Data Protection · UK & EU

Your data, handled in the UK.

For UK and EU clients in regulated sectors

For clients in the UK and EU — particularly those in healthcare, finance, and other regulated sectors — where your data is processed, and by whom, matters as much as the software itself. This page sets out how Core70 handles that, drawing on the UK delivery capability we have run for over a decade.

How we handle your data

Core70 offers UK and EU clients a delivery model designed around a simple principle: your data stays with a UK-based team, in the UK.

Under this model, our UK delivery entity — Shinetech Europe Ltd — handles client data within the United Kingdom. Our wider engineering team writes and builds software, but works without access to your production data. The people who touch your data, and the place where it is held, stay in-country.

This is not a packaging exercise. It is the same model we have run for years delivering to NHS Trusts and other UK organisations with strict data requirements.

Our UK capability

Shinetech Europe Ltd is an established UK-registered entity, based in London, with its own locally employed team and more than a decade of operating history. It is a registered fee payer with the UK Information Commissioner's Office (ICO).

Certifications

Our UK data-handling work is backed by independently audited certifications:

Proven across the NHS

Our UK data-handling model has been tested where the requirements are strictest. We have delivered to NHS Trusts and other UK public-sector and academic organisations, including:

Homerton Healthcare NHS Foundation Trust

At Homerton Healthcare NHS Foundation Trust, we delivered the Class Attendance Tracker QR (CATQR) mobile app, replacing paper-based attendance records for mandatory staff training with a faster, more accurate digital process. With over 90% of staff now using the system, it has enabled smoother inductions, improved compliance reporting, and reduced disputes — while giving staff direct access to their own training records. CATQR is GDPR compliant and industry award-winning.

Recognised by NHS security leadership

Our security work has been publicly recognised by the people responsible for it inside the NHS. On Shinetech's Cyber Essentials Plus certification, Andy Landsberg, Cyber Security Manager at Frimley Health NHS Foundation Trust, said:

"We have worked with Shinetech Software over many years and are pleased they have achieved the Cyber Essentials Plus certification in recognition of the controls they have in place and the work they undertake to maintain data security, illustrating their adherence to best practice guidelines."

Data Processing Agreement

A Data Processing Agreement (DPA) is available on request, and forms part of the contractual arrangements once you become a Core70 client. It sits alongside your Master Services Agreement and sets out the specific data-handling commitments for your engagement.

If data protection is central to your decision, we're glad to walk through how this model would apply to your project before any commitment. Start a conversation.

This page describes capabilities available to UK and EU clients. The specific contractual commitments that apply to your engagement are set out in your Master Services Agreement and Data Processing Agreement. Certifications are held by the entities named above; scopes are available on request.