Care Compliance System

Healthcare Quality Management

Back to Login

Privacy Policy

Last Updated: April 26, 2026

1. Introduction

This Privacy Policy explains how the Care Compliance System ("we," "our," or "us") collects, uses, discloses, and protects your personal information when you use our healthcare compliance management platform ("Service"). We are committed to protecting your privacy and ensuring compliance with UK data protection laws, including UK GDPR and the Data Protection Act 2018.

2. Information We Collect

Personal Information

  • Name and contact information (email address, phone number)
  • Professional credentials and role information
  • Login credentials and authentication data
  • Profile information and preferences

Compliance Data

  • Audit records and assessments
  • Action plan details and progress updates
  • Incident reports and investigations
  • Maintenance logs and documentation
  • Feedback, complaints, and compliments
  • File attachments and supporting documentation

Usage Information

  • Login times and access patterns
  • User activity logs and system interactions
  • IP addresses and device information
  • Browser type and operating system

3. How We Use Your Information

We use the collected information for the following purposes:

  • Providing and maintaining the Service
  • Managing user accounts and authentication
  • Processing compliance activities and generating reports
  • Sending notifications and communications related to compliance activities
  • Ensuring security and preventing unauthorized access
  • Maintaining audit trails for regulatory compliance
  • Improving the Service and user experience
  • Meeting legal and regulatory obligations

4. Legal Basis for Processing (UK GDPR)

Under UK GDPR, we process your personal data based on the following legal grounds:

  • Legitimate Interest: Managing healthcare compliance and quality assurance
  • Legal Obligation: Compliance with healthcare regulations and CQC requirements
  • Contract: Providing the Service as agreed
  • Consent: Where explicitly provided for specific processing activities

5. Information Sharing and Disclosure

We do not sell, trade, or rent your personal information. We may share information only in the following circumstances:

  • With other authorized users within your organization based on role-based permissions
  • With regulatory bodies when required by law (e.g., CQC inspections)
  • With service providers who assist in operating the platform (under strict confidentiality agreements)
  • When necessary to protect rights, property, or safety
  • In case of merger, acquisition, or sale of assets (with prior notice)

6. Data Security

We implement comprehensive security measures to protect your information:

  • Encryption of data in transit and at rest
  • Role-based access controls and permission systems
  • Regular security assessments and updates
  • Secure authentication mechanisms
  • Activity logging and monitoring
  • Regular backups with secure storage
  • Incident response procedures

7. Data Retention

We retain your information for the following periods to meet legal and operational requirements:

  • Audit Records: 7 years (regulatory requirement)
  • Incident Reports: 5 years (regulatory requirement)
  • Task History: 3 years (operational needs)
  • User Activity Logs: 1 year (security and audit purposes)
  • File Attachments: As configured per record type
  • Personal Data: Until account termination plus applicable retention period

8. Your Rights

Under applicable data protection laws, you have the following rights:

  • Access: Request access to your personal data
  • Rectification: Request correction of inaccurate data
  • Erasure: Request deletion of your data (subject to retention requirements)
  • Restriction: Request limitation of processing
  • Portability: Request transfer of your data
  • Objection: Object to processing in certain circumstances
  • Withdraw Consent: Where processing is based on consent

To exercise these rights, please contact your system administrator or designated data protection officer.

9. UK Healthcare Regulatory Compliance

We comply with UK healthcare regulations and standards, including Care Quality Commission (CQC) requirements. We implement appropriate administrative, physical, and technical safeguards to protect the confidentiality, integrity, and availability of healthcare compliance data and personal information.

Our data processing activities align with NHS Data Security and Protection Toolkit requirements and other relevant UK healthcare data protection standards.

10. Cookies and Tracking

We use essential cookies and similar technologies to:

  • Maintain user sessions and authentication
  • Remember user preferences and settings
  • Ensure security and prevent fraud
  • Analyze usage patterns for service improvement

You can control cookie settings through your browser, but disabling essential cookies may affect Service functionality.

11. International Data Transfers

Your data is primarily processed and stored within the UK/EU. Any international transfers are conducted with appropriate safeguards in place, including standard contractual clauses or adequacy decisions.

12. Children's Privacy

The Service is not intended for use by individuals under 18 years of age. We do not knowingly collect personal information from children under 18.

13. Data Breach Notification

In the event of a data breach that poses a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours and affected individuals without undue delay, as required by applicable law.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last Updated" date. Continued use of the Service after changes become effective constitutes acceptance of the updated policy.

15. Contact Information

If you have questions about this Privacy Policy or our data practices, please contact:

  • Your system administrator
  • The designated Data Protection Officer for your organization
  • The compliance team responsible for the Care Compliance System

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK's data protection authority, if you believe your privacy rights have been violated. You can contact the ICO at ico.org.uk or by calling their helpline on 0303 123 1113.