Our privacy policy.

CQC Consultants respects your privacy and is committed to protecting your personal data. This privacy policy explains how we collect, use and protect personal data when you visit our website, contact us, book a consultation, or use our services.

1. Who we are

CQC Consultants is a trading name of Towers & Towers LLP, registered in England and Wales under company number OC459173.

Our registered address is:

128 City Road
London
EC1V 2NX
United Kingdom

For the purposes of UK data protection law, Towers & Towers LLP is the “controller” of the personal data described in this policy.

You can contact us about privacy matters at:

Email: dan@cqc-consultants.com

2. What personal data we collect

We may collect and use the following types of personal data:

Information you provide to us

This may include:

  • your name;

  • job title or role;

  • organisation name;

  • email address;

  • phone number;

  • address or service location;

  • information you provide through our website contact forms;

  • information you provide when booking a meeting or consultation;

  • details about your care service, clinic, organisation, CQC registration, compliance needs or inspection preparation;

  • correspondence between you and us.

Information collected automatically

When you visit our website, we may collect technical information such as:

  • IP address;

  • browser type and version;

  • device type;

  • operating system;

  • pages visited;

  • date and time of visit;

  • referral source;

  • interaction with the website.

This information may be collected through cookies, analytics tools, server logs or similar technologies.

Information from third parties

We may receive personal data from third parties where relevant to providing our services, such as:

  • colleagues or representatives from your organisation;

  • publicly available sources, including Companies House, regulator websites or professional directories;

  • booking, email, CRM, analytics or website service providers.

3. How we use your personal data

We use personal data for the following purposes:

  • to respond to enquiries;

  • to arrange and manage discovery calls, consultations and meetings;

  • to provide CQC registration, mock inspection, governance, compliance and retained consultancy services;

  • to prepare proposals, quotes, contracts and invoices;

  • to manage our relationship with clients and prospective clients;

  • to understand website usage and improve our website and services;

  • to send service-related communications;

  • to send marketing communications where permitted by law;

  • to keep business and compliance records;

  • to comply with legal, regulatory, tax and accounting obligations;

  • to protect our business, website, systems and legal rights.

4. Lawful bases for using personal data

Under UK GDPR, we must have a lawful basis for using personal data.

Where we rely on legitimate interests, those interests include operating and growing our consultancy business, responding to enquiries, supporting care providers, improving our website and services, and protecting our legal and commercial interests.

Where we rely on consent, you can withdraw your consent at any time.

Depending on the circumstances, we may rely on one or more of the following lawful bases:

5. Special category data

In the course of providing consultancy services to care providers, we may occasionally receive information that includes special category data, such as health-related information about service users, staff or other individuals.

We ask clients not to send us unnecessary personal or sensitive information. Where such information is necessary for the services we provide, we will handle it carefully and only use it for the relevant consultancy purpose.

Where we process special category data, we will do so only where a lawful basis and a valid special category condition apply under UK data protection law.

6. Marketing communications

We may use your contact details to send you relevant updates about our services, regulatory developments, CQC compliance, events or resources.

You can opt out of marketing communications at any time by using the unsubscribe link in our emails, where available, or by contacting us at dan@cqc-consultants.com.

We will not sell your personal data to third parties.

7. Cookies and similar technologies

Our website may use cookies and similar technologies to make the website work, improve performance, understand visitor behaviour and support marketing or analytics.

Cookies are small files placed on your device when you visit a website. Some cookies are necessary for the website to work. Others, such as analytics or marketing cookies, may require your consent.

The ICO says websites must clearly explain what cookies or similar technologies do and what they are used for, and PECR applies alongside UK GDPR for cookies and electronic communications. Non-essential cookies generally require prior consent unless an exception applies.

You can manage cookies through your browser settings and, where available, through our website cookie banner or preference tool.

We may use the following categories of cookies:

8. Who we share personal data with

We may share personal data with trusted third parties where necessary, including:

  • website hosting providers;

  • email and IT service providers;

  • booking or calendar platforms;

  • CRM or client management systems;

  • payment, accounting or invoicing providers;

  • professional advisers, including accountants, lawyers and insurers;

  • regulators, public authorities or law enforcement where legally required;

  • subcontractors or consultants who support us in delivering services, where appropriate.

We require service providers to protect personal data and use it only for authorised purposes.

9. International transfers

Some of our service providers may process personal data outside the United Kingdom.

Where personal data is transferred internationally, we will take steps to ensure that appropriate safeguards are in place, such as adequacy regulations, the UK International Data Transfer Agreement, the UK Addendum to the EU Standard Contractual Clauses, or another lawful transfer mechanism.

10. How long we keep personal data

We will keep personal data only for as long as necessary for the purposes for which it was collected.

We may retain information for longer where necessary to establish, exercise or defend legal claims, comply with legal obligations, or resolve disputes.

Typical retention periods may include:

11. How we protect personal data

We use appropriate technical and organisational measures to protect personal data against unauthorised access, loss, misuse, alteration or disclosure.

These measures may include access controls, secure systems, password protection, staff awareness, limited access to client information, and supplier due diligence.

No website, email system or online service can be guaranteed to be completely secure. You should avoid sending highly sensitive information through website forms unless necessary.

12. Your rights

Under UK data protection law, you may have the following rights:

  • the right to be informed about how your personal data is used;

  • the right of access to your personal data;

  • the right to rectification of inaccurate or incomplete data;

  • the right to erasure in certain circumstances;

  • the right to restrict processing in certain circumstances;

  • the right to object to processing in certain circumstances;

  • the right to data portability in certain circumstances;

  • the right to withdraw consent where processing is based on consent;

  • rights relating to automated decision-making and profiling, where applicable.

These rights are not absolute and may depend on the circumstances.

To exercise your rights, contact us at:

dan@cqc-consultants.com

We may need to verify your identity before responding to your request.

13. Complaints

We hope you will contact us first if you have any concerns about how we use your personal data.

You also have the right to complain to the UK Information Commissioner’s Office, which is the UK regulator for data protection.

ICO website: ico.org.uk
ICO telephone: 0303 123 1113

14. Third-party links

Our website may contain links to third-party websites, platforms or services. We are not responsible for the privacy practices, content or security of those third-party websites. You should read their privacy policies before providing personal data to them.

15. Changes to this policy

We may update this privacy policy from time to time. The latest version will be posted on this page with the updated date shown at the top.