Privacy Policy
Introduction
CareForMe Limited respects the privacy of its data subjects, including customers, partners and suppliers. We have therefore formulated and implemented a policy regarding the processing of personal data, its purpose(s) and the possibilities to exercise your legal rights in the best possible way.
Definitions
- Party responsible for processing personal data: CareForMe Limited; with registered address at Health Foundry, 1 Royal Street in the United Kingdom and company registration number 13799333 (the "Controller").
- Data Protection Authority: The Information Commissioner (ICO) of the United Kingdom.
- Data Protection laws: For UK citizens or residents, the UK GDPR 2020 and the UK Data Protection Act 2018, and the national laws of the United Kingdom.
Collection of Data
Your personal data will be collected by CareForMe Limited and its data processors.
Personal data means any information relating to an identified or identifiable natural person ('data subject'). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
The Types of Personal Data We May Process
Data subject: Customers
- Identification (name, address, contact details)
- Special Category (health, genetics)
- Financial
- Location (e.g. address or IP address)
- Contracts
Data subject: Nurses
- Identification data (Name, Address, contact details)
- Educational and employment history
- Copy of ID
- Special Category (e.g. race; sexuality; religion; health; genetic)
- Photographs and video recordings
Purposes
CareForMe Limited processes personal data for one or more of the following purposes:
- Delivery of the service that our customers have purchased with us
- Onboarding and verification of nurses
- Matching customers with potential research opportunities (only applicable to customers who opt in by giving consent)
- Securing your data
- Maintaining your data contained in your profile and your account
- Business management (invoicing and contractual obligations)
How We Collect, Store or Otherwise Process Your Data
The following describes how we may collect, store or otherwise process the types of personal information set out in the table above:
- Collecting and storing personal information contained in the profiles that our customers' employees create.
- Recording personal information necessary to carry out our services and storing these on our (Cloud) servers.
- Analysing trends and profiles, for our legitimate interest to aim to enhance, modify, personalise and improve our services and communications for the benefit of our customers.
- Processing and responding to support requests, enquiries and complaints received from you through use of business email.
- Providing services and products requested and/or purchased by you and to communicate with you about such services and/or products. We do this as necessary in order to carry out a contract with you and in accordance with our legitimate interest to operate a business.
- Carrying out administrative activities such as invoicing and collecting payments either locally on devices or using cloud-services.
- Storing and exchanging personal information contained in documents through email and cloud-services.
Sharing Data with Third Parties
We may have to share your data with third parties, including third-party service providers and other entities in the group. We require third parties to respect the security of your data and to treat it in accordance with the law.
We will only share your Personal Data with third parties in accordance with the GDPR and as outlined in the legal justification section above.
We share your Personal Data with parties for the following purposes: email, user management, user authentication, service delivery, task management, accountancy, appointment scheduling, document storage, website hosting, production of content, sending marketing materials.
Please send us an email at contact@careforme.io to receive a list of our Processors.
International Data Transfers
The third parties we have engaged may transfer your personal information to outside of the EEA. CareForMe Limited's third party processors take all necessary measures to ensure the confidentiality, availability and integrity of personal data and to comply with the GDPR with regards to international data transfers. The international nature of its compliance certifications, as well as far-reaching technical security measures (including but not limited to encryption of the personal data, making the data illegible to an unauthorised recipient) are sufficient to ensure that the data subjects continue to benefit from the fundamental rights they are entitled to under the GDPR.
CareForMe Limited relies on processing agreements with these sub-processors that include the model clauses (or "Standard Contractual Clauses") which have been tested on the adequacy of its protection with regards to the specific sub-processing activities carried out in this particular subprocessing relationship.
Additional security measures are taken to safeguard the international data transfers: Encryption; Anonymisation; Pseudonymisation.
Storage and Protection of Data
Your data is protected by CareForMe Limited and its processors in pursuance to all legal requirements set by the relevant data processing laws. CareForMe Limited has taken technical and organisational security measures to protect your data and requires its data processors to meet the same requirements. CareForMe Limited has signed processing agreements with its processors to ensure an adequate level of data protection.
Organisational Security Measures
Staff: CareForMe Limited staff members are required to conduct themselves in a manner consistent with CareForMe Limited's guidelines regarding confidentiality, business ethics, appropriate usage, and professional standards. All staff members undergo appropriate background checks prior to hiring and sign a confidentiality agreement outlining their responsibility in protecting customer data. We continuously train staff members on best security practices, including how to identify social hacks, phishing scams, and hackers.
Access controls: CareForMe Limited maintains your data privacy by allowing only authorised individuals access to information when it is critical to complete tasks for you. CareForMe Limited staff members will not process customer data without authorization.
Data hosting: As a rule, data is hosted within the EEA, but it is possible that we might transfer personal data to countries outside of those areas. We ensure that we comply with the GDPR when sending data overseas by relying on data processing agreements containing standard contractual clauses with our subprocessors or by taking additional measures to secure this data transfer, such as anonymisation.
Physical security: The data centres on which personal data is hosted are secured and monitored 24/7 and physical access to facilities is strictly limited to select staff.
Technical Security Measures
All devices which are used to access personal data for which we are responsible are secured with antivirus software, firewalls, encryption and access management. We regularly update operating systems and software to ensure vulnerabilities cannot be exploited. We carry out regular vulnerability scanning of our website and have engaged credentialed external auditors to verify the adequacy of our security and privacy measures.
Your Rights Regarding Information
Each data subject has the right to information on and access to, and rectification, erasure and restriction of processing of his personal data, as well as the right to object to the processing and the right to data portability.
You can exercise these rights by contacting us at the following email address: contact@careforme.io. Each request must be accompanied by a copy of a valid ID, on which you put your signature and state the address where we can contact you. Ensure that you write "Data Request" in the subject line of your email.
Within one month of the submitted request, you will receive an answer from us. We will not charge you for submitting your request unless the request is manifestly unfounded or otherwise unreasonable in its nature. Depending on the complexity and the number of the requests this period may be extended to two months.
We may not be able to fulfil your request if we are not the Controller (responsible party) for your data. In this case, we will forward your request to the data Controller who will reply to you within one month of your request.
Marketing
You may receive commercial offers from CareForMe Limited. If you do not wish to receive them (anymore), please send us an email to contact@careforme.io and ensure that you write "Data Opt-Out" in the subject line of your email.
Your personal data will not be used by our partners for commercial purposes.
If you encounter any personal data from other data subjects while visiting our website, you are to refrain from collection, any unauthorised use or any other act that constitutes an infringement of the privacy of the data subject(s) in question. The collector is not responsible in these circumstances.
Data Retention
The collected data are used and retained for the duration determined by law. You may, at any time, request your data to be deleted from any CareForMe Limited account, system or other data processing medium in accordance with the process described above.
Applicable Law
These conditions are governed by the laws of England and Wales. The court in the district where the collector has its place of business has the sole jurisdiction if any dispute regarding these conditions may arise, save when a legal exception applies.
Contact
For questions about this privacy policy, product information or any other information, please contact: contact@careforme.io