Privacy Policy
Effective date: January 3rd, 2024
At CQC Assured, one of our main priorities is the privacy of our users. This Privacy Policy document contains types of information that is collected and recorded by CQC Assured and how we use it.
If you have additional questions or require more information about our Privacy Policy, do not hesitate to contact us.
General Data Protection Regulation (GDPR)
We are a Data Controller of your information.
CQC Assured legal basis for collecting and using the personal information described in this Privacy Policy depends on the Personal Information we collect and the specific context in which we collect the information:
You have given CQC Assured permission to do so
Processing your personal information is in CQC Assured legitimate interests
CQC Assured needs to comply with the law
CQC Assured will retain your personal information only for as long as is necessary for the purposes set out in this Privacy Policy. We will retain and use your information to the extent necessary to comply with our legal obligations, resolve disputes, and enforce our policies.
Information Collection and Use
For a better experience while using our Service, we may require you to provide us with certain personally identifiable information, including but not limited to your name, phone number, and postal address. The information that we collect will be used to contact or identify you.
Log Files
CQC Assured follows a standard procedure of using log files. These files log users when they use applications. The information collected by log files include internet protocol (IP) addresses, device type, Internet Service Provider (ISP), date and time stamp, referring/exit pages, and possibly the number of clicks. These are not linked to any information that is personally identifiable.
Cookies and Web Beacons
Like any other application, CQC Assured uses 'cookies'. These cookies are used to store information including users' preferences, and the pages on the application that the user accessed or visited. The information is used to optimize the users' experience by customizing our web page content based on users' browser type and/or other information.
Service Providers
We may employ third-party companies and individuals to facilitate our Service ("Service Providers"), to provide the Service on our behalf, to perform Service-related services, or to assist us in analyzing how our Service is used. These third parties have access to your Personal Information only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose.
Supabase
Supabase is used as a backend and database provider for our Service. It provides the necessary infrastructure to store and manage the data of our application, ensuring that your data is handled securely. Supabase is committed to data protection and has implemented measures to safeguard your information. You can view their privacy practices on their website.
Stripe
We use Stripe as our payment processor. This means that we do not store or process your full credit card number or other full payment account details. Instead, Stripe processes these transactions on our behalf. Stripe has been audited by a PCI-certified auditor and is certified to PCI Service Provider Level 1, which is the most stringent level of certification available in the payments industry. To learn more about the way Stripe handles your personal information, please review Stripe’s Privacy Policy on their website.
Security
The security of your data is important to us, and we strive to implement and maintain reasonable, commercially acceptable security procedures and practices appropriate to the nature of the information we store, in order to protect it from unauthorized access, destruction, use, modification, or disclosure. However, this site should not be used to upload any personal or sensitive information related to individuals including but not limited to patients, staff or any other individuals associated with you or your organisation.
Data Encryption
Our application uses secure communication channels such as SSL (Secure Sockets Layer) and TLS (Transport Layer Security) for all data transmission. This encryption helps protect your personal information while it is being transmitted over the Internet.
Secure Coding Practices
We are committed to ensuring that your information is secure. In order to prevent unauthorized access or disclosure, we have put in place suitable electronic, and managerial procedures to safeguard and secure the information we collect online. Our application is built using frameworks that encourage secure coding practices.
Authentication
We provide secure user authentication mechanisms and encourage our users to protect their accounts with strong passwords. Our authentication processes are designed to protect your privacy and security.
Data Storage Security
We use Supabase as our backend and database provider. Supabase has implemented security measures to protect the data they store, which includes continuous backups and regular security audits. The data is stored on servers that are managed with industry-standard data security and privacy protocols.
Payment Security
For financial transactions, we utilize Stripe, a leading online payment processing platform. Stripe is certified as a PCI Service Provider Level 1, which is the most stringent certification available in terms of operational and technical safety. Stripe's infrastructure for storing, decrypting, and transmitting cardholder data is maintained in a secure environment. Although no method of electronic storage or transmission is completely secure, Stripe adheres to and implements additional compliance measures under the Payment Card Industry Data Security Standards (PCI DSS).
Please be aware that while we strive to provide a secure user environment within our application, the inherent nature of the Internet and online communications means that we cannot guarantee that your data will be absolutely secure, especially while in transit. We encourage our users to take care with how they handle and disclose their personal information and to avoid sending personal information through insecure email.
Links to Other Sites
Our Service may contain links to other sites. If you click on a third-party link, you will be directed to that site. Note that these external sites are not operated by us. Therefore, we strongly advise you to review the Privacy Policy of these websites. We have no control over, and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services.
Children's Privacy
Our Services do not address anyone under the age of 13. We do not knowingly collect personally identifiable information from children under 13. In the case we discover that a child under 13 has provided us with personal information, we immediately delete this from our servers. If you are a parent or guardian and you are aware that your child has provided us with personal information, please contact us so that we will be able to do necessary actions.
Changes to This Privacy Policy
We may update our Privacy Policy from time to time. Thus, we advise you to review this page periodically for any changes. We will notify you of any changes by posting the new Privacy Policy on this page. These changes are effective immediately after they are posted on this page.
Contact Us
If you have any questions about our Privacy Policy, You can contact us:
By email: cqcassured@nhs.net
By visiting this page on our website: https://cqcassured.co.uk/contact-us/
By mail: CQC Assured, CI Tower St George’s Square New Malden KT3 4HG London United Kingdom