1. Who we are
ServPatch Ltd ("ServPatch", "we", "us") provides mobile first care management software for UK care homes and domiciliary care providers. We are the data controller for personal data collected through our website, and a data processor for care record data our customers input into the ServPatch platform on behalf of the people they support.
2. What data we collect
Depending on how you interact with us, we may collect:
- Contact and enquiry data: name, email, phone number, organisation, and message content when you request a demo, trial or contact us.
- Account and usage data: staff login details, role, and activity logs when your organisation uses the ServPatch platform.
- Care record data: care notes, medication records, incident reports and related information entered by care providers. This data belongs to our customers, who act as data controller for it; ServPatch acts as data processor under a Data Processing Agreement.
- Technical data: IP address, browser type, device information and cookies collected through normal website operation.
3. How we use data
- To provide, maintain and support the ServPatch platform
- To respond to enquiries and arrange demos or trials
- To send onboarding, training and service communications to customers
- To meet legal, regulatory and safeguarding obligations
- To improve our product based on aggregated, non-identifying usage patterns
We do not sell personal data, and we do not use care record data to train third-party models without explicit written agreement with the data controller.
4. Legal basis
We process personal data under UK GDPR on the basis of contract (to deliver services you or your organisation have signed up for), legitimate interest (responding to enquiries, improving the service) and legal obligation (safeguarding, regulatory reporting).
5. Where data is stored
Customer and care record data is hosted in UK data centres. Data is encrypted in transit and at rest. Access is role-based, so staff only see the information relevant to their role within their organisation.
6. Data sharing
We share data only with sub-processors needed to run the platform (such as UK cloud hosting providers), professional advisers, and regulators or authorities where required by law. Any sub-processor is bound by a written agreement providing at least the same level of protection as this policy.
7. Retention
Care record data is retained for the period required by the customer's regulatory obligations, typically in line with CQC and equivalent UK guidance, and is deleted or returned to the customer at the end of a contract. Website enquiry data is retained for as long as reasonably needed to respond to and follow up on the enquiry.
8. Your rights
Under UK GDPR you have the right to access, correct, delete, restrict or port your personal data, and to object to certain processing. If ServPatch is a data processor for your care records, requests about that data should usually go through the care provider organisation as the data controller. For all other enquiries, contact us using the details below.
9. Cookies
Our website uses only essential cookies required for the site to function. We do not use third-party advertising or tracking cookies.
10. Changes to this policy
We may update this policy from time to time. Material changes will be reflected by an updated "last updated" date at the top of this page.
11. Contact us
Questions about this policy or your data can be sent to [email protected], or by post to ServPatch Ltd, registered in England & Wales.