Privacy Policy

Last updated: 2nd June 2026

1. About this policy

This Privacy Policy explains how CareStream ("we", "us" or "our") collects, uses, shares and protects your personal data, and sets out your rights in relation to that data. It applies to personal data we collect through our website, by phone, email or post, and in the course of providing our services.

CareStream is a trading name of TRG Digital Ltd, a company registered in England and Wales with company number 11731704, whose registered office is at Suite Ra01, 195-197 Wood Street, London, England, E17 3NU.

For UK data protection law, including the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, TRG Digital Ltd is the "controller" of your personal data, meaning we are responsible for deciding how it is held and used.

We are committed to protecting your privacy and handling your personal data openly and transparently. Please read this policy carefully so that you understand how we use your information.

2. The personal data we collect

Depending on how you interact with us, we may collect and process the following types of personal data:

Identity and contact details — your name, date of birth, postal address, email address and telephone number.

Service-related information — details relating to the care or services you, or someone you are arranging care for, may require, including enquiries, bookings and correspondence with us.

Information about people you arrange care for — where you contact us on behalf of a family member or another person, the information you provide about them.

Financial information — billing and payment details for the services you use, we use Stripe as our 3rd party payment processor.

Website and technical data — your IP address, browser type, device information, and information about how you use our website, collected through cookies and similar technologies (see our Cookie Policy).

Communications — records of your correspondence with us, including emails, messages and call notes.

3. How we collect your personal data

We collect personal data:

• directly from you, when you contact us, make an enquiry, request or use our services, or correspond with us;
• from a person acting on your behalf, such as a family member, carer or representative;
• automatically, through cookies and similar technologies when you use our website; and

4. How and why we use your personal data

We only use your personal data where the law allows us to. The lawful bases we rely on are:

Contract — to provide the services you have requested and to perform our contract with you, or to take steps at your request before entering into a contract.

Legitimate interests — to operate, improve and promote our business, respond to enquiries, and keep our records and website secure, provided your rights do not override those interests.

Legal obligation — to comply with our legal and regulatory duties.

Consent — where we rely on your consent, for example, for certain marketing or non-essential cookies. You can withdraw consent at any time.

The main purposes for which we use your data include:

• administering payments and managing our accounts;
• communicating with you about your service;
• improving and securing our website and services; and
• complying with our legal and regulatory obligations.

5. Marketing

Where we have your consent or another lawful basis, we may send you information about our services that may be of interest to you. You can opt out of marketing at any time by [using the unsubscribe link in our emails / contacting us using the details below]. Opting out of marketing will not affect any service-related communications we need to send you.

6. Sharing your personal data

We do not sell your personal data. We may share it with:

• service providers and suppliers who help us run our business and provide our services, such as IT, hosting and payment providers, who act on our instructions;
• professional advisers, such as accountants and lawyers, where necessary; and
• regulators, law enforcement and other authorities, where we are required or permitted to do so by law.

Where we share data with third parties who process it on our behalf, we put appropriate contracts in place to ensure your data is protected.

7. How long we keep your personal data

We only keep your personal data for as long as we need it for the purposes set out in this policy, including to satisfy any legal, accounting, regulatory or reporting requirements. The length of time we keep data depends on its nature and the purpose for which it was collected. When we no longer need it, we securely delete or anonymise it.

9. How we keep your personal data secure

We have put in place appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, misuse or alteration. We limit access to your personal data to those who have a genuine need to access it, and they are subject to a duty of confidentiality. We also have procedures in place to deal with any suspected data breach and will notify you and the regulator where we are legally required to do so.

10. Your rights

Under data protection law, you have the following rights in relation to your personal data:

• Access — the right to be told whether we process your data and to receive a copy of it.
• Rectification — the right to have inaccurate data corrected and incomplete data completed.
• Erasure — the right to ask us to delete your data in certain circumstances.
• Restriction — the right to ask us to limit how we use your data in certain circumstances.
• Portability — the right to receive certain data in a structured, commonly used format and to have it transferred to another controller.
• Objection — the right to object to our use of your data in certain circumstances, including for direct marketing.
• Withdraw consent — where we rely on your consent, the right to withdraw it at any time.

To exercise any of these rights, please contact us using the details below. We will respond within one month, although we may extend this period for complex requests. There is usually no charge, although we may charge a reasonable fee or refuse a request that is clearly unfounded or excessive.

11. Cookies

Our website uses cookies and similar technologies. For full details of the cookies we use and how to manage them, please see our Cookie Policy.

12. Changes to this policy

We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated "Last updated" date. Where changes are significant, we will take reasonable steps to bring them to your attention.

13. Contact us and complaints

If you have any questions about this Privacy Policy, or if you wish to exercise any of your rights, please contact us:

CareStream (TRG Digital Ltd) Suite Ra01, 195-197 Wood Street, London, England, E17 3NU Email: hello@trgdigital.com or hello@CareStream.com and in the email, use Data Controller as the subject line.

If you have a concern about how we handle your personal data, we would ask you to contact us first so that we can try to resolve it. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK supervisory authority for data protection:

Information Commissioner's Office Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF Helpline: 0303 123 1113 Website: www.ico.org.uk