The Best CQC Policy Compliance Company in the UK
0333 335 5919 info@policybase.co.uk

Privacy Policy

How we collect, use and protect your personal information.

Last updated: 27 June 2026

PolicyBase ("we", "us", "our") is committed to protecting your personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This policy explains what data we collect, how we use it, and your rights.

1. Who we are

PolicyBase is a UK-based compliance and business support platform for regulated care providers. For data protection purposes, PolicyBase is the data controller. If you have questions about this policy, please contact us at info@policybase.co.uk.

2. Data we collect

  • Account data — name, email address, phone number, organisation name and password (hashed).
  • Transaction data — order numbers, payment references, billing address, products purchased.
  • Booking data — appointment details, service type, preferred date/time and any notes you provide.
  • Usage data — pages visited, search queries, browser type and IP address (via server logs).
  • Communications — messages you send us via the contact form or email.

3. How we use your data

  • To provide and manage your account and purchased services.
  • To process payments and send order/booking confirmations.
  • To send compliance updates and newsletter emails (with your consent).
  • To respond to your enquiries and support requests.
  • To improve our platform and detect fraud or security issues.

4. Legal basis for processing

We process your data under one or more of the following lawful bases: performance of a contract (account, orders, bookings); legitimate interests (security, fraud prevention, service improvement); consent (marketing emails); and legal obligation (tax, accounting records).

5. Data sharing

We do not sell your personal data. We share data only with trusted service providers who help us operate the platform (e.g. payment processors, email delivery), and only to the extent necessary. All processors are contractually bound to protect your data.

6. Data retention

We retain account and transaction data for up to 7 years to meet legal and accounting obligations. You may request deletion of your account at any time; residual transactional records required by law will be retained in anonymised or archived form.

7. Your rights

Under UK GDPR you have the right to: access your data; correct inaccurate data; request deletion; object to or restrict processing; and data portability. To exercise any of these rights, please contact us at info@policybase.co.uk. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

8. Cookies

We use essential session cookies to operate the platform (login state, shopping cart, CSRF protection). No third-party advertising cookies are set without your consent.

9. Changes to this policy

We may update this policy from time to time. Material changes will be notified to registered users by email. The date at the top of this page reflects the most recent revision.

Questions about your data?

Contact our data protection contact at info@policybase.co.uk or use our contact form.