Privacy Notice

Effective from November, 2024

Who are we?

We are Birdie Care Services Limited, a company incorporated in England and Wales with registered number 10863579 at Companies House and whose registered office is at 3rd Floor, 1 Ashley Road, Altrincham, Cheshire, WA14 2DT.
Our Data Protection Officer can be reached by emailing dpo@Birdie.care

Our role

Birdie plays a dual role when it comes to processing. In some situations, we act as a Controller, in others, we are the Processor. When we are a Processor of personal data, we are doing so purely on the instruction of another company (the Controller). If you are a patient or healthcare professional, then that company is likely to be the care provider. To find out more about how your data is protected by them, you should contact them directly.


Birdie, does on occasion, act as a Controller. That will usually be the data of potential and existing employees, suppliers, product testers, investors, website users and then technical data when you use our app. Being a Controller means that we are trusted to look after and deal with your personal information in accordance with this notice. We determine the ways and means of processing your data and must therefore be accountable for it. This privacy notice refers to the data we process as a Controller only.


Note: If you are a user of the service then we are obligated to maintain an audit log of access to NHS systems (like GP Connect). We are the Controller of this data. Data processed will be your name, who you work for and a log of your access. Our lawful basis for processing is legal obligation and we retain the data for 6 years in line with NHS guidance.

Technical and operational security

All data is password protected, access controlled, backed up securely and encrypted when appropriate. All employees are trained in data protection and are aware of their obligations to ensure the privacy of all data subjects. Data Privacy by Design and Default is an integral part of our development processes. All devices are protected by a leading enterprise mobility management technology. For detailed security information please see our security page.


Your rights

As a data subject, you have a number of rights over your personal data under the Data Protection Laws. If you wish to exercise any of your rights, please contact us on dpo@birdie.care.

  • Right of access: You can request access to a copy of the personal data which we hold about you, as well as details about why and how we use;
  • Right to rectification: You can ask us to change or complete any personal data we hold about you which is inaccurate or incomplete;
  • Right to be forgotten/erasure: You have a right, under certain circumstances, to ask us to delete any personal data we hold about Please note that there may be situations where we must retain your personal data after a request for erasure where we have a lawful basis for doing so;
  • Right of restriction: You can ask us to restrict (i.e. prevent) the processing of your personal data where you have objected to our use of it and we have no lawful basis to continue processing your personal data;
  • Right of data portability: In certain circumstances, you can ask us to transfer the data we hold about you to another entity. This would be sent in a structured, commonly used, electronic form;
  • Right to object: You can object to us using your personal data for particular purposes; and
  • Automated decision making: You have a right not to be subjected to automated decision making and profiling in certain circumstances. We do not use your personal data in any automated processes to make decisions about you

If you want to exercise any of these rights, please just contact us on dpo@birdie.care.

You also have the right to lodge a complaint about our processing with a supervisory authority — in the UK that is the ICO whose details are here: https://ico.org.uk/make-a-complaint/data-protection-complaints/data-protection-complaints/

What happens if Birdie changes hands?

We may, from time to time, expand or reduce our business and this may involve the sale and/or the transfer of control of all or part of our business. Any personal data that you have provided will, where it is relevant to any part of our business that is being transferred, be transferred along with that part and the new owner or newly controlling party will, depending on the lawful basis, be permitted to use that data only for the same purposes for which it was originally collected by us.

In the event that any of your data is to be transferred in such a manner, you will be contacted in advance and informed of the changes.

Changes to our Privacy Notice

We may change this Privacy Policy from time to time (for example, if the law changes). We recommend that you check this page regularly to keep up-to-date. If we make any material changes to the manner in which we process and use your personal data, we will contact you to let you know about the change.

Corporate Client Privacy Notice

Data that we hold and how we use it

As a corporate client, we hold the contact and payment details required to carry out our contract with you, manage our relationship and keep you up to date with changes and improvements to our services. This data would have been sourced from you directly.

‍Lawful basis for processing

Our lawful basis for processing your data is Legitimate Interest. We use legitimate interest when we use your data to keep you up to date with changes and improvements to our goods and services. Results of a legitimate interest balancing test indicate that this use is pursuing a legitimate interest, is necessary for the purpose of keeping you updated and growing our business, and unlikely to cause you risk or harm.

‍Data Sharing and Transfers

Like most companies, we use a number of other companies as part of our data processing, for example, cloud services and technology services. We have Data Processing Agreements in place with these providers. Where data is transferred outside of the EEA, we ensure that appropriate protection and mechanisms are in place, for example, Standard Contractual Clauses or the UK IDTA. We do not sell your data to anybody and we do not share it with anyone other than our contracted processors.

‍Retention Periods

We hold data on Corporate Clients for the length of time that you are a client of ours, then another 7 years in case of any dispute.

If you provide feedback to us via the agency hub or carer app

We occasionally present surveys to you in the Agency Hub or the Birdie App. These surveys are optional to complete. If you do complete the survey then we will attribute your responses, including your job role to you in our system and will maintain those responses for the length of time that we have a contract with the agency. We use the responses to understand your
         
experience with Birdie, identify areas of improvement and also ensure that service messages reach the correct audience. Our lawful basis for processing your data is legitimate interest.

Potential Employee Privacy Notice

Data that we hold and how we use it

As a potential employee we hold the following information on you: Name, CV/Resume, Industry qualifications/experience, Salary expectations, Contact details, Interview notes, References, Educational background/qualifications, Pre-employment check results.
We will also use your contact details to email you after the process to gather feedback on your experience. Responses are optional and you can opt out by just letting us know at any point.

‍Lawful basis for processing

Our lawful basis for processing your data is a combination of contract, legitimate interest, legal obligation and consent, depending on the process. On the whole, we are processing the data to create and maintain a relationship with you and test your suitability for the role. As the journey towards onboarding progresses, we are obliged by law to do certain checks, such as your eligibility to work in the UK.
The data we hold on you would have come directly from you or from an agency, where you have applied for the role. If we did not source the data directly from you then we will contact you within one month to let you know the details of processing.
We do not carry out automated decision making on your personal data.

‍Data Sharing and Transfers

Like most companies, we use a number of other companies as part of our data processing, for example, cloud services and technology services. We have Data Processing Agreements in place with these providers. Where data is transferred outside of the EEA, we ensure that appropriate protection and mechanisms are in place, for example, Standard Contractual Clauses or the UK IDTA. We do not sell your data to anybody and we do not share it with anyone other than our contracted processors.

‍Retention Periods

We hold data on potential employees for various periods, depending on the situation. If you were unsuccessful and we want to stay in touch then we will ask your consent to hold that data for a further 12 months, in case of another role being suitable in that time.
If you were not a good fit for the role and not short listed then your data is deleted as soon as it is no longer needed. If you were shortlisted, but did not get the role then we keep your data until the successful candidate passes their probation period (4 months). After that we will ask your consent to hold the data for a further 12 months. If consent is not given then the data will be deleted.
If you did get the role you applied for then you become an employee and the employee privacy notice will apply.

Employee Privacy Notice

If you are an employee of Birdie Care Services Ltd, please refer to the Fair Processing Notice that is stored in the Employee Handbook.

Potential Corporate Client Privacy Notice

Data that we hold and how we use it

As a potential client, we hold your name, job title and corporate contact details so we can build a relationship with you. This data will have been sourced directly from you at an event, or from your company website or a similar publicly available source. We only hold your data if we legitimately think you will have an interest in using our product. If we call you, we sometimes like to record the calls to help ensure that we are giving you the best experience and to help train our staff and analyse our performance. If we do this, we will always ask for your consent.

‍Lawful basis for processing

Our lawful basis for processing your data is Legitimate Interest for marketing purposes. As you are a corporate entity, we also abide by the Privacy and Electronic Communications Regulations (PECR). We give you the change to opt-out of all marketing on anything that we send you. We only share details of our own goods and services in our marketing. If your data was not sourced directly from you, then we contact you once we have the data to let you know that we have your data and give you the chance to opt-out. Our legitimate interest balancing test indicates that this is a legitimate purpose: you would not be surprised to hear from us based on the nature of your job role, and our processing does not cause any harm or risk to you as a data subject. If we record calls, we do so only with your consent.

‍Data Sharing and Transfers

Like most companies, we use a number of other companies as part of our data processing, for example, cloud services and technology services. We have Data Processing Agreements in place with these providers. Where data is transferred outside of the EEA, we ensure that appropriate protection and mechanisms are in place, for example, Standard Contractual Clauses. We do not sell your data to anybody and we do not share it with anyone other than our contracted processors.

‍Retention Periods

We hold data on Potential Corporate Clients for as long as we think you are likely to be interested in our goods and services, or until the point at which you opt out of communications. At this point you are added to a suppression list so we do not contact you again. When you become a Corporate Client, then the privacy Notice for Corporate Clients will apply.

Investor/Shareholder Privacy Notice

Data that we hold and how we use it

As an investor or private shareholder in Birdie Care Services Ltd, we hold your contact details. This data would have been sourced from you directly.

‍Lawful basis for processing

Our lawful basis for processing your data is a legal obligation; we are legally obliged to document who the owners of our business are.

Data Sharing and Transfers

Like most companies, we use a number of other companies as part of our data processing, for example, cloud services and technology services. We have Data Processing Agreements
in place with these providers. Where data is transferred outside of the EEA, we ensure that appropriate protection and mechanisms are in place, for example, Standard Contractual Clauses. We do not sell your data to anybody and we do not share it with anyone other than our contracted processors.
We share your contact details in line with our regulatory requirements, so will be listed in official documents such as company filings and would be used in any potential data room.

‍Retention Periods

As a shareholder/investor we hold your information for as long as we are legally required to do so.

App User Privacy Notice

Data that we hold and how we use it

As app user, you provide some data to enter into a contract with us and use the app. This will be your contact details. We also process data about the way you use our app, including your IP address and browsing time. This helps us to optimise the performance of our app, monitor it for security purposes and drive improvements for our users. We also use essential cookies for our in-app customer service capability to work.
We also process your data so we can drive improvements to the app and to allow bug reporting and analysis. We ask your consent to drop any unnecessary cookies needed for this.
We use your contact details to send you service updates.

Lawful basis for processing

Our lawful basis for processing your data is a combination of Contract, Legitimate Interest and Consent. We use your contact details to provide you with the app and the appropriate technical support as needed, as well as service messages; this is our contract with you. We use legitimate interest when we use your data to improve the performance of the app, process your data for marketing purposes, and protect it from illegal use. Results of a legitimate interest balancing test indicate that this use is pursuing a legitimate interest, and unlikely to cause you risk or harm. When we send marketing messages to you, we rely on consent under Privacy and Electronic Communications Regulations (PECR). This consent is collected via the app. We are aware that as an employee of a corporate subscriber, we could send marketing messages without consent. However, we feel that consent is a better option for you in this instance. You can withdraw this consent at any time.

Data Sharing and Transfers

Like most companies, we use a number of other companies as part of our data processing, for example, cloud services and technology services. We have Data Processing Agreements in place with these providers. Where data is transferred outside of the EEA, we ensure that appropriate protection and mechanisms are in place, for example, Standard Contractual Clauses. We do not sell your data to anybody and we do not share it with anyone other than our contracted processors.

‍Retention Periods

We hold data used to fulfill the contract for 12 months after the termination of the contract. We delete log data 12 months after you cease using the app. We remove you from our marketing database, onto a suppression list, when you opt-out of receiving communications from us.

Website Browsing and Chatbot Privacy Notice

Read more about the cookies we use on our website in our Cookie Policy.

Any personal data that we collect as a result of you having consent to cookies will usually only contain your IP address and device data, which doesn’t directly identify you, but is still considered to be personal data. We aggregate this data to look at common trends in website usage and also to help us identify and fix any issues. We also combine the cookie data with data we already hold to build a picture of our customer journey. IP addresses are used to identify which company you may work for. When you use our chatbot, you will have consented to the cookie that is used to drop it via the cookie menu. There is also a second cookie that is essential as it allows your chat to be available to you even if you switch pages on our site

We ask for your work email address and process this to communicate with you and to keep you up to date with all things Birdie. If you don’t wish to hear from us, just click the unsubscribe link in any communication that we send you.The contents of you chat will be retained on our servers for 24 hours, after which they will be permanently deleted.

Please be aware that answers to your questions are based on a pre-built answer library, you are not speaking to a human being.Our lawful basis for processing this data is legitimate interest.

Product Tester Privacy Notice

Data that we hold and how we use it

As a tester for our products, we hold your contact details so we can stay in touch with you. If you have tested a product for us, we will have a screenshot or video of your actions within the product, as well as information about your device and any audio that you have shared with us during our test sessions.

Lawful basis for processing

Our lawful basis for processing your data is Legitimate Interest. Results of a legitimate interest balancing test indicate that this use is pursuing a legitimate interest, is necessary for the purpose of gaining feedback to improve our product, and unlikely to cause you risk or harm.

Data Sharing and Transfers

Like most companies, we use a number of other companies as part of our data processing, for example, cloud services and technology services. We have Data Processing Agreements in place with these providers. Where data is transferred outside of the EEA, we ensure that appropriate protection and mechanisms are in place, for example, Standard Contractual Clauses or the UK IDTA. We do not sell your data to anybody and we do not share it with anyone other than our contracted processors.

Retention Periods

We hold the screen recordings, notes from our meetings and audio for 3 months, earlier if we no longer need them for the purpose that they were collected. We will hold your contact details for up to 7 years so we can contact you again to do future testing, unless you tell us you no longer wish to be a product tester.

‍Stand visitor

Data that we hold and how we use it

If you visit our stand at an event then we will ask for your name, email address and the company that you work for. This is captured via an online form on our website and is transferred immediately to our CRM system. This data is then used to contact you after the event for feedback or to have a follow up conversation with you by phone or email. If we call you, we sometimes like to record the calls to help ensure that we are giving you the best experience and to help train our staff and analyse our performance. If we do this, we will always ask for your consent.

We sometimes take photos/videos at our events. These are used as crowd shots for our website and social media. If we take individual and clearly identifiable images that we would like to use more widely, then we will ask you to sign an image release form.

Lawful basis for processing

Our lawful basis for processing your data is a Legitimate Interest for marketing purposes, as you have expressed an interest in the Birdie platform. As you are a corporate entity, we also abide by the Privacy and Electronic Communications Regulations (PECR), when we email you and we give you the chance to opt-out of all marketing on anything that we send you. We only share details of our own goods and services in our marketing.. Our legitimate interest balancing test indicates that this is a legitimate purpose: you would not be surprised to hear from us based on our previous interaction at the stand, and our processing does not cause any harm or risk to you as a data subject.

We get that sometimes you just provide your details to get some Birdie conference swag, and that’s fine. Just tell us at the time that you don’t want us to contact you, or click the unsubscribe in the first email you send you. We always honour unsubscribes. If we record phone calls, we do so only with your consent. We use legitimate interest for marketing purposes when we use crowd shot images and also for any images where we have asked for a signed release form.

Data Sharing and Transfers

Like most companies, we use a number of other companies as part of our data processing, for example, cloud services and technology services. We have Data Processing Agreements in place with these providers. Where data is transferred outside of the EEA, we ensure that appropriate protection and mechanisms are in place, for example, Standard Contractual Clauses or the UK IDTA. We do not sell your data to anybody and we do not share it with anyone other than our contracted processors.

Retention Periods

We hold data on Potential Corporate Clients for as long as we think you are likely to be interested in our goods and services, or until the point at which you opt out of communications. At this point you are added to a suppression list so we do not contact you again. When you become a Corporate Client, then the privacy Notice for Corporate Clients will apply.

Prize Draw Privacy Notice

Data that we hold and how we use it

If you have provided your name and email address to be included into a prize draw, as a result of completing a survey, then we will process those along with your job role. Your name and email will be used for the purposes of administrating the prize draw. Your job title is used only as part of the survey. If we already had your details on file, as a potential client, prior to you adding them for the prize draw, then that data is also used to keep you up to date with our good/service. (See our potential client privacy notice here.)

‍Lawful basis for processing

Our lawful basis for processing your data is a Legitimate Interest as the data is necessary to facilitate the running of the prize draw and administer prizes. Our legitimate interest balancing test shows that this processing is balanced against your interests, rights and freedoms.

‍Data Sharing and Transfers

Like most companies, we use a number of other companies as part of our data processing, for example, cloud services and technology services. We have Data Processing Agreements in place with these providers. Where data is transferred outside of the EEA, we ensure that appropriate protection and mechanisms are in place, for example, Standard Contractual Clauses or the UK IDTA. We do not sell your data to anybody and we do not share it with anyone other than our contracted processors.

‍Retention Periods

We hold data to administer the prize draw for 2 months after the closing date. Where you provided your job title, this is only associated with your name and email address until the end of the feedback survey, after which it, along with all other responses, are permanently separated from the email address and name provided for the prize drawer, rendering the responses anonymous.

Table of contents