Privacy Notice

Effective
November, 2019

Who are we?

We are Birdie Care Services Ltd, registered at Companies House under number 10863579.

We are based at: St James House, 13 Kensington Square, London, United Kingdom, W8 5HD.

Our Data Protection Officer can be reached by emailing dpo@birdie.care.

Birdie Care Services plays a dual role when it comes to processing. In some situations, we act as a Controller, in others we are the Processor.

When we are a Processor of personal data, we are doing so purely on the instruction of another company (the Controller). If you are a patient or healthcare professional, then that company is likely to be the care provider. To find out more about how your data is protected by them, you should contact them directly.

We are registered with the ICO as a fee payer because we have chosen to appoint a Data Protection Officer. We have a Data Protection Officer because we process a lot of sensitive data on behalf of other companies and we want to ensure that we are protecting your rights and freedoms at all times, in the course of our day to day activities.

Birdie Care Services, does on occasion, act as a Controller. This is only for the data that we process for our day to day internal business operations, users of “Birdie Safe & Well” or “Birdie Falls”, as well any technical data that is collected by our app.

We only collect the data that we need to carry out a task and do not keep data longer than is necessary. We delete data when it is no longer required for the purpose that we collected it.This privacy notice refers to the data we process as a Controller only.

We are happy to talk to you about how we process and protect data, just email us dpo@birdie.care.

Tell me more:

To see more about how we use your personal data, read the notice or notices which apply best to your relationship with us:
I am a potential corporate client (Care Agency)
I am a corporate client (Care Agency)
I am an employee of Birdie Care Services Ltd
I am just browsing your website
I am an app user
I am an website user
I am an investor
I am a Dementia Support Service User

Corporate Client Privacy Notice

Data that we hold and how we use it
As a corporate client, we hold the contact and payment details required to carry out our contract with you, manage our relationship and keep you up to date with changes and improvements to our services. This data would have been sourced from you directly.

Lawful basis for processing
Our lawful basis for processing your data is a combination of Contract and Legitimate Interest. We use legitimate interest when we use your data to keep you up to date with changes and improvements to our goods and services. Results of a legitimate interest balancing test indicate that this use is pursuing a legitimate interest, is necessary for the purpose of keeping you updated and growing our business, and unlikely to cause you risk or harm. 

Data Sharing and Transfers
Like most companies, we use a number of third parties as part of our data processing, for example cloud services and technology services. We have Data Processing Agreements in place with these providers. Where data is transferred outside of the EEA, we ensure that appropriate protection and mechanisms are in place, for example US Privacy Shield. We do not sell your data to anybody and we do not share it with anyone other than our contracted processors.

Retention Periods
We hold data on Corporate Clients for the length of time that you are a client of ours, then another 7 years in case of any dispute.

Technical and Operational Security
All data is password protected, access controlled, backed up securely and encrypted when appropriate.All employees are trained in data protection and are aware of their obligations to ensure the privacy of all data subjects. Data Privacy by Design and Default is an integral part of our development processes.All devices are protected by a leading enterprise mobility management technology.

Your Rights
You have rights in respect of our processing of your personal data.
The relevant rights are:

If you want to exercise any of these rights, please just contact us on dpo@birdie.care

You also have the right to lodge a complaint about our processing with a supervisory authority — in the UK that is the ICO whose details are here: https://ico.org.uk/global/contact-us/postal-addresses/

Employee Privacy Notice

If you are an employee of Birdie Care Services Ltd, please refer to the Fair Processing Notice that is stored in the Employee Handbook.

Potential Corporate Client Privacy Notice

Data that we hold and how we use it
As a potential client, we hold your name, job title and corporate contact details so we can build a relationship with you. This data will have been sourced directly from you at an event, or from your company website or a similar publicly available source. We only hold your data if we legitimately think you will have an interest in using our product.

Lawful basis for processing
Our lawful basis for processing your data is a Legitimate Interest for marketing purposes. As you are a corporate entity, we also abide by the Privacy and Electronic Communications Regulations (PECR). We give you the change to opt out of all marketing on anything that we send you. We only share details of our own goods and services in our marketing. If your data was not sourced directly from you, then we contact you once we have the data to let you know that we have your data and give you the chance to opt out. Our legitimate interest balancing test indicates that this is a legitimate purpose: you would not be surprised to hear from us based on the nature of your job role, and our processing does not cause any harm or risk to you as a data subject.

Data Sharing and Transfers
Like most companies, we use a number of third parties as part of our data processing, for example cloud services and technology services. We have Data Processing Agreements in place with these providers. Where data is transferred outside of the EEA, we ensure that appropriate protection and mechanisms are in place, for example US Privacy Shield. We do not sell your data to anybody and we do not share it with anyone other than our contracted processors.

Retention Periods
We hold data on Potential Corporate Clients for as long as we think you are likely to be interested in our goods and services, or until the point at which you opt out of communications. At this point you are added to a suppression list so we do not contact you again. When you become a Corporate Client, then the privacy Notice for Corporate Clients will apply.

Technical and Operational Security
All data is password protected, access controlled, backed up securely and encrypted when appropriate.
All employees are trained in data protection and are aware of their obligations to ensure the privacy of all data subjects.
Data Privacy by Design and Default is an integral part of our development processes.
All devices are protected by a leading enterprise mobility management technology

Your Rights
You have rights in respect of our processing of your personal data.
The relevant rights are:

If you want to exercise any of these rights, please just contact us on dpo@birdie.care

You also have the right to lodge a complaint about our processing with a supervisory authority — in the UK that is the ICO whose details are here: https://ico.org.uk/global/contact-us/postal-addresses/

Investor/Shareholder Privacy Notice

Data that we hold and how we use it
As an investor or private shareholder in Birdie Care Services Ltd, we hold your contact details. This data would have been sourced from you directly.

Lawful basis for processing
Our lawful basis for processing your data is a legal obligation; we are legally obliged to document who the owners of our business are.

Data Sharing and Transfers
Like most companies, we use a number of third parties as part of our data processing, for example cloud services and technology services. We have Data Processing Agreements in place with these providers. Where data is transferred outside of the EEA, we ensure that appropriate protection and mechanisms are in place, for example US Privacy Shield. We do not sell your data to anybody and we do not share it with anyone other than our contracted processors.
We share your contact details in line with our regulatory requirements, so will be listed in official documents such as company filings and would be used in any potential data room.

Retention Periods
We hold data on Potential Corporate Clients for as long as we think you are likely to be interested in our goods and services, or until the point at which you opt out of communications. At this point you are added to a suppression list so we do not contact you again. When you become a Corporate Client, then the privacy Notice for Corporate Clients will apply.

Technical and Operational Security
All data is password protected, access controlled, backed up securely and encrypted when appropriate.
All employees are trained in data protection and are aware of their obligations to ensure the privacy of all data subjects.
Data Privacy by Design and Default is an integral part of our development processes.
All devices are protected by a leading enterprise mobility management technology

Your rights
You have rights in respect of our processing of your personal data.
The relevant rights are:

If you want to exercise any of these rights, please just contact us on dpo@birdie.care

You also have the right to lodge a complaint about our processing with a supervisory authority — in the UK that is the ICO whose details are here: https://ico.org.uk/global/contact-us/postal-addresses/

App User Privacy Notice

Data that we hold and how we use it
As an app user, you provide some data to enter into a contract with us. This will be your contact details. We also process data about the way you use our app, including your IP address and browsing time. This helps us to optimise the performance of our app, monitor it for security purposes and drive improvements for our users.
We also process your data so we can drive improvements to the app and to allow bug reporting and analysis.
We ask your consent for this. We use your contact details to send you service updates and also marketing messages.

Lawful basis for processing
Our lawful basis for processing your data is a combination of Contract, Legitimate Interest and Consent. We use your contact details to provide you with the app and the appropriate technical support as needed, as well as service messages; this is our contract with you. We use legitimate interest when we use your data to improve the performance of the app, process your data for marketing purposes, and protect it from illegal use. Results of a legitimate interest balancing test indicate that this use is pursuing a legitimate interest, and unlikely to cause you risk or harm. When we send marketing messages to you, we rely on consent under Privacy and Electronic Communications Regulations (PECR). This consent is collected via the app. We are aware that as an employee of a corporate subscriber, we could send marketing messages without consent. However, we feel that consent is a better option for you in this instance. You can withdraw this consent at any time.

Data Sharing and Transfers
Like most companies, we use a number of third parties as part of our data processing, for example cloud services and technology services. We have Data Processing Agreements in place with these providers. Where data is transferred outside of the EEA, we ensure that appropriate protection and mechanisms are in place, for example US Privacy Shield. We do not sell your data to anybody and we do not share it with anyone other than our contracted processors.

Retention Periods
We hold data used to fulfill the contract for 12 months after the termination of the contract. We delete log data 12 months after you cease using the app. We remove you from our marketing database, onto a suppression list, when you opt out of receiving communications from us.

Technical and Operational Security
All data is password protected, access controlled, backed up securely and encrypted when appropriate. All employees are trained in data protection and are aware of their obligations to ensure the privacy of all data subjects. Data Privacy by Design and Default is an integral part of our development processes.
All devices are protected by a leading enterprise mobility management technology.

Your Rights
You have rights in respect of our processing of your personal data.
The relevant rights are:

If you want to exercise any of these rights, please just contact us on dpo@birdie.care

You also have the right to lodge a complaint about our processing with a supervisory authority — in the UK that is the ICO whose details are here: https://ico.org.uk/global/contact-us/postal-addresses/

Website Browsing Privacy Notice

Data we process
When you browse our website we drop only essential cookies that make our site work without consent. When we drop analytics or tracking cookies, we do so only with your consent, gained via the cookie banner. You can withdraw your consent at any time.

Data Sharing and Transfers
Like most companies, we use a number of third parties as part of our data processing, for example cloud services and technology services. We have Data Processing Agreements in place with these providers. Where data is transferred outside of the EEA, we ensure that appropriate protection and mechanisms are in place, for example US Privacy Shield. We do not share your data to anybody without your consent unless it with our contracted processors.

Technical and Operational Security
All data is password protected, access controlled, backed up securely and encrypted when appropriate. All employees are trained in data protection and are aware of their obligations to ensure the privacy of all data subjects. Data Privacy by Design and Default is an integral part of our development processes. All devices are protected by a leading enterprise mobility management technology

Your Rights
You have rights in respect of our processing of your personal data.
The relevant rights are:

If you want to exercise any of these rights, please just contact us on dpo@birdie.care

You also have the right to lodge a complaint about our processing with a supervisory authority — in the UK that is the ICO whose details are here: https://ico.org.uk/global/contact-us/postal-addresses/

Dementia Support Service Privacy Notice

Data that we hold and how we use it
As a Dementia Support Service user, you provide some data to enter into a contract with us. This will be your contact details. We store details about consultations we have had with you, to ensure a consistent and reliable service. We also process data about the way you use our app, including your IP address and browsing time. This helps us to optimise the performance of our app, monitor it for security purposes and drive improvements for our users.

Lawful basis for processing
Our lawful basis for processing your data is a combination of Contract, Legitimate Interest and Consent. We use your contact details to provide you with the app, the service capability, service messages, and the appropriate technical support as needed; this is our contract with you. We use consent when we use your data to improve the performance of the app, legitimate interest to protect it from illegal use. Results of a legitimate interest balancing test indicate that this use is pursuing a legitimate interest, and unlikely to cause you risk or harm. We also rely on legitimate interest to store information about the consultations we have with you. Where this contains any special category data, we process this data because we provide social care to you are as a care provider.

Data Sharing and Transfers
Like most companies, we use a number of third parties as part of our data processing, for example cloud services and technology services. We have Data Processing Agreements in place with these providers. Where data is transferred outside of the EEA, we ensure that appropriate protection and mechanisms are in place, for example US Privacy Shield. We do not sell your data to anybody and we do not share it with anyone other than our contracted processors.

Retention Periods
We hold data used to fulfill the contract for 12 months after the termination of the contract. We delete log data 12 months after you cease using the app.

Technical and Operational Security
All data is password protected, access controlled, backed up securely and encrypted when appropriate. All employees are trained in data protection and are aware of their obligations to ensure the privacy of all data subjects. Data Privacy by Design and Default is an integral part of our development processes. All devices are protected by a leading enterprise mobility management technology.

Your Rights
You have rights in respect of our processing of your personal data.
The relevant rights are:

If you want to exercise any of these rights, please just contact us on dpo@birdie.care

You also have the right to lodge a complaint about our processing with a supervisory authority — in the UK that is the ICO whose details are here: https://ico.org.uk/global/contact-us/postal-addresses/