Overview


This privacy notice tells you what to expect us to do with your personal information when you make contact with us or use one of our services.


We work to high standards when it comes to processing your personal information. If you have queries or concerns, please contact us at max@carecalls.co.uk and we’ll respond.


We keep our privacy notice under regular review to make sure it is up to date and accurate.


We’ll tell you:

  • why we are able to process your information
  • what purpose we are processing it for
  • whether you have to provide it to us
  • how long we store it for
  • whether there are other recipients of your personal information


CareCalls LTD is the controller for the personal information we process, unless otherwise stated.


There are many ways you can contact us, including by phone, email, live chat and post.


01173357999
support@carecalls.co.uk
1 - 3 St Johns court, Whiteladies road, Bristol, BS82QY


Our Data Protection Officer is Max Pownall. You can contact him at max@carecalls.co.uk or via our postal address. Please mark the envelope ‘Data Protection Officer’.


Most of the personal information we process is provided to us directly by you for one of the following reasons:

  • You have contacted us by email, phone, website contact form or website live chat to make an enquiry
  • You have tried a demo of CareCalls by filling out your details on carecalls.co.uk/demo
  • You have requested an information pack from us via carecalls.co.uk/share
  • You have made an information request to us.
  • You wish to attend, or have attended, an event.
  • You subscribe to our e-newsletter.
  • You have applied for a job or secondment with us.
  • You are representing your organisation.
  • We have contacted you as part of a business enquiry by using publicly available contact data (please note in this case we will always ask before sending you further correspondence).
  • If it is not disproportionate or prejudical, we’ll contact you to let you know we are processing your personal information.


Your rights


Under data protection law, you have rights we need to make you aware of. The rights available to you depend on our reason for processing your information.


Your right of access


You have the right to ask us for copies of your personal information. This right always applies. There are some exemptions, which means you may not always receive all the information we process. You can read more about this right here. https://ico.org.uk/your-data-matters/your-right-of-access/


Your right to rectification


You have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete. This right always applies. You can read more about this right here. https://ico.org.uk/your-data-matters/your-right-to-get-your-data-corrected/


Your right to erasure


You have the right to ask us to erase your personal information in certain circumstances. You can read more about this right here. https://ico.org.uk/your-data-matters/your-right-to-get-your-data-deleted/


Your right to restriction of processing


You have the right to ask us to restrict the processing of your information in certain circumstances. You can read more about this right here. https://ico.org.uk/your-data-matters/your-right-to-limit-how-organisations-use-your-data/


Your right to object to processing


You have the right to object to processing if we are able to process your information because the process forms part of our public tasks, or is in our legitimate interests. You can read more about this right here. https://ico.org.uk/your-data-matters/the-right-to-object-to-the-use-of-your-data/


Your right to data portability


This only applies to information you have given us. You have the right to ask that we transfer the information you gave us from one organisation to another, or give it to you. The right only applies if we are processing information based on your consent or under, or in talks about entering into a contract and the processing is automated. You can read more about this right here. https://ico.org.uk/your-data-matters/your-right-to-data-portability/


Exercising the above


You are not required to pay any charge for exercising your rights. We have one month to respond to you. Please contact us at support@carecalls.co.uk if you wish to make a request, or contact our helpline on 0117 3357 999


Law enforcement


If we are processing your information for criminal law enforcement purposes, your rights are slightly different.


Linked websites


Where we provide links to websites of other organisations, this privacy notice does not cover how that organisation processes personal information. We encourage you to read the privacy notices on the other websites you visit.


Children


We may provide services directly to children if the information is given by parent or guardian. We do not proactively collect their personal information.


Your data: What, why, when


The following table shows how various stakeholder information is collected and used



Stakeholder / data provided (what)

Required for / How data will be used (why)Collected when (when)

Confirmed interested parties


 


 


Name



 Send requested marketing & special offers, Provide customer service


Request demo call, contact us (via phone, email or online chat)

Email



Send requested marketing & special offers, Provide customer service




Request demo call, request share pack, contact us 


(via phone, email or online chat)


Phone


Send requested marketing & special offers, Provide customer service



Request demo call, contact us 


(via phone, email or online chat)


Address


Send requested marketing materials




Request share pack, contact us




(via phone, email or online chat)



Call creators


 


 


Name


Deliver service, Maintain quality, Provide customer service


Set up a CareCall

(online or via phone)


Email


Deliver service, Maintain quality, Provide customer service



Set up a CareCall 


(online or via phone)


Phone


Deliver service, Maintain quality, Provide customer service



Set up a CareCall


(online or via phone)


Location


Deliver service, Maintain quality, Provide customer service



Set up a CareCall


(online or via phone)


Call receivers


 


 


Name


Deliver service, Maintain quality, Provide customer service



Set up a CareCall


(online or via phone)


Phone


Deliver service, Maintain quality, Provide customer service



Set up a CareCall


(online or via phone)


Address


Deliver service, Maintain quality, Provide customer service



Set up a CareCall


(online or via phone)


Alert receiver


 


 


Email


Deliver service


Set up a CareCall

(online or via phone)


Phone


Deliver service


Set up a CareCall

(online or via phone)


Call recorder


 


 

Email
 Deliver service


Set up a CareCall
(online or via phone)



 


Phone number

 Deliver serviceSet up a CareCall
(online or via phone) 

Recorded audio for personalised calls

Deliver serviceSet up a CareCall
(online or via phone)

Report receiver


 


 


Email


Deliver service



Set up a CareCall


(online or via phone)


Payee


 


 


Name


Deliver service



Set up a CareCall


(online or via phone),


 Set up payment



(online or via phone)



Email


Deliver service




Set up a CareCall





(online or via phone),

Set up payment




(online or via phone)



Phone


Deliver service


Set up a CareCall



(online or via phone),

Set up payment




(online or via phone)



Address


Deliver service (payment)


Set up a payment


(online or via phone)



Card details (card number, exp date, CVC)


Deliver service (payment)



Set up payment



(online or via phone)



Bank details (Account number, sort code)

Deliver service (payment)Set up payment
(online or via phone)


Third parties


We use data processors who are third parties who provide elements of services for us. We have contracts in place with our data processors. This means that they cannot do anything with your personal information unless we have instructed them to do it. They will not share your personal information with any organisation apart from us. They will hold it securely and retain it for the period we instruct. Here are the data processors we use:


Product delivery - Amazon AWS


Purpose: We use Amazon AWS to host and protect all data required to deliver the service.


Data handled: call behavior, personalised recordings, call creator email address, call creator phone number, call creator name, call receiver name, call receiver phone number, alert receiver email/s, alert receiver phone number/s, payee email, payee phone number, call recorder email, call recorder phone number, report receiver email, details of calls.


Data will be stored for: 8 years


You can see their security policy here


Product delivery - Twillio


Purpose: Twillio physically connects to international phone systems. We use Twillio to deliver the calls to the call receiver, to deliver calls to alert receiver/s , to deliver SMS to alert receiver/s, to deliver SMS marketing and to monitor product performance.


Data handled: Phone numbers, CLI, call recordings, personalised message recordings, call performance.


Data will be stored for: 8 years.


You can see their security policy here


Product delivery - Mailgun


We use a third-party provider, Mailgun, to deliver automated emails including the summary emails which list all of the information provided by someone in order to set up a call. We use Transport Layer Security (TLS) to encrypt and protect email traffic in line with government guidance on email security. Most webmail such as Gmail and Hotmail use TLS by default. We’ll also monitor any emails sent to us, including file attachments, for viruses or malicious software. You must ensure that any email you send is within the bounds of the law.


Data handled: call creator email address, call creator phone number, call creator name, call receiver name, call receiver phone number, alert receiver email/s, alert receiver phone number/s, payee email, payee phone number, call recorder email, call recorder phone number, report receiver email, details of calls.


Data will be stored for: 8 years


You can see their security policy here


Customer service and marketing - Active campaign


Purpose: We use Active campaign to keep in touch with existing customers and to market to potential customers. We use Transport Layer Security (TLS) to encrypt and protect email traffic in line with government guidance on email security. Most webmail such as Gmail and Hotmail use TLS by default. We’ll also monitor any emails sent to us, including file attachments, for viruses or malicious software. You must ensure that any email you send is within the bounds of the law.


Data handled: IP Addresses, Interested party email, interested party phone number, call creator email address, call creator phone number, call creator name, call receiver name, call receiver phone number, 


You can see their security policy here


Customer service - 8x8


Purpose: We use a third-party provider, 8x8, to supply and support our VOIP based customer service phone service. When you call our main helpline, we collect Calling Line Identification (CLI) information. This is the phone number you are calling from (if it’s not withheld). We hold a log of the phone number, date, time and duration of the call. We record calls for quality and training purposes. We use this information to understand the demand for our services and to improve how we operate. We may also use the number to call you back if you have asked us to do so, if your call drops, or if there is a problem with the line. We may also use it to check how many calls we have received from it.


Data handled: CLI, call statistics and performance, call recordings.


Data will be stored for: 8 years.


You can see their security policy here


Customer service - Zendesk


We use a third-party provider, Zendesk, to supply and support our live chat service as well as providing our knowledge base. Search queries and results are logged and may be matched with personal information in order to provide a better customer experience.


If you use this service, we may collect your name, email and the contents of your live chat session.


Data handled: IP Addresses, Behavior, messages and disclosed contact details


Data will be stored for: 8 years


You can see their security policy here


Customer service - Google apps


We use a third-party provider, Google apps , to supply and support our customer service email client service.


We use Transport Layer Security (TLS) to encrypt and protect email traffic in line with government guidance on email security. Most webmail such as Gmail and Hotmail use TLS by default.


We’ll also monitor any emails sent to us, including file attachments, for viruses or malicious software. You must ensure that any email you send is within the bounds of the law.


Data handled: Email addresses and email content (which may include other contact information, apart from payment details)


Data will be stored for: 8 years


You can see their security policy here


Data analysis - Google data studio


We use a third-party provider, Google data studio, to interpret and analyse our data in order to maintain and improve our service.


Data handled: All data


Data is not stored on data studio and is only called upon via an SSL secured database query.


You can see their security policy here


Payment collection - Stripe


Purpose: We use stripe to securely collect and store debit/credit card details for the purpose of paying for CareCalls. When you set up a payment method for CareCalls your payment information is stored only with Stripe. Stripe is chosen for their attention and investment in security.


Data handled: Email, home address, debit/credit card details


Data will be stored for: 8 years


You can see their security policy here


Payment collection - Gocardless


We use Gocardless to securely collect and store direct debit details for the purpose of paying for CareCalls. When you set up a payment method for CareCalls your payment information is stored only with Gocardless. Gocardless is chosen for their attention and investment in security.


Data handled: Email, home address, account number and sort code


Data will be stored for: 8 years


You can see their security policy here


Social media - Hootsuite


We use a third-party provider, Hootsuite, to manage our social-media interactions. If you send us a private or direct message via social media, it will be stored by Hootsuite for three months. It will not be shared with any other organisations.


We see all this information and decide how we manage it. For example, if you send a message via social media that needs a response from us, we may process it in our case management system as an enquiry or a complaint.


Data handled: Social media handles, behaviour and content


Data will be stored for: 8 years


You can see their security policy here


Website optimisation - Google analytics


Purpose: When you visit our website, we use a third-party service, Google Analytics, to collect standard internet log information and details of behaviour patterns. We do this to find out such things as the number of visitors to the various parts of the site. This information is only processed in a way that does not identify anyone. We do not make, and do not allow Google to make, any attempt to find out the identities of those visiting our website.


Data handled: IP Addresses, behaviour on website


Data will be stored for: 8 years


You can see their security policy here


Website optimisation - Fullstory


Purpose: We use Fullstory to collect standard internet log information and details of behaviour patterns. We do this to find out such how the website is used and if we can do anything to improve the website for the benefit of customers.


Data handled: Interested party email address, website behavior


Data will be stored for: 8 years


You can see their security policy here


Web cookies


We use a cookies tool on our website which relies on implied consent of users. In recognition of the fact that the implementation date for the revised e-Privacy Regulation remains unknown, we are taking reasonable steps now to align our use of cookies the standard of consent required by GDPR.


Purpose and legal basis for processing


The purpose for implementing all of the above is to maintain and monitor the performance of our service and website and to constantly look to improve the site and the services it offers to our users. The legal basis we rely on to process your personal data is article 6(1)(f) of the GDPR, which allows us to process personal data when its necessary for the purposes of our legitimate interests. As we are processing your personal data for our legitimate interests as stated above, you have the right to object to our processing of your personal data. There are legitimate reasons why we may refuse your objection, which depend on why we are processing it.