CareApps Limited ("we", "us", or "our") is committed to protecting the privacy and personal data of all users of our digital services. This Privacy Policy explains how we collect, use, share, and protect personal data when you use any of our websites, applications, mobile apps, or digital services (collectively referred to as the "Services"), including but not limited to the Empathika platform and its related modules. This Policy is compliant with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, NHS Digital and DTAC requirements, and other applicable UK privacy and healthcare regulations.
1. Who We Are (Data Controller)
CareApps Limited is the data controller for personal data processed through all the platform / applications we developed. We determine the purposes and means of processing in accordance with applicable laws and responsibilities.
CAREAPPS LIMITED
First Floor, One Colton Square, Leicester, Leicestershire, United Kingdom, LE1 1QH
CareApps Limited is the data controller for personal data processed through all the platform / applications we developed. We determine the purposes and means of processing in accordance with applicable laws and responsibilities.
CAREAPPS LIMITED
First Floor, One Colton Square, Leicester, Leicestershire, United Kingdom, LE1 1QH
2. Information We Collect
We may collect and process the following categories of personal data, depending on how our Services are used:
🔷 Personal Data: e.g. names, contact details, job roles, employer details, login credentials, IP address, and online identifiers.
🔷 Special Category Data: e.g. health data, care plans, medication information, incident reports, biometric data, and any other sensitive information relevant to health or social care provision, as defined under Article 9 of UK GDPR.
🔷 Usage and Technical Data: e.g. browser type, device identifiers, interaction logs, access times, and navigation paths.
🔷 Employee or Applicant Data: e.g. CVs, right to work, qualifications, references, and other data necessary for recruitment, onboarding, or HR management.
🔷 Cookies and Similar Technologies: We use cookies and tracking technologies across our web-based Services. Cookie usage is disclosed separately, and consent is obtained where required.
3. Lawful Basis for Processing
We process personal data based on one or more of the following lawful bases under UK GDPR:
🔷 Contractual Necessity: For the provision and fulfilment of our Services.
🔷 Legal Obligation: To comply with legal, regulatory, and safeguarding duties.
🔷 Legitimate Interests: For platform functionality, service improvement, fraud prevention, or business operations — always balanced against the data subject's rights.
🔷 Consent: For optional features, marketing communications, and processing special category data where required.
Special Category Data is processed lawfully only under specific conditions, including:
🔷 Explicit Consent
🔷 Provision of Health or Social Care or Treatment or the Management of Health or Social Care Systems and Services
🔷 Employment and Social Protection Law obligations — for employees or prospective staff
4. How We Use Your Data
We use personal data to:
🔷 Deliver and manage all the platform / application and its modules we developed (Contract)
🔷 Enable care planning, medication management, digital record keeping, and shift scheduling (Contract, Legal Obligation)
🔷 Support secure user access, audits, alerts, and role-based permissions (Legitimate Interests)
🔷 Administer HR, recruitment, and staff management functions (Contract, Legal Obligation)
🔷 Respond to user support or product inquiries (Contract)
🔷 Communicate important updates, newsletters, or marketing messages (Consent)
🔷 Monitor system use, maintain security, and enhance platform performance (Legitimate Interests)
5. Sharing Your Information
We may share your data with:
🔷 Third-party processors: e.g. cloud infrastructure, email providers, analytics services — under data processing agreements compliant with UK GDPR
🔷 Regulatory bodies: including the CQC, NHS, or ICO where legally required
🔷 Business continuity partners or successors: in case of mergers or restructuring, under appropriate safeguards
We never sell personal data to third parties.
6. International Data Transfers
Where data is transferred outside the UK (e.g. to a cloud provider with data centres overseas), we implement safeguards such as:
🔷 UK ICO-approved Standard Contractual Clauses (SCCs)
🔷 Adequacy decisions
🔷 Binding Corporate Rules, where applicable
7. International Data Transfers
We apply appropriate technical and organisational measures, including:
🔷 Data encryption at rest and in transit
🔷 Multi-factor authentication
🔷 Role-based access control
🔷 Monitoring, logging, and incident response procedures
🔷 Regular vulnerability testing and audits
All processing activities are aligned with NHS DSPT, DTAC, and industry good practices.
8. Data Retention
Data is retained only for as long as necessary in line with:
🔷 Service delivery needs
🔷 Legal and regulatory requirements (e.g. safeguarding, employment laws)
🔷 Data minimisation principles
We maintain a formal Data Retention Schedule with periodic reviews.
9. Your Data Protection Rights
Under the UK GDPR, you have the following rights:
🔷 Access – to your personal data and related information
🔷 Rectification – to correct inaccurate or incomplete data
🔷 Erasure – to request deletion, where applicable
🔷 Restriction – to limit processing under certain conditions
🔷 Portability – to obtain and reuse your data
🔷 Objection – to processing based on legitimate interests or for direct marketing
🔷 Automated Decisions – to object to profiling or fully automated decisions
🔷 Withdraw Consent – at any time for data processed based on consent
To exercise these rights, contact: dpo@careapps.co.uk
10. Complaints
If you have concerns about how we handle your personal data, you can raise a complaint with:
Information Commissioner's Office (ICO)
Website: www.ico.org.uk
11. Children's Privacy
Our platform is not intended for use by children under the age of 13 without verified parental or guardian consent.
11. Children's Privacy
These opt-outs do not apply to data processed within Empathika platform for direct care purposes, which are essential for service delivery and care provision.
🔷 Marketing Opt-Out: Unsubscribe at any time by contacting support@careapps.co.uk
13. Updates to this Policy
We may revise this Privacy Policy to reflect changes in law, platform features, or processing activities. Where changes are material, we will provide notice through the platform or by email. The most recent version will always be available on our website.
Last Updated: 05/05/25
