Legal

Privacy Policy

Last updated: June 2026

1. Who We Are

NursesCorner Ltd is the data controller for your personal data.

Email: founder@nursescorner.uk
Website: nursescorner.co.uk

This policy explains how we collect, use, store, and protect your information under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. What We Collect

You provide:

Name, email, professional title, NMC PIN (optional)
Career goals, nursing specialty, community profile info
Event registrations, feedback, messages
Payment data handled by Stripe - we never store card details

Collected automatically:

IP address, browser type, device info
Pages visited, usage patterns

3. How We Use Your Data

Purpose	Legal Basis
Process membership, manage subscription	Contract (Art 6(1)(b))
Send event updates, community announcements	Legitimate interest (Art 6(1)(f))
Mentor matching	Consent (Art 6(1)(a))
Improve services	Legitimate interest (Art 6(1)(f))
Tax and legal compliance	Legal obligation (Art 6(1)(c))
Marketing (opt-in only)	Consent (Art 6(1)(a))

4. Special Category Data

We do not intentionally collect health, race, religion, or political data. If you voluntarily share professional or health information in the community, you consent to us storing it for community participation.

Do not share identifiable patient information at any time.

5. Third-Party Processors

Stripe - payments (PCI DSS). stripe.com/gb/privacy
Supabase - database and auth (UK/EU infra). supabase.com/privacy
Vercel - hosting. vercel.com/legal/privacy-policy
Calendly - scheduling. calendly.com/legal/privacy
WhatsApp (Meta) - community channel. whatsapp.com/legal
Resend - email delivery. resend.com/privacy

We have data processing agreements with each. We use UK/EU infrastructure where possible.

6. Data Retention

Active members: duration of membership + 12 months
Cancelled members: basic data kept 6 years for tax purposes
Event registrants: 12 months after event
Feedback: 3 years, then anonymised

7. Your Rights

Under UK GDPR you have the right to:

Access your data (Article 15)
Correct inaccurate data (Article 16)
Erase your data (Article 17) - subject to legal retention
Restrict processing (Article 18)
Data portability (Article 20)
Object to processing (Article 21)

Email founder@nursescorner.uk to exercise any right. We respond within one month.

You also have the right to complain to the Information Commissioner's Office:

ico.org.uk/make-a-complaint/ - 0303 123 1113

8. ICO Registration

NursesCorner Ltd is registered with the Information Commissioner's Office (registration number to be confirmed). As a data controller processing personal data for membership services, registration is required under the Data Protection (Charges and Information) Regulations 2018.

9. Security

HTTPS/TLS encryption in transit
Encryption at rest
Access limited to company directors
PCI DSS-compliant payment processing via Stripe

We will notify you and the ICO within 72 hours if a breach occurs affecting your rights.

10. Cookies

Our website uses only essential cookies for site functionality and security. We do not use tracking, marketing, or analytics cookies without your explicit consent.

You can manage cookie preferences using the cookie banner on your first visit. You may also disable cookies in your browser settings, though some features may not work correctly.

Essential cookies are exempt from consent under UK GDPR / PECR. Non-essential cookies will only be set after you give consent via the cookie banner.

11. International Transfers

Most data stays in UK/EU. Where transfers occur (Stripe, WhatsApp), we rely on UK-approved mechanisms including the UK International Data Transfer Agreement.

12. Changes

Material changes notified via email. Check the "Last updated" date.

13. Contact

founder@nursescorner.uk