Website Privacy Notice

Rapid Care Transcription UK Ltd

Last updated: 23/05/2025

1. Introduction

Rapid Care Transcription UK Ltd is committed to protecting your privacy and ensuring that your personal data is handled securely and in compliance with applicable UK data protection laws, including the UK GDPR and the Data Protection Act 2018. This Privacy Policy explains how we collect, use, and protect your personal data.

2. Lawful Basis for Processing

We process personal data under the following legal bases as defined in Article 6(1) of UK GDPR:

Purpose of Processing	Lawful Basis
Providing healthcare services	Performance of a contract (Article 6(1)(b))
Processing payments and invoicing	Legal obligation (Article 6(1)(c))
Marketing communications	Consent (Article 6(1)(a))
Improving our services (analytics, AI)	Legitimate interests (Article 6(1)(f))
Employment & HR processing	Performance of a contract (Article 6(1)(b))
Legal and regulatory compliance	Legal obligation (Article 6(1)(c))

If we process special category data (e.g., health data), we do so under Article 9(2) of UK GDPR, including:

• Explicit consent (Article 9(2)(a))
• Provision of healthcare (Article 9(2)(h))
• Public interest in health (Article 9(2)(i))

3. Data Collection and Retention

3.1 Types of Data We Collect

We collect the following types of personal data:

• Contact details (name, email, phone number, address)
• Health-related information (only where necessary for healthcare services)
• Payment and transaction details
• Communications and marketing preferences
• Employment-related data (for staff and applicants)

3.2 Data Retention Periods

We retain personal data only for as long as necessary to fulfil the purposes outlined in this policy, unless a longer retention period is required by law. Our retention periods are as follows:

Type of Data	Retention Period
Healthcare records (where we are the controller)	Minimum 8 years, as per NHS guidelines
Payment & transaction data	6 years, for tax and financial reporting
Marketing & communication data	Until consent is withdrawn or 24 months inactive
Employee records	6 years after employment ends

After these periods, personal data is securely deleted, anonymized, or archived in accordance with UK GDPR.

4. International Data Transfers

We may transfer personal data outside the UK and EEA for data storage, cloud services, or third-party processing. When we do, we ensure appropriate safeguards are in place, such as:

• Adequacy decisions (if the country is deemed to provide an adequate level of protection)
• Standard Contractual Clauses (SCCs) approved by the UK ICO & EU Commission.

You may request a copy of these safeguards by contacting our Data Protection Officer.

5. Your Rights Under UK GDPR

You have the following rights under Articles 12-22 of UK GDPR:

• Right to Access – Request a copy of your personal data.
• Right to Rectification – Correct inaccurate or incomplete data.
• Right to Erasure (“Right to be Forgotten”) – Request deletion of data.
• Right to Restriction of Processing – Limit how we use your data.
• Right to Data Portability – Obtain a copy of your data in a transferable format.
• Right to Object – Object to processing based on legitimate interests.
• Right to Withdraw Consent – If processing is based on consent.

5.1 How to Make a Request

To exercise your rights, please contact our Data Protection Officer at:

dpo@rapidcare4u.com

We will respond within one month, in line with Article 12 of UK GDPR.

6. Automated Decision-Making & Profiling

If we use AI, profiling, or automated decision-making for fraud detection, risk assessment, or eligibility decisions, you have the right to:

• Request human intervention if a decision significantly affects you.
• Express your viewpoint and challenge the decision.

We will always ensure transparency and fairness in any automated processes, in accordance with Article 22 of UK GDPR.

7. Security Measures

We implement appropriate technical and organizational measures to protect personal data, including:

• Encryption of sensitive data during transmission and storage.
• Access controls to restrict data access to authorized personnel only.
• Regular security audits and compliance reviews.
• Data minimization and pseudonymization to reduce privacy risks.

8. Sub-Processors

Any transfer of your personal data will follow applicable laws and we will treat the information under the guiding principles of this Privacy Notice.

Sometimes we will need to share your personal data with authorised third parties and suppliers outside your chosen data territory, this will be for purposes such as: enabling payments, project management tools, back-office functions and our customer relationship or accounts management system. Your data is shared only when strictly necessary and in accordance with the safeguards and good practices detailed in this privacy policy. Further details of all applicable authorised sub-processors are set out in (insert Link)

9. Cookies

We use cookies on our site; you can read more about how we use cookies and how you can change your preferences on our cookies page https://www.rapidcare4u.com/philippines/cookie-policy.php.

10. Changes to This Privacy Policy

We may update this policy periodically. The latest version will always be available on our website. If we make significant changes, we will notify you directly via email or our platform.