Privacy Policy

Last updated: December 2025

CareOptus Ltd ("CareOptus", "we", "us", or "our") is committed to protecting your privacy and handling your personal data responsibly. This Privacy Policy explains how we collect, use, store, and share your personal information when you use our services.

CareOptus Ltd is the data controller for the personal data we process. We are registered in England and Wales under company number 16603901, with our registered office at [Registered Address].

1. Information We Collect

1.1 Information from Carers

When you apply to join our carer network, we collect:

• Full name, date of birth, and contact details (email, phone, address)
• Right to work documentation and status
• Professional qualifications and care experience
• Enhanced DBS certificate details
• Professional references
• Availability and work preferences
• Bank details for payment processing
• Insurance documentation

1.2 Information from Families

When you enquire about or use our services, we collect:

• Contact details of the person making the enquiry
• Relationship to the person requiring care
• Location where care is required
• Care requirements and health conditions of the care recipient
• Payment information for billing purposes

1.3 Information from Care Recipients

To facilitate appropriate care matching, we may collect:

• Name and contact details
• General health conditions and care needs (high-level only)
• Emergency contact information
• GP practice details

1.4 Automatically Collected Information

When you use our website, we automatically collect:

• IP address and browser type
• Pages visited and time spent on site
• Referring website
• Device information

2. How We Use Your Information

We use your personal data for the following purposes:

3. Special Category Data

We process limited health-related information about care recipients to facilitate appropriate care matching. This data is processed on the basis of:

• Explicit consent from the data subject or their authorised representative
• Where necessary for the provision of health or social care

We do not store detailed medical records. We only retain high-level care summaries necessary for matching and safety purposes.

4. Who We Share Your Data With

We may share your personal data with:

• Carers and Families: To facilitate introductions and care arrangements. Carers receive relevant care information; families receive carer profiles and verification status.
• Payment Processors: Stripe processes payments on our behalf and is compliant with PCI-DSS standards.
• Identity Verification Providers: To verify carer identity and right to work.
• Reference Check Services: To verify professional references.
• Support Services: Our support team, including offshore support staff, may access limited data to assist you. All support staff are bound by confidentiality agreements and data processing agreements.
• Emergency Services: If required for safeguarding or in emergencies.
• Legal and Regulatory Bodies: Where required by law.

5. International Data Transfers

Some of our support services are provided by staff based outside the UK/EEA. Where we transfer personal data internationally, we ensure appropriate safeguards are in place, including:

• Standard Contractual Clauses (SCCs) approved by the UK ICO
• Data Processing Agreements with all processors
• Technical measures including role-based access controls and data minimisation

All data is hosted on servers within the UK/EEA. International support staff access data remotely but cannot export or download personal data.

6. Data Retention

We retain personal data for the following periods:

• Carer applications (unsuccessful): 12 months
• Active carer profiles: Duration of network membership plus 6 years
• Family enquiries (no placement): 2 years
• Active placement records: Duration of care plus 6 years
• Incident reports: 7 years
• Financial records: 7 years (legal requirement)

7. Your Rights

Under UK GDPR, you have the following rights:

• Right of access: Request a copy of your personal data
• Right to rectification: Request correction of inaccurate data
• Right to erasure: Request deletion of your data (subject to legal retention requirements)
• Right to restrict processing: Request limitation of how we use your data
• Right to data portability: Receive your data in a portable format
• Right to object: Object to processing based on legitimate interests
• Right to withdraw consent: Where processing is based on consent

To exercise any of these rights, contact us at privacy@careoptus.co.uk.

8. Data Security

We implement appropriate technical and organisational measures to protect your personal data, including:

• Encryption of data in transit and at rest
• Access controls and authentication
• Regular security assessments
• Staff training on data protection
• Incident response procedures

9. Cookies

Our website uses cookies to improve your experience. We use:

• Essential cookies: Required for the website to function
• Analytics cookies: Help us understand how visitors use our site
• Marketing cookies: Used to deliver relevant advertising (only with consent)

You can manage cookie preferences through your browser settings.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by email or through our website. The "Last updated" date at the top indicates when the policy was last revised.

11. Contact Us

If you have questions about this Privacy Policy or our data practices, contact us:

• Email: privacy@careoptus.co.uk
• Phone: 0800 123 4567
• Post: CareOptus Ltd, [Address]

12. Complaints

If you are not satisfied with how we handle your personal data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):

• Website: ico.org.uk
• Phone: 0303 123 1113