Privacy and Data Processing Policy

Last updated: August 2025

This Privacy and Data Processing Policy explains how CQCAPPLY LTD (“we”, “us”, or “our”) collects, uses, stores, and protects your data when you engage with us for CQC application support. By using our services or contacting us, you agree to the terms outlined below.

1. Who We Are

CQCAPPLY LTD is a UK-based company providing consultation services to individuals and organisations applying for Care Quality Commission (CQC) registration. We are registered with Companies House under the name CQCAPPLY LTD.

2. What Data We Collect

We only collect personal and organisational information necessary for CQC application purposes. This includes:

• Full names and contact information of directors, managers, and owners
• Enhanced DBS numbers and issue dates
• Employment history and qualifications
• Medical declarations, GP details
• Premises information including photographs or videos for inspection review
• Any information required by the CQC to process an application

3. How We Collect Your Data

We collect data through:

• Tally.so forms submitted by you
• Email communications (primarily via daniel@cqcapply.co.uk)
• Files shared via OneDrive or other mutually agreed secure channels

4. How We Use Your Data

Your data is used strictly for the purpose of:

• Preparing and submitting your CQC application
• Creating required documents (policies, business plans, SOPs, etc.)
• Providing guidance and feedback on your premises and readiness
• Communicating with you during the application process

5. Lawful Basis for Processing

We process your data under the lawful basis of legitimate interest and contract — as the data is necessary to fulfil the service you have requested.

6. Data Retention

We retain your data:

• Until your CQC application has been approved
• If your application is not approved, for an additional two weeks unless further work is agreed upon
• If we determine the failure was due to incomplete or incorrect information provided by the client, we may retain the data longer with your consent in order to support resubmission

7. Subprocessors and Third-Party Services

We use the following subprocessors to deliver our services:

• Microsoft OneDrive – for secure file storage and sharing
• Google Sheets and Microsoft Excel – for financial templates and planning
• Tally.so – for data collection forms

All subprocessors are GDPR-compliant and based in the UK or EEA.

8. Data Security

We take reasonable steps to ensure your data is stored securely, including use of encrypted cloud storage and secure form submissions. We do not print, post, or physically share your data.

8A. Locally Stored Files

In some cases, client files may be stored locally on secure, password-protected devices used by the team at CQCAPPLY LTD. Access to locally stored files is strictly limited and managed based on staff roles and responsibilities.

We ensure data security through the following measures:

• All devices are password-protected and use disk encryption (e.g., BitLocker or FileVault)
• Only authorised team members are granted access to specific files relevant to their assigned work
• Regular audits are conducted to ensure access control and compliance
• Devices are protected by up-to-date antivirus software and firewalls
• Data is retained only as long as necessary, and deleted promptly after the CQC application is approved, or two weeks after project closure unless otherwise agreed

Clients may request that their data is stored exclusively in secure cloud storage services. Such requests can be directed to daniel@cqcapply.co.uk.

9. Data Sharing

CQCAPPLY LTD does not routinely share your data with third parties. As part of the CQC application process, you (the client) will be responsible for submitting your own documents and information directly to the Care Quality Commission.

We may, with your consent, share information with regulated accountancy or compliance support services for the purpose of document accuracy or financial validation, but this is always made clear and agreed in advance.

Internally, only staff members assigned to your project have access to your file, and access is limited based on the nature of their role.

We will never sell or share your data with third parties for marketing purposes.

10. Your Rights

You have the right to:

• Access the data we hold about you
• Correct inaccuracies in your data
• Request deletion of your data
• Withdraw consent (where consent is used)

To exercise your rights, contact help@cqcapply.co.uk.

11. Cookies and Tracking

Our website does not currently use cookies or tracking technologies. It serves only as an informational platform for prospective clients. If this changes, we will update this section accordingly.

12. Hosting and Storage

This website is hosted via Cloudflare Pages. All client documentation is stored securely in cloud storage solutions.

13. Changes to This Policy

We may update this Privacy Policy from time to time. Any changes will be clearly marked with an updated "Last updated" date at the top of this page.

14. Contact Us

If you have any questions about this Privacy Policy or how your data is handled, please contact:

Email: daniel@cqcapply.co.uk