Privacy Policy

Last updated: 19 April 2026

Effective date: 19 April 2026

Version: 1.0

1. Introduction

This Privacy Policy explains how Vannin Healthcare ("Vannin", "we", "us", or "our") collects, uses, stores, shares, and protects personal data when you visit our website (the "Site"), interact with our services, or otherwise engage with us.

We are committed to protecting your personal data and respecting your privacy in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018 (DPA 2018), the Privacy and Electronic Communications Regulations 2003 (PECR), and any other applicable data protection laws.

By using our Site or providing your personal data to us, you acknowledge that you have read and understood this Privacy Policy.

2. Who we are (Data Controller)

For the purposes of UK data protection law, the data controller is:

Vannin Healthcare
Email: office@vanningroup.com
Telephone: +44 330 223 6623

If you have any questions about this Privacy Policy or wish to exercise your data protection rights, please contact us using the details above.

3. The personal data we collect

We collect and process the following categories of personal data:

3.1 Information you provide directly

  • Identity data: first name, last name, job title, organisation or company name.
  • Contact data: email address, telephone number, postal address, country.
  • Communication data: the content of any messages, enquiries, or correspondence you send to us via our contact form, email, telephone, or other channels.
  • Marketing preferences: your preferences in receiving marketing communications from us.

3.2 Information collected automatically

  • Technical data: internet protocol (IP) address, browser type and version, time-zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access our Site.
  • Usage data: information about how you use our Site, including pages viewed, time spent, navigation paths, referring URLs, and click activity.
  • Cookie data: information collected through cookies and similar tracking technologies (see Section 9 below).

3.3 Information from third parties

We may receive personal data about you from third parties such as analytics providers (e.g. Google Analytics), advertising networks, search information providers, and publicly available sources (such as Companies House and LinkedIn) for the purpose of business development.

3.4 Special category and health data

Our Site is a corporate marketing site and we do not knowingly collect special category personal data (including health data) through it. If you provide such data unsolicited via the contact form or correspondence, we will only process it where we have a lawful basis to do so under Article 9 UK GDPR. Any health-related data processed in connection with our Greencube electronic health record platform or healthcare delivery services is governed by separate data processing agreements with our customers, who act as the data controllers for that data.

4. How we use your personal data (Lawful bases)

Under UK GDPR we must have a lawful basis to process your personal data. We use the following lawful bases:

  • To respond to your enquiries and provide information you have requested — lawful basis: legitimate interests; performance of a contract; consent (where applicable).
  • To administer and improve our Site (analytics, troubleshooting, security) — lawful basis: legitimate interests; consent (for non-essential cookies).
  • To send you marketing communications about our products and services — lawful basis: consent; legitimate interests (for existing business contacts under PECR's "soft opt-in").
  • To carry out business development and identify potential customers — lawful basis: legitimate interests.
  • To comply with legal, regulatory, or accounting obligations — lawful basis: legal obligation.
  • To establish, exercise, or defend legal claims — lawful basis: legitimate interests; legal obligation.
  • To prevent fraud and protect the security of our Site — lawful basis: legitimate interests; legal obligation.

Where we rely on legitimate interests, we have carried out a Legitimate Interests Assessment (LIA) and concluded that our interests are not overridden by your rights and freedoms. You may request a copy of the relevant LIA by contacting us.

5. Marketing communications

We may send you marketing communications about our products and services where you have consented to receive them or where we are permitted to do so under PECR's "soft opt-in" (i.e. you are an existing business contact and we are marketing similar products or services to those you have previously enquired about).

You can withdraw your consent or opt out of marketing communications at any time by:

  • Clicking the "unsubscribe" link in any marketing email;
  • Emailing us at office@vanningroup.com with the subject line "Unsubscribe".

Opting out of marketing will not affect any service-related communications (such as responses to your enquiries).

6. Who we share your personal data with

We may share your personal data with the following categories of recipients, where necessary and only with appropriate safeguards in place:

  • Service providers and processors: including hosting providers (Webflow), email and CRM platforms, analytics providers (Google), customer support tools, and IT service providers, who process personal data on our behalf under written data processing agreements.
  • Professional advisers: lawyers, accountants, auditors, and insurers, where required for the proper conduct of our business.
  • Group companies: entities within the Vannin group of companies for the purposes set out in this Policy.
  • Business partners: where you have engaged with us through a joint initiative, with appropriate consent or other lawful basis.
  • Authorities and regulators: public authorities, regulators, law enforcement agencies, and courts where we are required by law to disclose your personal data.
  • Buyers or successors: in the event of a corporate transaction such as a merger, acquisition, restructuring, or sale of assets.

We do not sell your personal data to third parties.

7. International transfers of personal data

Some of our service providers may be located outside the United Kingdom, including in the European Economic Area (EEA) and other jurisdictions. Where we transfer your personal data outside the UK, we ensure that appropriate safeguards are in place, which may include:

  • Transfers to countries covered by UK adequacy regulations;
  • UK International Data Transfer Agreements (IDTAs) or the UK Addendum to the EU Standard Contractual Clauses;
  • Other lawful transfer mechanisms recognised under UK GDPR.

You may request further information about the safeguards in place for international transfers by contacting us.

8. How long we keep your personal data

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, including to satisfy any legal, accounting, or reporting obligations. Typical retention periods are:

  • Contact form enquiries: up to 24 months from the last contact, unless you become a customer or remain in active dialogue.
  • Marketing data: until you withdraw consent or opt out.
  • Customer and contractual records: for the duration of the contract and 6 years thereafter (in line with UK statutory limitation periods).
  • Website analytics data: typically 14 to 26 months, depending on the analytics provider's settings.
  • Records required by law: for the period required by the relevant legislation.

Where personal data is no longer required, we will securely delete or anonymise it.

9. Cookies and similar technologies

Our Site uses cookies and similar tracking technologies to enhance your experience, analyse usage, and support our marketing activities. Cookies are small text files placed on your device when you visit a website.

We use the following categories of cookies:

  • Strictly necessary cookies: required for the operation of the Site (e.g. session management, security). These do not require consent.
  • Performance and analytics cookies: help us understand how visitors interact with our Site (e.g. Google Analytics).
  • Functional cookies: remember choices you make to provide enhanced functionality.
  • Marketing cookies: used to deliver advertising relevant to you and to measure the effectiveness of campaigns.

We obtain your consent for non-essential cookies through our cookie banner when you first visit the Site. You can manage or withdraw your consent at any time via the cookie settings on the Site or by adjusting your browser preferences.

10. Your rights under UK GDPR

Under UK GDPR you have the following rights in relation to your personal data:

  • Right to be informed about how we collect and use your personal data (this Privacy Policy).
  • Right of access: to request a copy of the personal data we hold about you.
  • Right to rectification: to request correction of inaccurate or incomplete personal data.
  • Right to erasure ("right to be forgotten"): to request deletion of your personal data in certain circumstances.
  • Right to restrict processing: to request that we limit how we use your personal data.
  • Right to data portability: to receive your personal data in a structured, commonly used, machine-readable format and to request its transfer to another controller.
  • Right to object: to processing based on legitimate interests, and to object to direct marketing at any time.
  • Rights in relation to automated decision-making and profiling: we do not currently make decisions about you based solely on automated processing that produces legal or similarly significant effects.
  • Right to withdraw consent: where we rely on consent, you can withdraw it at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, please contact us at office@vanningroup.com. We will respond within one calendar month, although in complex cases we may extend this by a further two months and will notify you accordingly.

We may need to verify your identity before fulfilling your request. There is normally no fee for exercising your rights, although we may charge a reasonable fee or refuse to act if a request is manifestly unfounded or excessive.

11. How we protect your personal data

We have implemented appropriate technical and organisational measures designed to protect your personal data against unauthorised access, accidental loss, alteration, or disclosure. These include:

  • Encryption of data in transit (TLS/HTTPS) and at rest where appropriate;
  • Access controls and role-based permissions;
  • Regular security assessments and patching;
  • Confidentiality obligations on staff and processors;
  • Incident response procedures and breach notification protocols.

Despite our efforts, no method of transmission over the internet or electronic storage is fully secure. In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the Information Commissioner's Office (ICO) within 72 hours and, where required, notify affected individuals without undue delay.

12. Children's privacy

Our Site and services are not directed at children under the age of 16, and we do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us so we can take appropriate action.

13. Third-party links

Our Site may contain links to third-party websites, plug-ins, and applications. Clicking on those links may allow third parties to collect or share data about you. We do not control these third-party sites and are not responsible for their privacy practices. We encourage you to read the privacy policies of every site you visit.

14. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other operational reasons. The "Last updated" date at the top of this Policy indicates when it was last revised. Where changes are material, we will notify you by email or through a prominent notice on our Site before the changes take effect.

15. Complaints to the ICO

If you have a concern about the way we handle your personal data, please contact us first so we can try to resolve it. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK supervisory authority for data protection:

Information Commissioner's Office
Wycliffe House, Water Lane
Wilmslow, Cheshire SK9 5AF
Helpline: 0303 123 1113
Website: ico.org.uk

16. Contact us

If you have any questions, comments, or requests regarding this Privacy Policy or our data protection practices, please contact us:

Vannin Healthcare
Email: office@vanningroup.com
Telephone: +44 330 223 6623

Contact
Get in Touch
Contact Us
Main
Home
About
Services
Greencube
Careers
Case Studies
Support
Contact
Privacy
Turnkey Projects
Mobile Clinics
Quick Contact
VANNIN HEALTHCARE
©2026. All right reserved