This Privacy Policy explains how Inkfinity Print Solutions Ltd ("we", "us", "our") collects, uses, and protects personal data in connection with the Care App platform and the care-app.uk website. We are registered with the Information Commissioner's Office (ICO) and comply fully with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
Data Controller (our own business data): Inkfinity Print Solutions Ltd is the Data Controller for personal data relating to our website visitors, prospective customers, and our own business operations.
Data Processor (Care App platform data): For personal data entered into the Care App platform by subscribing care organisations — including data about their staff and clients — Inkfinity Print Solutions Ltd acts solely as a Data Processor. Each subscribing organisation is the Data Controller for that data and is responsible for its lawful processing. We process such data only on the documented instructions of the relevant controller.
Registered address: Innovation Centre, Maidstone Road, Chatham, Kent, ME5 9FD
Contact: hello@care-app.uk
When you visit care-app.uk, our web server automatically records standard access log information, including your IP address, browser type, pages visited, and the time and date of your visit. This data is held for up to 30 days for security and diagnostic purposes and is not used for profiling or marketing.
If you submit an enquiry via our contact or sign-up form, we collect:
Lawful basis: Legitimate interests (responding to your enquiry and assessing whether our service is suitable for your organisation).
Retention: Enquiry data is retained for 12 months, after which it is deleted unless you have become a subscriber.
When a care organisation subscribes to Care App, their staff and administrators enter data into the platform in the course of their work. This may include personal data relating to care clients (including health and care records, which are special category data under UK GDPR) and staff members.
As Data Processor, we process this data only to provide and maintain the service. The subscribing organisation (Data Controller) is responsible for ensuring their use of the platform has a lawful basis, and for responding to data subject rights requests from their staff and clients.
Our processing activities and obligations as Data Processor are set out in our Data Processing Agreement.
We use one sub-processor to deliver the Care App service:
We do not share personal data with any other third party for the purposes of delivering the Care App service.
| Processing activity | Lawful basis |
|---|---|
| Responding to website enquiries | Legitimate interests |
| Providing the Care App subscription service | Contract (with the subscribing organisation) |
| Processing care records within the platform | As Data Processor — on the instructions of the Data Controller (the subscribing organisation) |
| Maintaining security and audit logs | Legitimate interests / Legal obligation |
| Billing and financial records | Contract and Legal obligation (HMRC / Companies Act) |
| Data type | Retention period | Reason |
|---|---|---|
| Website enquiry data | 12 months | Legitimate interests — sales follow-up window |
| Server access logs | 30 days | Security and diagnostics |
| Client care records & support plans | 7 years post-discharge | Care sector best practice & potential legal claims |
| Medication records (MAR charts) | 2 years minimum | Medicines Management guidance |
| Incident & accident records | 3 years | Regulatory & insurance requirements |
| Staff records & timesheets | 6 years post-employment | Employment law & HMRC requirements |
| Financial & billing records | 6 years | Companies Act 2006 / HMRC |
| Audit logs | 3 years | GDPR accountability & regulatory inspection |
| Platform account data (post-termination) | 90 days | Data export window, then permanent deletion |
Care App does not use tracking or advertising cookies. We do not use Google Analytics or any third-party analytics service on this website or within the platform.
The Care App platform uses browser local storage and IndexedDB to maintain your login session via Firebase Authentication and to cache application data for offline use. This is strictly necessary for the service to function — without it you would be signed out every time you navigate between pages. No data stored in local storage is shared with third parties or used for advertising.
The care-app.uk website itself sets no cookies. Any session state from your browser is handled entirely client-side and is cleared when you sign out or close your browser session.
You have the following rights in relation to personal data we hold about you as Data Controller (i.e. your website enquiry data or our business relationship with you):
If your request relates to data held within the Care App platform (for example, your staff profile or a care record), please contact your organisation's administrator in the first instance, as they are the Data Controller for that data. We will support them in fulfilling any request we are required to assist with.
To exercise any of the above rights, contact us at hello@care-app.uk. We will respond within one calendar month.
In the event of a personal data breach affecting data for which we are the Data Controller, we will notify the ICO within 72 hours where required by law, and affected individuals without undue delay where there is a high risk to their rights and freedoms.
Where a breach affects data for which we are a Data Processor, we will notify the relevant Data Controller (the subscribing organisation) within 24 hours of becoming aware of the breach, in accordance with our Data Processing Agreement. Our full breach response procedure is set out in our Incident Response Procedure.
We do not transfer personal data outside the UK or EEA. All data is stored and processed in Google Cloud's europe-west2 (London) region. Google LLC participates in the UK GDPR international data transfer framework and standard contractual clauses are in place where required.
We may update this Privacy Policy from time to time. The date at the top of this page reflects the most recent revision. For material changes, we will notify subscribing organisations by email. Continued use of the service after a change constitutes acceptance of the updated policy.
Our Article 28 UK GDPR compliant DPA covering all processing obligations.
Technical and organisational security measures we have in place.
How we detect, contain, and report data breaches and security incidents.
The terms governing use of the Care App platform.
For any privacy-related queries or to exercise your rights:
If you are not satisfied with our response, you have the right to lodge a complaint with the UK supervisory authority:
Information Commissioner's Office (ICO)
ico.org.uk · 0303 123 1113 · Wycliffe House, Water Lane, Wilmslow, SK9 5AF