top of page
TinywellLogo_edited.jpg

TINYWELL HEALTHCARE SERVICES LIMITED

 

PRIVACY NOTICE


Tinywell Healthcare Services
Effective Date: 01/01/2018
Last Updated: 29/06/2026

Introduction
Tinywell Healthcare Services Limited ("we", "us", "our") is a CQC-registered provider of home care, supported living and healthcare staffing services. 


This Privacy Policy explains how we collect, use, store, disclose, and protect personal information when you:

  • Visit our website;

  • Access our members' area;

  • Make enquiries regarding our health and social care services;

  • Apply for employment opportunities;

  • Subscribe to marketing communications;

  • Engage with us through any online forms, emails, or other communications.

 

This Privacy Policy is designed to comply with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the Privacy and Electronic Communications Regulations (PECR).


Who We Are
Tinywell Healthcare Services is the Data Controller responsible for determining how and why your personal information is processed.

Contact Details

Registered office: Regus 268 Bath Road, Slough, SL1 4DX
Company number: 06579735
ICO registration number: ZA248735
General contact: info@tinywell.co.uk | +44 (0)1628 559905
Data Protection Officer: S Kariuki info@tinywell.co.uk


If you have any questions regarding this Privacy Policy or your personal data, please contact us using the details above.

The information we collect

Depending on your relationship with us, we may hold the following:

  • Identity and contact details (name, address, date of birth, phone, email).

  • Health and social care information, such as care plans, needs and risk assessments and medication records (this is "special category" data).

  • Financial information for invoicing and payments.

  • For staff and applicants: employment records, payroll details, training and qualifications, references, sickness records (special category), and criminal records information from DBS checks.

 

Where we get it from

We collect information directly from you, and we may also receive it from your family or representatives, the NHS, your GP, local authorities, and other health and care professionals involved in your care.

 

Why we use it and our lawful basis

Under data protection law we must have a lawful basis for using your information. Our main uses are:

  • Providing and coordinating your care. Lawful basis: legal obligation (we must keep care records under the Health and Social Care Act 2008 (Regulated Activities) Regulations 2014); public task where your care is funded by the NHS or a local authority; or contract where your care is privately funded. For health and care information, we also rely on the provision of health and social care conditions (Article 9(2)(h)).

  • Invoicing and administration. Lawful basis: contract and/or legal obligation.

  • Safeguarding. Lawful basis: public task, together with the social protection condition for any special category data.

  • Employing and paying staff. Lawful basis: legal obligation and, in some cases, legitimate interests; special category employee data (such as sickness records) is processed under the employment condition.

  • Carrying out DBS and right-to-work checks. Lawful basis: legal obligation. Criminal records information is processed under the Data Protection Act 2018 (Schedule 1) for the purpose of assessing suitability for the role.

  • Meeting our regulatory duties (for example, to the Care Quality Commission). Lawful basis: legal obligation.

Where we ask for your consent to something specific, you can withdraw it at any time.

 

Who we share it with

We only share what is necessary and only with organisations involved in your care or where we are required to by law. These may include your GP and other NHS services, district and community nurses, hospitals, pharmacies, local authorities, the Care Quality Commission and — for staff data — HMRC, our pension provider, our payroll provider, the DBS and clients (hirers). We do not sell your personal information.

 

Transfers outside the UK

We store and process your information within the UK. If this changes, we will only transfer data abroad with appropriate safeguards in place and will update this notice.

 

How long we keep it

We keep information only as long as necessary. As a general guide, we keep care records for [8] years after our care ends, financial records for [7] years, and staff records for [6] years after employment ends, unless the law requires otherwise.

 

How we keep it safe

We protect your information using measures such as role-based access controls, multi-factor authentication, encryption, secure (NHS Mail) email, locked storage for paper records, written agreements with our suppliers, and regular staff training.

 

Your rights

You have the right to be informed about how we use your data; access the personal information we hold about you; have inaccurate information corrected; ask us to delete information or restrict how we use it in certain circumstances; object to certain processing; and, where relevant, request portability of your data. We do not make decisions about you using automated processing alone.

 

To exercise any of these rights, contact our DPO at info@tinywell.co.uk

​​

Complaints
If you have concerns about how we process your personal information, please contact us first so we can attempt to resolve the issue.

 

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO).

Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Telephone: 0303 123 1113
Website: www.ico.org.uk 

Contact Us
For all privacy-related enquiries, requests, or complaints, please contact:

 

Contact Details
Tinywell Healthcare Services
Address: Regus, 268 Bath Road, Slough, SL1 4DX, UK
Telephone: +44 1628 559905
Email: info@tinywell.co.uk


We will respond to privacy-related requests in accordance with applicable data protection laws.

bottom of page