The CareHQ CRM service is provided by CRMHQ. CRMHQ is the data controller for information collected about users of the CareHQ CRM service. CRMHQ as the data controller determines how and why personal data about users is processed.
The personal data we collect from you includes:
We use Sentry to collect information about any errors that occur while the CareHQ CRM application is being used. This includes IP addresses, but where possible we exclude other Personally Identifiable Information (PII).
We use automated tools to test and monitor the security of the CareHQ CRM service and ensure the measures we have in place are effective in protecting your data.
We collect data in order to:
The legal basis for processing personal data in relation to site security is our legitimate interests, and the legitimate interests of our users, in ensuring the security and integrity of the CareHQ CRM service.
The legal basis for processing all other personal data is that it’s necessary and in the interests of our users to:
The data we collect may be shared with our technology suppliers, for example our hosting provider.
We will not:
We will share your data if we are required to do so by law - for example, by court order, or to prevent fraud or other crime.
We will only retain your personal data for as long as:
Your name and email address form part of the audit logs and will be retained until those audit logs are deleted. The period after which audit logs are removed depends on the data they relate to and the retention periods set in the CareHQ CRM service for your company (typically between 12 months and 7 years).
Our services are not designed for, or intentionally targeted at, children 13 years of age or younger. We do not intentionally collect or maintain data about anyone under the age of 13.
We design, build, and run our systems to make sure that your data is as safe as possible at all stages, both while it’s processed and when it’s stored.
All personal data is stored in the European Economic Area (EEA). Data collected by Sentry or Twilio (the partner we use to send SMS and WhatsApp messages) may be transferred outside the EEA for processing.
We are committed to doing all we can to keep your data secure. We have set up systems and processes to prevent unauthorised access or disclosure of your data. Additional information on the security measures we have in place can be found on our Security & Availability page.
We also make sure that any third parties that we deal with keep all personal data they process on our behalf secure.
You have the right to request:
You can also:
If you would like to make any of these requests, please contact us.
We may make changes to update this privacy policy. In that case, the ‘last updated’ date at the bottom of this page will also change. Any changes to this privacy policy will apply to you and your data immediately.
If these changes affect how your personal data is processed, CRMHQ will take reasonable steps to let you know.