1.         Introduction

 

This privacy notice explains how the Appello Group (“Appello”, “the group”) collects, uses, stores, and protects your personal data when you interact with us. It outlines your rights regarding your personal information and provides details on how we comply with the UK General Data Protection Regulation (UK GDPR). This notice ensures transparency and helps you understand how we handle your data responsibly and securely.

2.         Who this notice applies to

 

This privacy notice applies only to those people that use, or are looking to use, Appello’s products or services (i.e. our customers), where Appello is the data controller. We have produced a separate privacy notice for our employees, which can be obtained on the group intranet.

Where individuals use products or services provided by Appello but commissioned by a third party, such as a local authority or housing provider, Appello operates as a data processor for the purposes of the UK GDPR. It is the responsibility of the data controller (i.e. the commissioner of the service) in those instances to issue those individuals with a privacy notice compliant with their data privacy rights

3. Who we are

The Appello Group includes the following trading companies:

Company	Company no.	Trading names
Appello MCL Careline Limited	9501009
Appello Limited	6324769
Appello Careline Limited	3229746
Appello Smart Living Solutions Limited	1444995
Telecare Monitoring Limited	11543680
Company	Company no.	Trading names
Lifeline24 Limited	8718610	Careline365; LifeConnect24; Lifeline24; Lifeline24 (Ireland); Lifeconnect24 (Ireland); Carelink24; Telecare Choice.
Careline365 Limited	9614529	Careline365; LifeConnect24; Lifeline24; Lifeline24 (Ireland); Lifeconnect24 (Ireland); Carelink24; Telecare Choice.
Helpline Limited	5422168

 

This privacy notice is issued on behalf of the group so when we mention Appello, "we", "us" or "our" in this privacy policy, we are referring to the relevant company in the group responsible for processing your data. We will let you know which group company will be the controller or processor for your data when you purchase a product or service with us.

We have appointed a Data Protection Officer (DPO) who is responsible for overseeing data privacy in our business. If you have any questions about how we use your personal data, including any requests to exercise your legal rights (see section 13), please contact the DPO using the information set out in the contact details section (section 14).

4.         The personal data we collect

 

Personal data means any information about an individual from which that person can be identified. Depending on which products or services you buy from us, we may collect, use, store and transfer different kinds of personal data, which we have grouped together as follows:

•          Identity data includes first name, last name, title, date of birth, age, gender.

•          Contact data includes address, telephone numbers, email addresses, both for those receiving our services and others that we may need to contact, such as in emergency.

•          Health and personal circumstances data such as information about your GP or other health and social care professionals, medical or health conditions, medicines or treatments, disabilities or impairments, packages of care.

•          Access data such as keysafe information, access codes, instructions for access and information about keyholders relating to premises where our services are provided.

•          Geodata such as GPS coordinates, IP address-derived locations, or other location-based details that identify or provide information about a person’s geographic location.

•          Financial information such as bank account or payment card details and credit checks.

•          Transaction data includes details about payments to and from you and other details of products and services you have purchased from us.

•          Technical data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, device ID and other technology on the devices you use to access this website or our services.

•          Profile data includes your username and password, purchases or orders made by you, your interests, preferences, feedback and survey responses.

•          Usage data includes information about how you interact with and use our website, products and services.

•          Marketing and communications data includes your preferences in receiving marketing from us and our third parties and your communication preferences.

•          Analytical insights data: we may derive internal insights about customer engagement based on interaction data we already hold (such as website visits, email opens, or service use), using automated tools for internal analysis. These insights do not involve decision-making that has legal or similarly significant effects.

The personal data we collect and use might be about you, but it might also include information that you give us about other people - you can read more about this in section 11 below.

It is important that the personal data we hold is accurate and current. Please keep us informed if your personal data changes during your relationship with us, for example if you move home or change telephone number or email address.

5.         How we collect your personal data

 

We use different methods to collect data from and about you including through:

•        Your interactions with us. You may give us your personal data by filling in online forms or by corresponding with us by post, phone, email or by any other means. This includes personal data you provide when you:

-      apply for our products or services;

-      create an account on our website;

-      subscribe to our services or news bulletins;

-      request marketing to be sent to you; - enter a competition, promotion or survey; or

-      give us feedback or contact us.

•        The use of our products and services. This might include logs of occasions on which an alarm, fall detector or other device is triggered or activated, and recordings of communications made using our devices and systems (including in an emergency). We monitor and record all calls and messages received or made from our Alarm Response Centres (ARCs), as well as certain outbound service-related calls made by our staff or systems, for training, quality assurance, and service delivery purposes.

•        Automated technologies or interactions. As you interact with our website, we will automatically collect technical data about your equipment, browsing actions and patterns. We collect this personal data by using cookies and other similar technologies. Please see our cookies policy for further details.

•        Third parties or publicly available sources. We may receive personal data about you from various third parties, including Google Analytics, providers of technical, payment and delivery services, and from publicly available sources such as the Electoral Register.

6.         How we use your personal data

 

6.1      Legal basis

The law requires us to have a legal basis for collecting and using your personal data. We rely on one or more of the following legal bases:

•          Performance of a contract with you: Where we need to perform the contract we are about to enter into or have entered into with you.

•          Legitimate interests: We may use your personal data where it is necessary to conduct our business and pursue our legitimate interests, for example to prevent fraud, promote our services, and enable us to give you the best and most secure customer experience. This may include the use of anonymised call recordings to explain or demonstrate our services in marketing materials, provided we are satisfied that no individuals can be identified and that the use is fair and proportionate. We make sure we consider and balance any potential impact on you and your rights (both positive and negative) before we process your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).

•          Legal obligation: We may use your personal data where it is necessary for compliance with a legal obligation that we are subject to. We will identify the relevant legal obligation when we rely on this legal basis.

•          Vital interests: In emergency situations, we may process your personal data to protect your life or physical safety or that of another person. This basis applies only in urgent situations where it is necessary to act to prevent harm and where other legal bases are not sufficient.

•          Consent: We rely on consent only where we have obtained your active agreement to use your personal data for a specified purpose.

6.2      Purposes for which we will use your personal data

We have set out below, in a table format, a description of all the ways we plan to use the various categories of your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.

Purpose	Type of data	Legal basis
To register you as a new customer.	Identity; contact.	Performance of a contract with you (i.e. to be able to enter into the necessary communications with you to bring you on board as a customer).
To process and deliver your products and/or services, including responding to alarms, dealing with emergencies, managing payments, fees and charges and collecting and recovering money owed to us.	Identity; contact; health and personal circumstances; access; geodata financial; transaction; marketing and communications.	Performance of a contract with you (i.e. providing/setting up your products and/or services). Necessary for our legitimate interests (to recover debts due to us). Vital interests (to protect you and others in the event of an emergency).

 

Purpose	Type of data	Legal basis
To record and store Do Not Attempt Cardiopulmonary Resuscitation (DNACPR), DNR or DNAR information where provided to us by the customer or alarm user, for information purposes only in connection with the provision of the monitoring service.	Health and personal circumstances; identity; contact.	Vital interests (where recording such information is necessary to protect the life or physical safety of the individual or another person in an emergency context). Necessary to comply with a legal obligation (where applicable). Legitimate interests (to maintain accurate account records relevant to the safe operation of the service), subject to a legitimate interests assessment.
To manage our relationship with you, including notifying you about changes to our terms or privacy policy and dealing with your requests, complaints and queries.	Identity; contact; profile; marketing and communications.	Performance of a contract with you. Necessary to comply with a legal obligation (including our obligations under consumer and data privacy law). Necessary for our legitimate interests (to keep our records updated and manage our relationship with you).
To monitor and record telephone calls for quality assurance, training, and service delivery purposes.	Identity; contact; technical; usage; marketing and communications.	Legitimate interests (to ensure service quality and staff training, and to help us deliver services effectively).
To handle issues arising such as safeguarding enquiries, criminal investigations, coroners’ inquests, complaints, or legal claims and to support the continuous improvement of protocols and staff training.	Identity; contact; health and personal circumstances; access; marketing and communications.	Necessary for our legitimate interests (to ensure service quality, support staff training, protect our customers, and address complaints and investigations). Vital interests (to safeguard individuals in emergencies).  Necessary to comply with a legal obligation (to assist with investigations and regulatory compliance).
To operate our customer referral programme, including generating and managing referral codes or links, tracking referrals, providing rewards to referring customers, and issuing discounts to new customers who are referred.	Identity; contact; transaction; technical; marketing and communications.	Legitimate interests (to grow our business by encouraging word-of-mouth referrals, ensuring rewards are correctly applied, and preventing fraud).  Consent (where referral invitations are sent directly to new individuals, in accordance with privacy and electronic communications law).

 

Purpose	Type of data	Legal basis
To enable you to partake in a prize draw or competition or to complete a survey.	Identity; contact; profile; usage; marketing and communications	Performance of a contract with you. Necessary for our legitimate interests (to study how customers use our products/services, to develop them and grow our business)
To administer and protect our business and this website (including troubleshooting, data analysis, testing, system maintenance, support, reporting, and hosting of data).	Identity; contact; technical.	Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise). Necessary to comply with a legal obligation (including data protection and computer security obligations).
To improve and develop existing and new products and services, enhancing customer experience and meeting evolving needs.	Identity; contact; technical; usage; profile; marketing and communication.	Necessary for our legitimate interests (to innovate, enhance service offerings, and ensure our products and services meet customer expectations and industry standards).
To maintain and demonstrate compliance with certification and accreditation standards (e.g., ISO, Cyber Essentials, TEC Services Association).	Identity; contact; health and personal circumstances; financial; transaction; marketing and communications.	Necessary for our legitimate interests (to uphold industry certifications and quality standards, ensuring service reliability and trust). Necessary to comply with a legal obligation (to meet regulatory and accreditation requirements).
To deliver relevant website content and online advertisements to you and measure or understand the effectiveness of the advertising we serve to you.	Identity; contact; profile; usage; marketing and communications; technical.	Necessary for our legitimate interests (to study how customers use our products/services, to develop them, to grow our business and to inform our marketing strategy).
To use data analytics to improve our website, products/services, customer relationships, and experiences and to measure the effectiveness of our communications and marketing	Technical; usage.	Necessary for our legitimate interests (to define types of customers for our products and services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy).
Purpose	Type of data	Legal basis
To send you relevant marketing communications and make personalised suggestions and recommendations to you about goods or services that may be of interest to you based on your profile data	Identity; contact; technical; usage; profile; marketing and communications.	Consent, having obtained your prior consent to receiving direct marketing communications.
To analyse customer engagement using automated tools (such as AI integrations) in order to better understand user behaviours and improve the relevance and effectiveness of our marketing activities	Identity; contact; usage; profile; marketing and communications; transaction	Legitimate interests (to optimise how we engage with customers and tailor our marketing strategy accordingly). This analysis is used internally only and does not result in automated decisions affecting customers.
To use anonymised recordings of interactions (e.g. alarm calls) to develop and publish promotional and marketing materials (e.g. website, social media), showcasing how our services operate.	Technical; usage; health and personal circumstances (anonymised); marketing and communications.	Legitimate interests (to promote and explain our services to the public, potential customers, and stakeholders). We apply robust anonymisation techniques and assess each use case to ensure it is fair and does not negatively impact individuals' rights.

6.3      Direct marketing

During the registration process on our website or over the phone when your personal data is collected, and at any time when we interact with you thereafter, you will be asked to indicate your preferences for receiving direct marketing communications from us.

You can choose to receive:

•        Marketing from us (Careline365 and other Appello brands) about our own products and services;

•        Marketing from selected commercial partners about products and services that support independent living, such as care at home, mobility aids, or assisted living technologies. In these cases, we may share your contact information with those partners solely for the purpose of enabling them to send you their own marketing.

You can opt in to one, both, or neither — it’s entirely your choice. The full list of our current commercial partners is available here, and we keep this updated as our partnerships evolve.

We use separate unticked boxes for each marketing preference to ensure that your choices are clear and specific.

6.4      Third-party marketing

We will only share your personal data with selected third-party partners for their own direct marketing purposes if you have explicitly opted in to receive such communications. You will be given a separate choice to receive marketing from our commercial partners, and we will not share your data for this purpose unless you have agreed. 

Our partners are carefully chosen and typically include services related to independent living, such as care at home providers, residential care operators, or suppliers of assistive technologies. The current list of partners is available on our website and may be updated from time to time.

6.5      Opting out of marketing

You can ask us to stop sending you marketing communications at any time by following the opt-out links within any marketing communication sent to you or by contacting us (see section 14).

If you opt out of receiving marketing communications, you will still receive service-related communications that are essential for administrative or customer service purposes, for example relating to order confirmations, updates to our Terms and Conditions, safety notices, or checking that the information we hold about you is correct.

6.6      Cookies

For more information about the cookies we use and how to change your cookie preferences, please see our separate cookies policy.

7.         How we share your personal data

 

We may share your personal data with third parties where necessary:

•          For the purposes described in section 6; or 

•          Where we are under a legal duty to do so; or

•          To enforce or apply our terms of use and other agreements; or

•          To protect the rights, property or safety of Appello and its employees, customers or others; or

•          To support the secure operation of internal tools that analyse customer engagement using third-party services, such as marketing automation platforms or AI-based analytics systems, for internal insight and service optimisation.

Parties with whom we may share your personal data could include:

•          Other companies within the Appello group;

•          Third parties involved in providing your service, including their partners, agents or contractors;

•          Our e-commerce platform provider (Shopify), which hosts our online store and manages order processing;

•          Payment service providers (e.g. GoCardless, Stripe, Smart Debit), which facilitate our secure payment transactions;

•          Marketing and communication services such as Klavio, that we use to manage and deliver email communications;

•          Referral programme provider (Mention Me), which enables us to operate our “refer a friend” scheme, issue referral codes, track when friends become new customers, and deliver rewards and discounts;

•          Selected commercial partners offering relevant services to support independent living (such as homecare, assisted living, or mobility aids), but only where you have explicitly consented to receive their marketing. A current list of such partners is maintained on our website;

•          Providers of CRM, analytics, or AI-based tools (e.g. HubSpot, OpenAI) who assist us in securely analysing customer engagement data for internal insight and planning purposes. These providers are contractually bound to use data only as instructed and are not permitted to use it for training their systems or any other external purpose.

•          Customer SMS messaging services, such as SMS Broadcast, which we use to send important text messages to customers;

•          Telephone call handling, management and recording services – we currently use Genesys.

•          Anyone you have identified as your authorised representative or emergency contact, such as a family member;

•          The emergency services;

•          Local safeguarding authorities;

•          Criminal enforcement agencies;

•          Credit checking agencies;

•          HMRC;

•          Third parties to whom we may choose to sell, transfer or merge all or part of our business or our assets. 

If there is a change in the ownership of the company that i) collected your data, or ii) which provides any related service, we may also disclose your personal information to any new owners.

We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our written instructions. 

8.         International transfers of your personal data

We primarily process personal data within the United Kingdom. However, some of our service providers, including Shopify, may transfer personal data outside the UK to locations where data protection laws may differ from those in the UK.

Our e-commerce platform, Shopify, is a global service provider headquartered in Canada. Shopify may process personal data on servers located outside the UK, including in the United States and Canada. In addition, certain marketing and analytics tools—including CRM-integrated AI services—may involve the transfer of limited customer data outside the UK, for example where analysis is conducted on infrastructure operated by OpenAI or other providers based in the US. Transfers of personal data to Shopify are safeguarded through appropriate measures, such as the UK’s adequacy decision for Canada and the use of Standard Contractual Clauses (SCCs) for transfers to other jurisdictions, as required by the UK GDPR.

We take all necessary steps to ensure that your personal data remains protected, regardless of where it is processed. These steps include implementing contracts with our service providers that require them to comply with UK data protection laws or equivalent standards.

If you would like more information about the safeguards we use for international data transfers, please contact our Data Protection Officer – see section 14 below.

9.         Keeping your personal data safe

 

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected personal data breaches and will notify you and the Information Commissioner of such a breach where we are legally required to do so.

10.    How long we keep your personal data

We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.

To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.

By law we have to keep basic information about our customers (including contact, identity, financial and transaction data) for six years after they cease being customers for tax purposes.

In some circumstances you can ask us to delete your data: see section 13 below for further information.

In some circumstances we will anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.

11.    Information you give to us about other people

In order to provide our products and services properly and to ensure the safety of the people that we support, we may need to collect information from you about certain other people. If you are the person using our products or services, this might be people such as your family members or emergency contacts. If you are purchasing our products or services for someone else, it might be that person’s information that you provide to us.

In addition, you may provide us with information about other individuals through our customer referral programme (for example, by referring a friend to our services). Where you do this, we will use the referred person’s details solely for the purposes of administering the referral programme, including sending them a referral invitation, applying any discount for which they are eligible, and confirming whether they become a customer.

Where you refer another person to our services, their details will be shared with our referral programme provider, Mention Me, solely for the purposes of administering the referral, issuing any applicable discount or reward, and confirming whether the referred person becomes a customer. Mention Me is contractually bound to use that data only for those purposes.

When you provide us with information about other individuals, you are responsible for informing them that you have shared their personal data with us and for directing them to this privacy notice so they can understand how we use and protect their information. They can find this page using this link: https://appello.co.uk/legal.

We process third party data based on our legitimate interests to provide services, or, where applicable, with consent. The individuals whose information you provide have the same rights under data protection law as you do, including the right to access, rectify, or request deletion of their data. They may contact us using the information in section 14 if they have questions or wish to exercise their rights.

12.    External links from our websites

Our websites may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy policy of every website you visit.

13.    Your legal rights

You have a number of rights under data protection laws in relation to your personal data. You can:

•        Request access to your personal data (commonly known as a "subject access request"). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.

•        Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.

•        Request erasure of your personal data in certain circumstances. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with the law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.

•        Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) as the legal basis for that particular use of your data (including carrying out profiling based on our legitimate interests). In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your right to object.

•        Object at any time to the processing of your personal data for direct marketing purposes (see section 14 for details of how to object to receiving direct marketing communications).

•        Request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.

•        Withdraw consent at any time where we are relying on consent to process your personal data (see the table in section 6.2 for details of when we rely on your consent as the legal basis for using your data). However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.

•        Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in one of the following scenarios:

-      If you want us to establish the data's accuracy;

-      Where our use of the data is unlawful but you do not want us to erase it;

-      Where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or

-      You have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.

If you want to exercise any of the above rights, please note that:

•        No fee is usually required. You will not have to pay a fee to access your personal data (or to exercise any of the other rights), but we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances.

•        We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

•        We try to respond to all legitimate requests within one month. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

If you wish to exercise any of the rights set out above, please contact us as detailed in section 14.

14.    How to contact us about your personal data

 

If you have any questions about this privacy policy or about the use of your personal data or you want to exercise your privacy rights (see section 13 above), please contact our DPO by email at dataprotection@appello.co.uk or by post at: 

The Data Protection Officer

Appello Group

Oregon House

19 Queensway

New Milton

BH25 5NN

15.    How to complain about our use of your personal data

 

If at any time you have a complaint about our handling of your personal data, we would ask that you contact the Data Protection Officer (contact details in section 14 above). However, you also have the right to complain to the Information Commissioner’s Office (ICO), the UK regulator for data protection issues (www.ico.org.uk).

16.    Changes to this notice

 

We keep this privacy notice under regular review. This is the most recent version, which was last updated on 24^th April 2026. You can obtain previous versions by email to dataprotection@appello.co.uk.