Privacy Policy

Overview

This Privacy Policy explains how Blue Sky Medic Ltd processes personal data in connection with the Codara website at codara.co.uk.

We are committed to handling personal data in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and applicable UK data protection laws.

This policy applies only to visitors to our website. Separate documents govern other categories of processing, including:

• patient and clinician data processed through the Codara platform;
• platform-specific contractual and data processing arrangements;
• NHS National Data Opt-out matters.

Please also refer to our separate Cookie Policy.

Who we are

Blue Sky Medic Ltd is a company registered in England and Wales (company number 16207251).

Registered office: Spencer House, Morston Court, Aisecome Way, Weston-super-Mare, North Somerset, United Kingdom, BS22 8NG.

We are registered with the Information Commissioner's Office (ICO) under registration reference ZB949796.

For privacy-related queries, please contact our Data Protection Officer, Dr Anthony Cox, at dpo@codara.co.uk.

Information we process

Our website is a static informational website. We do not use website analytics, advertising trackers, newsletter sign-up forms, or marketing profiling technologies.

Like most websites, limited technical information may be processed automatically by hosting and security infrastructure when you visit the site. This may include:

• IP address;
• browser and device information;
• date and time of access;
• basic request and server log information.

This processing is necessary for website delivery, security, and reliability.

If you contact us by email, we will process:

• your email address;
• your name or signature information (if provided);
• the contents of your correspondence.

We process this information in order to respond to enquiries, maintain business communications, and manage our relationship with prospective or existing customers and partners.

We do not sell personal data and do not share personal data with third parties for their own marketing purposes.

Lawful basis for processing

We rely on the following lawful bases under UK GDPR:

• Legitimate interests — to operate, secure, and maintain our website and to respond to communications and enquiries.
• Legal obligations — where processing is necessary to comply with applicable legal or regulatory requirements.

Infrastructure and service providers

We use carefully selected third-party providers to support operation and delivery of our website and business services, including:

• IONOS for domain and DNS services;
• Firebase for website hosting and content delivery infrastructure;
• Google Workspace for business email services.

These providers process limited technical and operational data on our behalf under appropriate contractual and security arrangements.

International transfers

Some of our technology providers may process limited personal data outside the United Kingdom.

Where this occurs, we seek to ensure that appropriate safeguards are in place in accordance with UK GDPR requirements, including the use of recognised contractual protections where applicable.

Data retention

We retain email correspondence for up to two years after the most recent substantive contact unless:

• a longer retention period is required by law;
• retention is necessary for legal claims, regulatory purposes, or ongoing contractual matters.

Technical website logs are retained only for reasonable operational and security purposes.

Your rights

Under UK GDPR, you may have rights including:

• access to your personal data;
• rectification of inaccurate data;
• erasure of personal data;
• restriction of processing;
• objection to processing;
• data portability;
• the right to lodge a complaint with the ICO.

To exercise your rights, please contact dpo@codara.co.uk. We will respond in accordance with applicable legal timeframes.

Complaints

If you have concerns regarding our handling of personal data, please contact us first at dpo@codara.co.uk.

You also have the right to complain to the Information Commissioner's Office (ICO) — telephone 0303 123 1113.

Changes to this policy

We may update this policy periodically. The "Last updated" date at the top of this page indicates when this policy was most recently revised.