Service privacy policy

The CareHQ CRM service is provided by CRMHQ. CRMHQ is the data controller for information collected about users of the CareHQ CRM service. CRMHQ as the data controller determines how and why personal data about users is processed.

What data we collect

The personal data we collect from you includes:

  • Your first and last name.
  • Your email address when you are added to the CareHQ CRM service.
  • Your telephone number (typically mobile).
  • Your Internet Protocol (IP) address and details of web browser (name and version) and operating system you use to access the CareHQ CRM service.
  • In the event of an error occurring while you are using the CareHQ CRM server we collect information about the request that triggered the error.
  • Information on how you use the application: when you login, what actions you perform, and what data you interact with/modify.

We use Sentry to collect information about any errors that occur while the CareHQ CRM application is being used. This includes IP addresses, but where possible we exclude other Personally Identifiable Information (PII).

We use automated tools to test and monitor the security of the CareHQ CRM service and ensure the measures we have in place are effective in protecting your data.

Why we need your data

We collect data in order to:

  • Allow you to access the CareHQ CRM service securely.
  • Send you transactional communications via email, SMS, WhatsApp, or voice channels, such as reminders about upcoming home visits.
  • Provide an audit trail of changes made to data within the system.
  • Monitor use of the site to identify security threats.
  • Monitor the performance of the site to identify errors and their cause.

Our legal basis for processing your data

The legal basis for processing personal data in relation to site security is our legitimate interests, and the legitimate interests of our users, in ensuring the security and integrity of the CareHQ CRM service.

The legal basis for processing all other personal data is that it’s necessary and in the interests of our users to:

  • Identify and resolve errors with the CareHQ CRM service to ensure the integrity of the service and data held within it.
  • Provide an audit trail of actions performed and data modified by users of the application. This audit trail helps users to monitor and ensure the integrity of data within the application.
  • Send transaction communications to notify you of important events or pending/overdue tasks.

What we do with your data

The data we collect may be shared with our technology suppliers, for example our hosting provider.

We will not:

  • sell or rent your data to third parties.
  • share your data with third parties for marketing purposes.

We will share your data if we are required to do so by law - for example, by court order, or to prevent fraud or other crime.

How long we keep your data

We will only retain your personal data for as long as:

  • it is needed for the purposes set out in this document.
  • the law requires us to.

Your name and email address form part of the audit logs and will be retained until those audit logs are deleted. The period after which audit logs are removed depends on the data they relate to and the retention periods set in the CareHQ CRM service for your company (typically between 12 months and 7 years).

Children’s privacy protection

Our services are not designed for, or intentionally targeted at, children 13 years of age or younger. We do not intentionally collect or maintain data about anyone under the age of 13.

Where your data is processed and stored

We design, build, and run our systems to make sure that your data is as safe as possible at all stages, both while it’s processed and when it’s stored.

All personal data is stored in the European Economic Area (EEA). Data collected by Sentry or Twilio (the partner we use to send SMS and WhatsApp messages) may be transferred outside the EEA for processing.

How we protect your data and keep it secure

We are committed to doing all we can to keep your data secure. We have set up systems and processes to prevent unauthorised access or disclosure of your data. Additional information on the security measures we have in place can be found on our Security & Availability page.

We also make sure that any third parties that we deal with keep all personal data they process on our behalf secure.

Your rights

You have the right to request:

  • information about how your personal data is processed.
  • a copy of that personal data.
  • that anything inaccurate in your personal data is corrected immediately.

You can also:

  • raise an objection about how your personal data is processed.
  • request that your personal data is erased if there is no longer a justification for it being stored.
  • ask that the processing of your personal data is restricted in certain circumstances.

If you would like to make any of these requests, please contact us.

Changes to this policy

We may make changes to update this privacy policy. In that case, the ‘last updated’ date at the bottom of this page will also change. Any changes to this privacy policy will apply to you and your data immediately.

If these changes affect how your personal data is processed, CRMHQ will take reasonable steps to let you know.

Last updated 15 July 2021