CareFully is owned and operated by Fairlight and is made available for sale on the Apple and Google app stores, via https://CareFully-online.com and also delivered in partnership with employers or local service providers.Fairlight is committed to protecting your personal information and being transparent about what we do with it, no matter how you interact with us. That’s whether you join as a member, create an account in one of the online platforms we own and operate, buy our products and services, subscribe to our newsletter or want to learn more about what we do.This Privacy Notice tells you what to expect when Fairlight collects personal information on CareFully ( https://carefully-online.com ) or installed from app stores:We are committed to using your personal information in accordance with our responsibilities. We are required to provide you with the information in this Privacy Notice under applicable law which includes:The General Data Protection Regulation (EU) 2016/679
The Data Protection Act 2018 (‘DPA’) referred to as the ‘data protection legislation’
The Privacy and Electronic Communications (EC Directive) Regulations 2003.We won’t do anything with your information you wouldn’t reasonably expect.This notice, together with CareFully’s terms and conditions tells you about how we collect, use and protect your personal information.If you have any queries about our Privacy Notice, please get in touch with our Information Governance team:Emailinfo@carefully-online.comPostData Protection Advisor
Fairlight Farm
Holtye Road
East Grinstead
West SussexRH19 3QFHow and when we collect information about youWhen you directly give us informationAs CareFully is an app that you can use to store information about yourself and someone that you are caring for, it is possible for you to store a wide variety of information within the app, some of which may be sensitive and confidential. It is also possible for you to choose to share this with another person by inviting them to join your CareFully circle, granting permissions as appropriate.All information that you store in CareFully is stored in our secure hosted datacentre and a copy of this information could also be stored in your app’s or web browser’s cache so that you are able to view it offline.We will also collect and store information about you when you interact with us. For example, this could be when you contact us to receive technical support, give us feedback or make a complaintWhen you indirectly give us informationWe may obtain information about your use of CareFully, for example the pages you visit and how you navigate the site, by using cookies. Please visit our cookies policy for more information on this.What information we might collectIf you are signing up for a new CareFully user account we will ask you to provide your email address and this is required to log in to the CareFully service. There are also areas to store your phone number and address but these are optional.If you contact us by phone, mail, in person or online in order to receive more information about the service, access technical support, give feedback or make a complaint information we collect may include your name, email address, telephone number, and other information relating to you personally which you may choose to provide to us.Data protection law recognises that certain types of personal information are more sensitive. This is known as 'sensitive' or 'special category' personal information and covers information revealing racial or ethnic origin, religious or philosophical beliefs and political opinions, trade union membership, genetic or biometric data, information concerning health or data concerning a person's sex life or sexual orientationThe only sensitive information we store is the information that you voluntarily enter into the CareFully app or website or send to us via email. In the event that we store any other sensitive information this will only be collected where necessary and only with your explicit consent. Clear notices will be provided at the time we collect this information, stating what information is needed, and why.If you're 16 or underIf you're aged 16 or under, you must get your parent/guardian’s permission before you provide any personal information to us.How and why we use your informationWe will use your personal information for the following purposes:To provide access to the CareFully app and website:We will use your personal information to allow you to access our app and website, personalise your experience, and improve and develop it further. In particular, we will use your personal information (email) to facilitate the creation of a user account - this will allow you to log in to the platform to store and retrieve additional information yourself and, if you choose to, to share this information with others by inviting them to join your circle. We may use your email address and name to keep you current with important service updates (these are not marketing emails).
Responding to a request: If you contact us with a query, we may use your personal information to provide you with a response.
Monitoring and Evaluation: We may use your information in order to improve current and future delivery of our service.
Administration: We may use your personal information to record and deal with a complaint, record a request not to receive further marketing information, record what our volunteers have done for us, and for other essential internal record keeping purposes.Who do we share your information with?We will only use your information for the purposes for which it was obtained. We will not, under any circumstances, sell or share your personal information with any third party for their own purposes, and you will not receive marketing from any other companies, charities or other organisations as a result of giving your details to us.We will only share your data for the following purposes:Third party suppliers: We may need to share your information with data hosting providers or service providers who help us to deliver our products, services or projects. These providers will only act under our instruction and are subject to pre-contract scrutiny and contractual obligations containing strict data protection clauses.We always aim to ensure that personal information is only used by those third parties for lawful purposes in accordance with this Privacy Notice. CareFully is sometimes delivered in partnership with service providers or employers who make the service available to service users or employees with caring responsibilities. We will never share your personal information with our delivery partners and any reporting will be done based on anonymised data.How we protect your informationWe use technical and corporate organisational safeguards to ensure that your personal information is secure. We limit access to information on a need-to-know basis and take appropriate measures to ensure that our people are aware that such information is only used in accordance with this Privacy Notice.We undertake regular reviews of who has access to information that we hold to ensure that your information is only accessible by appropriately trained staff, volunteers and contractors.Our online forms are always encrypted and our network is protected and routinely monitored. CareFully’s data is stored in a safe and secure hosting infrastructure with AWS within the UK. The system complies with the following security and assurance certifications:SOC-1
ISO 27001
PCI-DSS Level 1
ISO 9001Backups to this system are stored with Amazon S3 at their Data Centres in England. Both centres comply fully with GDPR.System backupsWe take maintenance backups of the entire CareFully system which may be retained for a period of up to 3 months. These are only used for repairing or restoring the system in case of a technical problem and after this time your information will be permanently deleted.How we handle your direct debit and credit card informationIf you use your credit or debit card to donate to us, buy something or make a booking online, we pass your card details securely to our payment processing partners. We do this in accordance with industry standards and do not store the details on our website.Fairlight is PCI compliant and uses external Payment Card Industry (PCI) compliant providers such as Stripe to collect this data on our behalf. We do not store PCI data on our own systems.However, please be aware that there are always inherent risks in sending information by public networks or using public computers and we cannot 100% guarantee the security of data (including personal information) disclosed or transmitted over public networks.Data retention and deletion:CareFully user account and CareFully circle data is stored for the purposes of providing access to the Service and to provide access to information about the person being cared for to members of a CareFully circle.You can delete all of the information that you store within your CareFully ‘circle’ (containing all of the information about the person you are caring for) and your personal account at any time yourself within the app/website. To do this please go to ‘My account > Delete your account and information’ (please note that you must be the only remaining member of the circle and must be a ‘Circle administrator’ before you will see this option).CareFully user account data:CareFully user account data is retained until you delete your own user account. When a CareFully user account is deleted we follow a deletion policy to make sure that all data related to your user account is safely and completely removed from our servers.
If a CareFully user account is inactive for five (5) consecutive years then the account is considered inactive. We will notify the account holder that the account and all related data will be deleted within two (2) calendar months unless activity is recorded in the account during the specified time period (we send three reminder emails: two months, one month and one week before deletion). If no further account activity is recorded then all data related to the user account is safely and completely removed from our serversCareFully circle data:Is retained until a CareFully user who has circle administrator rights deletes the CareFully circle within the CareFully app. When a CareFully user deletes a CareFully circle we follow a deletion policy to make sure that all data related to that circle is safely and completely removed from our servers.
If a CareFully circle is inactive for five (5) consecutive years (this is defined as no activity in that specific circle by any of the CareFully circle members registered with that circle) we will notify the circle administrators that all data related to that CareFully circle will be deleted within two (2) calendar months unless activity is recorded in the circle during the specified time period. If no further circle activity is recorded then all data related to the CareFully circle is safely and completely removed from our servers.Vulnerable circumstancesWe understand that additional care may be needed when we collect and process the personal information of vulnerable members, supporters and volunteers. In recognition of this, we observe good practice guideline in our interactions with vulnerable people.International transfers of informationWe may, on occasion decide to use the services of a supplier outside the European Economic Area (EEA), which means that your personal information is transferred, processed and stored outside the EEA. You should be aware that, in general, legal protection for personal information in countries outside the EEA may not be equivalent to the level of protection provided in the EEA.However we take steps to put in place suitable safeguards to protect your personal information when processed by the supplier such as entering into the European Commission approved standard contractual clauses. By submitting your personal information to us you agree to this transfer, storing or processing at a location outside the EEA.Your rights to your personal informationData protection legislation gives you the right to request access to personal information about you which is processed by Fairlight and to have any inaccuracies corrected.You also have the right to ask us to erase your personal information, ask us to restrict our processing of your personal information or to object to our processing of your personal information.If you wish to exercise these rights, please write to us and send it along with copies of two separate identification documents which provide photo identification and confirm your address, such as a passport, driving licence, or utility bill.Please also provide any additional information that is relevant to the nature of your contact with us, as this will help us to locate your records.You can send us the documents via post to:
Data Protection Advisor
Fairlight Farm,Holtye Road,East grinstead,West SussexRH19 3QFAlternatively email a copy of the form along with scans or photos of your two forms of identification to: governance@carersuk.orgWe will respond within 30 days, on receipt of your written request and copies of your identification documents.How to make a complaint or raise a concernIf you would like more information, or have any questions about this notice, to make a formal complaint about our approach to data protection or raise privacy concerns please contact by:Emailinfo@carefully-online.comPostCareFullyFairlight Farm
Holtye Road
East Grinstead
West SussexRH19 3QFIf you would like to make a complaint in relation to how we have handled your personal information, please follow our complaints procedure. If you are not happy with the response you receive, then you can raise your concern with the relevant statutory body:Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AFAlternatively, you can visit their website. We are registered with the Information Commissioner’s Office as a Data Controller under number ZC020426Changes to our Privacy NoticeOur Privacy Notice may change from time to time, so please check this page occasionally to see if we have included any updates or changes, and that you are happy with them. (Last updated: 9th Oct 2025))