Health Automated Ltd – Digital Care Management
Effective date: December 2025
Health Automated Ltd (“we”, “us”, or “our”) provides digital care management services, including care coordination, monitoring, and automated health workflows (“Services”).
We are committed to protecting personal data and comply with the UK General Data Protection Regulation (UK GDPR), the EU GDPR where applicable, and the Data Protection Act 2018.—
1. Data Controller
Health Automated Ltd
Registered in the United Kingdom
C/O Andrew Smith Bookkeeping Services Limited
Kingsley House
106 Milton Street
Northampton
Northamptonshire
United Kingdom
NN2 7JF
Email: hello@healthautomated.online
In some care settings, Health Automated Ltd may act as a Data Processor on behalf of healthcare providers, commissioners, or care organisations who act as the Data Controller.
—
2. Scope
This Privacy Policy applies to:
Digital care management platforms
Mobile and web applications
Care coordination and monitoring tools
Automated care workflows and reporting systems
—
3. Personal Data We Process
a. Identity & Contact Data
Name
Date of birth
Email address
Phone number
User account identifiers
b. Care & Health Data (Special Category Data)
Care plans and care pathways
Health observations and monitoring data
Assessments, notes, and outcomes
App-entered health information
Appointment and interaction records
This data is classified as special category personal data under GDPR.
c. Professional & Organisational Data
Care provider or organisation details
Role-based access information
Professional notes and communications
d. Technical & Usage Data
Device and browser information
IP address
Log files and usage analytics
Security and audit logs
—
4. How We Use Personal Data
We process personal data to:
Deliver digital care management services
Support care coordination and continuity of care
Enable monitoring, alerts, and automation
Maintain accurate care records
Provide system administration and user support
Improve service performance and safety
Meet regulatory, clinical governance, and legal obligations
—
5. Lawful Bases for Processing
We process personal data under the following legal bases:
General Personal Data
Performance of a contract
Legal obligation
Legitimate interests
Health & Care Data (Article 9 GDPR)
Provision of health or social care
Public interest in healthcare
Explicit consent, where required
Health or social care management systems
—
6. Hosting & Data Location
Data is hosted and processed within the United Kingdom, or in compliant jurisdictions with appropriate safeguards.
We apply strong technical and organisational security measures to protect care data.
—
7. Data Sharing
We do not sell personal data.
Data may be shared only with:
Healthcare providers, care organisations, or commissioners involved in a person’s care
Approved service providers (hosting, infrastructure, analytics)
Regulators or authorities where legally required
All data sharing is governed by data processing agreements and GDPR safeguards.
—
8. Access Controls & Confidentiality
Role-based access controls ensure users can only access data relevant to their role
Audit logs are maintained
Staff and partners are bound by confidentiality obligations
—
9. Data Retention
Care records and personal data are retained:
In line with healthcare record retention requirements
For the duration of service provision
As required by law or contractual obligations
Data is securely deleted or anonymised when no longer required.
—
10. Your Data Protection Rights
Individuals have the right to:
Access their personal data
Request correction of inaccurate data
Request erasure where legally applicable
Restrict or object to processing
Data portability
Withdraw consent (where consent is the lawful basis)
Complaints may be made to the UK Information Commissioner’s Office (ICO)
https://ico.org.uk
—
11. Security Measures
We use appropriate safeguards including:
Encrypted data transmission and storage
Secure UK-based hosting
Access controls and authentication
Monitoring, logging, and incident response procedures
—
12. Children & Vulnerable Individuals
Our digital care management services may be used by or on behalf of children or vulnerable adults where legally permitted and under appropriate authority, consent, or safeguarding arrangements.
—
13. International Transfers
Where data is transferred outside the UK, we ensure:
Adequacy decisions or safeguards
Compliance with UK GDPR transfer requirements
—
14. Changes to This Policy
We may update this Privacy Policy to reflect changes in law, regulation, or services.
Updates will be published within our applications or websites.
—
15. Contact Information
For privacy queries or rights requests, contact:
Health Automated Ltd
Email: hello@healthautomated.online