Our commitment to data protection under UK GDPR and the Data Protection Act 2018
Nookly Ltd is fully committed to complying with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 (DPA 2018). We understand the sensitive nature of care data and treat data protection as a fundamental responsibility — not a legal formality.
We are registered with the Information Commissioner's Office (ICO) and take all reasonable steps to ensure your data is handled lawfully, fairly, and transparently.
Nookly Ltd is the data controller for:
When care providers use the Nookly platform to record information about residents and service users, Nookly acts as a data processor on behalf of the care provider (who is the data controller). We process this data strictly according to the care provider's instructions and our Data Processing Agreement (DPA).
Care providers are responsible for ensuring they have appropriate legal bases to process the personal and special category data of the people in their care.
We process personal data under the following lawful bases:
For special category data (health information in care records), we rely on:
As a data subject, you have the following rights. To exercise any of these rights, contact us at nooklycare@gmail.com. We will respond within 30 days.
Request a copy of the personal data we hold about you (Subject Access Request)
Ask us to correct inaccurate or incomplete personal data
Request deletion of your data where there is no compelling reason to continue processing
Ask us to limit how we use your data in certain circumstances
Receive your data in a structured, machine-readable format
Object to processing based on legitimate interests or for direct marketing
You also have the right to withdraw consent at any time where processing is based on consent, and the right to lodge a complaint with the ICO at ico.org.uk or by calling 0303 123 1113.
We store and process all personal data within the United Kingdom. Where we use third-party service providers located outside the UK, we ensure appropriate safeguards are in place (such as UK adequacy regulations or standard contractual clauses) before any transfer occurs.
We implement technical and organisational measures to protect personal data including:
In the event of a personal data breach that is likely to result in a risk to individuals' rights and freedoms, we will:
To report a suspected data breach, contact us immediately at nooklycare@gmail.com
As required by UK GDPR Article 28, Nookly enters into Data Processing Agreements (DPAs) with all care provider organisations that use our platform. The DPA sets out:
To request a copy of our standard Data Processing Agreement, contact nooklycare@gmail.com