Courses Care Business School

CARE BUSINESS SCHOOL  ·  BUILD · SUSTAIN · SCALE

Privacy Notice

How Care Business School Ltd collects, uses, and protects your personal data

Effective Date: 14 May 2026

Version: 1.0

Data Controller: Care Business School Ltd (Company Number 17217121)

Contact: [email protected]

1. Introduction

Care Business School operates under Care Business School Ltd, registered with Companies House on 13 May 2026 under company registration number 17217121. Care Business School Ltd is a wholly-owned subsidiary of Malevi Group Ltd (company number 17216036), registered with Companies House on 12 May 2026. Care Business School Ltd is the data controller for the purposes of this Privacy Notice.

Care Business School is committed to protecting the privacy, dignity, and rights of every individual whose personal information we handle. This Privacy Notice explains in detail how we collect, use, store, share, and protect personal data.

This Notice applies to all individuals who interact with us as part of our business activities, including clients, course purchasers, members, subscribers, prospective clients, contractors, website visitors, and anyone who communicates with us online, by email, or through our digital platforms. Our website for these purposes includes www.carebusinessschool.co.uk and any related landing pages or digital portals used to deliver our consulting and training services.

Care Business School recognises the fundamental importance of confidentiality and data protection. We process personal data in strict compliance with the United Kingdom General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, the Privacy and Electronic Communications Regulations (PECR), and all relevant ICO guidance. Because we deliver professional consulting, training, coaching services, and digital products, we ensure that the personal data of clients, course participants, website visitors, and marketing subscribers is handled with integrity, transparency, and the highest level of security.

2. Who We Are

Data Controller

Care Business School Ltd is the data controller. We determine the purposes and means of processing personal data.

Company Information

Care Business School Ltd. Company Number: 17217121. Registered in England and Wales on 13 May 2026. Care Business School Ltd is a subsidiary of Malevi Group Ltd (Company Number 17216036, registered 12 May 2026).

Contact for Data Protection Matters

All data protection enquiries should be directed to [email protected]. Care Business School Ltd is not currently required to appoint a Data Protection Officer under UK GDPR. Privacy matters are overseen directly by the company's Director.

3. How We Collect Information

We collect personal information in several ways, depending on how individuals interact with us. Information may be provided directly when a person completes a contact form, downloads a free resource, signs up to a newsletter, purchases a digital product, books a consultation, or registers for a course or membership programme through our website or associated sales platforms. Information may also be collected when individuals email us directly, communicate with us through social media, register for a webinar or masterclass, or submit an enquiry through any of our digital channels.

We collect further information when clients engage our consultancy services, participate in coaching sessions, attend online meetings, or access our membership or training portals. This may include communication history, notes relevant to the services we deliver, or details required to customise support.

Where payments are made for services or digital products, information is also collected by third-party payment providers such as Stripe or PayPal, which operate as independent data controllers. Care Business School does not store or process card details directly. We may receive confirmation of payment, transaction ID, and billing information in order to fulfil the service or issue receipts.

For business administration purposes, we also collect and store personal information needed to deliver purchased services. This may include names, email addresses, telephone numbers, company names, invoice addresses, access to questionnaires, onboarding forms, and course participation records.

Our website automatically collects technical information through cookies and analytics tools, including IP addresses, browser types, device information, interaction data, and patterns of website use. This helps us improve website functionality and user experience.

4. The Types of Personal Data We Collect

The information we collect may include your name, email address, telephone number, postal address, company or trading name, details relating to your business, your communication preferences, payment details provided to third-party processors, and records of interactions with us.

When relevant to coaching or consultancy, we may collect information about your business goals, progress, strategic plans, and operational needs. When individuals subscribe to newsletters or marketing communications, we collect names and email addresses for the purpose of sending updates, resources, or promotional materials.

We do not routinely collect special category data. However, during coaching or consultancy, individuals may voluntarily share personal reflections or sensitive details relevant to their business journey. Such information is handled with strict confidentiality and processed only with explicit consent.

Children's Data

Our services are designed for adults operating or seeking to operate a regulated care business. We do not knowingly collect personal data from children under 18. If we become aware that we have inadvertently collected personal data from a child, we will delete it promptly.

5. Lawful Basis for Processing

We only process personal data where a lawful basis under UK GDPR exists.

Most data is processed on the basis of contract, because individuals purchase a service, engage with our consultancy, register for a digital product, or request that we take steps before entering into a contract.

Some data is processed on the basis of consent, particularly email marketing or newsletter subscriptions, where individuals must opt in. Consent may be withdrawn at any time.

Certain processing activities occur under the basis of legitimate interests, for example maintaining business records, improving user experience, ensuring security and fraud prevention, or communicating with existing clients about relevant services they have already purchased. In every case where we rely on legitimate interests, we balance our interests against the rights and freedoms of the individuals concerned.

Where legal or regulatory obligations require the retention of certain financial information for HMRC or accounting purposes, processing takes place under the basis of legal obligation.

We only process sensitive or special category data with explicit consent or where an individual has deliberately made such information public within the context of coaching or consultancy. We do not use automated decision-making or profiling that produces legal or significant effects.

6. How We Use Your Information

Personal data is used to administer and deliver consultancy, coaching, training programmes, membership access, and digital products. This includes sending course materials, booking confirmation emails, onboarding documentation, and follow-up communications relevant to the service purchased.

Personal data is used to respond to enquiries, manage client relationships, provide customer support, issue invoices, maintain financial records, and carry out administrative tasks required to operate the business effectively.

Marketing subscribers receive newsletters, updates, promotional emails, and information about upcoming events, courses, or services, but only if they have opted into such communications. Individuals may unsubscribe at any time by using the link in email footers.

We may use data to analyse business performance, improve products and services, enhance user experience, and personalise our communications to ensure that individuals receive content relevant to their interests.

7. Sharing of Information

We do not sell, trade, or lease personal information to third parties.

We may share information with trusted third-party service providers who support the functioning of our business, including email marketing platforms, website hosting providers, payment processors, accountants, IT support providers, course hosting platforms, customer relationship management systems, and cloud storage services. All third-party processors operate under data processing agreements or equivalent safeguards to ensure compliance with UK GDPR.

We may need to share limited information with professional advisers such as accountants or legal representatives, strictly for business administration or legal compliance. Information may also be disclosed if required by law, for example to comply with HMRC requirements or lawful requests from regulatory or enforcement authorities.

8. International Data Transfers

Some of the third-party service providers we use (for example, email marketing platforms, cloud storage, and course hosting providers) may store or process data outside the United Kingdom or the European Economic Area, including in the United States.

Where this occurs, we ensure appropriate safeguards are in place to protect your data, including reliance on UK adequacy regulations, the UK International Data Transfer Agreement (IDTA), the UK Addendum to the EU Standard Contractual Clauses, or equivalent legally recognised mechanisms. We do not transfer personal data outside the UK without ensuring an adequate level of protection.

9. Security of Your Information

We are committed to ensuring that personal information is protected against loss, misuse, unauthorised access, disclosure, alteration, or destruction. Data is stored using secure digital systems, encrypted communication tools, strong password protection, and restricted access based on role necessity. Cloud-based systems used by Care Business School adhere to industry-standard security measures.

Emails sent to [email protected] are accessible only to authorised personnel. Digital course materials, membership content, and client documentation are stored on secure platforms with limited access. We undertake regular review of our data handling practices and systems to ensure they remain compliant with legal requirements and evolving guidance from the Information Commissioner's Office.

In the event of a personal data breach that is likely to result in a risk to the rights and freedoms of individuals, we will notify the Information Commissioner's Office within 72 hours, and affected individuals where required by law.

10. Website Analytics and Cookies

Our website uses cookies and tracking technologies to improve the user experience, understand site performance, and analyse visitor interactions. Cookies enable faster browsing, improve functionality, and support essential website features.

Analytical tools, including Google Analytics or similar services, help us understand how visitors navigate the site, which pages are most frequently accessed, and how our digital content performs. These cookies do not personally identify users.

Visitors can manage or disable cookies through their browser settings at any time. Our website may also display a cookie consent banner offering granular control over which non-essential cookies are accepted. For full details, please refer to our Cookie Policy, available on the website.

11. Retention of Data

Personal data is retained only for as long as necessary to fulfil the purposes for which it was collected. Specific retention periods include:

Client records, including correspondence and service delivery notes, are retained for the duration of the service relationship and for up to 6 years afterwards to satisfy legal, accounting, and contractual record-keeping obligations.

Financial information, invoices, and tax records are retained for a minimum of 6 years from the end of the relevant tax year, in line with HMRC requirements.

Marketing data is retained only while individuals remain subscribed to our communications. When an individual unsubscribes, their email address is removed from active marketing lists within 30 days.

General enquiry correspondence is retained for up to 2 years from the date of last contact unless a service relationship arises.

Website analytics data is retained in accordance with the settings of the analytics provider (typically 14 to 26 months by default).

When data is no longer required, it is securely erased or anonymised.

12. Your Rights

Individuals have several rights under data protection law, including:

The right to be informed about how your personal data is being used (which this Privacy Notice provides).

The right to request access to the personal data we hold about you (a Subject Access Request).

The right to ask for inaccurate personal data to be corrected (rectification).

The right to request deletion of personal data where appropriate (the right to be forgotten).

The right to restrict processing in certain circumstances.

The right to object to certain types of processing, including direct marketing.

The right to request data portability, where applicable.

The right to withdraw consent at any time, where processing relies on consent.

The right to lodge a complaint with the Information Commissioner's Office.

Requests to exercise these rights should be submitted in writing to Care Business School via email at [email protected]. Once identity is verified, we will respond within the statutory timeframe of one month. In limited circumstances, this period may be extended by up to two further months for complex requests, in which case we will inform you within the original one-month period.

If an individual is dissatisfied with our response, they have the right to raise a concern with the Information Commissioner's Office, whose contact details are provided below.

13. Whether Providing Data Is Required

Most of the personal data we collect is provided voluntarily. However, some data is required to enter into or perform a contract with us — for example, name, email address, and billing details are needed to deliver a purchased course, membership, or consultancy service. If you do not provide this information, we may be unable to provide the service. We will always make it clear at the point of collection where information is mandatory.

14. Changes to This Privacy Notice

We may update this Privacy Notice from time to time to reflect changes in our practices, services, or legal requirements. The version date at the top of this document indicates when it was last updated. Material changes will be communicated to clients and subscribers where appropriate. Continued use of our services following any changes constitutes acceptance of the updated Notice.

15. Contact Details

All enquiries relating to this Privacy Notice or our data protection practices should be directed to:

Care Business School Ltd

Email: [email protected]

Website: www.carebusinessschool.co.uk

Written requests may also be submitted through the contact form on our website.

Individuals have the right to lodge a complaint directly with the Information Commissioner's Office should they believe their data has been processed unlawfully.

Information Commissioner's Office

Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF

Helpline: 0303 123 1113

Website: www.ico.org.uk

Care Business School Ltd  |  Subsidiary of Malevi Group Ltd  |  Build · Sustain · Scale