Please read this privacy policy carefully as it will help you to understand how we collect your information, what we do with it and who we share your data with.
Who We Are:
Informatica Systems Ltd., Munro House, Portsmouth Road, Cobham, Surrey, England, KT11 1PP, registered in England and Wales with company number 02866377, (“ISL”, “we”, “us”), respects the privacy of every person and is committed to protecting all of your personal data, including sensitive personal health information (“Personal Data”, “data”).
Policy:
The policy will serve as a summary of your privacy rights. The law (currently the Data Protection Act 1998 and, from 25 May 2018, the General Data Protection Regulation (“GDPR”) requires that your Personal Data are kept private unless there is a legal obligation or requirement for disclosure by us to authorised parties, in which case we will make such disclosure(s) as legally obliged.
What We Provide:
This policy applies to your use of the website and any of its subdomains at www.appointments-online.co.uk (“Service”). The services we provide to you are booking and cancelling appointments with your General Practitioner location at which you are a registered NHS patient (“GP surgery”, “GP”), requesting repeat medications from your GP surgery, secure messaging with your GP surgery and viewing your summary care record. The GP surgery acts as the Data Controller and we act as the Data Processor under their instruction. We are obliged by contract to fulfil all legal data protection requirements.
The Service is a website which individuals in the UK (“Customer”, “Customers”, “you”, “your”, “yourself”) may sign up to use with participating GP surgeries.
Data Processing:
It is lawful for us to process personal information about you.
Information we use and how
In order to use the Service, we are provided by the GP surgery personal details about you such as your name, email address, phone number, address, NHS number, date of birth, your preferred GP, medical summary record, medication and appointment data.
Using our Service we record appointment requests, medication repeat requests and secure messages which are all sent to your GP surgery.
We use your data in order to provide you with the Service and to help us with its operation. Here are some examples how we use your data:
You have the right to ask your GP surgery to restrict processing of your personal data and a right to object to your GP surgery processing your personal data in this way, but if you do either of these, it may impact on your use of the Service and/or we may not be able to provide you with information about the Service that you have requested us to provide to you.
Who do we share your personal data with ?
We never commercially exploit or distribute to any third party any information which is personal information. We may pass personal information to people who process data for us in accordance with this Privacy Policy, for example, UKCloud Ltd which provides data centre hosting. We have a contract with these people and we vet them to ensure they are contractually bound to do what we say they can do with this information.
In addition to the above, we may share your personal data with the following third parties:
In order to use our Service, we will be processing health information about you such as: your NHS medical record; appointment history, medication information and summary care record. This is classed as sensitive personal data.
Cookies:
ISL uses cookies to help optimise your experience when using the Service and overall performance. A cookie is a small text file that may be placed on your computer or device when you visit the Service. There are two categories of cookies: (a) ‘persistent cookies’ that remain on your computer or device until deleted manually or automatically; and (b) ‘session cookies’ which remain on your computer or device until you close your browser, when they are automatically deleted.
You can refuse cookies, by activating settings of your chosen browser(s). If you alter your browser settings to refuse cookies your access to the Service will be restricted.
Security
The importance of security for all your Personal Data including, but not limited to, sensitive personal data is of great concern to us. Personal Data collected via the Service is stored in secure environments that are not available or accessible to the public; only those duly authorised individuals. ISL is accredited for ISO 27001 to ensure that we have the systems in place to effectively manage the security of your Personal Data.
Data Storage
The data that we collect from you will be shared with our third party processors which are located and/or store data in the UK.
Your rights
You have the following legal rights in relation to your personal information:
Accessing your data:
If you would like a copy of all of the Personal Data, we hold about you please raise your request with your GP surgery.
We do charge a small fee of £15 for providing information because we have to gather, collate and process this data to make it available to you in its entirety.
Your GP surgery will send you the information within the legally required timeline after receiving full instructions and payment.
For how long we will keep your data?
Patient personal data will be held for one year beyond the date of your GP surgery’s contract termination with us. At this point your data will be deleted from the database it’s held in.
Policy updates
By using the Service you acknowledge your acceptance of our privacy policy, as updated from time to time. Your continued use of the Service following any changes to the privacy policy signifies your acceptance of those changes.
We may revise this policy to reflect any changes. We will post a copy on our website. This policy was last reviewed on the 20th May 2018.
Our Data Protection Officer can be contacted by email at dpo@ishealth.co.uk.
Version history:
21-05-2018 1.0 New privacy notice for GDPR compliance.