Privacy Policy
Who we are
Pluto provides integrated digital solutions for the healthcare and social care sector. Our services include Pluto Homecare, an intelligent care management and family portal; Pluto HNS, which supports NHS workforce and compliance management; and Pluto Recruit, a recruitment CRM and mobile portal for nurses. We also offer Biosigns health and wellbeing assessments, OneCare SAFE and Assisted Ambient Living (AAL) monitoring, and integrated health screening through Sensing Evolution Group solutions.
We are registered in [England and Wales] with company number [XXXXXXX] and our registered office is at [address]. You can contact our Data Protection Officer at [email protected].
Our role in data processing
Pluto acts both as a Processor and as a Controller. When we act as a Processor, we process personal data solely on the instructions of another organisation, such as a care provider or NHS Trust, which is the Controller. If you are a patient, service user, or healthcare professional using Pluto through such an organisation, you should contact them directly for details about how they handle your personal data.
We act as a Controller when processing data for our own purposes, such as for recruitment, marketing, direct service provision to our customers, app usage, product testing, event participation and website interactions. This privacy notice applies to data we process in our role as a Controller.
Technical and operational security
We take the protection of your data seriously. All information is stored securely, with appropriate encryption and access controls in place. Access is limited to authorised personnel, and all staff receive training in data protection and security. We maintain audit logs where required by regulation, including in relation to NHS and CQC compliance. Privacy by design is built into our systems and development processes.
Your rights
You have the right to request a copy of your personal data, to ask us to correct inaccurate information, to request deletion where there is no legal basis for us to retain it, and to restrict or object to certain types of processing. You can also request that we transfer your data to another provider, withdraw your consent where processing is based on consent, and ensure that you are not subject to automated decision-making with legal or significant effects.
If you wish to exercise any of these rights, you can contact us at [email protected]. You also have the right to complain to the UK Information Commissioner’s Office via www.ico.org.uk.
What happens if Pluto changes hands
If Pluto is sold or merged with another business, the relevant personal data we hold will be transferred to the new owner so it can continue to be used for the same purposes. We will notify you in advance of any such change.
Privacy notices by audience
Corporate Client's
When you are a corporate client, we hold your contact and payment details so that we can deliver our services, manage our relationship with you and keep you informed of any relevant updates. We process this information on the basis of our contract with you and our legitimate interest in maintaining our business relationship. We share data only with trusted service providers under contract, and where international transfers are necessary, we apply appropriate safeguards. We retain this data for the duration of our relationship with you and for seven years afterwards to meet accounting and legal requirements.
Potential corporate clients
When you are a potential corporate client, we hold your name, job title, contact details and business information, either provided directly by you or sourced from public information, events or referrals. We process this data under our legitimate interest to inform you about our services, in compliance with the Privacy and Electronic Communications Regulations. You may opt out of communications at any time, after which we will place your details on a suppression list to ensure you are not contacted again.
Users
When you use our apps, we process your contact details, login credentials, service information such as shifts, visits and care notes, communications, device details and usage logs. This processing is necessary for us to fulfil our contract with you. We also rely on legitimate interests to maintain security and improve performance, and on consent for marketing communications and any non-essential cookies. We retain service data for twelve months after your account is closed, and usage logs for twelve months, unless a longer period is required by law or our contracts with your organisation.
Who we are
Pluto provides integrated digital solutions for the healthcare and social care sector. Our services include Pluto Homecare, an intelligent care management and family portal; Pluto HNS, which supports NHS workforce and compliance management; and Pluto Recruit, a recruitment CRM and mobile portal for nurses. We also offer Biosigns health and wellbeing assessments, OneCare SAFE and Assisted Ambient Living (AAL) monitoring, and integrated health screening through Sensing Evolution Group solutions.
We are registered in [England and Wales] with company number [XXXXXXX] and our registered office is at [address]. You can contact our Data Protection Officer at [email protected].
Health screening and monitoring participants
When you participate in health and wellbeing assessments such as Biosigns, or use monitoring services such as OneCare SAFE and AAL, we process special category health data. This may include vital signs, sensor alerts, activity patterns, wellbeing survey responses and other contextual information. We process this information with your explicit consent, or where necessary to protect your vital interests in an emergency, or to fulfil a service contract. Data is stored securely and retained for the period required by the relevant care standards or as agreed in our contract with the organisation providing your care.
Potential employees and contractors
If you apply to work with us, we process your name, CV, qualifications, compliance checks such as DBS and right to work documentation, references, interview notes, salary expectations and any feedback you choose to provide. We process this data to assess your suitability for the role, to meet legal obligations and, where relevant, with your consent. If you are not shortlisted, we delete your information around thirty days after our last contact. If you are shortlisted but not successful, we keep your data for twelve months so we may contact you about other opportunities. If you are hired, our employee privacy notice will apply.
Product testers
When you test our products, we keep your contact details along with any recordings, screenshots, device information or audio from the test sessions. We process this information under our legitimate interest to improve our products. Recordings are kept for three months, and contact details for up to seven years unless you ask us not to.
Event attendees
If you attend an event where we are present, we may collect your name, email address, company details and record your interactions with us. We may also take photographs or videos at events. Crowd shots are used under our legitimate interest for marketing, but we will ask for your consent before using identifiable individual images. Your contact details may be used to follow up after the event, unless you opt out.
Prize draw entrants
If you enter a prize draw, we will process your name, email address and job title if provided. This information is used solely to administer the draw and is processed under our legitimate interest. We keep this data for two months after the draw closes, after which survey responses are anonymised.
Website visitors and chatbot users
When you visit our website, we may process your IP address, device data, cookie information and any details you provide via our chatbot. Non-essential cookies are used only with your consent. We rely on our legitimate interest to use aggregated analytics for security and performance monitoring. Chat transcripts are stored for twenty-four hours before deletion.
Data sharing and international transfers
We work with trusted third-party service providers for hosting, analytics, communications and other support functions. All providers are bound by contracts that require them to handle data securely and in compliance with the law. Where data is transferred outside the UK or EEA, we use approved safeguards such as Standard Contractual Clauses or the UK International Data Transfer Agreement. We never sell your data.
Changes to this notice
We may update this privacy notice from time to time. The latest version will always be available on our website, and we will contact you directly if we make any significant changes to the way we process your data.
