Back to Home

GDPR Compliance

Last updated: 2/2/2026

CareClink is committed to compliance with the General Data Protection Regulation (GDPR) and other applicable data protection laws. This page outlines how we protect your rights and ensure compliance when using our appointment and time attendance management platform.

Your GDPR Rights

Right of Access

Request a copy of all personal data we hold about you, including appointment records, time tracking data, and account information.

Right to Portability

Receive your data in a structured, machine-readable format for transfer to another appointment management system.

Right to Rectification

Correct inaccurate or incomplete personal data, such as interpreter profiles, company information, or appointment details.

Right to Erasure

Request deletion of your personal data, subject to legal and business requirements for appointment and time tracking records.

Data Processing & Legal Basis

Contract Performance

We process your data to provide our appointment and time tracking services:

  • Creating and managing user accounts and company profiles
  • Processing appointment bookings and scheduling requests
  • Tracking time attendance and generating reports
  • Managing interpreter availability and bookings
  • Providing customer support and technical assistance

Legitimate Interests

We process certain data based on our legitimate business interests:

  • Platform security and fraud prevention
  • Service improvement and feature development
  • Analytics and performance monitoring
  • Communication about platform updates and features

Legal Obligations

We may process data to comply with legal requirements:

  • Tax and accounting record keeping
  • Regulatory compliance and audits
  • Legal proceedings and dispute resolution
  • Data protection and privacy law compliance

Data Categories & Retention

Personal Data We Process

  • Account Data: Names, email addresses, phone numbers, company information
  • Appointment Data: Meeting schedules, locations, participants, duration
  • Time Tracking Data: Clock-in/clock-out times, attendance records, work hours
  • Interpreter Data: Credentials, availability, booking history, performance metrics
  • Platform Usage Data: Login times, feature usage, error logs, device information

Data Retention Periods

  • Active Account Data: Retained while account is active
  • Appointment Records: 7 years for business and legal compliance
  • Time Tracking Data: 7 years for payroll and tax purposes
  • Inactive Accounts: Deleted after 2 years of inactivity
  • Analytics Data: Aggregated and anonymized after 2 years

Data Security & Protection

Technical Safeguards

  • End-to-end encryption for data in transit and at rest
  • Multi-tenant architecture with strict data isolation
  • Role-based access controls and authentication
  • Regular security audits and penetration testing
  • Secure data centers with redundant backup systems

Organizational Measures

  • Employee training on data protection and privacy
  • Data processing agreements with all service providers
  • Incident response procedures for data breaches
  • Regular privacy impact assessments
  • Appointment of a Data Protection Officer

International Data Transfers

Your data may be processed in countries outside the European Economic Area (EEA). We ensure appropriate safeguards are in place through:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Adequacy decisions for countries with equivalent data protection standards
  • Binding corporate rules for intra-group transfers
  • Additional technical and organizational security measures

Third-Party Data Processors

We use carefully selected third-party service providers who process data on our behalf:

  • Cloud Infrastructure: AWS for secure data hosting and storage
  • Payment Processing: Stripe for subscription billing (PCI DSS compliant)
  • Customer Support: Intercom for help and communication
  • Analytics: Google Analytics for platform usage insights
  • Email Services: SendGrid for appointment notifications and reminders

Exercising Your Rights

To exercise your GDPR rights, you can:

  • Use the privacy settings in your account dashboard
  • Contact our Data Protection Officer directly
  • Submit a formal request through our privacy portal
  • Email us at privacy@careclink.com

Response Timeline

We will respond to your GDPR requests within 30 days. For complex requests, we may extend this period by up to 2 months, but we will notify you of any delay.

Data Breach Notification

In the unlikely event of a data breach affecting your personal data, we will:

  • Notify the relevant supervisory authority within 72 hours
  • Inform affected users without undue delay
  • Provide details about the breach and potential impact
  • Outline measures taken to address the situation
  • Offer guidance on protective steps you can take

Contact Our Data Protection Officer

For GDPR-related inquiries or to exercise your rights:

Data Protection Officer: Sarah Johnson

Email: dpo@careclink.com

Phone: +1 (555) 123-4567

Address: 123 Care Street, Health City, HC 12345

Supervisory Authority: Information Commissioner's Office (ICO)

Updates to This Policy

We regularly review and update our GDPR compliance practices. Changes to this policy will be communicated through our platform or via email. Your continued use of our services after such changes constitutes acceptance of the updated policy.