Privacy Policy

At CQC Navigator, we are committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, store, and protect your information when you use our CQC compliance management platform.

1. Information We Collect

1.1 Personal Information

We collect personal information that you provide directly to us, including:

• • Contact details (name, email address, phone number)
• • Organisation information (name, address, CQC registration number)
• • Professional information (job title, role, responsibilities)
• • Account credentials (username, encrypted passwords)
• • Profile information and preferences

1.2 CQC Compliance Data

As part of our service, we collect and process:

• • Evidence documentation and supporting materials
• • Quality statements and compliance assessments
• • Action plans and improvement records
• • Uploaded documents and media files
• • RAG (Red, Amber, Green) status ratings

1.3 Technical Information

We automatically collect certain technical information:

• • IP addresses and device identifiers
• • Browser type, version, and operating system
• • Usage statistics and feature interactions
• • Log files and error reports
• • Session information and timestamps

2. How We Use Your Information

2.1 Service Provision

• • Provide and maintain CQC Navigator platform services
• • Enable collaboration between team members
• • Generate compliance reports and documentation
• • Facilitate evidence management and tracking
• • Process subscription payments and billing

2.2 Communication and Support

• • Respond to your enquiries and provide customer support
• • Send service-related notifications and updates
• • Provide training and onboarding assistance
• • Deliver important security and system notices

2.3 Improvement and Analytics

• • Analyse usage patterns to improve our services
• • Conduct research and development activities
• • Monitor system performance and security
• • Develop new features and functionality

3. Data Sharing and Disclosure

We do not sell, trade, or rent your personal information to third parties. We may share information in the following circumstances:

3.1 Service Providers

We work with trusted third-party service providers who assist us in:

• • Cloud hosting and data storage
• • Payment processing and billing
• • Email communication services
• • Analytics and performance monitoring
• • Customer support tools

3.2 Legal Requirements

We may disclose information when required by law, court order, or to protect our rights, property, or safety, or that of our users or the public.

3.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, user information may be transferred as part of the transaction, subject to equivalent privacy protections.

4. Data Security

We implement comprehensive security measures to protect your information:

4.1 Technical Safeguards

• • End-to-end encryption for data in transit and at rest
• • Multi-factor authentication options
• • Regular security audits and penetration testing
• • Secure cloud infrastructure with industry certifications
• • Automated backup and disaster recovery systems

4.2 Organisational Measures

• • Access controls and role-based permissions
• • Regular staff training on data protection
• • Incident response and breach notification procedures
• • Privacy by design principles in system development

5. Data Retention

We retain personal information for as long as necessary to:

• • Provide our services and maintain your account
• • Comply with legal and regulatory requirements
• • Resolve disputes and enforce agreements
• • Support CQC inspection and audit processes

Upon account termination, we will securely delete or anonymise your personal data within 90 days, unless longer retention is required by law or for legitimate business purposes.

6. Your Rights

Under UK GDPR, you have the following rights regarding your personal data:

To exercise these rights, please contact us using the details provided in Section 10. We will respond to your request within one month.

7. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience:

7.1 Essential Cookies

Necessary for basic website functionality, authentication, and security.

7.2 Analytics Cookies

Help us understand how users interact with our platform to improve services.

7.3 Preference Cookies

Store your settings and preferences for a personalised experience.

You can manage cookie preferences through your browser settings or our cookie consent tool.

8. International Data Transfers

Your data is primarily processed within the UK. If we transfer data internationally, we ensure:

• • Adequate protection through recognised mechanisms
• • Standard contractual clauses with service providers
• • Compliance with UK GDPR transfer requirements
• • Regular assessment of data protection standards

9. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in:

• • Our services and business practices
• • Legal and regulatory requirements
• • Industry standards and best practices

We will notify you of material changes through email or prominent notices on our platform. Continued use of our services after changes constitutes acceptance of the updated policy.

10. Contact Information

For questions about this Privacy Policy or your personal data:

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) if you believe we have not handled your personal data appropriately.