Legal & compliance

Public legal pages, plus links to the working documents under docs/legal/ in the repository (ROPA, DPIA, DPA template, sub-processor list, retention policy, breach playbook).

Draft — this page is a starting template generated by the engineering team. It must be reviewed and finalised by a UK data-protection / care-sector solicitor before it goes live. Placeholders that look like __LIKE_THIS__ still need filling in.

Privacy notice

How we collect, use, and protect personal data for service users and staff, including health data and the rights you have.

The rules for using the RegIntel Rota product. Separate from the source-code MIT licence.

Cookie policy

Which cookies and local-storage entries we use, and how to change your preferences.

Accessibility statement

Our WCAG 2.2 AA conformance target, known issues, and how to ask for an accessible alternative.

Internal-only documents

Not published. Live in the repository so they evolve with the product.

docs/legal/ROPA.md — Records of Processing Activities (UK GDPR Art 30)
docs/legal/DPIA.md — Data Protection Impact Assessment
docs/legal/DPA_TEMPLATE.md — Customer-facing Data Processing Agreement
docs/legal/SUBPROCESSORS.md — Disclosed sub-processor list
docs/legal/RETENTION_POLICY.md — Per-entity retention schedule
docs/legal/BREACH_RESPONSE_PLAYBOOK.md — 72-hour breach response
docs/runbooks/gdpr-subject-request.md — SAR / erasure / rectification runbook (existing)

Legal & compliance

Public legal pages, plus links to the working documents under docs/legal/ in the repository (ROPA, DPIA, DPA template, sub-processor list, retention policy, breach playbook).

Privacy notice

How we collect, use, and protect personal data for service users and staff, including health data and the rights you have.

The rules for using the RegIntel Rota product. Separate from the source-code MIT licence.

Cookie policy

Which cookies and local-storage entries we use, and how to change your preferences.

Accessibility statement

Our WCAG 2.2 AA conformance target, known issues, and how to ask for an accessible alternative.

Internal-only documents

Not published. Live in the repository so they evolve with the product.

docs/legal/ROPA.md — Records of Processing Activities (UK GDPR Art 30)
docs/legal/DPIA.md — Data Protection Impact Assessment
docs/legal/DPA_TEMPLATE.md — Customer-facing Data Processing Agreement
docs/legal/SUBPROCESSORS.md — Disclosed sub-processor list
docs/legal/RETENTION_POLICY.md — Per-entity retention schedule
docs/legal/BREACH_RESPONSE_PLAYBOOK.md — 72-hour breach response
docs/runbooks/gdpr-subject-request.md — SAR / erasure / rectification runbook (existing)

Legal & compliance

Public legal pages, plus links to the working documents under docs/legal/ in the repository (ROPA, DPIA, DPA template, sub-processor list, retention policy, breach playbook).

Privacy notice

How we collect, use, and protect personal data for service users and staff, including health data and the rights you have.

The rules for using the RegIntel Rota product. Separate from the source-code MIT licence.

Cookie policy

Which cookies and local-storage entries we use, and how to change your preferences.

Accessibility statement

Our WCAG 2.2 AA conformance target, known issues, and how to ask for an accessible alternative.

Internal-only documents

Not published. Live in the repository so they evolve with the product.

docs/legal/ROPA.md — Records of Processing Activities (UK GDPR Art 30)
docs/legal/DPIA.md — Data Protection Impact Assessment
docs/legal/DPA_TEMPLATE.md — Customer-facing Data Processing Agreement
docs/legal/SUBPROCESSORS.md — Disclosed sub-processor list
docs/legal/RETENTION_POLICY.md — Per-entity retention schedule
docs/legal/BREACH_RESPONSE_PLAYBOOK.md — 72-hour breach response
docs/runbooks/gdpr-subject-request.md — SAR / erasure / rectification runbook (existing)