CareTrack Social Work Management
Home About Us Pricing Contact
Appearance
Login Get Started
Privacy & data deletion

Your data stays with your agency—CareTrack does not use it for anything else

CareTrack provides the platform. Your organization is responsible for the personal data you enter about clients and families, staff, and cases. We do not use that information for marketing, profiling, or any purpose outside delivering the service. When a client asks to be forgotten, deleting their data is your company’s responsibility—and CareTrack gives admins the tools to honour that request.

Privacy Policy & GDPR Contact us

Clear roles under GDPR

Under European and Finnish data protection law, social service organizations using CareTrack are typically the data controller for casework data. CareTrack acts as a processor, hosting and processing that data only on your instructions.

  • We do not sell or reuse customer casework data
  • Agencies decide what to retain and what to delete
  • Client and family deletion requests flow to company admins

Who is responsible for what

Understanding controller and processor roles helps your agency meet GDPR and Finnish data protection obligations.

  1. Your organization (data controller)

    You determine why and how personal data about clients, families, and staff is processed. You must have a lawful basis, respond to data subject requests (access, rectification, erasure), and delete personal information when required—including when a client asks you to remove their data.

  2. CareTrack (data processor)

    We host and secure the platform, process data only to provide the service, and support your compliance through contractual safeguards. We do not use your customers’ personal data for our own unrelated purposes.

  3. Clients, families, and individuals (data subjects)

    Clients and family members have rights under GDPR—including the right to erasure in certain circumstances. They may contact your agency directly; Clients and families using the CareTrack client and family portal can also submit a data deletion request from their dashboard.

How deletion works in CareTrack

Tools built for agencies to review, approve, and document deletion requests—not for CareTrack to decide what you keep.

Client and family-initiated requests

Household contacts can request deletion of their data from the client and family portal. The request is sent to your organization for review—CareTrack does not delete casework records without your admin’s decision.

Company admin review

Administrators see pending deletion requests in the company portal, can approve or reject with notes, and maintain an audit trail. Your team decides what must be retained for legal or professional obligations and what can be removed.

Retention vs. erasure

Some records must be kept under Finnish social care or archival rules even after a deletion request. Your agency is responsible for balancing erasure rights with those legal duties—CareTrack supports your process; it does not replace legal advice.

Our commitments to your data

CareTrack is built for social services handling sensitive information. We take the following approach to personal data on the platform:

  • Casework data is processed only to operate the service you subscribe to
  • No secondary use for advertising, resale, or unrelated analytics
  • Subprocessors bound by GDPR-compliant agreements where applicable
  • Full deletion rights exercised by your organization on behalf of data subjects
  • Privacy documentation aligned with EU GDPR and Finnish law
  • Questions about platform-level data: contact our privacy team via the Privacy Policy

Questions about deletion or GDPR roles?

Read our Privacy Policy for full details on controller and processor responsibilities, or contact us if you need help with your agency's data protection setup.

Get started free Login

Explore other resources

Privacy Policy & GDPR Case Management Knowledge Base