Last updated: March 2026
1. Introduction
Each Other Care Ltd ("we", "us", "our") is committed to protecting the privacy and security of personal data processed through the Herbert ERP platform. This policy explains how we collect, use, and safeguard your information.
2. Data Controller
Each Other Care Ltd is the data controller for user account data. Individual care home operators are the data controllers for resident and operational data processed through the Service.
3. Legal Basis for Processing
We process personal data on the following legal bases: performance of a contract (providing the Service), legitimate interests (improving the Service, security), legal obligation (regulatory compliance), and consent (where applicable).
4. Types of Data Collected
We collect: user account information (name, email, role), authentication data, usage logs, and device information. Care home operators may process resident data including health records, care plans, and next-of-kin details through the Service.
5. How We Use Your Data
Your data is used to: provide and maintain the Service, authenticate users, generate audit trails, improve system performance, and communicate service updates.
6. Data Sharing
We may share data with: cloud infrastructure providers (for hosting), regulatory bodies such as the Care Quality Commission (CQC) where required by law, and local authorities where there is a safeguarding obligation.
7. Data Retention
User account data is retained for the duration of your organisation's contract plus 12 months. Audit logs are retained for 7 years in accordance with CQC requirements. Resident data retention is governed by your organisation's data retention policy.
8. Your Rights Under GDPR
You have the right to: access your personal data, rectify inaccurate data, request erasure (where applicable), restrict processing, data portability, and object to processing. To exercise these rights, contact your organisation's data protection officer or us directly.
9. Cookies
The Service uses essential cookies for authentication and session management. These cookies are strictly necessary for the Service to function and cannot be disabled. We do not use marketing or analytics cookies.
10. Changes to This Policy
We may update this policy from time to time. We will notify users of material changes via the Service or by email. Continued use of the Service after changes constitutes acceptance.
11. Contact the Data Protection Officer
For data protection enquiries, contact our DPO at dpo@eachother.care.