Privacy Policy

---

This Privacy Policy explains how Hammerhead Tech (“we”, “our”, or “us”) collects, uses, discloses, and protects personal data through the CareMatch Portal (the “Service”), a Software-as-a-Service (SaaS) solution provided to our customers, including public sector entities such as Birmingham City Council. We are committed to safeguarding your privacy and ensuring compliance with applicable data protection regulations, including the General Data Protection Regulation (GDPR).

1. Information We Collect

• Personal Data: We may collect personal data such as names, email addresses, telephone numbers, job titles, and other identifiers when you register for or use our Service.
• Usage Data: Information about how you interact with the Service, including IP addresses, browser type, device information, and access times.
• Transactional Data: Data related to the transactions you perform via the Service, including referrals, supplier interactions, and other related activities.
• Technical Data: Details about your system’s performance and error logs to improve service reliability and user experience.

2. How We Use Your Information

We use your personal data for the following purposes:

• Service Provision: To deliver, maintain, and improve the CareMatch Portal, ensuring seamless functionality and support.
• Communication: To send system notifications, support updates, and important information regarding your account.
• Analytics and Improvement: To analyse usage patterns, diagnose issues, and enhance the Service through research and development.
• Compliance: To comply with legal obligations and regulatory requirements, including data protection laws.

3. Data Storage and Security

• AWS Infrastructure: Our Service is hosted on Amazon Web Services (AWS). We use AWS EC2 instances for compute, RDS for database management, and Virtual Private Clouds (VPCs) to isolate and secure our network environment.
• Encryption: Data is encrypted at rest (using AWS RDS encryption and other industry-standard protocols) and in transit (using TLS/SSL), ensuring that all personal and sensitive information remains secure.
• Access Controls: We implement strict access controls, including role-based access, multi-factor authentication, and secure credential management to limit data access to authorized personnel only.
• Monitoring and Auditing: Regular security assessments, vulnerability scans, and logging mechanisms are in place to monitor the integrity and security of our systems.

4. Data Sharing and Third Parties

• Service Providers: We may share your data with trusted third-party vendors who assist in providing our Service (e.g., AWS, customer support services), under strict confidentiality agreements.
• Legal Requirements: We may disclose personal data if required to do so by law or in response to valid legal requests from public authorities.
• Business Transfers: In the event of a merger, acquisition, or sale of assets, your personal data may be transferred to the relevant third party, subject to the conditions of this Privacy Policy.

5. Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, comply with our legal obligations, resolve disputes, and enforce our agreements. Data that is no longer required will be securely deleted or anonymized.

6. Your Rights

Depending on your jurisdiction, you may have certain rights regarding your personal data, including:

• Access: Requesting a copy of the personal data we hold about you.
• Correction: Requesting the correction of inaccurate or incomplete data.
• Deletion: Requesting the deletion of your personal data, subject to legal and contractual constraints.
• Objection: Objecting to the processing of your personal data for certain purposes.
• Portability: Requesting the transfer of your personal data to another organization.

To exercise these rights, please contact us using the details provided below.

7. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable laws. We will notify you of any significant changes by posting a notice on our website or through the Service. Your continued use of the Service after such changes constitutes your acceptance of the updated Privacy Policy.

8. Contact Us

If you have any questions or concerns about this Privacy Policy or our data practices, please contact us at:

Email: support@hammerheadtech.co.uk

Telephone: 0204 538 7925

Address: Belmont Suite Paragon Business Park, Chorley New Road, Horwich, Bolton, England, BL6 6HG

By using the CareMatch Portal, you acknowledge that you have read, understood, and agree to the terms outlined in this Privacy Policy.