Privacy policy.

1. Who we are

Diverse Services Limited is the data controller for the personal information described in this policy. We are a private limited company registered in England, providing specialist mental-health supported-living services across West London.

Registered office: 71–75 Shelton Street, London WC2H 9JQ.
Contact: info@diverseservices.co.uk.

If you have a question about how we handle data, please email us at the address above and mark your message for the attention of the Managing Director.

2. The personal information we collect

2.1 Referrals (commissioners, care co-ordinators, clinical teams)

When you submit a referral to us, you provide personal information about the referrer (you) and about the prospective service user. This may include:

• Referrer name, role, organisation, work email, work phone
• Service user initials or pseudonym, age, gender, ethnicity, preferred language, current location
• Clinical information including primary diagnosis, current Mental Health Act status, medication, clinical history, risk indicators
• Support level being sought, preferred borough, intended placement duration, funding source

Clinical and mental-health information is special category data under Article 9 of the UK GDPR. We process it only with appropriate safeguards (see section 4 on lawful basis).

2.2 Careers applications

When you apply for a role with us, you provide your name, contact details, employment and education history, references, and the content of your application. If you tell us about a disability or health condition for the purpose of reasonable adjustments, that is also special category data and is handled with additional care.

2.3 Contact enquiries

When you contact us via the website form, email, or phone, we collect your name, contact details, organisation, and the content of your enquiry.

2.4 Website usage data

When you visit this website, basic technical information is collected automatically by our hosting provider (Netlify) for security and performance: IP address, browser type, pages visited, timestamps. This is retained for a short period and not linked to your identity.

3. How we use your information

• To assess and respond to referrals. Reviewing clinical suitability, communicating an assessment outcome, and arranging placement.
• To deliver the supported-living service. Once a placement is agreed, personal and clinical information is used to provide care, manage risk, and support recovery.
• To consider job applications. Shortlisting, interviewing, and (if successful) onboarding.
• To respond to enquiries. Replying to commissioners, families, professionals, and members of the public who contact us.
• To meet our legal and regulatory obligations. Including safeguarding duties, Care Quality Commission requirements (for our CQC-registered service), employer obligations, and audit responsibilities.

We do not use your information for marketing, do not sell it to third parties, and do not use it to make automated decisions about you.

4. Our lawful basis for processing

Under UK GDPR Article 6, we rely on one or more of the following for processing personal data:

• Article 6(1)(b) — contract: where processing is necessary to enter into or perform a contract with you (e.g. employment, placement agreement).
• Article 6(1)(c) — legal obligation: where we must process data to meet a statutory duty (e.g. safeguarding, CQC reporting).
• Article 6(1)(e) — public task / Article 6(1)(f) — legitimate interests: for delivering a care service in partnership with statutory commissioners.
• Article 6(1)(a) — consent: for everything else, including contact enquiries.

For special category data (clinical, mental-health, disability information), we additionally rely on UK GDPR Article 9 conditions, principally:

• Article 9(2)(h): processing is necessary for the provision of health or social care.
• Article 9(2)(b): processing is necessary for our obligations as an employer (for job applicants and staff).
• Article 9(2)(a): explicit consent, where the above do not apply.

5. Who we share information with

We share personal information only where it is necessary to deliver our service or meet a legal obligation. Recipients may include:

• Placing local authorities and NHS bodies: for placement decisions, MDT care reviews under the Community Mental Health Framework, and statutory reporting.
• Care co-ordinators and clinical teams: as part of the care of a placed resident.
• The Care Quality Commission: for our CQC-registered service (Foxglove) and any future CQC-registered services.
• Safeguarding authorities and the police: where there is a safeguarding concern or legal obligation.
• Our trusted suppliers: including our website host (Netlify), email provider (Microsoft 365), and digital records system. These suppliers are bound by written data-processing agreements.

We do not transfer personal data outside the UK or European Economic Area, except where our trusted suppliers operate global infrastructure with UK GDPR-equivalent safeguards in place.

6. How long we keep your information

• Referrals that did not lead to a placement: retained for up to 12 months, then securely deleted.
• Active placement records: retained for the duration of the placement, then archived for the period required by statutory and CQC retention rules.
• Careers applications (unsuccessful): retained for up to 6 months, then deleted, unless you ask us to delete sooner.
• Contact enquiries: retained for up to 12 months.
• Staff records: retained for the duration of employment plus the period required for tax, pension, and regulatory purposes.

7. Your rights

Under UK GDPR you have the right to:

• Be informed about how we use your data (this policy)
• Access the personal data we hold about you
• Have inaccurate data corrected
• Request erasure of your data (subject to our legal duties)
• Restrict or object to how we process your data
• Data portability where applicable
• Withdraw consent at any time, where consent is our lawful basis

To exercise any of these rights, email info@diverseservices.co.uk. We will respond within one calendar month.

If you are unhappy with how we have handled your data, you can complain to the Information Commissioner's Office at ico.org.uk or 0303 123 1113. We would, however, appreciate the chance to address your concerns directly first.

8. Cookies

This website uses a small number of strictly-necessary cookies to function. We do not use advertising or tracking cookies and we do not share data with third-party analytics providers without your consent.

Our hosting provider, Netlify, may set short-lived cookies for security and performance. Our form submissions use Netlify Forms which records the submitted content and a timestamp.

The first time you visit, you will see a small banner explaining this. You can accept or decline non-essential cookies. Your choice is remembered in your browser. To change your choice later, clear this site's cookies in your browser settings.

9. Security

We hold personal information securely. Measures include encrypted transmission over HTTPS, access controls on our digital records system, two-factor authentication for staff accounts, regular staff training on data protection, and contractual obligations on every supplier that processes data on our behalf.

10. Children

Our services are designed for adults aged 18 and over. We do not knowingly collect information about anyone under 18 through this website.

11. Changes to this policy

This policy was last updated in May 2026. If we make significant changes, we will update the "last updated" date at the top of this page and, where appropriate, notify people whose data is affected.

Contact us about data