Security, Privacy, and Data Protection
Secure.
Private.
Compliant.
Secure, compliant, and built to protect sensitive healthcare data at every level.
Secure by Design
GPDR Compliant
Stay compliant
Overview
Our Approach to Security and Data Protection
AmbuNet is a secure, cloud-based platform designed for healthcare and event medical organisations. We are committed to protecting personal data and ensuring full compliance with applicable data protection laws, including the General Data Protection Regulation (GDPR) and UK GDPR.
AmbuNet acts as a Data Processor, with each customer organisation acting as the Data Controller for the data they input and manage within the platform.
We implement appropriate technical and organisational measures to ensure that all personal data—including sensitive healthcare data—is handled securely, lawfully, and transparently.
Hosting & Data Location
Where Your Data Is Stored and Processed
AmbuNet is hosted using infrastructure located within the United Kingdom and the European Economic Area (EEA).
Core Infrastructure
- Application servers are hosted in the United Kingdom (London)
- File storage is hosted within AWS (London region)
- Backups are stored within the European Economic Area (EU)
Data Residency
- Primary application data (including patient records and operational data) is stored within UK-based infrastructure
- Backup and resilience systems utilise EU-based infrastructure
- No core platform data is intentionally hosted outside the UK/EU
The United Kingdom benefits from an adequacy decision from the European Commission, meaning it is recognised as providing an equivalent level of data protection to the EU.
Security Measures
How We Protect Your Data
AmbuNet implements a range of technical and organisational security measures appropriate to the risk, including:
Data Security
- Encryption in transit using HTTPS/TLS
- Secure password hashing using bcrypt
- Role-based access control (RBAC)
- Multi-factor authentication (MFA) for access to sensitive data
System Security
- Segregation of tenant data across the platform
- Logging and monitoring of system and data access
- Regular updates and security patching
- Controlled access to infrastructure
Resilience & Availability
- Redundant infrastructure and backup systems
- Ability to restore data and services in a timely manner
- Regular review and testing of security measures
AmbuNet continuously evaluates and improves its security controls to maintain a high standard of data protection.
Sub-Processors
Trusted Third-Party Providers We Use
AmbuNet uses a limited number of trusted third-party providers (“Sub-Processors”) to deliver specific services.
These include:
- IONOS – Hosting infrastructure (United Kingdom)
- Amazon Web Services (AWS) – File storage and infrastructure (United Kingdom/EU regions)
- Postmark – Email delivery (limited personal data such as name and email address)
- ClickSend – SMS delivery (limited personal data such as phone number)
- ClickUp – Internal support, bug tracking, and feature requests (limited personal data such as name and email address)
Data Handling by Sub-Processors
- Sub-Processors only receive the minimum data necessary to perform their function
- No patient clinical data is intentionally processed by support or communication tools
- All Sub-Processors are subject to appropriate contractual and data protection obligations
International Data Transfers
How Data Is Transferred and Safeguarded
AmbuNet primarily processes data within the United Kingdom and the European Economic Area.
Where Sub-Processors operate outside these regions, limited personal data (such as names, email addresses, or phone numbers) may be processed internationally.
In such cases:
- Appropriate safeguards are in place in accordance with GDPR
- These safeguards include Standard Contractual Clauses (SCCs) or equivalent mechanisms
- Data transfers are limited to what is necessary for service delivery
AmbuNet does not intentionally transfer sensitive clinical data outside the UK/EU.
Data Categories & Usage
What Data We Process and Why
AmbuNet processes different types of data depending on how the platform is used.
Personal Data
- Names, contact details, and identification information
- Employee and applicant records
- Client and organisational contact details
Special Category Data (Healthcare)
- Patient medical information
- Clinical assessments and treatment records
- Incident and safeguarding records
Operational Data
- Event and shift information
- Vehicle and asset management data
- Internal communications and logs
Data is processed solely for the purpose of delivering the AmbuNet platform and its associated features.
GDPR Compliance
How We Support Regulatory Compliance
AmbuNet is designed to support customer compliance with GDPR and UK GDPR.
Roles
- Customer = Data Controller
- AmbuNet (Care Nav Ltd) = Data Processor
Key Principles
- Data is processed lawfully, fairly, and transparently
- Data is collected for specified, legitimate purposes
- Data minimisation is applied wherever possible
- Appropriate security measures are implemented
Data Subject Rights
AmbuNet supports Controllers in fulfilling data subject rights, including:
- Access requests
- Rectification
- Erasure
- Restriction
- Data portability
Data Processing Agreement (DPA)
Our Data Processing Commitments
AmbuNet provides a comprehensive Data Processing Agreement in accordance with GDPR Article 28.
- The DPA forms part of our Terms of Use
- It applies automatically to all customers
- It defines responsibilities, security measures, and data handling practices
Data Retention & Deletion
How Long Data Is Retained and When It Is Deleted
- Data is retained for as long as required by the Controller
- Upon termination, customers can export their data
- Data is securely deleted within a defined period (typically within 90 days)
- Data may be retained where required by law
Contact & Further Information
How to Contact Us About Data Protection
If you have any questions about security, data protection, or compliance, please contact:
Care Nav Ltd (t/a AmbuNet)
Email: support@ambunet.co.uk
Tel: 0330 057 0620
