1. Our Commitment to Data Protection
At Wisterias CMS, protecting your personal information and complying with data protection laws is one of our highest priorities.
This policy outlines how we meet the requirements of the UK General Data Protection Regulation (UK GDPR) when delivering our care management software services.
2. Understanding the GDPR
The General Data Protection Regulation (GDPR) is a law originally established by the European Union in 2018 to strengthen individuals’ rights over their personal data.
Following Brexit, the GDPR has been retained in UK law as the UK GDPR, alongside the Data Protection Act 2018.
The goal remains the same: giving individuals more control over how their information is collected, stored, and used.
3. Why It Matters for Care Providers
If you manage personal care information, you are classified as a Data Controller under the law.
Because health and care data is considered special category data, you have extra responsibilities, including:
Knowing exactly what personal data you collect and why
Keeping only essential data, nothing unnecessary
Storing information securely, digitally or physically
Appointing a Data Protection Officer (DPO) if required
Conducting Data Protection Impact Assessments (DPIAs) when necessary
Updating your policies and staff training to meet legal standards
4. Your Responsibilities When Using Our Software
When using our Care Management platform (Care Office and Carer App), you are hosting and processing personal information about service users.
We support you by:
Providing secure, encrypted cloud storage within the UK/EU
Ensuring our systems meet or exceed all current legal standards
However, as the Data Controller, you remain responsible for:
How your organisation collects and uses personal data
Informing service users about how their data is used
Responding to any data subject rights requests
5. How We Keep Data Secure
We have built security into every level of our system, including:
Full audit trails of activity across Care Office and Carer App
AES-256 data encryption at rest, SSL in transit
Secure login systems, including 4-digit PINs for app access
Optional shift passwords for session security
Ongoing compliance with the UK GDPR and Data Protection Act 2018
In the unlikely event of a data breach, we are committed to notifying our clients promptly as required by law.
6. Your Best Practices for Using Our System
To maximise security, we recommend that you:
Assign individual logins for each staff member
Never share login details or passwords
Change shift passwords regularly if used
Keep the mobile app updated
Install and maintain antivirus protection on all devices
7. Individual Rights Under GDPR
| Right | What It Means for You |
|---|
| Right to be Informed | You must explain how data is collected and used. |
| Right of Access | Individuals can request copies of their data. |
| Right to Rectification | You must correct inaccurate or incomplete data. |
| Right to Erasure (“Right to be Forgotten”) | Individuals can ask for data to be deleted (subject to care regulations). |
| Right to Restrict Processing | They can ask you to temporarily stop using their data. |
| Right to Data Portability | You must provide data in a portable, easy-to-transfer format. |
| Right to Object | They can object to how their data is being used. |
| Rights Related to Automated Decision-Making | You must explain and avoid fully automated decisions. (Note: We do not use automated decision-making.) |
Our Platform:
We make it easy for you to access, edit, export, or delete data as needed to respond to requests.
8. Our Approach to GDPR Compliance
Privacy and security are core principles in our system design
All client and service user data is encrypted and secured
We use trusted UK/EU-based cloud providers (same as HMRC)
We work with expert external Data Protection Officers (DPOs)
Policies and processes are regularly reviewed and updated
9. Getting Started the Right Way
When onboarding with our platform, we recommend:
Informing families and service users about the digital care system
Training staff on privacy responsibilities
Regularly reviewing data collection to ensure only essential information is retained
10. Questions About Data Protection?
We’re here to help you meet your responsibilities.
Contact Us:
Wisterias CMS
International House, 61 Mosley Street, Manchester, England, M2 3HZ
📧 info@wisterias.co.uk
