1
Who we are
Nookly Ltd ("Nookly", "we", "us", "our") is a Private Limited Company registered in England and Wales. We provide an AI-powered care documentation and operations platform designed for health and social care providers in the United Kingdom.
We are the data controller for personal information collected through our website and platform. You can contact us at any time using the details at the end of this policy.
2
What information we collect
Information you provide to us
- Contact enquiries: Your name, job title, organisation, email address, phone number, and the message you send us through our website contact form
- Account information: Name, email address, job role, and organisation details when you register for a Nookly account or free trial
- Care records: When using the Nookly platform, care staff may enter information about residents/service users including care notes, assessments, medication records, and risk information
Information collected automatically
- IP address and approximate location
- Browser type and device information
- Pages visited and time spent on our website
- Cookies and similar tracking technologies (see Section 8)
3
How we use your information
- To respond to your enquiries and provide customer support
- To set up and manage your Nookly account and trial
- To provide, maintain, and improve the Nookly platform
- To send you updates, product news, and service communications (you can opt out at any time)
- To comply with our legal and regulatory obligations
- To detect and prevent fraud, security breaches, and misuse of our platform
- To generate anonymised analytics and improve our services
We never sell your personal information to third parties.
4
Legal basis for processing
Under UK GDPR and the Data Protection Act 2018, we process your personal data on the following lawful bases:
- Contract: Processing necessary to fulfil our contract with you or your organisation
- Legitimate interests: For example, improving our services, preventing fraud, and responding to enquiries
- Legal obligation: Where we are required to process data to comply with the law
- Consent: Where you have given us specific consent (e.g. marketing communications)
For special category data (such as health information in care records), we rely on explicit consent from care providers and their compliance with their own legal obligations under health and social care law.
5
Who we share your information with
We do not sell or rent your personal information. We may share your information with:
- Service providers: Third parties who help us operate our platform (e.g. cloud hosting, email delivery, analytics). These providers are bound by strict data processing agreements.
- Legal authorities: Where required by law, regulation, or court order
- Business transfers: In the event of a merger, acquisition, or sale of assets, your data may be transferred โ we will notify you in advance
6
Data retention
We retain your personal information for as long as necessary to provide our services and comply with legal obligations:
- Contact enquiry data: Retained for 2 years from the date of your enquiry
- Account data: Retained for the duration of your subscription plus 7 years for legal compliance
- Care records: Retained in accordance with your organisation's data retention policy and applicable health and social care legislation
- Website analytics: Aggregated and anonymised after 26 months
When data is no longer required, it is securely deleted or anonymised.
7
Your rights
Under UK GDPR you have the following rights:
- Right of access: To request a copy of personal data we hold about you
- Right to rectification: To correct inaccurate or incomplete data
- Right to erasure: To request deletion of your data in certain circumstances
- Right to restrict processing: To limit how we use your data
- Right to data portability: To receive your data in a portable format
- Right to object: To object to processing based on legitimate interests or for direct marketing
- Rights related to automated decision-making: To not be subject to purely automated decisions that significantly affect you
To exercise any of these rights, contact us at nooklycare@gmail.com. We will respond within 30 days. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.
8
Cookies
Our website uses cookies to improve your experience. Please see our Cookie Policy for full details on what cookies we use and how to manage them.
9
Security
We take data security seriously. Our security measures include:
- Encryption of data in transit (TLS/SSL) and at rest
- Role-based access controls ensuring staff only access data relevant to their role
- Multi-factor authentication for platform access
- Regular security testing and Cyber Essentials Plus certification
- Audit logging of all system activity
- Secure data centres within the United Kingdom
10
Changes to this policy
We may update this Privacy Policy from time to time. When we make significant changes, we will notify you by email or by displaying a prominent notice on our website. The date at the top of this page shows when it was last updated.
Continued use of our website or platform after changes are published constitutes acceptance of the updated policy.
11
Contact us
If you have any questions about this Privacy Policy or how we handle your personal data, please contact us: