Privacy Policy

This Kope-Medics Privacy Policy (“Policy”) outlines the personal information that Kope-Medics Ltd (“Kope-Medics”, “we”, “us” or “our”) gathers, how we use that personal information, and the options you have to access, correct, or delete such personal information. This document constitutes the Intellectual Property of Kope-Medics Ltd. Unauthorised reproduction, derivation, or distribution is strictly prohibited.

1. Our Privacy Promise

At Kope-Medics Ltd, our mission to provide specialist care is rooted in the fiduciary trust placed in us by our service users and their families. We commit to communicating transparently, providing clinical-grade security, and protecting the confidentiality of personal and health information.

Kope-Medics operates as a Data Controller under the UK GDPR. We strictly ensure that the processing of health and social care Special Category Data is necessary, proportionate, and handled with clinical-grade confidentiality. We implement the ‘Principle of Least Privilege’, ensuring data is accessed only on a Need-to-Know basis to facilitate safe clinical intervention.

We do not sell or rent personal information. We will only share or otherwise disclose your personal information as necessary to provide our Services or as otherwise described in this Policy.

2. About Us

We are Kope-Medics Ltd, a company incorporated in England and Wales.

• Company Number: 11452179
• Registered Address: Unit 8B Evelyn Court, Grinstead Road, London, SE8 5AD
• Information Governance: For all Data Subject Access Requests (DSAR) or Right to Erasure enquiries, please contact our Information Governance lead at info@kope-medics.com or at our Headquarters address.

You can also complain to the Information Commissioner's Office (ICO) if you are unhappy with how we have used your data:

• Address: Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
• Helpline: 0303 123 1113
• Website: www.ico.org.uk

3. Policy Application

This Policy applies to the personal information of the following categories of data subjects:

• Service Users & Representatives: Individuals receiving complex care and their authorised representatives.
• Administrative & Clinical Users: Those with authenticated credentials to access our Clinical Information Systems.
• Staff & Applicants: Those who apply for roles via our recruitment portals or attend our licensed training events.
• Website Visitors: Those who visit our websites, including www.kope-medics.com.

4. Information We Collect

We only collect the minimum dataset required for clinical safety to provide safe, goal-oriented clinical care and fulfil regulatory obligations:

• Information you give us: Personal information submitted via web forms, registration, surveys, or direct communication.
• Image and voice: Where you consent during Kope-Medics events.
• Sensitive Clinical Data: Medical history, biometrics, care plans, and specialist high-dependency requirements (e.g. Tracheostomy or PEG management).
• Professional Data: DBS status, professional registrations (e.g. NMC), and competency sign-offs.
• Technical Data: IP addresses and telemetry data processed to ensure the integrity and security of our digital care records.

5. How We Legally Process Information

Under UK GDPR Article 6 and Article 9 (for special category health data), we process information under the following lawful bases:

• Provide, operate, maintain, and improve our Websites and Services.
• Send communications and respond to comments, questions, and support requests.
• Comply with legal obligations and investigate unauthorised or illegal activities.
• Deliver Clinical Care, including medication regimes, care plans, and emergency protocols.
• Regulatory Compliance: maintaining evidence for CQC inspections and local authority audits.
• Legitimate Interests: for effective organisational management and security.

6. Information from Third Party Services

We may combine information we collect with personal information we obtain from third parties. We work with Sub-processors (Service Providers) for essential functions, including Digital Care Record Systems, Payroll Providers, and IT Support Services, who are bound by Data Processing Agreements (DPAs) prohibiting independent use of your data.

We may also share your information in the following circumstances:

• To respond to a Subpoena, Court Order, or Statutory Request from the CQC/Local Authority.
• In Emergency Circumstances to prevent immediate physical harm.
• During a Corporate Transaction (Merger/Acquisition) under strict Non-Disclosure Agreements.

7. Notice to UK Residents

“Personal information” as referenced in this Privacy Policy means “personal data” as defined under the UK General Data Protection Regulation (UK GDPR). Kope-Medics is a data controller for the personal information collected from all categories of data subjects listed above.

We normally collect personal information from you only where: (a) we have your consent; (b) we need it to perform a contract with you; or (c) the processing is in our legitimate interests. If you have any questions about the legal basis on which we collect and use your personal information, please contact us at info@kope-medics.com.

8. Data Security, Storage & Retention

In line with Kope-Medics's Information Governance policies, we implement Technical and Organisational Measures appropriate to the risk:

• Encryption: Data is encrypted at rest and in transit using industry-standard protocols.
• Retention: Your information is securely stored in accordance with the NHS Records Management Code of Practice 2021. Once the retention period expires, we permanently delete digital files and securely shred physical documentation.
• International Transmissions: Any trans-border data flow is governed by Standard Contractual Clauses (SCCs) or International Data Transfer Agreements (IDTAs).
• Tiered Access: Digital documents are stored on encrypted drives with access restricted by tier and department.

9. Data Subject Rights and Choices

Kope-Medics recognises your data protection rights. You have the right to access, correct, update, port, or delete your personal information, and to restrict or object to the processing of your personal information. To make a Rights Request, please email us at info@kope-medics.com. We will respond within thirty (30) days.

10. Notification of Changes

If we make changes to this Policy that we believe materially impact the privacy of your personal information, we will promptly provide notice of any such changes and post the updated Policy on this website noting the effective date of any changes.

11. Business Transactions

We may assign or transfer this Policy, as well as information covered by this Policy, in the event of a merger, sale, change in control, or reorganisation of all or part of our business.

12. English Language Controls

In the event of any ambiguity or conflict between translations, the English version is authoritative and controls.

13. Your Rights under UK GDPR

• Access & Rectification: You may request a copy of your information or ask us to fix inaccuracies.
• Deletion & Objection: You may request that your information be deleted or object to specific processing.
• Portability: You have the right to request your data be transmitted to another controller.
• Withdrawal of Consent: Where processing is based on consent, you can withdraw it at any time.

14. Contact Us & Complaints

If you wish to exercise your rights or have a question about this Policy, please contact us:

• Email: info@kope-medics.com
• Address: Unit 8B Evelyn Court, Grinstead Road, London, SE8 5AD

You also have the right to complain to the Information Commissioner's Office (ICO):

• Address: Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
• Helpline: 0303 123 1113
• Website: www.ico.org.uk