Mashcare.co.uk Privacy Policy

Last updated: 1 September 2025

Introduction

Mash Care (“we”, “us”, or “our”) is committed to protecting your privacy and handling your personal data
in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
This Privacy Policy explains what information we collect, how we use it, and your rights. By using our
website, you agree to the practices described herein.

Who We Are – Data Controller

Mash Group Ltd, trading as Mash Care, is the data controller responsible for the personal data we collect and process.

Information We Collect

Information you provide directly

  • Name
  • Contact details (email address, telephone number, postal address)
  • Messages sent via contact or booking forms
  • Payment information (where applicable)
  • Feedback or reviews

Information collected automatically

  • IP address
  • Browser and device type
  • Pages visited
  • Referral URLs
  • Other similar usage data

Cookies and tracking technologies

We use small files or pixels (e.g. cookies) to store session data, preferences, or for analytics purposes.

Why We Collect Your Data & Our Legal Bases

Purposes of processing, data collected, and legal bases
Purpose Data Collected Legal Basis
Responding to enquiries / booking requests Name, email, contact details, message content Legitimate interests – to facilitate communication and deliver our services
Delivering our services (e.g. care bookings) Contact, billing/payment, scheduling data, communications history Contractual necessity or legitimate interests
Sending marketing, newsletters, or updates Email address, name, preferences Consent (opt-in) – you may withdraw consent at any time
Website analytics and functionality Usage data, device information, cookies Legitimate interests – to improve site performance and user experience
Fraud prevention & legal compliance IP address, logs, records Legal obligation or vital interests

How We Use Your Data

  • Respond to and manage your enquiries, bookings, or requests
  • Send account- or service-related notifications (e.g. confirmations, reminders)
  • Send newsletters or updates, where you have opted in
  • Analyse website usage, improve site functionality, and resolve technical issues
  • Comply with legal obligations and prevent fraud

Sharing Your Data

We do not sell your personal data. We may share data with:

  • Service providers (e.g. payment processors, hosting platforms, mailing services), under contracts that meet UK GDPR requirements
  • Third-party processors (e.g. JobAdder (recruitment platform), Microsoft 365 (cloud file storage and email),
    and our IT service provider (for technical support))
  • Legal or regulatory bodies, when required by law or to protect legal rights or prevent harm
  • Business acquirers, in the event of a sale, merger, or restructuring—subject to appropriate safeguards

Where data is transferred outside the UK or EEA, we ensure it is protected using appropriate legal mechanisms,
such as Standard Contractual Clauses.

Data Retention

We retain personal data only as long as necessary to fulfil the relevant purposes or comply with legal obligations.
Data from cookies is retained in line with their expiry period.

Please refer to our Data Retention Policy for full details of how long different types of data are kept, including
data relating to job applicants, onboarding, and client records. We regularly review our retention practices to
ensure we only keep what is essential.

Children’s Data

We do not knowingly collect or process personal data of individuals under the age of 18 through our website or services.
If we become aware that we have inadvertently collected such data, we will take steps to delete it promptly.
If you believe we have collected data from a child, please contact us immediately at
[email protected].

Your Rights

Under UK GDPR, you have the right to:

  • Access – request a copy of the personal data we hold about you
  • Rectification – correct inaccurate or incomplete data
  • Erasure – request deletion of your data (subject to legal obligations)
  • Restriction – request limits on how we process your data in certain circumstances
  • Object – particularly to direct marketing or automated decision-making
  • Portability – request your data in a machine-readable format
  • Withdraw consent – where processing is based on consent, you may withdraw at any time

To exercise these rights, please contact us using the details below. We aim to respond within one calendar month,
in line with ICO guidelines.

Cookies & Tracking Technologies

We use cookies to remember your preferences, improve site performance, and provide relevant features.
You can manage your cookie preferences through your browser settings or any tools provided on our website.

Security

We implement appropriate technical and organisational measures to safeguard your personal data from unauthorised
access, disclosure, or destruction. All data transmissions are encrypted (e.g. SSL/TLS), and staff receive
regular data protection training.

Changes to This Policy

We may update this Privacy Policy from time to time—for example, in response to legal changes or updates to our services.
The version and “last updated” date will always be shown at the top. We encourage you to review it periodically.

Contact Us

If you have any questions about this Privacy Policy, wish to exercise your rights, or raise a concern, please contact:

Email: [email protected]
Postal address:

Mash Group Ltd, trading as Mash Care
Yeovil Innovation Centre
Yeovil BA22 8RN
United Kingdom

You also have the right to lodge a complaint with the
Information Commissioner’s Office (ICO).