What we collect
We only collect data that is relevant and necessary for us to provide this service.
We may collect the following information:
- full name
- date of birth
- email address
- telephone number
How we use your data
We use your data to:
- identify you
- provide a healthcare service
We may also use it for:
- internal record keeping
- improving our products and services
How we share your data
We sometimes use other organisations to process your personal information on our behalf. When we do, these organisations are bound by legal agreements to ensure your personal information is secure and used only for the purpose we stipulate.
We may need to share your personal information if we are required to do so by law.
How we protect your data
We encrypt all data both in transit and in storage. We protect your data through:
- two-factor authentication
- system auditing functionality and procedures
- vulnerability scanning and anti-virus measures
- network security including firewalls and penetration testing
- encryption of personal data
- Cyber Essentials compliance
- system security policy and standard operating procedures
- ISO 27001 standard for information security compliance
- defined information security and related policies
- staff training in security and privacy best practice
- a documented incident management and reporting process
- physical security policies
Your data is securely stored in the European Economic Area (EEA). We'll update this notice if we transfer it outside the EEA.
How long we keep your data
We comply with the agreed NHS specific patient information retention periods. We will only hold your data for as long as is reasonably necessary. Legal, tax, accounting or technical requirements may also impact this.
Once we no longer need your data, we will permanently delete it from our databases.
You have the right to:
- request a copy of your personal data and other supplementary information
- correct errors or omissions in your personal data
Contact us to request a correction or a copy of your data.
Request your personal information is deleted
You can request that we erase your personal information where:
- it's no longer necessary for the purpose for which it was originally collected
- you have withdrawn consent
- you object to the processing and there’s no legitimate interest for us to continue
- your data was unlawfully processed or in breach of General Data Protection Regulation
- the data has to be erased in order to comply with a legal obligation
We can refuse to comply to erase your data where it’s being used:
- to exercise the right of freedom of expression and information
- to comply with a legal obligation or for the performance of a public interest task or exercise of official authority
- for public health purposes in the public interest
- for archiving purposes in the public interest
- to inform scientific or historical research, or for statistical purposes
- for the exercise or defence of legal claims
Object to processing
You can object to:
- data processing based on legitimate interests or the performance of a task in the public interest/exercise of official authority, including profiling
- direct marketing, including profiling
- processing for purposes of scientific/historical research and statistics
Request we restrict our use of your personal information:
You have the right to request a restriction such as a temporary stop of the processing of your personal information where:
- you think the personal information is inaccurate and it should not be used until it's corrected
- we're using your personal information unlawfully and you want your personal information to be held by us but not processed whilst a complaint / investigation takes place
- you require us to keep your personal information and not delete it while you make or defend a legal claim
- you have objected to our use of your personal information and we do not have legitimate grounds to override your objection
Make a complaint
You also have the right to make a complaint to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues, at any time.
You can contact the ICO by:
- Telephone: 0303 123 1113 (local rate) or 01625 545 745
- the ICO website
Get in touch
If you have any questions regarding this notice or if you would like to speak to us about the manner in which we process your personal data, please email our data protection point of contact (firstname.lastname@example.org).
When you use this service, we put small files called cookies onto your device. We use Microsoft Azure App Insights cookies. These necessary cookies provide telemetry to:
- ensure that the service is working properly
- monitor exceptions
- identify bugs and issues
Two of these necessary App Insights cookies (UserTelemetryInitializer cookie and SessionTelemetryInitializer session cookie) are also used for analytics purposes.
They do not collect or store your information, so we cannot identify you from them.
You can remove cookies from your device at any time. Your device will automatically delete expired cookies.
Find out more about cookies.