Privacy Policy

Effective Date: June 25, 2025

At HeyaCare, the privacy and security of our visitors and users are our priority. This Privacy Policy outlines how we collect, use, protect, and share your personal information and your rights concerning your information under the General Data Protection Regulation (GDPR) and other relevant UK data protection laws. By using our Service, You agree to the collection and use of information in accordance with this Privacy Policy.

Who We Are

  • Data Controller: HeyaCare
  • Contact: support@heyacare.com
  • Data Protection Officer Contact: support@heyacare.com (please include “FAO: Data Protection Officer” in the subject line)

What HeyaCare Does

HeyaCare operates exclusively as an introduction service. We connect families seeking care services with independent, self-employed care professionals. We are not a care agency and do not provide care services directly or have any ongoing role in care delivery after making introductions.

Interpretation and Definitions

For the purposes of this Privacy Policy:

  • “You” means the individual accessing our Service, or the company or other legal entity on behalf of which such individual is accessing or using the Service
  • “We,” “us,” or “our” refers to HeyaCare
  • “Care Seeker” refers to individuals seeking care services for themselves or others
  • “Care Recipient” refers to individuals who will receive care services
  • “Care Professional” refers to independent individuals providing care services
  • “Platform” refers to our website at heyacare.com and any associated applications

Types of Personal Data We Collect

Contact and Profile Information

  • Personal Data: Name, email address, phone number, postal address, username, password
  • Purpose: To create and manage your account, enable communication regarding care introductions
  • Data Subjects: Care Seekers, Care Recipients
  • Lawful Basis: Consent, Contract Performance, Legitimate Interests

Care Requirements Information

  • Personal Data: Location preferences, schedule requirements, specific care needs
  • Purpose: To match you with appropriate care professionals for introduction
  • Data Subjects: Care Recipients
  • Lawful Basis: Consent, Contract Performance, Legitimate Interests

Demographic Information

  • Personal Data: Age, gender, relationship status
  • Purpose: To recommend suitable care professionals for introduction
  • Data Subjects: Care Recipients
  • Lawful Basis: Consent, Legitimate Interests

Technical Information

  • Personal Data: IP address, browser type, device information, cookies, usage data
  • Purpose: To improve our services and website functionality
  • Data Subjects: All website visitors
  • Lawful Basis: Consent, Legitimate Interests

Special Category Data

  • Personal Data: Health information, medical conditions, care requirements
  • Purpose: To recommend suitable care professionals for introduction and ensure appropriate matching
  • Data Subjects: Care Recipients
  • Lawful Basis: Explicit Consent, Necessity for health or social care provision, Vital Interests (where consent is not possible)

Communications and Quality Assurance

  • Personal Data: Call recordings (where permitted), message content, correspondence
  • Purpose: For quality assurance and training purposes related to our introduction service
  • Data Subjects: Care Seekers, Care Recipients
  • Lawful Basis: Consent, Legitimate Interests

Feedback and Survey Responses

  • Personal Data: Opinions, ratings, comments about our introduction service
  • Purpose: To improve our introduction services
  • Data Subjects: Care Seekers, Care Recipients, Care Professionals
  • Lawful Basis: Consent, Legitimate Interests

How We Collect Your Personal Data

We collect personal data through various channels:

  • When you create an account on our Platform
  • When you complete forms on our website requesting introductions
  • When you communicate with us via email, phone, or chat
  • When you use our Platform and introduction services
  • From third parties with your consent (such as referrals)
  • Through cookies and similar tracking technologies

How We Use Your Personal Data

HeyaCare uses your personal data for the following purposes:

  • Providing introduction services: To connect you with suitable care professionals through our introduction service
  • Account management: To create and maintain your account and profile
  • Communications: To contact you regarding your enquiries, introduction requests, and service updates
  • Service improvement: To analyse usage patterns and enhance our Platform and introduction services
  • Personalisation: To tailor our introduction services to your preferences and requirements
  • Security: To protect our Platform and users from fraud and unauthorised access
  • Legal compliance: To meet our legal and regulatory obligations

Google OAuth

If you choose to register or log in using Google OAuth, we collect some information from your Google account to make your experience better:

  • Name: To personalize your experience.
  • Email: To verify your identity and keep in touch.
  • Avatar Photo: To personalize your profile, if available.
  • Phone: To enhance communication options, if you allow it.

We only gather what’s necessary to create and manage your account. We don’t access your Google password or any other sensitive info. By using Google OAuth, you agree to let us collect and use this information as outlined in our Privacy Policy. For more on how Google handles your data, check out Google’s Privacy Policy.

We process your personal data on the following legal bases:

  • Consent: Where you have given clear consent for us to process your personal data for a specific purpose
  • Contract Performance: Where processing is necessary for the performance of a contract with you
  • Legal Obligation: Where processing is necessary for compliance with a legal obligation
  • Legitimate Interests: Where processing is necessary for our legitimate interests or those of a third party
  • Vital Interests: In rare cases, where processing is necessary to protect someone’s life

For special category data (such as health information), we rely on:

  • Explicit Consent: Where you have given explicit consent for the processing
  • Health and Social Care: Where processing is necessary for the provision of health or social care introductions
  • Vital Interests: Where processing is necessary to protect vital interests and consent cannot be obtained

Who Has Access to Your Personal Data

Internal Access

HeyaCare staff who need access to provide and improve our introduction services

External Parties

  • Care Professionals: Receive necessary information to assess suitability for providing care services (with your consent and only for introduction purposes)
  • Technical Service Providers: Including:
    • Email and communication service providers
    • Payment processors
    • Cloud storage providers
    • Analytics providers
    • Security service providers (including Google reCAPTCHA)

We may disclose your personal data if required by law, court order, or governmental regulation, or to protect our rights or the safety of others.

All third parties are contractually required to maintain the confidentiality and security of your personal data and to use it only for the specific purposes we authorise.

How We Protect Your Data

We implement appropriate technical and organisational measures to protect your personal data, including:

  • Secure servers with encryption
  • Data encryption in transit and at rest
  • Access controls and authentication procedures
  • Regular security assessments and updates
  • Staff training on data protection

Google reCAPTCHA: To ensure the security of our Service and prevent fraudulent activities, we use Google reCAPTCHA. This service helps us distinguish between genuine users and automated software by analysing interactions with our website. The use of this technology is governed by Google’s Privacy Policy and Terms of Service.

Data Retention

HeyaCare retains your personal data only for as long as necessary for the purposes set out in this Privacy Policy. Specifically:

  • Account information: For as long as you maintain an active account, plus a retention period of up to 7 years after account closure
  • Transaction data: For up to 7 years to comply with financial and tax regulations
  • Communication records: For up to 2 years from the date of communication
  • Quality assurance recordings: For up to 6 months for training and quality improvement purposes
  • Technical data: For up to 2 years for security and service improvement purposes

International Data Handling

While HeyaCare primarily operates within the United Kingdom, our technology infrastructure involves international technical providers. When we transfer your personal data outside the UK or European Economic Area (EEA), we ensure appropriate safeguards are in place, such as:

  • Standard contractual clauses approved by the UK Information Commissioner’s Office
  • Adequacy decisions where the recipient country has been deemed to provide adequate protection
  • Binding corporate rules where applicable

Your Rights

Under the GDPR and UK data protection laws, you have the following rights regarding your personal data:

  • Right to be informed: To know how we collect and use your personal data
  • Right of access: To request a copy of the personal data we hold about you
  • Right to rectification: To correct inaccurate or incomplete personal data
  • Right to erasure: To request deletion of your personal data in certain circumstances
  • Right to restrict processing: To request we limit how we use your data
  • Right to data portability: To request your data in a structured, commonly used format
  • Right to object: To object to certain types of processing, including direct marketing
  • Rights related to automated decision-making: To not be subject to decisions based solely on automated processing

Cookies and Tracking Technologies

We use cookies and similar tracking technologies to collect information about your browsing activities. The types of cookies we use include:

  • Essential cookies: Required for the operation of our Platform
  • Analytical/performance cookies: Allow us to recognise and count visitors and analyse website usage
  • Functionality cookies: Enable us to personalise your experience
  • Targeting cookies: Record your visit, pages visited, and links followed

Policy on Children

Our services are designed for individuals aged 18 and above. We do not intentionally gather personal information from children under 18. If we become aware that we have collected personal data from a child under 18 without parental consent, we will take steps to delete that information.

Complaints

If you have concerns about how we handle your personal data, please contact us first at support@heyacare.com. If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO).

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make significant changes, we will notify you by email or through a notice on our Platform. Your continued use of our services after any changes indicates your acceptance of the updated Privacy Policy.

Contact Us

For questions about this Privacy Policy or to exercise your rights regarding your personal data, please contact us at:

Email: support@heyacare.com