Privacy by design
Our commitment to your privacy
careful online is designed to protect the privacy of all those who use it and whose data is stored on it. We have adopted the Privacy by Design approach, which takes a pro-active approach to privacy within information technology, business practice and networks.
For more detailed information, please download our *Privacy Impact Assessment
To protect your privacy, we are committed to these principles:
1. Proactive not Reactive; Preventative not Remedial
The Privacy by Design approach anticipates and prevents invasions of privacy before they happen. We do not wait for privacy risks to materialize we aim to prevent them from occurring.
2. Privacy is our Default Setting
We ensure that personal data is automatically protected in any IT system or business practice that we use. No action is required by any clinician or patient to protect their privacy — it is built into the system, by default.
3. Privacy Embedded into Design
Privacy is an essential component at the heart of the processes - it is integral to the system, without diminishing functionality.
4. No compromise on functionality
We do not compromise on functionality – the system needs to work at its utmost for your benefit, and we do not trade that off against your privacy – you can, and should, have both.
5. End-to-End Security
We ensure security of data from start to finish, so that the full lifecycle is protected.
6. Visibility and Transparency
We advocate the maxim ‘trust, but verify’ and we live by that in our attitude to openness. We expect to be scrutinised and we operate in a visible and transparent way to enable that scrutiny.
7. It’s all about you!
We offer our users strong privacy defaults, appropriate notice, and user-friendly options.attitude to openness. We expect to be scrutinised and we operate in a visible and transparent way to enable that scrutiny.
Data Protection is everyone's responsibility
Just as we take care to ensure the privacy of your data, we ask you to make sure that the way you use data is in line with the law.
If you have downloaded one of the CAREFUL apps, or registered to use the CAREFUL platform, you agreed to the Careful Systems Ltd End User Licence Agreement (EULA).
When you did that, you agreed to:
- protect access to the information.
- keep any password, user ID or other access codes used to identify yourself as a user safe and secure, and ensure that these are not shared with any other user, individual or institution.
- ensure that the information that you enter, store or retrieve using the Careful Platform always complies with the terms and principles of the Data Protection Act (available at www.ico.org.uk) as well any other applicable laws.
- By law, the information must be used for lawful purposes and must be adequate, relevant and not excessive in relation to the purpose set out above.
- take all reasonable steps to ensure that you and other users cannot access or process the information when you, and they, no longer need to do so.
- ensure that no one without reasonable cause to have access to the information sees, hears or otherwise gains access to, or processes, the information.
The full End User Licence Agreement can be found here
All patient data must be recorded with consent
All patient data must be recorded with consent and it is good practice to make sure that patients consent to their data being stored.Recording your patients’ information on the CAREFUL system is considered to be disclosing patient data for direct care.
Guidance for doctors in this regard has been provided by the General Medical Council:
Confidentiality: good practice in handling patient information (2017)
Paragraph 13 of this guidance states:
Asking for a patient’s consent to disclose information shows respect, and is part of good communication between doctors and patients. Consent may be explicit or implied. Explicit (also known as express) consent is given when a patient actively agrees, either orally or in writing, to the use or disclosure of information.
Implied consent refers to circumstances in which it would be reasonable to infer that the patient agrees to the use of the information, even though this has not been directly expressed.
When adding patient data, we ask all users to tick a box which confirms that they have considered whether the patient has given consent for the storage of their data - and that they have, where appropriate, sought explicit consent for this. We would strongly urge all practitioners to gain explicit consent from patients where possible for the use of their data in the CAREFUL system.
Careful Systems Limited is committed to safeguarding the privacy of the data provided to us through our website; this policy sets out how we will treat your personal information. It covers the information we collect, the security with which we handle that information, how we may use the personal data you give us and what our legal obligations are.
What information do we collect?
We may collect, store and use the following kinds of personal information:
- about your visits to, and use of, this website;
- about any transactions carried out between you and us on, or in relation to, this website, including information relating to any purchases you make with us or enquiries relating to our services;
- that you provide to us for the purpose of registering with us and/or subscribing to our website services and/or email notifications;
- provided by our clients for the purpose of carrying out surveys, workshops or other activities the company undertakes.
Information about website visits
We may collect information about your computer (and your visits to this website) such as your IP address, geographical location, browser type, referral source, length of visit and number of page views. We may use this information in the administration of the site, to improve its usability, and for marketing purposes.
Using your personal data
- information which we think may be of interest to you, by post or by email according to your preferences;
- marketing communications relating to our business which we think may be of interest to you by post or, where you have specifically agreed to this, by email or similar technology (you can inform us at any time if you no longer require marketing communications to be sent by emailing us at firstname.lastname@example.org).
- We will not provide your personal information to any third parties for the purpose of direct marketing. We may share your personal information with other services and sites on the internet in order to help us manage our business. We will take all reasonable steps to ensure that their privacy policies and data security protect your data appropriately.
- to the extent that we are required to do so by law;
- in connection with any legal proceedings or prospective legal proceedings;
- in order to establish, exercise or defend our legal rights (including providing information to others for the purposes of fraud prevention and reducing credit risk.
Security of your personal data
We will take reasonable precautions to prevent the loss, misuse or alteration of your personal information. Data transmission over unencrypted internet connections is inherently insecure, and we cannot guarantee the security of data sent over the internet in this way. As a company incorporated in England, we must and will comply with the requirements of the Data Protection Act 1998.
Third party websites
Where this website contains links to other websites, we are not responsible for the privacy policies of these.