GDPR Compliance

Omega Life Ltd is committed to compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This page outlines how we meet our obligations as both a data controller and data processor.

1. Our Role

When you use Care One OS, your organisation acts as the data controller — you determine what personal data is entered and why. Omega Life Ltd acts as a data processor, processing data on your behalf in accordance with your instructions and our data processing agreement.

2. Data Processing Agreement

We provide a Data Processing Agreement (DPA) to all customers, which sets out:

• The types of personal data processed.
• The purposes and duration of processing.
• Our obligations as a data processor, including security measures and breach notification procedures.
• Sub-processor details and approval processes.

If you require a copy of our DPA, please contact us at info@careoneos.ltd.

3. Lawful Basis

As a data processor, we process personal data on the lawful bases established by you as the data controller. Common bases in the care sector include:

• Legal obligation: compliance with CQC, Ofsted, and health and social care regulations.
• Vital interests: protecting the health and safety of service users.
• Contractual necessity: delivering care services under a service agreement.
• Legitimate interests: operational efficiency and quality improvement.

4. Special Category Data

Care One OS may process special category data including health records, medication information, and other sensitive personal data. This processing is carried out under Article 9(2)(h) of the UK GDPR — processing necessary for health or social care purposes — and is subject to enhanced security measures.

5. Data Protection Measures

We implement comprehensive technical and organisational measures including:

• Encryption: all data is encrypted at rest and in transit using AES-256 and TLS 1.2+.
• Access controls: role-based access with multi-factor authentication available.
• Audit logging: all data access and modifications are logged and auditable.
• UK data residency: all data is stored exclusively in UK-based data centres.
• Regular testing: penetration testing and vulnerability assessments are conducted regularly.
• Staff training: all team members receive annual data protection training.

6. Data Subject Rights

We support you in fulfilling data subject rights requests including:

• Right of access (Subject Access Requests)
• Right to rectification
• Right to erasure ("right to be forgotten")
• Right to restrict processing
• Right to data portability
• Right to object

Our platform includes built-in tools to help you respond to these requests efficiently.

7. Data Breach Procedures

In the event of a personal data breach, we will:

• Notify you without undue delay and in any event within 72 hours of becoming aware of the breach.
• Provide full details of the breach, including the nature of the data affected and the measures taken.
• Assist you in notifying the Information Commissioner's Office (ICO) and affected individuals where required.

8. International Transfers

We do not transfer personal data outside the United Kingdom. All processing and storage takes place within UK-based infrastructure.

9. Data Protection Officer

For any GDPR-related queries, please contact:

Omega Life Ltd
40-42 Kemble Street, Prescot
Liverpool, L34 5SQ
Email: info@careoneos.ltd

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.