Last Updated : Feb 2024
Bridgit Care Privacy Notice
Our contact details
Name: Upstream Outcomes Ltd
Address: Ergo, Bridgehead Business Park, Meadow Rd, Hessle HU13 0GD
Phone Number: +44 03455481654
E-mail: contact@bridgit.care or contact@upstream.health
Our promise to keep your information safe
At Upstream Outcomes, we’re committed to protecting your privacy. We promise to respect any personal information you share with us (or that we receive from other organisations) at all times, and we promise to keep it safe.
This data processing statement applies to Bridgit Care and Upstream Health which are both trading names of Upstream Outcomes Ltd.
How we process your data
This privacy notice sets out how we process your data. It also explains your rights and options around how we use your personal information.
What type of information we have
We currently collect and process the following information:
- Personal identifiers, contacts and characteristics (for example, name and contact details).
- Information about your computer/mobile device and your visits to and use of this website, including for example your IP address and geographical location.
- The internet protocol (IP) address used to connect your computer to the internet.
- Your browser type and version.
- Your time zone setting.
- Browser plug-in types and versions.
- Your operating systems and platforms.
- The uniform resource locator (URL) clickstream to, through and from this site (including date and time).
- Products/services you viewed and searched for.
- Page response times.
- Download errors.
- Length of visits to certain pages.
- Referral sources (how you arrived at the website)
- Page interaction information (such as scrolling and clicks)
- Methods used to browse away from the page.
If you’ve used our AskBridgit tool then we will also capture information like :
- User-provided name (if shared via AskBridgit Chatbot).
- User’s location (if shared via AskBridgit Chatbot).
- User’s phone number.
- Messages exchanged during interactions with the AskBridgit as encrypted.
If you’ve used our online support tool then we will also capture information like :
- Information about our services which you use/which we consider of interest to you.
- Information you’ve populated through our carer assessment process. Including things like your care needs, care goals and progress.
If you’ve made a purchase from our store or signed up to be involved in our carer support home care service then we also will capture :
- Financial information, such as bank details or credit/debit card details, where you provide them to make a payment. We don’t store credit or debit card details, but we’re required to store bank details in some circumstances, including when they’re used for direct debit payments.
How we get the information and why we have it
Most of the personal information we process is provided to us directly by you for one of the following reasons:
- interact with us online
- register with us
- communicate with us
- take part in an event
- when authorised through a 3rd party application
- use our online support chat (e.g. in Whatsapp)
- apply to work or volunteer for us
- give us your personal information in any other way, for example, if you’re receiving products
- for online consultations, or other video conversations.
We also receive personal information indirectly, from the following sources in the following scenarios:
- websites
- business partners
- sub-contractors in technical, payment and delivery services
- event organisers
- sponsors
- advertising networks
- analytics providers and search information providers.
What is your lawful basis for processing?
Under Article 6 of the General Data Protection Regulation (GDPR), the lawful bases we rely on for acting as a data controller:
If you’ve used our online support tool?
Through our online support tool we capture your consent to track cookies through the process and then require your consent when you provide us with your email address and postcode.
You are able to remove your consent at any time. You can do this by contacting contact@bridgit.care.
If you’ve engaged with our AskBridgit WhatsApp chatbot:
Through our AskBridgit WhatsApp chatbot, we may request your consent to process certain information, such as your name, location, phone number, and messages exchanged during the interaction. We ensure transparency in data processing and require your explicit consent before collecting additional personal information.
You have the right to withdraw your consent at any time. To do so, please contact us at contact@bridgit.care.
Where we have a legitimate interest.
We will share information on services, products, local events and interest groups to carers where we believe these services can help them in their caring role. We use your information to ensure that this support is targeted so you only receive the support you need. This support is provided through email or facebook support.
You are able to stop receiving emails from us at any time by clicking ‘Unsubscribe’ on any of our emails.
What we do with the information we have
We use the information that you have given us in order to:
- provide you with services, products or information you’ve asked us for
- provide further information about our work, services, activities or products
- allow you to purchase goods
- use your data to support our learning products (such as machine learning) to identify trends and areas we can support you
- further our social enterprise aims, including for fundraising and procurement
- research the impact and effectiveness of our work and services
- register, administer and personalise online accounts
- register and administer your participation in events you’ve registered for
- administer and keep our website safe and secure and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes
- improve your interactions with our website, for example by making sure that content is presented in the most relevant and effective manner for you and for your computer/mobile device
- report on the results and impact of our work, services and events
- analyse and improve our work, services, activities, products or information (including our website) or for our internal records
- use IP addresses and monitor website use to identify locations, block disruptive use, record website traffic or personalise the way information is presented to you
- to process your application for a job or volunteer role with us
- training and/or quality control
- audit and/or administer our accounts
- satisfy legal obligations which are binding on us, for example, arising from contracts entered into between you and us or in relation to regulatory, government and/or law enforcement bodies with whom we may work
- prevent fraud, misuse of services or money laundering
- reduce credit risk
- communicate with you in any other way
- for the establishment, defence and/or enforcement of legal claims; and/or
- Finding local support and services tailored to your needs via AskBridgit.
- Personalising interactive messages based on the provided name on Whatsapp.
- Sending check-in messages to the provided phone numbers if necessary and chosen on Whatsapp”
If you are in communication with our Carers Support Service, you should note that:
- Our Carers Support Service has a duty of care to all of its clients. Where all communication with our service is confidential, we hold the right to notify public services should you disclose something we feel highlights serious risk or harm to you or a 3rd party individual.
How we store your information
In general, the personal information that we collect from you will be stored at a destination within the UK.
However, we use agencies and suppliers to process personal information on our behalf.
Your personal information may therefore be transferred or stored outside, and/or otherwise processed by contractors operating outside, the UK who work for us or for one of our suppliers.
Please note that some countries outside of the UK have a lower standard of protection for personal information, including lower security requirements and fewer rights for individuals.
Where your personal information is transferred, stored and/or otherwise processed outside the UK, we’ll take all reasonable steps necessary to make sure the recipient implements appropriate safeguards (such as by entering into standard contractual clauses) designed to protect your personal information and to ensure that your personal information is treated securely and in accordance with this Policy.
Unfortunately, no transmission of your personal information over the internet can be guaranteed to be 100% secure.
In general, if we no longer need your information for the reasons you gave it to us, we remove your personal information from our records six years after the date it was collected.
But we’ll remove it sooner if:
- your personal information is no longer required for the purpose you shared it with us
- we’re no longer lawfully entitled to process it
- you ask us to remove it.
If you ask to receive no further contact from us, we’ll keep some basic information about you to make sure we don’t send you unwanted materials in the future.
Exceptions
Please note that special rules apply to health records, which may often be kept for longer than six years.
Where your personal information is used to support research, it is
usually kept for longer and may be used in the future to help with
further research as medical science advances.
Sharing of Carers’ Data
At Bridgit Care, we value the privacy and trust of the carers we support. We will only share carers’ data with external organisations or individuals when explicit consent is provided by the carer. Examples of when data may be shared include, but are not limited to:
- Sending a What If Plan to an email address specified by the carer.
- Registering the carer with their GP as a carer.
- Sharing information with a local carers’ service to connect them with additional support.
- Providing a carer’s assessment to a local authority or a carers’ service.
Consent Process
In all cases, data sharing will only occur once the carer has explicitly consented via a tick box in our application or platform. This ensures clarity and control over how their information is used and shared.
Your Rights
Carers can withdraw their consent at any time by contacting us at contact@bridgit.care. We will promptly cease sharing their data and address any concerns or questions they may have.
We are committed to ensuring that carers’ data is handled with care and respect, in line with our privacy policy and data protection laws. For any queries or to exercise your data rights, please refer to the “Your Data Protection Rights” section of this policy.
Who can see my personal information?
Only appropriately trained staff, volunteers and contractors can access your information. It is stored on secure servers with features to prevent unauthorised access.
Your data protection rights
Under data protection law, you have rights including:
Your right of access – You have the right to ask us for copies of your personal information.
Your right to rectification – You have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
Your right to erasure – You have the right to ask us to erase your personal information in certain circumstances.
Your right to restriction of processing – You have the right to ask us to restrict the processing of your information in certain circumstances.
Your right to object to processing – You have the the right to object to the processing of your personal data in certain circumstances.
Your right to data portability – You have the right to ask that we transfer the information you gave us to another organisation, or to you, in certain circumstances.
You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you.
Please contact us at :
Address: Ergo, Bridgehead Business Park, Meadow Rd, Hessle HU13 0GD
Phone Number: +44 03455481654
E-mail: contact@bridgit.care or contact@upstream.health
if you wish to make a request.
Use of Artificial Intelligence (e.g. Chat GPT)
We have integrated Chat GPT, an artificial intelligence (AI) system, into our online self-help plan to provide enhanced support and personalized experiences for unpaid carers. Chat GPT assists by offering local tips and providing answers and advice based on the areas carers would like support with.
Given the high level of attention this functionality is receiving and in order to provide full transparency, we have included a separate section for Chat GPT here within our Privacy Policy
Data Collection:
During your interactions with Chat GPT, we collect and process the following data: messages exchanged, timestamps, and any additional information necessary for the functioning of the AI system. We may also collect non-personally identifiable information, such as demographic data, to improve the effectiveness of Chat GPT’s responses.
Purpose of Use:
The integration of Chat GPT is aimed at improving the accuracy and quality of support provided to unpaid carers. By leveraging AI technology, we strive to offer relevant local tips and valuable insights tailored to the specific needs and challenges faced by carers.
Data Processing:
User data processed by Chat GPT is analysed and stored to enable the AI system to generate appropriate responses and recommendations. Please note that Chat GPT operates based on patterns and does not have access to personal identifying information unless explicitly shared by the user during the conversation.
Information Sharing:
We do not share user data processed by Chat GPT with any third parties unless required by law or necessary for the provision of our services. Rest assured that we prioritise the confidentiality and privacy of your data, and any sharing will be done in compliance with applicable data protection laws.
User Consent:
By engaging in conversations with Chat GPT, you provide your explicit consent to the processing of your data for the purposes outlined in this privacy policy. You have the right to withdraw your consent at any time. However, please note that withdrawing consent may impact the functionality and support provided by Chat GPT.
Data Security:
We maintain appropriate technical and organizational measures to safeguard your data processed by Chat GPT against unauthorised access, loss, or misuse. We have implemented security protocols to ensure the confidentiality, integrity, and availability of your information.
We utilise the Microsoft Azure Open AI service which is hosted within UK datacentres.
User Rights:
As a user, you have the right to access, rectify, delete, or restrict the processing of your personal data. If you wish to exercise these rights or have any questions regarding the processing of your data by Chat GPT, please contact our privacy team using the information provided in the “Contact Us” section of this privacy policy.
Limitations:
While Chat GPT is designed to provide valuable support and advice, it is important to acknowledge that it may have limitations. There may be occasional inaccuracies or situations where the AI system cannot handle complex queries effectively. Please exercise discretion when sharing sensitive or confidential information.
Policy Updates for Chat GPT:
We may update this privacy policy from time to time to reflect changes in our use of Chat GPT or to comply with evolving privacy regulations. We encourage you to review this policy periodically to stay informed about how your data is being processed and protected.
How to complain
You can also complain to the ICO if you are unhappy with how we have used your data.
The ICO’s address:
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Helpline number: 0303 123 1113