Evalucom Consulting Ltd Privacy and Cookies Policy
1. Introduction
We are committed to safeguarding the privacy of our website visitors and CarePulse platform users. In this Privacy and Cookies Policy (“Policy”), “Evalucom” or “we” or “us” or “our” refers to Evalucom Consulting Ltd. For the purpose of the General Data Protection Regulation (GDPR), the UK General Data Protection Regulation (UK GDPR), the UK Data Protection Act 2018, where we act as a data controller, the data controller is Evalucom Consulting Ltd.
Our Policy explains:
What information we collect and why we collect it;
How we use that information;
The options you have over the way we use information; and
The cookies we use when you access our website and platform (see Cookies section below).
Please read this Policy carefully.
2. What information we collect
We collect and process the information set out in this section in the course of your use of:
(a) our website - https://www.evalucom.co.uk/ as a visitor; or
(b) our platform – CarePulse as a registered user (the “Services”):
(a) If you are a visitor on our website, we collect:
Enquiry data – name, email address and any other additional details provided by you when you make an enquiry either through our website form or via email. The lawful basis for this processing is our legitimate interests, namely the proper administration of our business and Services.
Recruitment data – your CV, cover letter and any other additional information provided by you when you apply for our job opportunities. Recruitment data is processed for the purposes of processing your application if you apply for a job with us. The legal basis for this processing is our legitimate interests, namely to grow our business.
(b) If you are a registered CarePulse user, and / or if we provide you and your organisation with our Services, we collect:
Contact information – your name, email address, telephone number, job title and organisation. We may also receive this information from other persons in your organisation who are authorised to provide these details on your behalf. Please note that your organisation’s privacy policy should set out the way your personal data is handled by your organisation. The lawful bases for this processing are: (i) performance of contract with your organisation in order to contact you, provide our Services and to register you as a user of CarePulse and/or CarePulse eProcurement; and/or (ii) our legitimate interests, namely the proper administration of our business and Services when you use CarePulse.
Usage data – information about your IP address, geographical location, as well as information about the timing, frequency and pattern of your Service use. We are only able to do this if you accept the relevant cookies via the cookie controls available on the banner on our website. The lawful basis for this processing is our legitimate interests, namely monitoring and improving our Services.
(c) For all users:
Our website and platform are not intended for children, and we do not knowingly collect data relating to children.
We do not collect any special categories of data about you (i.e. information about your race or ethnicity religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.
3. Change of purpose
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us.
If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
4. Providing your personal data to others
Health and social care providers (including care homes and domiciliary care providers) using CarePulse
We regularly share contact information of data subjects identified as the point of contact with NHS organisations and local authorities so that they can contact your organisation regarding the services you deliver.
All Service users
We may also disclose your personal data to third parties:
in the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets; or
if we or substantially all of our assets are acquired by a third party, in which case personal data held by us about our customers will be one of the transferred assets; or
if we are under a duty to disclose or share your personal data in order to comply with any legal obligation; or
to protect our rights, property, or safety or that of our affiliated entities and our users and any third party we interact with the to provide the Services; or
Other than as set out above and save insofar as is necessary in order for us to carry out our obligations arising from any contracts entered into between your organisation and us, we will not share your data with third parties unless we have procured your express consent to do so.
5. Our sub-processors
In order to provide our Services, we have engaged sub-processors. Additional details in relation to our obligations as a data processor are set out in the data processing agreement between us and your organisation.
Our sub-processors are:
Name | Purpose | Contact details |
Amazon Web Services | To store data when you use our CarePulse platform | |
Google Analytics | To measure the use of our website to help us improve it based on your needs. | https://support.google.com/analytics/gethelp?sjid=13323072254408930577-EU |
Posthog Cloud | To measure the use of our website to help us improve it based on your needs. | |
SendGrid | Email delivery | |
Heroku | Hosting | |
Vercel | Hosting | |
Functional Software, Inc. (Also known as Sentry) | Error monitoring |
6. How we protect your information
We believe that it is important for the personal information you provide to be used responsibly. As such, we have internal policies in place to protect your personal information from accidental loss, use or access in an unauthorised way, misuse, alteration or unintentional destruction. Employees within our organisation who have access to your information have been trained to maintain the confidentiality of such information and access to your personal data is limited to those who have a genuine business need to know it.
We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to the website or platform; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
7. Keeping your personal data up to date
If your personal details change you may update them by accessing the relevant page on CarePulse or by contacting us using the details below. We will endeavour to update your personal data within 14 working days of any new or updated personal data being provided to us, in order to ensure that the personal data we hold about you is as accurate and up to date as possible.
8. Where we store your personal data
Your information is securely stored in the cloud, hosted by Microsoft 365 and Amazon Web Services. The servers are located in the UK and the Republic of Ireland.
We do not transfer your personal data outside the UK / European Economic Area (EEA). However, in the event we transfer your personal data to a country without an adequacy decision from the UK/EEA, any such transfer will be subject to standard contractual clauses approved by the UK’s Information Commissioner’s Office and/or the European Commission and any other appropriate safeguards which may be applicable to such transfers.
If you would like further information, please contact us using the details below.
9. Your rights
In this section we have summarised the rights that you have under the UK GDPR in relation to the personal data that we collect from you.
You may exercise any of your rights in relation to your personal data by contacting us using the contact details at the bottom of this page.
In summary, your principal rights include:
access to your personal data and to certain other supplementary information that this Policy is already designed to address;
require us to correct any mistakes in your information which we hold;
require the erasure of personal data concerning you in certain situations;
receive the personal data concerning you which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those data to a third party in certain situations;
object at any time to processing of personal data concerning you for direct marketing;
object to decisions being taken by automated means which produce legal effects concerning you or similarly significantly affect you;
object in certain other situations to our continued processing of your personal data;
otherwise restrict our processing of your personal data in certain circumstances;
claim compensation for damages caused by our breach of any data protection laws.
For further information on each of those rights, including the circumstances in which they apply, see the Guidance from the UK Information Commissioner’s Office (ICO) on individuals rights under the General Data Protection Regulation. If you would like to exercise any of those rights, please:
email us at info@evalucom.co.uk;
let us have enough information to identify you (e.g. registration details);
let us have proof of your identity and address (a copy of your driving licence or passport and a recent utility bill or bank statement); and
let us know the information to which your request relates.
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances.
10. Data retention
Your personal data is stored only as long as is necessary for us to carry out the above purposes.
The length of time we keep your personal data depends on what it is and whether we have ongoing need to keep it. When there is no longer a need to keep the data, we will delete or anonymise the data in accordance with our data retention policies and practice.
If your data is stored in relation to a contract between you and a public authority (including NHS Integrated Care Boards), we will hold a record of that information for 6 years following expiry of the contract.
CarePulse user accounts
Your data will be retained while you have an active CarePulse account. You can close your CarePulse user account at any time through your account page or by contacting us at CarePulse@CarePulse.co.uk. We will retain your personal data for 30 days following closure of your account.
Where you have created an account on CarePulse but it is not being used, we will close your account automatically after 3 years of inactivity.
CarePulse eProcurement user details
If your data is collected in relation to the CarePulse eProcurement system, then if the outcome of your application is successful and you subsequently enter into a contract, we will hold a record of your information for 6 years following expiry of the contract.
If your application is not successful, or you are successful but do not enter into a contract, or you do not submit your application, we will hold a record of your professional contact information for up to 3 years following the application deadline.
Enquiry data
If you contact us to enquire about our Services, we will hold your information for a period of 1 year from the date of the enquiry unless you register for our Services in which case, we will hold your data in accordance with the retention periods set out above.
Recruitment data
If you apply for a job opportunity with us, we will hold your information for a period of 1 year from the date of your application unless you are employed by us in which case we will continue to hold your information as part of your employment record.
11. Cookies
We use cookies to enhance your user experience of CarePulse once you have logged in, and only if you choose to allow cookies that are not strictly necessary. We only use strictly necessary cookies on our website. If we implement other cookies on our website, this will be under your control via a cookie banner. The cookies we use include:
"Analytical" cookies. They allow us to recognise and count the number of visitors and to see how visitors move around the website and platform when they are using it. This helps us to improve the way our website and platform works, for example, by ensuring that users are finding what they are looking for easily.
"Strictly necessary" cookies. These are cookies that are required for the operation of our website and platform. They include, for example, cookies that enable you to log into secure areas of our platform.
"Functionality" cookies. These are used to recognise you when you return to our website and platform. This enables us to personalise our content for you, greet you by name and remember your preferences (for example, your choice of language or region).
Below are the details on the types of cookies we use and what they are used for:
Cookie type | Cookie details | Website and/or CarePulse |
Necessary | csrftoken: A randomly generated passphrase that acts as security protection to prevent other sites from making requests on your behalf Expiry period: 1 year | CarePulse |
Necessary | sessionid: Tracks an anonymous session to be able to handle data on a per-site-visitor basis, e.g. dismissing an announcement without a user account Expiry period: 1 month | CarePulse |
Analytical | __ga: Used to distinguish users Expiry period: 400 days | CarePulse |
Analytical | _ga_K8L60KPT7L: Used to persist session state. Expiry period: 400 days | CarePulse |
Cookies which are strictly necessary for the core functionality of the website and platform are enabled by default, and set automatically at the point you access the website and platform.
Any cookies which are not strictly necessary for the functioning of the website and CarePulse will not be set unless you expressly consent to them through the cookie banner by clicking “accept”.
You may block cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies. However, if you use your browser settings to block all cookies (including essential cookies) you may not be able to access all or parts of the website and/or platform. Except for essential cookies, optional cookies will expire as set out above.
12. Changes to this Policy
This Policy may be changed from time to time. We will post any changes and you will be notified of such change to this Policy on our website. Your continued use of our Services shall be deemed as your acceptance of the varied Policy.
13. Contact us
If you have questions or comments about our administration of your personal information, please contact us at info@evalucom.co.uk. You may also use this address to communicate any concerns you may have regarding our compliance with this Policy.
Evalucom Consulting Ltd. VAT Registration No.: 899541850 Company number: 6195102 Registered Address: 20-22, Wenlock Road, London, England, N1 7GU
14. How to complain
The General Data Protection Regulation and the UK GDPR also give you the right to lodge a complaint with a supervisory authority, in particular in the European Union (or European Economic Area) state or the UK where you work, normally live or where any alleged infringement of data protection laws occurred. The supervisory authority in the UK is the Information Commissioner’s Office (ICO) who may be contacted at:
Address: Information Commissioner’s Office Wycliffe House Water Lane Wilmslow Cheshire SK9 5AF Helpline number: 0303 123 1113 ICO website: https://www.ico.org.uk
This Policy was last updated on: 5 June 2023.