CareApps Limited is the data controller for personal data processed through all the platform / applications we developed. We determine the purposes and means of processing in accordance with applicable laws and responsibilities.
CAREAPPS LIMITED
First Floor, One Colton Square, Leicester, Leicestershire, United Kingdom, LE1 1QH
email: info@careapps.co.uk
We may collect and process the following categories of personal data, depending on how our Services are used:
Personal Data: e.g. names, contact details, job roles, employer details, login credentials, IP address, and online identifiers.
Special Category Data: e.g. health data, care plans, medication information, incident reports, biometric data, and any other sensitive information relevant to health or social care provision, as defined under Article 9 of UK GDPR.
Usage and Technical Data: e.g. browser type, device identifiers, interaction logs, access times, and navigation paths.
Employee or Applicant Data: e.g. CVs, right to work, qualifications, references, and other data necessary for recruitment, onboarding, or HR management.
Cookies and Similar Technologies: We use cookies and tracking technologies across our web-based Services. Cookie usage is disclosed separately, and consent is obtained where required.
We process personal data based on one or more of the following lawful bases under UK GDPR:
Contractual Necessity: For the provision and fulfilment of our Services.
Legal Obligation: To comply with legal, regulatory, and safeguarding duties.
Legitimate Interests: For platform functionality, service improvement, fraud prevention, or business operations — always balanced against the data subject's rights.
Consent: For optional features, marketing communications, and processing special category data where required.
Special Category Data is processed lawfully only under specific conditions, including:
Explicit Consent.
Provision of Health or Social Care or Treatment or the Management of Health or Social Care Systems and Services.
Employment and Social Protection Law obligations — for employees or prospective staff.
4. How We Use Your Data
We use personal data to:
Deliver and manage all the platform / application and its modules we developed (Contract).
Enable care planning, medication management, digital record keeping, and shift scheduling (Contract, Legal Obligation).
Support secure user access, audits, alerts, and role-based permissions (Legitimate Interests).
Administer HR, recruitment, and staff management functions (Contract, Legal Obligation).
Respond to user support or product inquiries (Contract).
Communicate important updates, newsletters, or marketing messages (Consent).
Monitor system use, maintain security, and enhance platform performance (Legitimate Interests).
We may share your data with:
Third-party processors: e.g. cloud infrastructure, email providers, analytics services — under data processing agreements compliant with UK GDPR.
Regulatory bodies: including the CQC, NHS, or ICO where legally required.
Business continuity partners or successors: in case of mergers or restructuring, under appropriate safeguards.
We never sell personal data to third parties.
Where data is transferred outside the UK (e.g. to a cloud provider with data centres overseas), we implement safeguards such as:
UK ICO-approved Standard Contractual Clauses (SCCs),
Adequacy decisions, or
Binding Corporate Rules, where applicable.
7. Data Security
We apply appropriate technical and organisational measures, including:
Data encryption at rest and in transit,
Multi-factor authentication,
Role-based access control,
Monitoring, logging, and incident response procedures,
Regular vulnerability testing and audits.
All processing activities are aligned with NHS DSPT, DTAC, and industry good practices.
8. Data Retention
Data is retained only for as long as necessary in line with:
Service delivery needs,
Legal and regulatory requirements (e.g. safeguarding, employment laws),
Data minimisation principles.
We maintain a formal Data Retention Schedule with periodic reviews.
9. Your Data Protection Rights
Under the UK GDPR, you have the following rights:
Access – to your personal data and related information.
Rectification – to correct inaccurate or incomplete data.
Erasure – to request deletion, where applicable.
Restriction – to limit processing under certain conditions.
Portability – to obtain and reuse your data.
Objection – to processing based on legitimate interests or for direct marketing.
Automated Decisions – to object to profiling or fully automated decisions.
Withdraw Consent – at any time for data processed based on consent.
To exercise these rights, contact: dpo@careapps.co.uk
10. Complaints
If you have concerns about how we handle your personal data, you can raise a complaint with:
Information Commissioner's Office (ICO)
Website: www.ico.org.uk
Our platform is not intended for use by children under the age of 13 without verified parental or guardian consent.
National Data Opt-Out: You can opt out of having your confidential patient data used for research and planning at:
https://www.nhs.uk/your-nhs-data-matters/manage-your-choice/Type 1 Opt-Out (via GP): Contact your GP directly to prevent data sharing beyond direct care.
These opt-outs do not apply to data processed within Empathika platform for direct care purposes, which are essential for service delivery and care provision.
Marketing Opt-Out: Unsubscribe at any time by contacting support@careapps.co.uk
We may revise this Privacy Policy to reflect changes in law, platform features, or processing activities. Where changes are material, we will provide notice through the platform or by email. The most recent version will always be available on our website.
Last Updated: 05/05/25
