retained for up to 12 months following completion of a recruitment process unless a longer retention period is required by law.

13. Your Rights
Under UK GDPR, you have the right to:
Right of Access
Request a copy of the personal information we hold about you.
Right to Rectification
Request correction of inaccurate or incomplete information.
Right to Erasure
Request deletion of personal information in certain circumstances.
Right to Restrict Processing
Request restriction of processing in certain circumstances.
Right to Data Portability
Receive personal information in a structured format and transfer it elsewhere where applicable.
Right to Object
Object to certain processing activities, including direct marketing.
Rights Related to Automated Decision-Making
Request human review of decisions made solely by automated means where applicable.
Requests may be submitted using the contact details provided in this policy.

14. Members' Area
Users registered within our members' area are responsible for maintaining the confidentiality of their login credentials.
Members should:

Keep passwords secure;
Notify us immediately of unauthorised account access;
Use the members' area in accordance with our website terms and conditions.

We may monitor usage to maintain security and ensure compliance with our policies.

15. Third-Party Websites
Our website may contain links to external websites operated by third parties.
We are not responsible for the privacy practices, content, or security of external websites. Users should review the privacy policies of any websites they visit.
16. Children's Privacy
Our website is not directed towards children under the age of 13.
We do not knowingly collect personal information from children without appropriate consent or legal authority.

17. Changes to this Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in legal requirements, technology, or our services.
The latest version will always be available on our website.
Significant changes may be communicated through the website or other appropriate channels.

18. Complaints
If you have concerns about how we process your personal information, please contact us first so we can attempt to resolve the issue.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO).

Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Telephone: 0303 123 1113
Website: www.ico.org.uk

19. Contact Us
For all privacy-related enquiries, requests, or complaints, please contact:
Contact Details
Tinywell Healthcare Services
Address: Regus, 268 Bath Road, Slough, SL1 4DX, UK
Telephone: +44 1628 559905
Email: info@tinywell.co.uk

We will respond to privacy-related requests in accordance with applicable data protection laws.