Privacy Policy – 365 Assist

1. Who we are Tunstall Healthcare (UK) Limited (“Tunstall”, “we”, “us”, “our”) provides the 365 Assist service. We are registered in England and Wales (company number 1332249) with our registered office at Whitley Lodge, Whitley Bridge, Yorkshire DN14 0HR. For the purposes of UK data protection law, where Tunstall provides the service directly to private customers, Tunstall is the data controller for the personal data described in this Privacy Policy. Where Tunstall provides services on behalf of a council, housing association or other organisation, that organisation is usually the data controller and Tunstall acts as a data processor. In those cases, you may also receive a separate privacy notice from that organisation. 2. What this Privacy Policy covers This Privacy Policy explains how we collect, use, store and share personal data when you: - enquire about, sign up to, or use the 365 Assist service - contact us (for example by phone, email or web form) - use our websites or online services where this Privacy Policy is presented 3. The personal data we collect We may collect and process the following categories of personal data (as applicable): A. Customer / payer details (the person entering into the contract and paying) - name, address, email address, telephone number - payment and billing information (including information needed to set up and manage Direct Debit payments) B. Service user details (the person receiving the service, if different from the payer) - name, address, contact details and other identifying information you provide - information relevant to providing the service, including emergency contacts and keyholder details C. Health and care-related information (where provided) - information you provide about medical conditions and current medications - GP/doctor details you provide D. Emergency contact details - names, relationship to the service user, phone numbers and other contact details of people you nominate for us to contact in an emergency E. Service and device information - details of equipment used to access the service, alarm events and call records - service usage and interaction history related to monitoring and responding to alarm calls F. Communications - records of emails, web messages and phone calls with you (including call recordings where we notify you this occurs) G. Technical and website information - IP address, device identifiers, browser type, and logs needed for security, fraud prevention and service reliability 4. Special category data Some information we process (such as information about medical conditions and medications) is “special category data” under UK GDPR. We will only process special category data where it is necessary to provide the service and to respond appropriately to an alarm call, or where you have provided it and it is reasonable for us to use it for those purposes. 5. How we use your personal data We use personal data to: - set up and administer your account and the 365 Assist service - provide the monitoring service, receive alarm calls and relay them to your nominated emergency contacts and, where appropriate, healthcare professionals or emergency services - contact you about service matters, including changes to the service, fault reporting and repairs - take payments and manage Direct Debit arrangements, invoices and refunds - provide customer support and handle queries, complaints and safeguarding concerns - maintain security, prevent fraud, and ensure the service is reliable and resilient - comply with legal obligations and respond to lawful requests from regulators, law enforcement or courts 6. Legal bases for processing Depending on the circumstances, we rely on the following legal bases under UK GDPR: - Contract: to provide the service you have requested and to manage the contract with the payer - Legal obligation: where we must comply with applicable laws and regulations - Legitimate interests: to operate, secure and improve our services, prevent fraud and manage customer relationships (balanced against your rights) - Vital interests: where processing is necessary to protect someone’s life (for example in an emergency) - Special category data condition: where necessary for the provision of health or social care services and in connection with monitoring alarm calls, or where needed to protect vital interests 7. Who we share data with We may share personal data with: - nominated emergency contacts and keyholders you provide - emergency services or healthcare professionals where appropriate in response to an alarm call - payment providers and banking partners to set up and manage Direct Debit payments (for example GoCardless) - suppliers who support delivery of the service (for example hosting, communications and IT support providers), acting under contract and appropriate security controls - regulators, auditors, insurers, and professional advisers where necessary We do not sell your personal data. 8. International transfers We aim to keep personal data in the UK. Where any supplier processes personal data outside the UK, we will ensure appropriate safeguards are in place (such as UK adequacy regulations or approved contractual clauses). 9. How long we keep data We keep personal data only for as long as necessary to provide the service and to meet legal, regulatory and operational requirements. Retention periods will vary depending on the type of data (for example, billing records and call records may need to be retained for longer periods). 10. Your rights You have rights under UK GDPR, including: - access to your personal data - correction of inaccurate data - deletion of data in certain circumstances - restriction or objection to processing in certain circumstances - data portability in certain circumstances You may also withdraw consent where we rely on consent (if applicable). These rights are not absolute and may be limited where the law allows. 11. How to contact us If you have questions about this Privacy Policy or how we use your personal data, contact: Email: hello@tunstall.com Post: Tunstall Healthcare (UK) Limited, Whitley Lodge, Whitley Bridge, Yorkshire DN14 0HR You also have the right to complain to the UK Information Commissioner’s Office (ICO) if you are unhappy with how we handle your data. 12. Changes to this Privacy Policy We may update this Privacy Policy from time to time. The version published in the app or on our website is the current version.