MedTrackr Logo

Privacy policy

Last updated: 20 August 2025

This policy explains how we collect, use, disclose and protect personal data. We comply with the UK GDPR and the Data Protection Act 2018.

Controller

MedTrackr Ltd is the controller of your personal data. Contact our Data Protection Officer:
privacy@medtrackr.co.uk, 38 Lowe House, 12 Hebden Place, London, SW8 2FT.

What we process and why

We process data to: (1) pre‑screen and verify work history and qualifications; (2) manage DBS‑related records; (3) track certification/recertification dates and send reminders; (4) provide a real‑time time card; (5) provide an AI CV/Resume builder (subject to plan); and (6) enable secure, time‑limited sharing of professional details with hiring managers.

Categories of data

  • Identification and contact data (e.g. name, address, email, phone)
  • Professional profile (employment history, qualifications, certifications)
  • Compliance data (DBS status, right‑to‑work information)
  • Account and usage data (login, audit logs, device and activity data)
  • Time and attendance data (time card entries)
  • Subscription and billing data (plan, invoices, limited payment identifiers)

Lawful bases for processing

We rely on: (a) performance of a contract (to provide the platform and requested features); (b) legitimate interests (to verify credentials, maintain platform security, prevent fraud, improve services); (c) consent (for optional features, marketing communications, and non‑essential cookies); and (d) legal obligation (e.g. complying with auditing, financial and DBS‑related requirements where applicable).

Where we get data from

From you directly; from your authorised referees, training bodies or former employers; and from service providers you authorise us to use (e.g. identity verification).

Sharing your data

We do not sell personal data. We share data with: (i) service providers under contract (hosting, security, analytics, communications, payments); (ii) hiring managers/companies you authorise via secure, time‑limited links; and (iii) authorities where required by law.

International transfers

Where data is transferred outside the UK, we use appropriate safeguards such as the UK IDTA/Addendum to the EU SCCs or other permitted transfer mechanisms.

Retention

We keep personal data only as long as necessary for the purposes described or to meet legal/accounting requirements, after which it is securely deleted or anonymised.

Security

We use end‑to‑end encryption in transit, strict access controls, monitoring, regular security assessments, and backups/disaster recovery.

Your rights

You have the right to access, rectify, erase, restrict, object, and to data portability. You may also withdraw consent where we rely on consent, and you have rights related to automated decision‑making. To exercise your rights, contact us at the details above.

Complaints

You can complain to the Information Commissioner’s Office (ICO) at ico.org.uk or by telephone on 0303 123 1113. We would appreciate the chance to deal with your concerns first.

Marketing

We will only send electronic direct marketing with your consent or as otherwise permitted by PECR. You can opt out at any time using the unsubscribe link in emails or by contacting us.

Changes to this policy

We may update this policy from time to time. Material changes will be notified via the site or by email.