top of page
HERA CARE SERVICES LTD (3).png
Contact Us

Website Privacy Notice

Hera Care Services Limited - Reviewed: February 2026

Policy overview

This policy explains how we will use, and protect, the information that we gather, whether it be through this website, by way of telephone or personal conversations or through our normal business contacts with you. Please read this privacy policy carefully and ensure that you understand it. Details are given below of contacts should you wish to ask questions but please note that acceptance of this privacy policy and our cookie policy (see “Cookies” below) is required to make full use of our site.

Company details

Hera Care Services Limited

Long Barn East, Mythe Business Centre, Tewkesbury, GL20 6EA

07793104017

hello@heracareservices.co.uk 

We are registered with the Information Commissioner’s Office (ICO).
Data protection enquiries can be sent to hello@heracareservices.co.uk.

Your rights

Under the General Data Protection Regulation (GDPR), you have the right to be informed about:

  • the collection and use of your personal data

  • our purposes for processing that data

  • the retention periods for storing your data (or a guarantee that it will be kept only for as long as necessary)

  • who it will be shared with (both in this country and, if applicable, in others, in which case we will inform you of the safeguards applied in that country)

  • the legal basis under which we process your data

  • the right to withdraw your consent (if consent is the legal basis for processing)

  • our legitimate interest in processing your data (if that interest is the legal basis for processing)

  • details of any data we collect about you from a third party (such as publicly available information)

  • the right to lodge a complaint with the ICO

  • details of the existence of automated decision-making, including profiling (if applicable).

You also have the right to information that is concise, transparent, intelligible, easily accessible, and presented in clear and plain language rather than legal terminology. We encourage you to contact us using the details above if you have any questions about this policy statement or our procedures regarding data processing. This will not affect your right to complain to the ICO.

We commit to informing you if we update our privacy information and to seeking permission if we plan to use your personal data for a new purpose.

The information we collect

We process and store details of your:

  • Name

  • Title (Mrs, Ms, etc.)

  • Job title

  • Date of birth

  • Address

  • IP address

  • Email address

  • Username(s)

We only keep them for as long as necessary and you may contact us at any time to request removal (see “The Right to Be Forgotten” below).

Why do we need this information?

We use the information we collect and store about you to:

  • provide our products and services

  • manage invoices and accounts

  • invite participation in polls and surveys.

The legal basis under which we collect and store data

There are six possible legal grounds under the GDPR:

  • Consent

  • Fulfilment of a contract

  • Legitimate interests

  • Vital interests

  • Public task

  • Legal obligation

Each organisation must decide which of these applies to the data they process and explain how and why that is the case. Consent must be freely given and provided in an intelligible and accessible form using clear language. It must be as easy to withdraw consent as it is to give it.

Legal obligations apply where processing is necessary to comply with a common law or statutory obligation.

Vital interests apply where processing is necessary to protect someone’s life.

Public task is mainly relevant to public authorities or organisations exercising official authority or carrying out tasks in the public interest.

Legitimate interests is often the most flexible and appropriate basis where data is used in ways individuals would reasonably expect and with minimal privacy impact.

Legal basis — legitimate interests:

“This organisation has carried out a legitimate interests assessment (LIA) which can be seen on request. We have checked that processing is necessary and that there is no less intrusive way to achieve the same result. We will only use your data in ways you would reasonably expect, unless we have a very good reason. We will not use your data in ways that are intrusive or harmful and we have introduced safeguards to reduce impact where possible.

If we process children’s data, we take extra care to protect their interests. We ensure that your rights under GDPR are not undermined by our legitimate interests.”

Applying the data protection principles

This organisation is committed to applying GDPR principles. We will ensure that:

  • personal data is collected for specified, explicit and legitimate purposes

  • data processing is adequate, relevant and limited to what is necessary

  • data is accurate and kept up to date

  • inaccurate data is erased or corrected without delay

  • data is kept only as long as necessary

  • data is processed securely and protected against unauthorised processing, loss, destruction or damage.

 

Better by design

We implement technical and organisational measures to integrate data protection into all processing activities. Safeguards are built into products and services from the earliest development stage, and privacy-friendly settings are standard. Employees are trained in GDPR requirements, and contracts, website designs, publicity materials, and HR policies aim to comply with GDPR.

 

Access to your data

Upon receiving a request to access your data, we will respond without delay and within one month. Information will be provided free of charge, although a reasonable fee may apply for excessive or repetitive requests.

The right to be forgotten

You may request that we erase your personal data and cease further dissemination. Requests can be made verbally or in writing and will be processed within one month. Requests relating to children’s data will receive priority.

The right to erasure may not apply where processing is necessary:

  • to comply with a legal obligation

  • to exercise freedom of expression and information

  • for public interest tasks or official authority

  • for legal claims.

We may refuse requests that are unfounded or excessive but will explain and justify any refusal.

Right to be informed

Within one month of collecting your data, we will inform you of processing purposes, retention periods, and data sharing arrangements in clear and accessible language.

Right to rectification 

You may request correction or completion of inaccurate personal data verbally or in writing. We will respond within one month. If disagreements arise, you may refer the matter to the ICO.

Children

Under GDPR, only children aged 13 or over may provide their own consent. For younger children, consent will be obtained from a parent or guardian. Children’s data receives full protection.

Right to data portability

You may request your personal data in a structured, commonly used, machine-readable format. This applies only where processing is based on consent or contract and is carried out by automated means.

Right to object

You have the right to object to:

  • processing based on legitimate interests or public tasks

  • direct marketing

  • scientific or statistical processing.

We will stop processing data for direct marketing upon objection.

Automated decision making and profiling 

Automated decisions and profiling require explicit consent. We collect only necessary data and retain it only as needed. Individuals may request reconsideration of automated decisions.

Data breaches

We take measures to prevent unauthorised access. If a significant data breach occurs, we will notify you and the ICO promptly. We use encryption, pseudonymisation, and backup systems where appropriate.

International transfers

Data may be transferred within the European Economic Area (EEA). Where data is transferred outside the EEA, appropriate safeguards such as standard contractual clauses or approved codes of conduct will be applied.

Cookies

A cookie is a small text file placed on your device when you visit our site. Cookies help monitor usage, remember preferences, and enable authentication. You may disable cookies through your browser, but some website features may not function.

Third party websites

Our website may link to external sites. We are not responsible for their data practices and recommend reviewing their privacy policies before providing personal data.

Last updated February 2026. Contact: hello@heracareservices.co.uk

Policy overview

This policy explains how we will use, and protect, the information that we gather, whether it be through this website, by way of telephone or personal conversations or through our normal business contacts with you. Please read this privacy policy carefully and ensure that you understand it. Details are given below of contacts should you wish to ask questions but please note that acceptance of this privacy policy and our cookie policy (see “Cookies” below) is required to make full use of our site.

Company details

Hera Care Services Limited

Long Barn East, Mythe Business Centre, Tewkesbury, GL20 6EA

07793104017

hello@heracareservices.co.uk

We are registered with the Information Commissioner’s Office (ICO).
Data protection enquiries can be sent to hello@heracareservices.co.uk.

​Your rights

Under the General Data Protection Regulation (GDPR), you have the right to be informed about:

  • the collection and use of your personal data

  • our purposes for processing that data

  • the retention periods for storing your data (or a guarantee that it will be kept only for as long as necessary)

  • who it will be shared with (both in this country and, if applicable, in others, in which case we will inform you of the safeguards applied in that country)

  • the legal basis under which we process your data

  • the right to withdraw your consent (if consent is the legal basis for processing)

  • our legitimate interest in processing your data (if that interest is the legal basis for processing)

  • details of any data we collect about you from a third party (such as publicly available information)

  • the right to lodge a complaint with the ICO

  • details of the existence of automated decision-making, including profiling (if applicable).

You also have the right to information that is concise, transparent, intelligible, easily accessible, and presented in clear and plain language rather than legal terminology. We encourage you to contact us using the details above if you have any questions about this policy statement or our procedures regarding data processing. This will not affect your right to complain to the ICO.

We commit to informing you if we update our privacy information and to seeking permission if we plan to use your personal data for a new purpose.

The information we collect

We process and store details of your:

  • Name

  • Title (Mrs, Ms, etc.)

  • Job title

  • Date of birth

  • Address

  • IP address

  • Email address

  • Username(s)

We only keep them for as long as necessary and you may contact us at any time to request removal (see “The Right to Be Forgotten” below).

Why do we need this information?

We use the information we collect and store about you to:

  • provide our products and services

  • manage invoices and accounts

  • invite participation in polls and surveys.

The legal basis under which we collect and store data

There are six possible legal grounds under the GDPR:

  • Consent

  • Fulfilment of a contract

  • Legitimate interests

  • Vital interests

  • Public task

  • Legal obligation

Each organisation must decide which of these applies to the data they process and explain how and why that is the case. Consent must be freely given and provided in an intelligible and accessible form using clear language. It must be as easy to withdraw consent as it is to give it.

Legal obligations apply where processing is necessary to comply with a common law or statutory obligation.

Vital interests apply where processing is necessary to protect someone’s life.

Public task is mainly relevant to public authorities or organisations exercising official authority or carrying out tasks in the public interest.

Legitimate interests is often the most flexible and appropriate basis where data is used in ways individuals would reasonably expect and with minimal privacy impact.

Legal basis — legitimate interests:

“This organisation has carried out a legitimate interests assessment (LIA) which can be seen on request. We have checked that processing is necessary and that there is no less intrusive way to achieve the same result. We will only use your data in ways you would reasonably expect, unless we have a very good reason. We will not use your data in ways that are intrusive or harmful and we have introduced safeguards to reduce impact where possible.

If we process children’s data, we take extra care to protect their interests. We ensure that your rights under GDPR are not undermined by our legitimate interests.”

Applying the data protection principles

This organisation is committed to applying GDPR principles. We will ensure that:

  • personal data is collected for specified, explicit and legitimate purposes

  • data processing is adequate, relevant and limited to what is necessary

  • data is accurate and kept up to date

  • inaccurate data is erased or corrected without delay

  • data is kept only as long as necessary

  • data is processed securely and protected against unauthorised processing, loss, destruction or damage.

Better by design

We implement technical and organisational measures to integrate data protection into all processing activities. Safeguards are built into products and services from the earliest development stage, and privacy-friendly settings are standard. Employees are trained in GDPR requirements, and contracts, website designs, publicity materials, and HR policies aim to comply with GDPR.

Access to your data

Upon receiving a request to access your data, we will respond without delay and within one month. Information will be provided free of charge, although a reasonable fee may apply for excessive or repetitive requests.

The right to be forgotten

You may request that we erase your personal data and cease further dissemination. Requests can be made verbally or in writing and will be processed within one month. Requests relating to children’s data will receive priority.

The right to erasure may not apply where processing is necessary:

  • to comply with a legal obligation

  • to exercise freedom of expression and information

  • for public interest tasks or official authority

  • for legal claims.

We may refuse requests that are unfounded or excessive but will explain and justify any refusal.

Right to be informed

Within one month of collecting your data, we will inform you of processing purposes, retention periods, and data sharing arrangements in clear and accessible language.

Right to rectification 

You may request correction or completion of inaccurate personal data verbally or in writing. We will respond within one month. If disagreements arise, you may refer the matter to the ICO.

Children

Under GDPR, only children aged 13 or over may provide their own consent. For younger children, consent will be obtained from a parent or guardian. Children’s data receives full protection.

Right to data portability

You may request your personal data in a structured, commonly used, machine-readable format. This applies only where processing is based on consent or contract and is carried out by automated means.

Right to object

You have the right to object to:

  • processing based on legitimate interests or public tasks

  • direct marketing

  • scientific or statistical processing.

We will stop processing data for direct marketing upon objection.

Automated decision making and profiling 

Automated decisions and profiling require explicit consent. We collect only necessary data and retain it only as needed. Individuals may request reconsideration of automated decisions.

Data breaches

We take measures to prevent unauthorised access. If a significant data breach occurs, we will notify you and the ICO promptly. We use encryption, pseudonymisation, and backup systems where appropriate.

International transfers

Data may be transferred within the European Economic Area (EEA). Where data is transferred outside the EEA, appropriate safeguards such as standard contractual clauses or approved codes of conduct will be applied.

Cookies

A cookie is a small text file placed on your device when you visit our site. Cookies help monitor usage, remember preferences, and enable authentication. You may disable cookies through your browser, but some website features may not function.

Third party websites

Our website may link to external sites. We are not responsible for their data practices and recommend reviewing their privacy policies before providing personal data.

​Last updated February 2026. Contact: hello@heracareservices.co.uk

bottom of page