Privacy Policy

Last updated on 9 December 2025.

1. Introduction

This Privacy Policy explains how Curo Care Collective (“we”, “us”, “our”) collects, uses, and protects personal data when you visit our website, make an enquiry, or interact with our services.
We are committed to protecting your personal information and handling it in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. Who We Are

Curo Care Collective

Address: 3 Greengate Cardale Park, Harrogate, North Yorkshire, United Kingdom, HG3 1GY.

We are the “data controller” for the purposes of UK data protection law.

3. What Personal Data We Collect

We may collect the following information:

3.1 Information You Provide Directly

  • Name, email address, phone number

  • Enquiry or message details

  • Job application information (CVs, qualifications, employment history)

  • Resident information provided by family members or professionals

3.2 Information We Collect Automatically

When you visit our website:

  • IP address

  • Browser type and version

  • Device information

  • Pages viewed and navigation paths

  • Cookie data (see Cookie Policy)

3.3 Sensitive Personal Data

If you submit information about care needs or health conditions (e.g., via enquiry forms), this may include special category data.

We only collect such information where necessary and with your clear consent.

4. How We Use Your Personal Data

We use your information for:

  • Responding to enquiries

  • Providing information about our care services

  • Assessing and processing job applications

  • Managing relationships with residents and their families

  • Ensuring website security and performance

  • Meeting legal or regulatory requirements

Lawful bases under UK GDPR include:

  • Consent

  • Contract

  • Legal obligation

  • Legitimate interests

  • Vital interests (in emergencies)

5. Sharing Your Personal Data

We may share your information with:

  • Professional advisors (e.g., safeguarding teams, GPs, care commissioners)

  • Service providers such as IT, hosting, email services

  • Regulatory bodies such as the CQC (where required by law)

We do not sell your personal data.

6. International Transfers

If any third-party providers store data outside the UK, we ensure appropriate safeguards (such as UK-approved Standard Contractual Clauses).

7. Data Retention

We retain personal data only for as long as necessary:

  • General enquiries: up to 12 months

  • Job applications: up to 6 months, unless hired

  • Resident records: as required under care legislation (usually 7 years)

  • Website analytics data: typically up to 26 months

8. Your Rights

You have rights under UK GDPR, including:

  • Access to your data

  • Correction of inaccurate information

  • Erasure (“right to be forgotten”)

  • Restriction of processing

  • Objecting to certain uses

  • Data portability

  • Withdrawal of consent (where consent is the lawful basis)

To exercise these rights, contact our Operations Director, Kairen Horner at kairen@curocaregroup.co.uk.

9. Security

We implement appropriate technical and organisational measures to protect your data, including encrypted communications, access controls, and staff training.

10. Links to Other Websites

Our website may contain links to external sites. We are not responsible for their privacy practices.

11. Changes to This Privacy Policy

We may update this Policy occasionally. The updated version will be posted on this page.