Get weekly discount codes 
by email

Sign up and we’ll send exclusive discounts, new products and more straight to your email address.

 

Unsubscribe at any time. T&Cs apply.

Privacy Policy

At CareCo, we respect your personal data. This Privacy Notice explains how we will use your personal data when you are a customer or a potential customer.

Our contact details

Our head office address is at 1, Turing Court, Braintree CM77 7AT, United Kingdom.

You can contact our data protection officer by emailing at dpo@careco.co.uk.

The data we collect about you

Enquiries by phone, email, live chat or our ‘contact us’ form

When you contact us, we need to gather information from you in order to answer your enquiry. We process your name, email, the subject of your enquiry and the contents of your message. All of this information is submitted with your consent. We will consider that any health information contained in your message is given to us with your explicit consent.

We record phone calls for training, monitoring and compliance purposes. We will use a recording if we have any queries, concerns or disputes with an order or compliments/complaints about our service.

Account

In order for you to create an online account, we need your name, email address, contact number and address. You consent to create an account with us when you put in your details. Once you have created an account, we are permitted to send you marketing information under the legal basis of legitimate interest. You can opt out of receiving our marketing emails at any time.

Website orders

Payment:

When you purchase a product through our website, your payment data is sent directly to our payment partner and your delivery details are sent to our delivery partners. For billing, we require your first name, last name, address, phone and email. For an alternative shipping address, we require the first name, last name and address.

We will send you service emails, such as delivery date, as part of our contract with you. These are not marketing messages.

We don’t ever handle your payment card details. FiServe and PayPal are a data controller for all of the personal data that you input when paying for an order. For these providers, we recommend that you read their privacy policies so you can understand the manner in which your personal information will be handled by these providers.

PayPal’s Privacy Notice can be found here:https://www.paypal.com/uk/legalhub/privacy-full

FiServ’s Privacy Notice can be found here:https://www.fiserv.com/en/about-fiserv/privacy-notice.html

All direct payment gateways adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, American Express and Discover.

PCI-DSS requirements help ensure the secure handling of credit card information by our store and its service providers.

Please note that certain providers may be located in or have facilities that are located in a different jurisdiction than either you or us. So, if you elect to proceed with a transaction that involves the services of a third-party service provider, then your information may become subject to the laws of the jurisdiction(s) in which that service provider or its facilities are located.

As an example, if you are located in Canada and your transaction is processed by a payment gateway located in the United States, then your personal information used in completing that transaction may be subject to disclosure under United States legislation.

Once you leave our store's website or are redirected to a third-party website or application, you are no longer governed by this Privacy Notice or our website's Terms of Service.

Purchase and delivery:

We process your personal data for a purchase and delivery because we have a contract with you. We keep a copy of your delivery data to ensure we can find your details in the case of an issue. We also share this with our customer management partner and this is a legitimate interest for us.

Once you have put an item into your basket or purchased an item, we are permitted to send you marketing information under the legal basis of legitimate interest. You can opt out of receiving our marketing emails at any time.

If you qualify for VAT relief, we will need the applicable health condition and your legal declaration.

Website and app

We only use cookies that are strictly necessary without your consent, such as analysing any problems with our website and improving its performance. Any other cookies are used when you consent. Examples of these cookies are pop-up messages and cookies that provide a more personalised experience and those that deliver tailored advertising.

Marketing

Our products:

We will send you marketing information if you have opened an account with us, purchased a product or left items in your basket. Our legal basis for doing so is legitimate interest. We can send this information by SMS, email, phone or post, unless you have opted out. Please note that you can opt out of all or any type of marketing at any time.

You can also choose to receive marketing from us by signing up to receive it with your email address.

If you unsubscribe from any emails, we will keep your email address in a suppression list for five years so that we don’t email you again by accident. This is a legitimate interest for us.

Third parties:

The law allows us to share your details with third parties whose products and services we feel may be of interest to you and for them to send you marketing information by post. The third party will also send our postal marketing out to people who are not currently our customers.

These mailings are done using the legal basis of legitimate interest and we have balanced your interests with our interests and the interest of other retailers. Essentially, postal mailings are not considered as intrusive as email marketing and the law permits businesses to send postal mailings to people who are not currently a customer of that business using legitimate interest. Legitimate interest is an opt-out, whereas consent is an opt-in. This means that we will share your data with the third party unless you opt-out during the checkout stage. If you want to opt-out, you need to untick the box.

The third party that we share your data with is called Epsilon Abacus (registered as Epsilon International UK Ltd), a company that manages the Epsilon Abacus Alliance on behalf of UK retailers and charities. Epsilon Abacus analyses pooled data to help retailers understand consumers' wider buying patterns. From this information, retailers can tailor their communications, sending people suitable offers that should be of interest to them, based on what they like to buy. The participating retailers are active in the following product categories: clothing, collectables, food and wine, gardening, gadgets and entertainment, health and beauty, household goods, home interiors and travel. They share information on what their customers buy.

You will only receive mailings from retailers in the Epsilon Abacus Alliance if you have 2 valid opt-ins from retailers within the Alliance. This means that you will receive postal mailings if you haven’t ticked this box (or similar) on at least two Epsilon Abacus Alliance retailers.

Example:

Please tick this box if you would NOT like to receive news and special offers from the Epsilon Abacus Alliance by post. [ ]

If you are a customer, you may update your marketing preferences by:

If you are not a customer of ours and you wish to opt-out of receiving our postal marketing, please:

Please note that Epsilon Abacus may transfer data outside of the UK/EEA. The transfer will take place in the presence of appropriate safeguards, including the EU Commission’s standard data protection clauses and the UK’s International Data Transfer Agreement. If you would like more information, please call us on 01376 314908, write to us at our address below or email us at dpo@careco.co.uk.

Stopping all postal marketing:

If you would like to stop all unsolicited postal communications, we suggest that you register with the Mailing Preference Service (MPS). MPS is a free service set up in 1983 and funded by the direct mail industry to enable consumers to have their names and home addresses in the UK removed from lists used by the industry. It is actively supported by Royal Mail and all directly involved trade associations and fully supported by The Information Commissioners Office (ICO). For more information or if you wish to register with the MPS please visit their website at www.mpsonline.org.uk.

Stopping all telephone marketing:

If you would like to stop all unsolicited telephone calls, we suggest that you register with the Telephone Preference Service (TPS). TPS is a free service and the only official ‘Do not call’ register for landlines and mobile numbers. It allows people to opt out of unsolicited live sales and marketing calls. It is fully supported by The Information Commissioner’s Office (ICO). For more information or if you wish to register with the MPS please visit their website at https://www.tpsonline.org.uk

Customer surveys:

We are always interested in improving our products and services so we may send you a customer feedback survey. This is a legitimate interest for us and we would appreciate it if you would fill the survey in.

Competitions:

We have competitions that you are welcome to enter. We will need your name, address, email and phone number for your entry. The data gathered on your entry will only be used for the purposes of the competition and not to send you any marketing material.

Social media:

When you share any photos or other information on our social media, this will be with your consent. Please be aware that we may share your photo and information on all of our digital media.

Reviewing a product on our website:

Submitting a product review is completely voluntary. You’re welcome to upload your comments, a photo and your name (either first and/ or last). Please note that when you upload a review, we will collect and process your name, email and the contents of your review, including any photographs you submit.

When you submit a review, that is your consent for us to use your review and photograph in our marketing materials, including on our website, social media, and other promotional materials. If you don’t wish for us to use your data, including your photograph, please don’t submit a review. We request that the content you submit shall not:

  • be false, inaccurate or misleading
  • be reasonably considered to be defamatory, libellous, hateful, offensive either racially or religiously, or unlawfully threatening or harassing to any individual, partnership or corporation
  • contain any computer viruses, worms or other potentially damaging computer programs or files
  • include information that references other websites, addresses, email addresses or contact details

By submitting a review and photograph, you consent to the collection, use, and disclosure of the personal information contained in the review.

How we use your personal data and legal basis for doing so

We may use your information for the following purposes:

Action Reason Legal basis

Responding to enquiries

You can make an enquiry by email, phone, live chat or via our website.

Contact information is required in each case, together with details of other personal data that is relevant to your enquiry.

This information is used to enable us to respond to your requests.

We are using your data with your consent to respond to your enquiry.

Fulfilment of services

It is necessary for us to process your information to perform our obligations in accordance with any contract that we may have with you.

We have a contract with you.

Fulfilment of services – surveys and feedback

We need to ensure that we provide the best client service that we can to you or others.

It is in our legitimate interest or a third party's legitimate interest to use your personal data this way.

Resolving complaints or disputes

We need to be able to resolve any complaints or disputes with you.

Legitimate interest

Legal compliance

We use your personal data to comply with our legal obligations, such as submissions to HMRC.

It is our legal obligation to use your personal data to comply with any legal obligations imposed upon us.

Marketing communications

For clients and prospects, we use your personal data to send you information about our products which may be of interest to you. We may also conduct surveys to improve our services.

It is in our legitimate interest to use your personal data for marketing purposes and you can unsubscribe at any time.

We will share your data with the Epsilon Abacus Alliance and they will send you marketing information by post unless you opt out.

You can also consent to receive our newsletter.

Our business requirements – legitimate interests

Action Reason for processing – legitimate interests

Managing our business and marketing strategies (including recording and reporting on our business development activities)

We need to have business development and marketing strategies.

Purchasing, maintaining and claiming against our insurance policies

We need to protect our business.

Obtaining legal advice, establishing, defending and enforcing our legal rights and obligations in connection with any legal proceedings or prospective proceedings.

We need to understand our obligations and establish and defend our legal rights.

Monitoring and producing statistical information regarding the use of our platforms, and analysing and improving their functionality

We need to ensure that our website and other platforms are working properly.

Maintaining the security of our systems, platforms, premises and communications, including detecting and preventing threats

We need to ensure that our premises and our platforms are secure.

Managing the proposed sale, restructuring, transfer or merging of any or all part(s) of our business, including to respond to queries from the prospective buyer or merging organisation

We need to be able to manage or sell parts of our business, if we choose to do so.

We have a legitimate interest in using your personal data for the above purposes. We have balanced your rights and freedoms against our business needs. Please inform us if you object to our processing.

Special category data

The UK GDPR defines special category data as:

  • personal data revealing racial or ethnic origin;
  • personal data revealing political opinions;
  • personal data revealing religious or philosophical beliefs;
  • personal data revealing trade union membership;
  • genetic data;
  • biometric data (where used for identification purposes);
  • data concerning health;
  • data concerning a person’s sex life; and
  • data concerning a person’s sexual orientation.

Special category data needs more protection because it is more sensitive than regular personal data, such as name and email.

In order to lawfully process special category data, the controller must identify both a lawful basis under Article 6 of the UK GDPR and a separate condition for processing under Article 9. These do not have to be linked.

Our reasons for processing your special category data

Action Reason for processing

Qualifying for VAT relief – in order to qualify, we need to know what the health condition is and take your declaration.

This is a legally binding declaration that we may be required to provide to HMRC. In completing the form, you are declaring that you are claiming VAT relief under Group 12 of Schedule 8 of the Value Added Tax Act 1994.

This is a legally binding declaration that we may be required to provide to HMRC. In completing the form, you are declaring that you are claiming VAT relief under Group 12 of Schedule 8 of the Value Added Tax Act 1994.

The information that you provide is kept strictly confidential and is used only for our application of VAT relief to the products we supply you with and for the VAT accounting purposes of HMRC.

Accidents or emergencies while you are at our premises.

It is necessary for us protect your vital interests or when you are incapable of giving consent

We use different methods to collect data from and about you, including through:

Direct interactions

You may give us your personal data by corresponding with us by post, phone, email or by purchasing a product. This includes personal data you provide when you:

  • ask for information about our products using our contact form or otherwise;
  • subscribe to our information emails;
  • request marketing to be sent to you;
  • purchase a product;
  • request marketing to be sent to you;
  • enter a competition; or
  • give us some feedback.

Automated technologies or interactions

As you interact with our website, we will collect data about your device, your browsing actions and patterns when you consent to our use of cookies.

Consent:

In some cases, we will ask whether you would like us to process your personal data, for example, if you would like us to notify you when an out of stock item becomes available or if you enter a competition. If you provide us with consent, you may withdraw it at any time by contacting us at dpo@careco.co.uk or mailing us at: 1, Turing Court, Braintree CM77 7AT, United Kingdom. Alternatively, you can log in to the careco.co.uk website and change your consent to opt into marketing in the account section.

Who we share your personal data with

We may share personal data with a variety of the following categories of third parties as necessary:

Entity Legal basis for sharing

Our professional advisers such as lawyers and accountants

Legitimate interest

Government or regulatory authorities or law enforcement

Legal obligation

Professional indemnity or other relevant insurers

Legitimate interest

Regulators/tax authorities/corporate registries

Legal obligation

Third parties to whom we outsource certain services such as, without limitation, marketing, analysis, business services, confidential waste disposal, IT systems or software providers, IT support service providers, document and information storage providers.

Legitimate interest

Third party service providers to assist us with client insight analytics, such as Google Analytics

Consent

We conduct an appropriate level of due diligence and put in place contractual documentation in relation to any sub-contractor to ensure that they process personal data appropriately and according to our legal and regulatory obligations.

International transfers

We will always try and keep your data in the UK or the EU. However, we may have a processor that will transfer your personal data to jurisdictions other than your own. Some of these jurisdictions may not provide the same level of protection to your personal data as provided in your jurisdiction. If we transfer your personal data outside the European Union or the United Kingdom, we will only make that transfer if:

  • that country ensures an adequate level of protection for your personal data;
  • we have put in place appropriate safeguards to protect your personal data, such as a contract with the person or entity receiving your personal data which incorporates specific provisions as directed by the European Commission and the UK government;
  • the transfer is permitted by applicable laws; or
  • you explicitly consent to the transfer.

If you would like to see a copy of any relevant safeguards used by us to protect the transfer of your personal data, please contact our DPO at dpo@careco.co.uk

Data security

We are committed to keeping the personal data provided to us secure and we have implemented appropriate information security policies, rules and technical measures to protect the personal data that we have under our control from unauthorised access, improper use or disclosure, unauthorised modification and unlawful destruction or accidental loss.

All of our partners, employees, consultants, workers and data processors (i.e. those who process your personal data on our behalf, for the purposes listed above), who have access to, and are associated with the processing of personal data, are obliged to respect the confidentiality of such personal data.

Retention of personal data

The law requires us to set retention periods for personal data.

Type of data Retention period

All enquiries – phone, email, live chat or ‘contact us’ form

12 months

Marketing list data

5 years

Suppression list marketing data

5 years

Surveys

12 months

VAT declaration

7 years

Purchase and order information

7 years

Resolving complaints/ legal disputes

For the duration of the complaint and then for the next six years.

How to access your information and your other rights

You have the following rights in relation to the personal data that we hold about you:

  • Your right of access: if you ask us, we will confirm whether we are processing your personal data and, if necessary, provide you with a copy of that personal data (along with certain other details). If you require additional copies, we may need to charge a reasonable fee. Please click here for our Subject Access Request policy and a personal data request form.
  • Your right to rectification: if the personal data that we hold about you is inaccurate or incomplete, you are entitled to request to have it rectified. If you are entitled to rectification and if we have shared your personal data with others, we will let them know about the rectification where possible. If you ask us, where possible and lawful to do so, we will also tell you who we have shared your personal data with so that you can contact them directly.
  • Your right to erasure: you can ask us to delete or remove your personal data in some circumstances, such as where we no longer need it or if you withdraw your consent (where applicable). If you are entitled to erasure and if we have shared your personal data with others, we will let them know about the erasure where possible. If you ask us, where it is possible and lawful for us to do so, we will also tell you who we have shared your personal data with so that you can contact them directly.
  • Your right to restrict processing: you can ask us to 'block' or suppress the processing of your personal data in certain circumstances, such as where you contest the accuracy of that personal data or you raise an objection with us. If you are entitled to restriction and if we have shared your personal data with others, we will let them know about the restriction where it is possible for us to do so. If you ask us, where it is possible and lawful for us to do so, we will also inform you who we have shared your personal data with so that you can contact them directly.
  • Your right to data portability: you have the right, in certain circumstances, to obtain personal data that you have provided us with (in a structured, commonly used and machine readable format) and to reuse it elsewhere or to ask us to transfer this to a third party of your choice.
  • Your right to object: you can ask us to stop processing your personal data, and we will do so, if we are:
    • relying on our own or someone else's legitimate interests to process your personal data, except if we can demonstrate compelling legal grounds for the processing; or
    • processing your personal data for direct marketing purposes.
  • Your right to withdraw consent: if we rely on your consent (or explicit consent) as our legal basis for processing your personal data, then you have the right to withdraw that consent at any time.
  • Your right to lodge a complaint with the Information Commissioner’s Office: if you have a concern about any aspect of our privacy practices, including the way we have handled your personal data, you can report it to the ICO. We would, however, appreciate the chance to deal with your concerns before you approach the ICO, so please contact us in the first instance.

Please note that some of these rights may be limited where we have an overriding interest or legal obligation to continue to process the data, or where data may be exempt from disclosure due to reasons of legal professional privilege or professional secrecy obligations.

Changes to this Privacy Notice

To ensure that you are always aware of how we use your personal data, we will update this privacy notice from time to time to reflect any changes to our use of your personal data. We may also make changes as required to comply with changes in applicable law or regulatory requirements. Where it is practicable, we will notify you by email of any significant changes. However, we encourage you to review this privacy notice periodically to be informed of how we use your personal data.