Cookie Notice – Mashcare.co.uk

Last updated: July 31, 2025

What Are Cookies?

Cookies are small text files placed on your device by websites you visit. They help sites remember your actions and preferences over time, so you don’t have to re-enter them when you return.

How We Use Cookies

  • Ensure website functionality and performance
  • Remember user preferences (e.g. accessibility settings)
  • Enable secure login and session continuity
  • Analyse website usage and improve content (via analytics tools)
  • Show relevant content or marketing (with your consent)

Types of Cookies We Use

Type of Cookie Purpose Duration Legal Basis
Strictly Necessary Site security, session management Session or short-term Legitimate interest
Performance / Analytics Understanding how users interact (e.g. Google Analytics) Varies (up to 24 months) Consent
Functionality Remember preferences, e.g. location or accessibility Up to 12 months Consent
Targeting / Advertising Show relevant ads/content if marketing is enabled Varies Consent

Third-Party Cookies

  • Google Analytics – to analyse website traffic
  • Meta/Facebook Pixel – if using remarketing (only with consent)
  • YouTube/Vimeo – embedded video player tracking

Each provider may set its own cookies. You can review their individual policies on their sites.

Managing Your Cookie Preferences

  • Adjust settings in our cookie banner (on first visit or via link in footer)
  • Use browser settings to block or delete cookies
  • Opt out of Google

Note: Disabling cookies may affect your experience.

Contact

Questions? Contact us at [email protected]

Data Protection & Security Statement – MashCare.co.uk

Last updated: 31 July 2025

At MashCare, safeguarding your data is a core priority. This statement outlines the technical and organisational measures we take to protect personal data in accordance with the UK GDPR and ISO 27001 best practices.

Organisational Controls

  • Data Protection Officer (DPO) appointed for oversight and compliance
  • Staff are trained regularly on data privacy, confidentiality, and breach reporting
  • Internal policies for access control, retention, and device usage
  • Data Protection Impact Assessments (DPIAs) conducted where appropriate

Technical Measures

  • SSL/TLS encryption for all data in transit
  • Encrypted data storage and secure cloud infrastructure (e.g. AWS, Azure, UK-based hosting)
  • Role-based access control (RBAC) with multi-factor authentication
  • Firewalls and endpoint protection on all devices

Data Access & Minimisation

  • Access granted only on a need-to-know basis
  • Regular audits of access logs and permissions
  • Pseudonymisation or anonymisation used where possible

Data Breach Preparedness

  • Incident response policy in place
  • Breaches are reported to the ICO and affected users where required within 72 hours

Third-Party Processors

We only use vetted processors under GDPR-compliant contracts. Examples may include:

  • Payment platforms
  • Email and cloud services
  • Scheduling or booking tools

Data is only transferred outside the UK/EEA with safeguards such as Standard Contractual Clauses or adequacy decisions.

Retention & Disposal

  • Data is only retained for as long as needed. When data is no longer required:
    • It is securely deleted or anonymised
    • Paper records are shredded or securely destroyed

For more details, see our full Privacy Policy or email [email protected].