Privacy Policy

Effective Date: January 1, 2025

Company: TruSelv Ltd
Registered Office: We Are Super | High St, Weston-super-Mare BS23 1HL, United Kingdom
Contact Email: support@truselv.co.uk
Telephone: +44 7920 693839

1. Introduction

TruSelv Ltd (“TruSelv”, “we”, “our”, or “us”) is a healthcare technology company specialising in interactive and intelligent care solutions. This Privacy Policy outlines how we collect, process, store, and protect personal and sensitive information through our websites, systems, and digital products, including BEDBORD, FOLDA, NGAGE, and TESS.

We are fully compliant with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and relevant NHS Information Governance frameworks.

2. Scope of This Policy

This policy applies to all users of TruSelv’s digital products, including patients, healthcare professionals, care staff, family members, website visitors, and business partners.

It covers all personal data processed through TruSelv systems, regardless of the platform or country of access.

3. Data Controller

TruSelv Ltd acts as the Data Controller for personal data collected through our platforms, except where processing is carried out under contract by healthcare providers using our technologies. In such cases, those organisations act as Data Controllers, and TruSelv functions as a Data Processor.

4. Information We Collect

We collect personal information from users in several ways, depending on their role and interaction with our systems:

• Personal Identification Data: Name, date of birth, address, email, phone number, and unique identifiers such as NHS number (where applicable).
• Professional Data: Job title, role, department, organisation, and professional registration details (for clinicians or care staff).
• Patient and Care Data: Health information, clinical notes, observations, preferences, and wellbeing records input into FOLDA or displayed on BEDBORD.
• Technical and Device Data: IP address, browser type, device identifiers, operating system, app usage, cookies, and network activity logs.
• Communication Data: Feedback, enquiries, support tickets, and form submissions through our website or apps.
• Media and Interaction Data: Video or audio interactions through TESS and NGAGE platforms, with consent.
• Recruitment Data: CVs, employment history, qualifications, references, and interview notes for job applicants.

5. How We Collect Information

• Directly from users when registering, filling forms, or interacting with our platforms.
• Automatically through device analytics, cookies, or session tracking tools.
• From healthcare or care organisations using TruSelv technologies under authorised agreements.
• From third-party integrations such as video calling providers or authentication services.

6. Purpose of Data Processing

We process personal data for the following legitimate and contractual purposes:

• To deliver, manage, and improve our healthcare technologies.
• To facilitate safe, accurate, and compliant patient care documentation.
• To personalise user experiences and patient engagement tools (e.g. NGAGE).
• To allow family communication through secure video and audio calling (TESS).
• To process partnership enquiries, contracts, and business development requests.
• To conduct recruitment and manage employment relationships.
• To comply with legal, regulatory, or NHS data protection obligations.
• To ensure platform security, prevent unauthorised access, and detect fraud.

7. Legal Bases for Processing

• Consent: For optional activities such as marketing, cookies, or family communications.
• Contract: To provide our products and services to healthcare facilities and partners.
• Legal Obligation: Where processing is required by law or NHS contract terms.
• Legitimate Interests: To improve services, ensure cybersecurity, and maintain operations.
• Vital Interests: For safeguarding and patient safety interventions.

8. Sharing of Data

TruSelv may share information with:

• Healthcare professionals and authorised facility staff (for patient care).
• Family members authorised via TESS secure video-call access codes.
• Technology partners providing cloud infrastructure, analytics, or communication APIs (under strict data processing agreements).
• Regulatory authorities, law enforcement, or auditors (where required by law).

We never sell personal data or use it for advertising purposes.

9. International Data Transfers

Where data is processed or stored outside the UK or EEA, TruSelv ensures that appropriate safeguards are in place, including UK-approved Standard Contractual Clauses (SCCs) or adequacy decisions under the UK GDPR.

10. Data Retention

We retain personal data only as long as necessary for the purposes collected or as required by legal, contractual, or NHS regulations. Retention periods vary by category:

• Patient and clinical data: in line with NHS Digital retention schedules.
• User accounts: deleted or anonymised after 24 months of inactivity.
• Recruitment data: retained for 12 months after hiring decision.
• Support communications: retained for up to 24 months for audit purposes.

11. Data Security

We implement multiple layers of security to protect data integrity, including:

• 256-bit AES encryption for data storage.
• TLS 1.3 encryption for all data in transit.
• Role-based access control (RBAC) for sensitive data.
• Multi-factor authentication for authorised users.
• Regular penetration testing and vulnerability scanning.
• Automatic backups and disaster recovery systems hosted in UK data centres.

12. Cookies and Tracking

Our website and apps use cookies to enable functionality, security, and analytics. You may disable cookies in your browser settings. Detailed information is available in our Cookie Policy.

13. Your Data Protection Rights

Under UK GDPR, you have the following rights:

• Access your personal data.
• Request correction of inaccurate data.
• Request erasure (“right to be forgotten”).
• Restrict or object to processing.
• Request data portability.
• Withdraw consent for optional activities at any time.
• Lodge a complaint with the Information Commissioner’s Office (ICO).

14. Children’s Privacy

Our services are not designed for direct use by individuals under 13 years old. Any child-related data processed through TruSelv systems occurs only under the authorisation and supervision of healthcare professionals.

15. Third-Party Links

Our platforms may contain links to external sites or applications. TruSelv is not responsible for the privacy practices or content of third-party websites. We encourage users to review their respective privacy notices.

16. Automated Decision-Making and Profiling

TruSelv does not engage in automated decision-making that produces legal or significant effects on users. Limited automated analytics may be used to recommend interactive activities (e.g., NGAGE games) based on patient engagement metrics, but this data is pseudonymised.

17. Data Breach Procedure

In the unlikely event of a data breach, TruSelv follows a strict incident response plan, including notification to affected users and reporting to the Information Commissioner’s Office (ICO) within 72 hours, where legally required.

18. NHS and Healthcare Compliance

TruSelv adheres to the NHS Data Security and Protection Toolkit and Information Governance standards. All processing aligns with NHS Digital’s guidance on clinical safety (DCB0129 / DCB0160) and Caldicott principles.

19. Updates to This Policy

This Privacy Policy may be updated periodically to reflect changes in law, technology, or company operations. Updates will be published on our website with a revised “Last Updated” date. Significant changes will be communicated directly to users or partners.

20. Contact and Data Protection Officer