Privacy Notice
Last updated: May 2026
This Privacy Notice explains how HealthCrew AI Ltd (“HealthCrew AI”, “we”, “us”, “our”) collects, uses, retains and protects personal data when you visit this website or contact us, in line with the UK GDPR, the Data Protection Act 2018, and the Privacy and Electronic Communications Regulations (PECR).
1. Who we are (controller)
The data controller for personal data processed via this website is HealthCrew AI Ltd, registered office 67 Maygreen Crescent, Hornchurch, RM11 1EL, United Kingdom. For privacy-related questions or to exercise your rights, contact [email protected].
2. Personal data we collect
- Identity & contact data when you submit a contact form or email us — name, work email, organisation, role, message content.
- Technical data automatically collected when you visit — IP address, browser/device type, operating system, referrer, and pages visited. This is processed for security, fraud-prevention and service-reliability purposes (legitimate interests).
- Cookie & analytics data, only with your consent — see “Cookies” below.
- We do not intentionally collect special category data (e.g. health data) via this website. Please do not include such information in unsolicited messages.
3. Lawful basis for processing
| Activity | Lawful basis (UK GDPR Art. 6) | Retention |
|---|---|---|
| Responding to enquiries / sales conversations | Legitimate interests (Art. 6(1)(f)) | Up to 24 months from last contact |
| Site security, abuse-prevention & access logs | Legitimate interests (Art. 6(1)(f)) | 90 days, then aggregated |
| Optional analytics & performance measurement | Consent (Art. 6(1)(a)) + PECR reg. 6 | Up to 14 months |
| Optional marketing measurement (LinkedIn Insight) | Consent (Art. 6(1)(a)) + PECR reg. 6 | Up to 6 months |
| Legal & regulatory record-keeping | Legal obligation (Art. 6(1)(c)) | As required by applicable law (typically 6 years) |
5. Who we share data with
- Service providers — cloud hosting, email delivery, analytics (only with consent). All providers act as processors under written contracts that meet UK GDPR Art. 28.
- Authorities — where required by law, regulation, or to defend legal claims.
Where personal data is transferred outside the UK, we rely on UK adequacy regulations or the UK International Data Transfer Addendum to the EU Standard Contractual Clauses, with appropriate supplementary safeguards.
6. Your rights under UK GDPR
Subject to legal limits, you have the right to:
- access a copy of your personal data;
- have inaccurate data corrected;
- have your data erased (“right to be forgotten”);
- restrict or object to specific processing;
- data portability;
- withdraw consent where processing relies on it;
- not be subject to fully automated decisions with legal effect.
To exercise any right, email [email protected]. We will respond within one calendar month (extendable by two further months for complex requests, with notice).
7. Security
We apply industry-standard technical and organisational measures including TLS in transit, encryption at rest, OWASP-aligned secure development, least-privilege access, audit logging, and regular patching. Suspected vulnerabilities can be reported to [email protected].
8. Complaints to the ICO
You have the right to lodge a complaint with the UK Information Commissioner's Office (ICO). Contact details:
Information Commissioner's OfficeWycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
Helpline: 0303 123 1113
ico.org.uk/make-a-complaint
9. Changes to this notice
We may update this notice from time to time. Material changes will be highlighted on this page; the “Last updated” date at the top will change accordingly.
