Privacy policy

Carers Network — Privacy Notice

Last updated: May 2026

Introduction

This Privacy Notice explains when and why the Carers Network ("we", "us") collects personal information, how we use it, the conditions under which we may disclose it to others, and how we keep it secure. It also explains your rights under UK data protection law and how to exercise them. This Notice applies to our programmes and services, human resources, and our fundraising and marketing activities.

Who We Are

Carers Network is a registered charity (No. 1097723) and registered company (No. 04712756). For the activities described in this Notice, Carers Network generally acts as a data controller. In some projects where we deliver services for another organisation, we may act as a data processor and will do so under that organisation’s instructions.

Contact Information, Queries and Complaints

If you have questions about this Privacy Notice or how we process your personal data, or if you wish to exercise your rights, please contact us at:

Email: info@carers-network.org.uk 

Postal address:
Carers Network
Beethoven Centre
Third Avenue
London
W10 4JL

Telephone: 020 8960 3033

What Personal Data We Collect and Why

The data we collect and how we use it depends on your relationship with us. Please see the appendices for details:

• Appendix 1 – Carers
• Appendix 2 – Human Resources (employees, volunteers, contractors)
• Appendix 3 – Fundraising and Marketing
• Appendix 4- Complaints Procedure

Your Rights

Under UK data protection law, you have the following rights. Some rights are subject to limitations (for example, safeguarding or legal obligations) and may not always apply. If we cannot fulfil a request, we will explain why.

• Right to be informed – to know how your data is used.
• Right of access – to request a copy of your personal data.
• Right to rectification – to correct inaccurate or incomplete data.
• Right to erasure – to request deletion where legally permitted.
• Right to restrict processing – to limit how we use your data in certain circumstances.
• Right to data portability – to receive certain data in a structured, machine‑readable format.
• Right to object – to processing based on legitimate interests or for direct marketing.
• Rights around automated decision‑making – we do not make decisions that produce legal or similarly significant effects solely by automated means.
• Right to complain- to complain against any of our activities.

International Data Transfers

Where personal data is transferred outside the UK, we put in place appropriate safeguards such as the UK International Data Transfer Agreement (IDTA) or the UK Addendum to the EU Standard Contractual Clauses, and we perform transfer risk assessments where required.

How Long We Keep Your Data

We retain personal data only for as long as necessary to fulfil the purposes set out in this Notice and to meet legal, regulatory, contractual and funder requirements. Specific retention periods are set out in Carer’s Network Retention Policy and may vary by project (for example, safeguarding records or research evaluation data). We will provide further information on request.

How We Protect Your Data

We use appropriate technical and organisational measures to protect personal data, including access controls, encryption in transit and at rest (where appropriate), data minimisation, secure deletion, staff training, confidentiality agreements, and vendor due diligence. We regularly review and improve these measures.

Changes to This Notice

We review this Privacy Notice regularly. Significant changes will be communicated directly or via a notice on our website.

Appendix 1 – Carers

This appendix covers how Carers Network uses personal data to provide support adult carers.

What Personal Data We Collect

We only collect the minimum data necessary for each purpose. Depending on the activity, we may collect:

• Basic identity and contact data – name, date of birth/age, address/postcode, email, phone number, details of your role as a carer
• Special category data- wellbeing information, health information and counselling information (shared with counselling services you have signed up for)
• Demographic information such as religious beliefs, ethnicity, sexual orientation and any other relevant information around your circumstances such as housing, education or employment status
• Participation records – registration and attendance, referral details, case notes, support plans, outcomes and evaluations, feedback and surveys, learning needs, accessibility requirements.
• Safeguarding information – disclosures or concerns, risk assessments, chronology/incident logs, safety plans, referrals to statutory agencies.
• Research and evaluation data – interviews, focus groups, surveys, observations, recordings (audio/video) with appropriate notices and permissions.

Where We Get Your Data From

• Directly from you: When you complete forms, register for services, attend activities or engage with staff during the delivery of our services.
• From referring organisations: Such as local authorities, charities, GP practices, or NHS services, where it is lawful to share and relevant to your support.
• From professionals involved in your support: For example, social workers or health professionals, with appropriate consent or other lawful basis

How We Use Your Data

• To manage enquiries and provide information
• To assess eligibility and support needs
• To register you for, organise, and deliver services such as advice, wellbeing activities, peer support, training, and (where available) counselling.
• To track engagement and outcomes, and tailor support to your needs.
• To safeguard individuals at risk – including assessing risk, recording and responding to concerns, and making referrals to statutory agencies.
• To evidence impact to funders and commissioners (usually using aggregated or pseudonymised information; we will avoid identifying you unless necessary and lawful).
• To carry out research and insight projects with appropriate ethical safeguards.

Our Lawful Basis (Article 6 UK GDPR)

• Legitimate Interests (Art 6(1)(f)) – our primary basis for providing support to carers and processing basic contact information for service delivery
• Vital Interests (Art 6(1)(d)) – for safeguarding, where processing is necessary to protect someone’s life or prevent serious harm.
• Consent (Art 6(1)(a)) – for any information you share with us around your circumstances, sharing your information with service providers that you have opted for (such as counselling services) optional activities such as certain participation opportunities, recordings/photography, case studies, surveys, EDI Monitoring or where required by law for specific communications.

Special Category Data (Article 9 UK GDPR)

Where we process special category data (e.g., health, ethnicity, beliefs, sexuality) or criminal offence data, we do so only where strictly necessary and with additional safeguards. Our typical conditions include:

• Substantial Public Interest – safeguarding of children and individuals at risk (Art 9(2)(g) and Data Protection Act 2018, Sch. 1, Part 2, para 18), counselling or equality and diversity (Para 8, 16, 17).
• Vital Interests (Art 9(2)(c)) – where the individual is incapable of giving consent and processing is necessary to protect life.
• Scientific or historical research or statistical purposes (Art 9(2)(j)) – for research/evaluation with suitable safeguards and, where required, ethical review.
• Explicit Consent (Art 9 (2)(a)- for processing dietary requirements or any other optional EDI information.

Who We Share Data With

• Referring organisations and professionals involved in your support such as local authorities, NHS services, or voluntary sector partners, where appropriate and relevant to your support.
• Delivery partners and service providers we work with to deliver specific projects, activities, or services, under appropriate data‑sharing or data‑processing agreements, and only where lawful (for example, based on legitimate interests or consent).
• Funders and commissioners who receive aggregated or pseudonymised information to demonstrate impact and accountability. Identifiable information will only be shared where necessary, proportionate and lawful.
• Independent evaluators and research partners commissioned under contract and approved protocols, with appropriate safeguards in place.
• Statutory authorities where there are safeguarding concerns relating to adults at risk. We may share relevant information with local authorities or other statutory bodies where this is necessary to protect you or others and is permitted by law.

Each Local Authority has its own Privacy Policy and links to their policies may be found here:
City of Westminster
Royal Borough of Kensington and Chelsea
London Borough of Hammersmith and Fulham

Research and Evaluation Ethics

We apply proportionate ethical review and safeguarding measures for research and evaluation. Participation materials explain what data we collect, why, how long we keep it, and your rights. We prefer pseudonymised or anonymised data for reporting wherever possible.

Appendix 2 – Human Resources

This appendix explains how we process personal data for job applicants, employees, workers, contractors, consultants and volunteers or trustees.

How We Collect Your Information

• Directly from you during recruitment and onboarding, and during your engagement with us.
• From agencies and referees (with your knowledge).
• From pre‑employment screening such as right‑to‑work and DBS where applicable.
• From internal systems (e.g., HR, payroll, learning and development).

What Personal Data We Collect

• Personal details and contact information.
• Application, CV and interview information; references; employment history and qualifications.
• Contract terms, job role, pay/fees, benefits, working time, leave and absence, performance and supervision records, disciplinary and grievance records, training records.
• Next of kin and emergency contacts.
• Right‑to‑work, DBS where applicable, and other compliance records.
• Special category data (where necessary) – health/occupational health information (e.g., reasonable adjustments), and equality, diversity and inclusion data provided voluntarily.

How We Use HR Data (Purposes and Lawful Basis)

• To recruit and onboard staff, volunteers and trustees – Contract (Art 6(1)(b)) and Legitimate Interests (Art 6(1)(f)).
• To administer employment/engagement – Contract (Art 6(1)(b)).
• To meet legal obligations – Legal Obligation (Art 6(1)(c)) (e.g., HMRC, right‑to‑work, health & safety).
• To manage performance, supervision, learning and development, security and IT systems – Legitimate Interests (Art 6(1)(f)).
• Special category data – Art 9(2)(b) employment and social protection law; Art 9(2)(g) substantial public interest (e.g., equality monitoring under Schedule 1 conditions); occupational health; and where appropriate, explicit consent.
• Criminal offence data – Art 9(2)(g) Substantial Public Interest, handled in line with law and safeguarding or prevention of crime (e.g., DBS).

Who We Share Your Data With

• Payroll, pension, HR and benefits providers (processors).
• Regulators and statutory bodies (e.g., HMRC, Home Office).
• Occupational health and wellbeing providers.
• IT service providers.
• Professional advisers and insurers where necessary.

Appendix 3 – Events, Fundraising and Marketing

This appendix explains how we process personal data for fundraising and marketing, including individual giving, major donors, corporate partnerships, trusts and foundations, event attendees and supporter communications.

What We Collect

• Identity and contact data; communication preferences.
• Donation history, Gift Aid status, event registrations and attendance.
• Engagement information (e.g., email opens/clicks), where permitted.
• For major donor/corporate fundraising: publicly available information (e.g., from Companies House, the Charity Commission, press and your organisation’s website) to understand interests and align opportunities, in line with Legitimate Interests and your rights.
• Payment information processed securely by our payment service providers; we do not store full card details.

How We Use Supporter Data

• To process and acknowledge donations and manage Gift Aid.
• To manage event attendance and volunteering opportunities.
• To send you marketing about our work and ways to support us, in line with your preferences and PECR.
• To develop supporter relationships, including segmentation and profiling to tailor messages, under Legitimate Interests; you can object at any time.
• To comply with legal and regulatory requirements and prevent fraud.

Lawful Basis (Fundraising & Marketing)

• Consent (Art 6(1)(a)) – for email and text communication to individuals where required by PECR.
• Legitimate Interests (Art 6(1)(f)) – for postal marketing, or soft opt-in related email communications when you have expressed an interest or phone calls
• Contract (Art 6(1)(b)) – to administer event bookings or benefits you have asked for.
• Legal Obligation (Art 6(1)(c)) – for Gift Aid and financial record‑

Who We Share Supporter Data With

• Payment processors and fundraising platforms (as independent controllers).
• Regulators (e.g., HMRC for Gift Aid) and auditors where required by law.
• Event partners and venues where necessary for attendance and safety.

Appendix 4: Complaints Process

If you are unhappy with how we handle your personal data, you have the right to raise a complaint with us. 

You can contact us by: 

• Email: info@carers-network.org.uk 

• Post:  Beethoven Centre, London, W10 4JL

Please provide: 

• Your name and contact details 

• A clear description of your concern 

• Any relevant dates or reference numbers 

What Happens Next? 

1. We will acknowledge your complaint within 30 days of receiving it. 

1. We will investigate your concerns. 

1. We may contact you if we need further information. 

1. We will respond as soon as possible and without undue delay. 

Our response will explain: 

• What we have found 

• Whether any action has been taken 

• What happens next 

If You Are Not Satisfied 

If you remain unhappy with our response, you have the right to complain to the Information Commissioner’s Office (ICO): 

Information Commissioner’s Office 
Wycliffe House 
Water Lane 
Wilmslow 
Cheshire 
SK9 5AF 

Telephone: 0303 123 1113 
Website: https://ico.org.uk 

Accessibility 

If you require this information in an alternative format, please contact us and we will be happy to assist. 

Our website

Our website uses ‘cookies’. Cookies are small text files placed on your computer which are used to collect the information the server needs to deliver a tailored page to your computer. Cookies store the information until the next time you visit the site or until you move to a related site. They make browsing easier and faster. They can also be used to compile statistics about website activity. 

For further information visit www.aboutcookies.org or www.allaboutcookies.org

You can set your browser not to accept cookies and the above websites tell you how to remove cookies from your browser. However, in a few cases some of our website features may not function as expected.

Please scroll down for full information on how we use cookies.

16 or Under (Subject to review following enactment of the Data Protection Bill)

We are concerned to protect the privacy of children aged 16 or under. If you are aged 16 or under‚ you will need to get your parent’s/guardian’s permission beforehand whenever you provide us with personal information.

Transferring your information outside of Europe

As part of the services offered to you, the information which you provide to us may be transferred to servers within the European Union (“EU”) or countries and companies designated as adequate under the General Data Protection Regulation and provide similar protection to those located in the UK.

If you use our services while you are outside the EU, your information may not be governed by legislation to the same standard and we are not able to guarantee the security of your information.

How we use cookies

A cookie is a small file which may be placed on your computer's hard drive. Cookies allow web applications to respond to you as an individual by remembering information about your preferences.

Overall, cookies help us provide you with a better website, by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.

You can use this link to manage your cookie preferences for our website at any time.

We use the following cookies on our website:

Cookie acceptance

When you visit this site for the first time a message about cookies appears on the screen. Your cookie preferences are stored in a cookie called "uni_cookies". Once the cookie is set the message will disappear. You can change your preferences by visiting this page.

Stripe

Stripe is the payment processing platform used on this site for processing donations. Stripe uses cookies to ensure that their Services function properly, detect and prevent fraud, understand how visitors use and engage with their Site, and analyze and improve Services.

Cookie name	Description	Type/Length
__stripe_sid	Essential cookie for Stripe payment processing	30 minutes from set/update
__stripe_mid	Essential cookie for Stripe payment processing	30 minutes from set/update

Google Analytics

Google Analytics provides anonymous statistics on website usage. Cookies are used to track the source of a visitor, their session on the website (to associate multiple page views to one visit) and whether they are a new or returning visitor.

Cookie name	Description	Type/Length
__utmb __utmc	Determining Visitor Session Contains a unique visitor identifier	30 minutes from set/update
__utma	Identifying Unique Visitors Contains a unique visitor identifier	2 years from set/update
__utmz	Tracking Traffic Sources & Navigation Contains traffic source and information about referring keyword or website	6 months from set/update

AddThis

Cookie name	Description	Type/Length
__atuvc	Functional cookie for AddThis social sharing widget - Stores an updated page share count	1 year
__atuvs	Functional cookie for AddThis social sharing widget	Expires when the browser is closed
loc	Functional cookie for AddThis social sharing widget	1 year
uvc	Functional cookie for AddThis social sharing widget	1 year

PHP Session ID

A PHP session is created when certain functionality is in use on the website, allowing the website to uniquely identify one user between page loads. This is essential for the website's operation, and is used for facilities such as logins to the content management system and load balancing.

Cookie name	Description	Type/Length
PHPSESSID	Contains an anonymous identifier that can be used by the server to provide a continuous service.	Expires when the browser is closed