Request Consultation

Data Protection & GDPR Policy

Version 1.0 — March 2026

1. Purpose

Carefree Getaway Limited is committed to protecting the privacy, confidentiality and security of personal data.

This policy sets out how the organisation collects, uses, stores and protects personal information in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

The organisation recognises that it handles sensitive information relating to individuals and therefore takes data protection responsibilities seriously.

2. Scope

This policy applies to:

  • All personal data processed by Carefree Getaway
  • All staff and support workers
  • All systems used to store or manage information

It covers data relating to:

  • Clients
  • Family members or representatives
  • Staff and support workers
  • Professionals and partners

3. Key Definitions

Personal Data

Any information that identifies or can identify an individual. Examples include:

  • Names
  • Contact details
  • Addresses
  • Travel information

Special Category Data

More sensitive information, including:

  • Health-related information
  • Support needs
  • Personal preferences relevant to service delivery

Processing

Any action involving personal data, including:

  • Collecting
  • Storing
  • Using
  • Sharing

4. Data Protection Principles

Carefree Getaway follows the core principles of UK GDPR:

4.1 Lawfulness, Fairness and Transparency

Data is processed:

  • Lawfully
  • Fairly
  • In a transparent manner

Individuals are informed about how their data is used.

4.2 Purpose Limitation

Data is collected only for:

  • Providing services
  • Managing bookings
  • Communication
  • Safety and safeguarding

4.3 Data Minimisation

Only the minimum necessary information is collected.

4.4 Accuracy

Carefree Getaway ensures that:

  • Information is accurate
  • Records are kept up to date

4.5 Storage Limitation

Data is not kept longer than necessary.

4.6 Integrity and Confidentiality

Data is stored securely and protected against:

  • Unauthorised access
  • Loss or misuse

5. Types of Data Collected

Carefree Getaway may collect:

5.1 Client Data

  • Name, date of birth
  • Contact details
  • Emergency contacts
  • Travel preferences
  • Relevant health information (where necessary)

5.2 Staff Data

  • Identification details
  • DBS information
  • Training records
  • Contact details

5.3 Operational Data

  • Trip records
  • Risk assessments
  • Incident reports

6. Lawful Basis for Processing

Carefree Getaway processes data under lawful bases such as:

  • Consent — e.g. sharing information
  • Legitimate interests — service delivery
  • Legal obligations — where applicable

Where special category data is processed, appropriate safeguards are applied.

7. Data Storage and Security

Carefree Getaway ensures that:

  • Data is stored securely (e.g. password-protected systems)
  • Access is limited to authorised individuals
  • Sensitive information is handled carefully
  • Documents are stored in secure folders or systems

Where paper records are used, they are stored securely.

8. Data Sharing

Personal data may be shared where necessary with:

  • Clients or their representatives
  • Staff involved in service delivery
  • Relevant professionals (where appropriate and lawful)

Data will not be shared unnecessarily or without appropriate justification.

9. Confidentiality

All staff are expected to:

  • Maintain confidentiality
  • Only access information necessary for their role
  • Not disclose information inappropriately

Confidentiality continues even after engagement ends.

10. Data Retention

Data will be retained only for as long as necessary to:

  • Provide services
  • Meet legal or operational requirements

After this period, data will be securely deleted or destroyed.

11. Individual Rights

Individuals have rights under UK GDPR, including:

  • The right to access their data
  • The right to request corrections
  • The right to request deletion (where applicable)
  • The right to restrict processing
  • The right to object to processing

Requests should be made in writing to Carefree Getaway.

12. Data Breaches

A data breach may include:

  • Loss of data
  • Unauthorised access
  • Accidental disclosure

If a breach occurs:

  1. It must be reported immediately
  2. The risk must be assessed
  3. Appropriate action must be taken
  4. Relevant authorities may be notified where required

13. Responsibilities

13.1 Organisation Responsibilities

Carefree Getaway will:

  • Implement data protection procedures
  • Ensure secure handling of data
  • Respond to data requests appropriately

13.2 Staff Responsibilities

Staff must:

  • Handle data responsibly
  • Follow organisational procedures
  • Report any concerns or breaches

14. Training and Awareness

Staff are expected to:

  • Understand basic data protection principles
  • Follow guidance provided
  • Seek clarification if unsure

15. Policy Review

This policy will be reviewed:

  • Annually
  • Following any data breaches
  • When legislation or practices change

16. Declaration

Carefree Getaway Limited is committed to ensuring that personal data is handled responsibly, securely and in accordance with legal requirements, maintaining trust with clients, families and professionals.

Download the full policy document:

Download PDF