Privacy & Cookie Policy

Effective date: 10/6/2026

This Privacy Policy explains how Northern Healthcare collects, uses, stores, and protects personal data when you use our website. It should be read alongside any service-specific privacy notices provided when you access our supported living services.

Northern Healthcare is committed to protecting your privacy and handling your data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Who we are

Northern Healthcare is the data controller for the personal data processed through this website.

Organisation name: Northern Healthcare
Address: Northern Healthcare, Barton Hall Business Park, Hardy Street, Eccles, Manchester, M30 7NB
Email: contact@northernhealthcare.org.uk

If you have any questions about this policy or how your data is handled, you can contact us using the details above.

What personal data we collect

We may collect and process the following types of personal data:

Information you provide directly

  • Name and contact details (e.g. email address) when you complete a contact form
  • Information submitted through enquiries or correspondence
  • Information provided when leaving comments (if enabled)

Technical and usage data

  • IP address
  • Browser type and version
  • Device information
  • Pages visited and time spent on the site
  • Referral source (how you reached our website)

Communication data

  • Any messages you send to us via forms, email links, or other contact methods

We do not intentionally collect special category data (such as health or clinical data) via the website, and you should avoid sharing sensitive personal information through general website forms.

How and why we use your data

We process personal data under the following lawful bases:

  • Legitimate interests – to operate, secure, and improve our website and respond to enquiries
  • Consent – where you opt in (e.g. optional cookies or marketing communications)
  • Legal obligation – where we are required to retain or disclose information under law

We use personal data for the following purposes:

  • Responding to enquiries and requests
  • Providing information about our services
  • Maintaining website security and preventing abuse or spam
  • Improving website performance and user experience
  • Managing user accounts (if applicable)

Comments

When visitors leave comments on the site, we collect:

  • The data shown in the comments form
  • IP address
  • Browser user agent string (for spam detection)

If approved, your profile picture may be visible alongside your comment.

Media uploads

If you upload images to the website, you should avoid including embedded location data (EXIF GPS). Visitors may be able to extract location data from images.

Contact forms

When you submit a contact form, we collect the information you provide to:

  • Respond to your enquiry
  • Manage and track communication

We retain form submissions only for as long as necessary to deal with your request and maintain business records.

Cookies

We use cookies to support website functionality and improve user experience.

Essential cookies

These are required for the website to function and cannot be disabled. They include:

  • Session management
  • Security features
  • Login functionality (if applicable)

Functional cookies

These remember user preferences such as:

  • Login settings
  • Display preferences

Comment cookies

If you leave a comment, you may opt in to saving your name, email address, and website in cookies. These last for one year.

Login cookies

If you log into an account:

  • Temporary cookie checks browser compatibility
  • Login cookies last 2 days
  • Screen preference cookies last 1 year
  • “Remember Me” keeps login active for 2 weeks
  • Logging out removes login cookies

Editing cookies

If you edit or publish content, a cookie is stored indicating the post ID of the edited item. It expires after 1 day.

You can manage cookies through your browser settings or device controls.

Embedded content from other websites

Pages on this site may include embedded content (e.g. videos, maps, articles). Embedded content behaves as if you visited the external website directly.

These third-party websites may:

  • Collect data about you
  • Use cookies
  • Track your interaction with embedded content
  • Monitor your activity if you are logged in to their services

We are not responsible for third-party privacy practices.

Analytics

We may use analytics tools (such as website usage tracking services) to understand how visitors use our website.

This data is aggregated and does not directly identify individuals.

Where required, analytics cookies are only used with your consent.

Who we share your data with

We may share data with trusted third-party service providers who support website operations, including:

  • Website hosting providers
  • IT and security service providers
  • Spam detection services
  • Analytics providers

All third parties are required to handle data securely and only in accordance with our instructions.

We do not sell personal data.

International data transfers

Some third-party providers may process data outside the UK. Where this occurs, we ensure appropriate safeguards are in place, such as:

  • UK adequacy regulations
  • Standard contractual clauses (SCCs)
  • Equivalent data protection safeguards

Data retention

We retain personal data only for as long as necessary:

  • Comments: retained indefinitely (for moderation and continuity)
  • Contact form submissions: retained for as long as needed to handle the enquiry and for record-keeping
  • User accounts (if applicable): retained while the account is active
  • Technical logs: retained for security and operational purposes for a limited period

Your rights

Under UK GDPR, you have the right to:

  • Access your personal data
  • Request correction of inaccurate data
  • Request deletion of your data (where applicable)
  • Restrict or object to processing
  • Request data portability
  • Withdraw consent at any time (where processing is based on consent)

To exercise these rights, contact us using the details in Section 1.

We may need to verify your identity before processing your request.

Data security

We take appropriate technical and organisational measures to protect personal data, including:

  • Secure hosting environments
  • Access controls and authentication
  • Staff training on data protection
  • Regular system monitoring and updates

While we take reasonable steps to protect data, no system is completely secure.

Data breaches

We have procedures in place to detect, investigate, and respond to personal data breaches.

Where required, we will:

  • Notify the Information Commissioner’s Office (ICO) within 72 hours
  • Inform affected individuals where there is a high risk to their rights and freedoms

Automated decision-making and profiling

We do not use automated decision-making or profiling that produces legal or similarly significant effects on individuals through this website.

Complaints

If you have concerns about how your data is handled, please contact us first so we can resolve the issue.

You also have the right to complain to the UK Information Commissioner’s Office (ICO): https://ico.org.uk/

Changes to this policy

We may update this Privacy Policy from time to time. Any updates will be published on this page with a revised effective date.