Privacy Policy — softcare.uk

This policy covers the SoftCare marketing website (softcare.uk). Personal data processed inside the SoftCare application is governed by the Data Processing Agreement between SoftCare and each customer organisation.

Last updated: 8 June 2026 Effective date: 8 June 2026

1. Who we are

This website (softcare.uk) is operated by SOCurity Ltd (trading as "SoftCare"; "we", "us", "our"), a company registered in Scotland under company number SC742697, with its registered office at Moffat Business Centre, 96-98 Forrest Street, Clarkston, Airdrie, Scotland, ML6 7AG.

We are the data controller for personal data collected through this website. We are registered with the UK Information Commissioner's Office (ICO) under registration number ZC132576.

You can contact us about this policy at privacy@softcare.uk.

2. What this policy covers

This policy explains how we collect, use, and protect personal data when you visit softcare.uk, contact us, request a demo, or receive our marketing communications. It does not cover the SoftCare application itself (demo.softcare.uk or any production tenant), which is governed by the separate Data Processing Agreement between SoftCare and each customer organisation.

3. Personal data we collect

We collect only the minimum personal data needed to respond to you and operate the site.

When you visit softcare.uk, our hosting provider processes technical data to deliver the site and prevent abuse: IP address, browser type and version, device type, pages visited, referring URL, and timestamps. This data is held in server access logs.

When you contact us or book a demo (by email, a form on the site, or a scheduled call), we collect the name, email address, phone number (if you provide it), employer or care organisation, and the message or context you share with us.

When you subscribe to updates or receive marketing communications from us, we collect your name, email address, and your consent preferences.

We do not knowingly collect personal data from children. SoftCare is a B2B product sold to UK care providers. If you believe a child has submitted personal data through our site, please contact privacy@softcare.uk and we will delete it.

4. Why we collect it and our lawful basis

Under UK GDPR Article 6, we process personal data only where we have a lawful basis.

We process server access logs on the basis of our legitimate interests in operating the site securely, preventing abuse, and understanding aggregate usage. You can object to this processing at any time (see section 9).

We process demo and contact enquiries on the basis of taking steps at your request prior to entering into a contract (UK GDPR Article 6(1)(b)) and, where applicable, our legitimate interest in following up on B2B sales enquiries.

We process marketing communications on the basis of your consent (UK GDPR Article 6(1)(a)). You can withdraw consent at any time by using the unsubscribe link in any email or by emailing privacy@softcare.uk.

We do not process special category data (health, ethnicity, political views, etc.) through this website.

5. How long we keep personal data

Server access logs are kept for up to 90 days and then deleted or anonymised.

Demo and contact enquiries are kept for up to 24 months from the last interaction, after which they are deleted unless you have become a customer (in which case retention is governed by the customer DPA) or have asked us to delete them sooner.

Marketing subscriber data is kept until you unsubscribe, at which point we retain only a suppression record (your email address, flagged as opted out) to ensure we do not contact you again.

6. Who we share personal data with

We share personal data only with sub-processors we have contracted with to help operate our business. Each is bound by a written agreement that meets UK GDPR Article 28 requirements.

Our current sub-processors are listed in our Sub-processor Register (available at softcare.uk/subprocessors or by emailing privacy@softcare.uk). We will update the register when sub-processors change, and we notify customers at least 30 days in advance of any material change for data processed under a customer DPA.

We do not sell personal data. We do not share personal data with third parties for their own marketing purposes.

We may disclose personal data where required by law, to establish or defend legal claims, or to protect the rights, property, or safety of SoftCare, our customers, or others.

7. International transfers

Where possible, personal data is processed and stored in the United Kingdom. Some sub-processors may process data in the European Economic Area or in countries the UK recognises as providing adequate protection. Where data is transferred to a country without an adequacy decision, we use the UK International Data Transfer Agreement (IDTA) or the UK Addendum to the EU Standard Contractual Clauses, with additional safeguards where appropriate.

Details of the location of each sub-processor are included in the Sub-processor Register.

8. Cookies and similar technologies

This website uses only strictly necessary technologies required to deliver the site. We do not currently set tracking, analytics, marketing, or advertising cookies, and we do not use localStorage, sessionStorage, or similar tracking technologies for non-essential purposes.

If this changes, we will update this policy, add a cookie consent mechanism that blocks non-essential cookies until you consent, and publish a Cookie Notice at softcare.uk/cookies.

For full details see our Cookie Notice.

9. Your rights

Under UK GDPR you have the following rights over your personal data. You can exercise any of them by emailing privacy@softcare.uk. We will respond within one calendar month.

We do not carry out any automated decision-making or profiling that produces legal or similarly significant effects.

10. How we keep data secure

We take appropriate organisational and technical measures to protect personal data, including encryption in transit (HTTPS/TLS 1.2+), access controls, audit logging, regular security reviews, and staff training. We aim to hold Cyber Essentials Plus certification and to submit to the NHS Data Security and Protection Toolkit as a condition of operating in the UK care sector. Our Information Security Policy and related controls are available to customers on request.

No system can be guaranteed 100% secure. If we become aware of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the ICO within 72 hours and, where required, notify affected individuals without undue delay.

11. Changes to this policy

We may update this policy from time to time. The "Last updated" date at the top shows when changes were last made. Material changes will be highlighted on the site and, where we hold your email address for marketing purposes, notified by email.

12. Contact

For any questions about this policy or about how we handle personal data:

If you are not satisfied with our response, you have the right to complain to the UK Information Commissioner's Office (ico.org.uk).