Privacy Policy

Bridgit Care take your privacy seriously and are committed to protecting your personal information. This online privacy notice explains how Bridgit Care collects, uses, and protects personal information across all our services and platforms in accordance with the UK GDPR, and the The UK Carers Act 2004. The applicable legal framework is the United Kingdom Data Protection Policy and relevant GDPR regulations.

This Privacy Policy also applies when you use our website, mobile or web applications, AI Coach virtual assistant (chatbot), WhatsApp Ask Bridgit support chat, any voice-note transcription features, online self-help tools, or any other service we offer. It covers services we deliver directly to individuals as well as services we provide in collaboration with partner organisations (such as local carers charities, the Carers Trust network members, NHS and healthcare providers, or local councils). Our commitment is to respect any personal information you share with us (or that we receive from other organisations) and keep it safe. We want you to understand what data we collect, why we collect it, how we use it, and the choices you have. We aim to be clear and accessible while meeting our legal obligations under the UK GDPR and Data Protection Act.

By interacting with our websites, platforms, or services, you agree to the terms described in this notice.

  1. YOUR CONSENT

In accordance with Article 9(2)(a) GDPR and the UK Data protection regulation, you hereby give your explicit and informed consent to the processing of any data (including care related information) submitted through our our carer self-assessment or planning feature, available on our platform. The types of information we have about you will depend on how you interact with us. This consent is given voluntarily and can be withdrawn at any time by emailing darren@bridgit.care. Without your consent, no data will be processed or stored. As a User of the websites, you accept the conditions and consent to the processing of your submitted data for the sole purpose of providing our services directly to individuals as well as our partner organisations (such as local carers charities, the Carers Trust network members, NHS and healthcare providers, or local councils) we collaborate with to deliver our services.

You have the right to object/withdraw your consent at any time in accordance with Art. 21 GDPR, by writing to us at [darren@bridgit.care]. With clear statement that you withdraw your consent and wish your personal information to be deleted. If you opt out the processing of your personal data, we will respect that subject to our legal obligations under the GDPR law.

  1. OUR PRIVACY PROMISE

This section define our privacy promise and confirm our readiness to protect personal data; at Bridgit Care

  1. We value your privacy & data security
  2. We do not use your data for commercial purpose
  3. We comply with the UK GDPR, the (EU 2016/679) GDPR and relevant United Kingdom regulations on Carer support services;
  4. We will never sell your data;
  5. You are in control of your data.
  1. DATA CONTROLLER INFORMATION

Upstream Outcomes Ltd (“the Legal Entity”) and its wholly owned subsidiaries within the GDPR (EU 2016/679), the UK Care Act, and the UK Data Protection Regulation (collectively trading as “the Bridgit Care “)

In most cases, Upstream Outcomes Ltd is the sole Data Controller responsible for deciding how and why your personal information is used. This privacy notice applies to all users of Bridgit Care services – including carers, care recipients, care leavers, the general public using our website, and any other clients or partners.

In certain partnerships, we may act together with another organization as Joint Data Controllers. For example, if you access Bridgit Care through a local carers charity (such as a member of the Carers Trust network), an NHS Trust, or a local authority program, we and that partner might jointly determine how your data is used. We will make it clear to you when such arrangements apply and explain how your information is handled in those cases.

In joint controller scenarios, both we and the partner have responsibilities. Typically, we and the partner would have an agreement in place on how data will be handled, who responds to data rights requests, etc. We will provide you with the essence of that arrangement if applicable. Practically, you can contact either us or the partner for assistance, and we coordinate to ensure your concerns are addressed.

Data Controller Legal Information
Upstream Outcomes Ltd

Ergo, Bridgehead Business Park,

Meadow Rd, Hessle,

HU13 0GD,

United Kingdom

You may contact us regarding your data protection rights via at contact@bridgit.care

  1. DATA PROCESSOR

Occasionally, Upstream Outcomes Ltd acts only as a data processor on behalf of a partner organisation. This can happen when our platform is used under contract by, for instance, an NHS Trust or council that defines the purpose of processing (they would be the data controller). In these cases, we process your data only under the partner’s instructions, and their privacy notice may also apply. We will inform you whenever this is the case, and we will assist you in contacting the appropriate organization for any data-related requests.

If you have any questions about who is responsible for your data in your situation, you can always reach out to us using the contact details below.

  1. PERSONAL DATA WE COLLECT

We may collect some categories of personal data from you depending on how you interact with us. Here are the broad categories of data we may collect about you;

  1. Identification DataFor example, your name, address, email, telephone number, date of birth, and other basic contact information.
  2. User Characteristics and Demographics: Such as your age, gender, and general profile information you choose to provide (this helps us tailor support to you)
  3. Care-Related Data: If you use our carer self-assessment or planning feature, we will collect information about your caring role and needs. This may include sensitive data about your care situation, the support you or the person you care for might need, your care goals, assessment answers, and progress notes. (see Sensitive Data section below for how we protect you.)
  4. Account Information: If you register an account with Bridgit Care or Upstream Health, we will collect and keep your login credentials (usually email and encrypted password) and any profile details you submit;
  5. Support Interactions: If you contact us by email, phone, or through an online form, we will keep a record of that correspondence and any information you share during it (e.g. questions about our services or feedback). If we have video calls or online consultations with you. If you use our Ask Bridgit chat on WhatsApp or our AI Coach platform on the website, we collect the content of your messages and chat interactions. For instance, if you ask our chatbot a question or provide information during the conversation, we will record what you type (or say, for voice features) and the AI’s responses. We may also capture any name or nickname you provide in chat, your general location (e.g. city or region, if you choose to share it) and contact preferences so the AI or our team can personalize support.
  6. Voice Recordings: If you utilise our voice note or voice transcription feature (for example, recording spoken notes or responses to be transcribed into text), we will process your voice recordings. The audio contents of what you say will be converted to text. We generally do not store the audio long-term (see Voice Transcription section below for more details), notwithstanding we will keep the resulting text notes as part of your support records.
  7. Device and Usage Information: When you visit our website or use our apps, we use cookies to automatically collect some data about your device and how you use our services. Such as, your IP address, device type, browser type and version, time zone setting, operating system, and details about your website interaction etc.
  8. Photos, Media, or Other Content: In specific programs, you might choose to share a photo or upload a document (for example, identification documents for verification, or sharing a picture as part of a support activity). We will inform you at the time why such information is needed and how it will be used. Providing this is usually optional unless it’s necessary for a specific service.
  9. Information about Others: If you provide us with personal information about someone else (for example, details about the person you care for, a family member, or an emergency contact), you should ensure you have the authority or their permission to share that information with us. We will only use that information for the specific reason you provided it (such as to include them in a contingency plan or to connect them with services) and will protect it in line with this policy.

We may also collect special categories of personal data (e.g., Sensitive information) only based on your explicit, documented consent pursuant to Article 9(2)(a) GDPR. See sensitive data section below.

  1. SPECIAL CATEGORY (SENSITIVE DATA)

Some of the information you provide might be considered sensitive data under the UK data protection law – for example, information about health (yours or someone else’s), racial or ethnic origin, religious beliefs, or sexual orientation (the latter might be relevant if you share something about the person you care for or your situation). We only collect and use such information where necessary to provide you with support or where you have explicitly provided it. We apply extra safeguards to protect sensitive data and, where required by law, we will ask for your explicit consent to process it.

  1. HOW WE COLLECT YOUR INFORMATION

When you interact with our services, we will collect personal data from you in several ways that includes

Directly from You: In most cases, you give us information by interacting with Bridgit Care services or communicating with us. For example, you directly provide data when you:

  1. Sign up or register
  2. Fill out forms on our platform.
  3. Use interactive tools.
  4. Communicate with us.
  5. Participate in events or programs.
  6. Apply for a job or volunteer role with us.

In all these cases, you will know what data you provide because you are entering it or telling it to us directly. We will also tell you at the point of collection if any information is optional and when certain details are required for us to deliver a service.

Through Automated Technologies: In most cases, we use cookies and similar technologies to automatically collect technical data about your device and browsing activities. This might happen when you browse our website, open our emails, or use our app. We collect this data to improve our website’s usability and to troubleshoot issues. We obtain cookie consent where required by law, and you can manage your cookie preferences via our site or your browser settings.

From Third Parties and Partners: Sometimes we receive information about you from other sources, such as

  1. Referral Partners
  2. Business and Service Partners Organisations. For instance, (a local carers centre in collaboration with Bridgit Care might sign you up on our service)
  3. Third-parties services providers, such as WhatsApp, Google, and Facebook/Meta etc.
  4. Analytics Providers. Such as Google analytics etc.
  5. Public domain sources

Once in our system, your data is treated under this privacy notice with utmost security, and we and the partner might have joint responsibility for it (as explained earlier). If you’re unsure how data flows in that scenario, you can ask us or the partner organisation. We strive to collect and use information fairly. We won’t collect more data than we need for the relevant purposes, and we are transparent about what we collect and why.

  1. HOW WE USE YOUR PERSONAL DATA

The Bridgit Care website processes your personal data for the following purposes:

  1. To provide you with services, support, or information you’ve requested.
  2. To personalise your experience.
  3. To register and manage your account or involvement
  4. To communicate with you about the services and promotion.
  5. To provide and improve our digital platforms
  6. To develop new services and features
  7. To Further Our Social Mission (Fundraising and Awareness)
  8. To respond to inquiries or requests submitted via our website or other channels.
  9. To comply with legal and regulatory obligations under the The UK Carers Act 2004.
  10. To improve our website functionality and user experience through analytics and feedback.

Where required by law or where we rely on your consent, we will process your personal data only for the specific purposes outlined above.

  1. LEGAL BASIS FOR PROCESSING

We process your personal data based on one or more of the following legal bases:

  1. Consent: We process user data by obtaining user’s explicit consent in accordance with the UK General Data Protection Regulation (UK GDPR) and (Art. 6(1)(a) GDPR);
  2. Legitimate Interests: Processing may also occur based on our legitimate interest in compliance with UK General Data Protection Regulation (UK GDPR) and (Art. 6(1)(f) GDPR) in providing secure website operations.
  3. Legal Obligations: When processing is required to comply with the The UK Carers Act 2004.

Accordingly, we process your information for enhancing and improving website functionality, provided your User rights do not override these interests.

  1. DATA SHARING ACTIVITIES

We treat your personal information with care and confidentiality. We do not share or sell your data to third parties for them to use for their own marketing. However, there are some situations where we need to share information with others in order to run our services or if you want us to work with other organisations on your behalf. This section explains who we share data with and why:

  1. Internal Entities: Approved qualified local charities, Carers Trust network members, or healthcare providers for operational purposes. We sometimes work with these entities for a Joint Service Delivery
  2. Service Providers: Like many organisations, we use trusted third-party companies to help us deliver our services effectively. Whenever we share data with these providers, it is done under strict contracts that forbid them from using your data for any purpose other than to provide the service to us (and ultimately to you). E.g. Cloud Hosting and IT Infrastructure, AI and Machine Learning Services, Communication Platforms, Email or Hosting Providers, payment processors, video conferencing, etc.
  3. Regulatory Authorities and law enforcement: As required by GDPR law or other applicable regulations.

You agree to give your Consent for the use and Sharing of your provided data, notwithstanding you reserve the right to revoke your consent by sending us an email via contact@bridgit.care to withdraw your consent. We will stop any further sharing of your data in that manner immediately.

  1. RETENTION PERIODS

We retain your personal data only as long as necessary to fulfill the purposes outlined in this notice or as required by law. Once retention periods expire, we securely delete or anonymize your data.

Our retention practices is describe below;

Personal data

Will be deleted 6 years after the transmission of the services if no further interaction occurs

General User Data

if you have an account, we will keep your data while your account is active so that we can provide the service

Job Application data

 If you apply for a job with us and are unsuccessful, we typically keep your application for up to 6 months in case other opportunities arise or for record-keeping, unless you ask us not to. Successful applicant data becomes part of employment records

Research or Survey Data

If you are part of a research project or pilot, we will inform you of the data retention specific to that project. Sometimes research data is kept longer, especially if anonymised, to allow long-term study. Notwithstanding, you can withdraw your consent

Recorded Communication

If we record any calls (with your consent), those recordings are usually kept for a short period for training (e.g., 30-90 days) unless needed for a specific incident investigation. Chat logs with the AI or support chats are generally kept as part of your user data record (subject to the 6-year rule or deletion upon request).

Payment related Data

By law, we might need to keep transaction records (like donation records, invoices, etc.) for 6 years for tax/audit purposes. This may include basic personal data (name, address) attached to those financial records. We securely archive those as needed

Carer-related data

 Retained until you withdraw consent or deleted after provision of the service

  1. MARKETING

Marketing communications will only be sent based on your explicit prior consent.

You can unsubscribe to this kind of communication in your Email Account or at any time by following the unsubscribe instructions in communication sent to you or by contacting us at darren@bridgit.care.          

  1. COOKIES AND TRACKING TECHNOLOGIES

The Bridgit Care websites use cookies and similar technologies to enhance user experience and manage website traffic. You can manage your cookie preferences through your browser settings or by using the dedicated cookie banner provided on our website.

  1. YOUR RIGHTS AS A DATA SUBJECT

Under the UK GDPR law, you have a number of rights regarding your personal data. We fully support these rights and have processes to enable you to exercise them. Below is a summary of your rights:

  1. Right to Access: Information about your data stored by us and its processing (Art. 15 GDPR),
  2. Right to Rectification: Correction of incorrect personal data (Art. 16 GDPR),
  3. Right to Erasure: Deletion of your data stored by us (Art. 17 GDPR),
  4. Right to Restrict Processing: Restriction of data processing if we are not yet allowed to delete your data due to legal obligations (Art. 18 GDPR),
  5. Right to Object: Objection to the processing of your data by us (Art. 21 GDPR) and
  6. Right to Data Portability: Data portability, provided that you have consented to data processing or have concluded a contract with us (Art. 20 GDPR).
  7. Right to withdraw your consent: If you have given us your consent, you can revoke it at any time with effect for the future.

 

Your right to complain: If you have made a request or raised a concern and are unhappy with our response or how we’ve handled your personal data, you have the right to complain to the Information Commissioner’s Office (ICO), which is the UK’s independent authority on data protection. We kindly ask that you give us a chance to address your concerns first, as we’re committed to resolving any issues. But you can go to the ICO at any time.

ICO contact details:

Website: https://ico.org.uk/make-a-complaint/
Helpline: +44 303 123 1113

Address: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, UK.

The ICO can give you advice or take up your case if they believe something’s gone wrong. You will not be penalized or lose any service from us for exercising your rights or making a complaint – your rights are fundamental and we respect them.

  1. YOUR CHOICES AND MANAGING YOUR PREFERENCES

We want you to be in control of how your information is used. Here are some of the ways you can manage your preferences with us:

  1. Marketing and Updates: If you have subscribed to any of our newsletters or promotional updates, you can unsubscribe at any time. Every email we send of that nature will include an “Unsubscribe” link at the bottom – clicking that will stop further emails. You can also ask us directly to remove you from our mailing list. If you’ve given consent for SMS updates or WhatsApp messages and no longer want them, let us know and we will stop them. (For WhatsApp, you can also simply send a message like “STOP” and we will interpret that as a request to opt-out of further proactive messages, though you can still use the service on demand.)
  2. Cookies: Through our website’s cookie consent tool, you can choose which cookies to accept (besides strictly necessary ones). If you initially accepted certain analytics or advertising cookies but changed your mind, you can adjust your preferences by clearing cookies or using our cookie settings interface on the website.
  3. AI Coach Participation: As described, you choose whether or not to use the AI Coach. If you do use it and then decide you’d prefer not to, you can discontinue use and request us to delete your chat history. We won’t proactively engage the AI with you unless you initiate it.
  4. Voice Feature Usage: Similarly, you decide whether to use the voice transcription feature. If you use it and then want to revoke permission, you can stop using it and we can disable it for your account on request.
  5. Accuracy of Data: It’s important that the information we hold is up to date. Feel free to update your profile information via our app if editable, or contact us to update anything (like new phone number or if you move address). This ensures we can stay in touch and serve you properly.
  6. Deactivate or Close Account: If you have an online account with Bridgit and wish to close it, you can contact us to request account deletion. We will guide you through any verification and then securely erase or anonymise your personal data associated with that account (subject to what we noted in retention about certain records we might keep). Closing your account will mean you no longer have access to the online services unless you register again, and any saved plans or notes will be removed, so please only do this if you’re sure you no longer need the data. We might offer to export your data for you before deletion if you want a copy (per data portability).
  7. Partner Services: If you are receiving Bridgit Care as part of a partner’s service (like via a carers charity or council), you might have also provided them with data. If you want to exercise your rights or change preferences in that context, you can contact either us or the partner. For example, if you told your local carers centre not to call you, we will honor that too, and vice versa. We coordinate with partners on such preferences.

We will never treat you differently or deny you service just because you exercised a privacy right or preference. However, some features are optional and rely on certain data – if you opt out of those, you simply might not be able to use that feature (for example, opting out of cookies might limit some website functionality, or withdrawing consent for the chatbot means you just won’t have the chatbot responses). But core support will always be available through alternative means.

  1. SECURITY MEASURES

The Bridgit Care implements technical and organizational measures to safeguard your personal data against unauthorised access, loss, or misuse such as;

  1. Establishing policies and procedures for securely managing information; including SSL/TLS encryption for website data transmission, AES-256 encryption for stored data, restricted employee access, regular security audits;
  2. Limiting employee access to viewing only necessary information in order to perform his or her duties;
  3. Protecting against unauthorised access to Personal Data by using data encryption, authentication and virus detection technology, as required;
  4. Requiring qualified dental professionals with whom we do business to comply with relevant data privacy legal and regulatory requirements;
  5. Monitoring our websites through recognised online privacy and security organisations;
  6. We log all user consents with timestamps, IP addresses, and context of submission to comply with Article 7(1) GDPR
  7. Engaging in regular third-party audits of our policies and practices; and
  8. Conducting background checks.

If you have any further questions about our security and processing activities, please contact us darren@bridgit.care

  1. CONTACT US

Your trust is extremely important to us. We welcome any questions or concerns about your data privacy. If you have any queries about this notice or about how we handle your information, please do not hesitate to contact our Data Protection Officer (or privacy team):

  1. Email: contact@bridgit.care
  2. Postal: Privacy Team – Upstream Outcomes Ltd, Ergo, Bridgehead Business Park, Meadow Rd, Hessle, HU13 0GD, UK.
  3. Phone:+44 (0)3455 481 654 (let the operator know it’s regarding a privacy inquiry so they can route your call).

We will do our best to help you. If you are not satisfied with our response or believe we are not processing your personal data lawfully, you can file a complaint with the Information Commissioner’s Office (ICO), as mentioned above, or seek a remedy through the courts.

However, we truly hope that will never be necessary and that we can resolve any issue together in a positive way.

  1. UPDATES TO THIS PRIVACY NOTICE

This privacy notice may be updated periodically to reflect changes in the UK GDPR, and applicable UK Care regulations. The latest version will always be available on our website.

Thank you for taking the time to read our Privacy Notice. We value your engagement and are committed to protecting your privacy while delivering meaningful support to you. Your data helps us help carers, and we handle it with respect and care.

This Privacy Notice is for your benefit and to fulfill our legal duty of transparency. If anything is unclear, please reach out — we’ll gladly clarify