Privacy Policy

Effective Date: 8 August 2025
Last Updated: 8 August 2025
Contact: [email protected]
Website: https://earl.health

1. Who We Are

EARL Health Technology Ltd. (“EARL”, “we”, “us”, or “our”) provides digital tools to enable healthcare professionals to manage electronic referrals safely and efficiently. We are committed to protecting the privacy of our users and patients.

2. What Data We Collect

  • Personal Information: name, work email, job title, NHS/organisation ID
  • Device Information: IP address, device type, operating system, usage logs

We act as a Data Processor on behalf of healthcare providers (the Data Controllers).

3. How We Use Your Information

  • Authenticate users securely
  • Enable safe and auditable referrals
  • Monitor performance and safety
  • Support regulatory compliance and audits

4. Legal Basis for Processing

We rely on the following lawful bases under UK GDPR:

  • Article 6(1)(e): Public task
  • Article 6(1)(f): Legitimate interests
  • Article 9(2)(h): Health and social care purposes

5. Data Sharing and Access

We never sell your data. Access is restricted to:

  • Your NHS Trust or healthcare employer
  • Care teams with appropriate access
  • National services (e.g., NHS Spine)
  • Third-party secure infrastructure providers under contract

6. Data Security

We use best-in-class security practices:

  • End-to-end encryption
  • HTTPS and TLS 1.3 secure communication
  • Role-based access and full audit trails

7. Data Retention

  • Referral data is retained as directed by your organisation
  • User account data retained for audit (up to 8 years)
  • Audit logs may be retained longer to comply with NHS regulations

8. Your Rights

You have the right to:

  • Access your personal data
  • Request correction or deletion
  • Object to processing (where applicable)
  • Complain to the Information Commissioner’s Office (ICO)

To make a request, email us at [email protected].

9. Cookies and Analytics

We use anonymised analytics to improve performance and safety. This includes:

  • Device and session tracking
  • Error logs and usage patterns

We do not use advertising cookies or trackers.

10. Children’s Privacy

This app is not intended for use by anyone under 18. We do not knowingly collect data from children.

11. International Transfers

All data is stored in the UK or EU in compliance with NHS hosting and security standards.

12. Changes to This Policy

We may update this policy periodically. Significant updates will be communicated via the app or email where appropriate.

Contact Us

EARL Health Technology Ltd.
Email: [email protected]
Website: https://earl.health

Privacy for iOS and Android users