Privacy policy

1. Who we are

Careply LTD is an example UK company providing a digital care platform for care providers. The platform brings together care records, care home locations, staff directories, rota planning, leave, availability, timesheets, messaging, forms, attachments, and administrative workflows.

For account, website, sales, support, and platform administration data, Careply LTD is the data controller. When a care provider uses Careply to manage residents, employees, care notes, forms, schedules, or internal messages, that provider will usually be the controller and Careply LTD will act as its processor.

2. Personal data we collect

The data we process depends on how an organisation configures Careply and which features it uses.

• Identity and contact details, such as names, work email addresses, phone numbers, job titles, and account identifiers.
• Workforce records, such as role assignments, care home access, qualifications, training records, designated duties, availability, leave requests, rota shifts, and timesheet entries.
• Care operations data, such as care plans, daily notes, incidents, handovers, forms, uploaded files, and information needed to evidence safe care.
• Special category data where needed for care delivery, safeguarding, employment administration, or accessibility, such as health, medication, support needs, and equality information.
• Messaging and collaboration content, including message text, thread participants, timestamps, and attachments uploaded by authorised users.
• Technical, security, and audit data, such as device details, IP address, browser type, sign-in events, permission changes, file scan results, and activity logs.
• Commercial and support data, such as enquiries, contracts, billing contacts, demo requests, support tickets, and feedback.

3. How we use personal data

We use personal data to operate, secure, support, and improve the Careply service.

• Create accounts, authenticate users, manage roles, and restrict access to the right organisation and care home.
• Support rota planning, shift publishing, leave management, availability, timesheets, directory records, forms, and communications.
• Host care information on behalf of care providers and help them evidence care, quality, safety, and compliance.
• Provide customer support, troubleshoot issues, respond to enquiries, and maintain reliable service operations.
• Monitor security, prevent misuse, scan uploaded content, preserve audit trails, and investigate suspected incidents.
• Send service messages, product updates, and marketing communications where permitted.
• Analyse aggregate usage patterns so we can improve workflow design, performance, and reliability.

4. Lawful bases

Where Careply LTD is the controller, we rely on lawful bases under UK GDPR including contract, legitimate interests, legal obligation, consent, and, where necessary, substantial public interest or employment and social care conditions for special category data.

Where we act as a processor, the care provider decides the lawful basis and instructs us through our contract and data processing terms.

5. Who we share data with

We only share personal data where there is a clear operational, legal, safeguarding, or service reason to do so.

• Authorised users within the relevant care provider organisation.
• Hosting, storage, email, analytics, security, support, and communications suppliers who help us run Careply.
• Integration partners chosen by a customer, such as payroll, reporting, directory, or care-sector systems.
• Professional advisers, insurers, auditors, regulators, public authorities, or courts where required.
• Emergency, safeguarding, or healthcare bodies where disclosure is necessary to protect people.

6. How long we keep data

We keep personal data only for as long as needed for the purpose it was collected, unless a longer period is required by law, contract, audit, safeguarding, or dispute obligations.

Example retention periods for this mock notice are: website enquiries for up to 24 months, support tickets for up to 3 years, commercial records for up to 7 years, and customer-controlled care records according to the customer contract and care provider retention policy.

7. Security

Careply is designed for sensitive care environments. We use access controls, organisation and care-home scoping, audit logging, encrypted connections, backup procedures, vulnerability management, and supplier due diligence to help protect data.

No system can be guaranteed completely secure, so customers should also manage user access carefully, remove leavers promptly, and avoid sharing credentials.

8. International transfers

We aim to use UK or EEA hosting and suppliers where practical. If personal data is transferred outside the UK or EEA, we use appropriate safeguards such as adequacy regulations, the UK International Data Transfer Agreement, or standard contractual clauses.

9. Cookies and similar technologies

Our website and product may use essential cookies for security, sign-in, routing, and session management. We may also use optional analytics or marketing cookies where consent is required.

See the cookies page for more information about example cookie categories and choices.

10. Your rights

Depending on the circumstances, you may have the right to access, correct, erase, restrict, object to, or receive a copy of your personal data. You may also withdraw consent where processing is based on consent.

If your data is held in Careply by a care provider, please contact that provider first because they are usually the controller. You can also contact Careply LTD at [email protected] and we will help route the request.

11. Questions and complaints

For privacy questions, contact Careply LTD at [email protected]. You also have the right to complain to the UK Information Commissioner's Office at ico.org.uk.

This page is mock privacy data for the static Careply marketing site and should be replaced with legally reviewed wording before real-world publication.